In several cases, particularly with older compromises, the criminals that hacked this site will have uploaded a wide variety of spamming and other compromise tools. Therefore, the account corresponding to "ezuvekury.tk" needs to be examined very carefully for signs of tampering. Further, the criminal will even modify existing web pages (particularly ezuvekury.tk itself) to have hidden references to pill/drug/porn sites.
It is believed that the malicious redirects are done by altering web server access control mechanisms (example, ".htaccess" files on Apache web servers), and causing the redirect to occur on all "404 url not found" errors.
REFERENCES:
72.8.190.39
- https://www.virustotal.com/de/url/d402ba3e37849bfcab82b8de74d860729defcf62cbe3244ed2aa7e62d6fc1fbd/analysis/
- http://www.spamhaus.org/query/bl?ip=72.8.190.39
- http://cbl.abuseat.org/lookup.cgi?ip=72.8.190.39
MALICIOUS SITE & IP: SPAMBOT PHISHING (VIAGRA & CO.)
http://ezuvekury.tk/
https://www.virustotal.com/de/url/c1fbcded30036142e1f72bb0c2e51b02f82143cfe1a203d8a0c696cf0c569259/analysis/1394109439/
HTML
https://www.virustotal.com/de/file/b4bc40d341c4ba868d0b4c350c16e45255a3ef0228f5559a7083fb903717ee5f/analysis/1394110104/
http://ezuvekury.tk/?q
https://www.virustotal.com/de/url/2c7095e8f7ce859b887a11de197516a0967f6e82c43a263f356c7609590bb499/analysis/1394109442/
HTML
https://www.virustotal.com/de/file/0191d7cb7b3f637aa74fceb86c5c6575b2b08e0765ca2da8635b1c7ea9538a28/analysis/1394110251/
--->
http://csbakhita.com/unsurpassable.html
https://www.virustotal.com/de/url/ea34f52e3fd906449af0c3be62218acd913bafb820752a841887a83baa97a854/analysis/1394110601/
HTML:RedirME-inf [Trj]
https://www.virustotal.com/de/file/983395c456d29de19308294e8a2e9de64ca643fa93d1005114d1fece45c7d1bd/analysis/1394110385/
---->
http://rx69.ru/
https://www.virustotal.com/de/url/afcb00221df516d2d5a6f95163ab18e3cdc7984103981f9aa20f9ca0995a2e96/analysis/1394111089/
HTMLs
https://www.virustotal.com/de/file/e579b048df4b4306705de79a4ff523b0c84f31e723449609c62026bb86020726/analysis/1394110754/
https://www.virustotal.com/de/file/5515e3e32b05d79f21752af75eca9eaa8150097d5280a08b2f017bcafd6fb94e/analysis/1394110741/
---->
http://www.doctortern.ru/
https://www.virustotal.com/de/url/d2ebc69875257b228bc3f76ebe89afd30249e66674f63bac247f90d6546bc842/analysis/1394111231/
Keine Kommentare:
Kommentar veröffentlichen