I’ve been seeing sites during HITS work that redirect to links like this:
hxxp://hstraffa.com/l?link=56b626820cf2a8a3ef292a55&subid=06022016noref&source=06022016noref<=REDIRECT
Which then redirect to Punishtube and Sl*tRoulette.
Is this remainders of a previous attack or a new one? Either way, avast isn’t catching the redirect.
Since it’s HITS work, I don’t have the originating url, since it redirects before I can see it, and it doesn’t let me go back. I’ll keep trying to catch one.
It’s really not about this one url anyway. I’ve been seeing them all day. I can provide a further list, if you want, but they all redirect to hstraffa, so avast responding to that would be a start.
The VT scan in regards to URLs isn’t really a scan at all, it is checking the URL against blacklists, it isn’t a live scan in the same way as you upload a file for scanning.
I wasn’t aware of that.
I just saw that the redirect wasn’t being stopped, and since I was seeing them in huge numbers on my HITS work (those 5 were in less than 5 minutes, and my rate is around 3 sites a minute). I almost missed the fact it was happening except I seeing the sites it was redirecting to a lot, and then I noticed they were all redirecting through the same site.
I can keep providing a list of infected sites, but I don’t want to spam the forum, unless it would be of use.
Got another one I’m seeing a lot of. More redirects.
Example site:
hxxp://americancollegeofaestheticsurgery.com/ozfhvhg/Skuad-persib-untuk-lawan-bali-united.php
Finally ends up here:
hxxp://myinternetspeed.co/?offer_id=377&aff_id=49&aff_sub=CD14919&aff_sub2=d4992557-e78f-542f-9cd3-c7651ddc7dac&aff_sub3=e2c4w28464u2u2&placement=368
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /mother/24/readf.php was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
</body></html>