This is an old WordPress SE visitors redirect to a site that was being flagged here 2 years ago: http://www.urlvoid.com/scan/gigop.americanunfinished.com/
with recent results: http://www.urlvoid.com/scan/gigop.americanunfinished.com/ (similar)
Very bad webrep: https://www.mywot.com/en/scorecard/gigop.americanunfinished.com
See the report from 2012: http://blog.sucuri.net/2012/03/conditional-redirect-malware-decoded-evalbase64_decode-example.html#more-3430
An infestation from this campaign recently found (115 hours ago), so it is being continued → SE visitors redirects
Visitors from search engines are redirected
to: http://gigop.americanunfinished.com/
194 sites infected with redirects to this URL
But not established here: http://www.ragepank.com/redirect-check/
To redirect all traffic from htxp://hoteldiscountdeals.org to htxp://www.hoteldiscountdeals.org (and also redirect all other domains parked into the same webspace)
RewriteEngine on
RewriteCond %{HTTP_HOST} !^www\.hoteldiscountdeals\.org
RewriteRule (.*) http://www.hoteldiscountdeals.org/$1 [R=301,L]
See also: See: http://www.rexswain.com/cgi-bin/httpview.cgi - link: http://www.rexswain.com/cgi-bin/httpview.cgi?url=http://hoteldiscountdeals.org/xmlrpc.php&uag=Mozilla/5.0+(Windows+NT+6.0)+AppleWebKit/537.36+(KHTML,+like+Gecko)+Chrome/33.0.1750.154+Safari/537.36&ref=http://www.rexswain.com/httpview.html&aen=&req=GET&ver=1.1&fmt=AUTO
pol
There are apparently some attack problems here: http://fetch.scritch.org/%2Bfetch/?url=http%3A%2F%2Fhoteldiscountdeals.org%2F&useragent=Fetch+useragent&accept_encoding=
One a Vegur_400-Vegur_700.font.js attack → http://stackoverflow.com/questions/6127084/cufon-toggle-css-visibility-with-jquery-fails-only-in-ie8
link author = Scott B, also read: http://security.stackexchange.com/questions/23507/cufon-or-prototype-as-an-attack-vector-for-blackhole-exploit-kit
credit to link author in reply = Mario Awad → htxp://hoteldiscountdeals.org/wp-content/themes/hotel/js/Vegur_400-Vegur_700.font.js
See malware and payload here: http://sitecheck3.sucuri.net/results/hoteldiscountdeals.org/
→ http://labs.sucuri.net/db/malware/malware-entry-mwblacklisted35
Site hacked because of Web application version:
WordPress version: WordPress 3.3.1
Wordpress version from source: 3.3.1
Wordpress Version 3.3.2 based on: htxp://hoteldiscountdeals.org//wp-admin/js/common.js
WordPress theme: htxp://hoteldiscountdeals.org/wp-content/themes/hotel/
WordPress version outdated: Upgrade required.
IP badness history: https://www.virustotal.com/nl/ip-address/192.185.111.192/information/
polonus
Missed here: http://sitecheck.sucuri.net/scanner/?scan=http%3A%2F%2Fcolorectalsurgerycenter.com
and here:
malicious redirect but site not being blocked by avast!
Header returned by request for: htxp://colorectalsurgerycenter.com/ → 184.168.53.1
HTTP/1.1 302 Moved Temporarily
Date: Sat, 05 Apr 2014 22:27:17 GMT
Server: Apache
Location: htxp://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php
The location line in the header above has redirected the request to: htxp://www.cibonline.org/cache/mod_poll/7c7478fde2f89a23.php
Redirect to this URL found in 3938 sites → https://www.mywot.com/en/scorecard/cibonline.org?utm_source=addon&utm_content=popup
Read on this multi iFrame campaign: http://www.webroot.com/blog/2013/11/13/malicious-multi-hop-iframe-campaign-affects-thousands-of-web-sites-leads-to-cve-2011-3402/ link article author = Dancho Danchev access to site blocked by Google Safebrowsing
polonus
Not detected cyber crime site: 188.240.34.210,188.240.34.210,IPv4 address, → Dexter bot https://www.virustotal.com/nl/url/ed034e125b946bb8f427abaaa2353093fcc7331d1e7d724a89877197e33f67e5/analysis/1397134875/
Most of the malware on IP dead or closed: http://62.67.194.183/clean-mx/viruses.php?email=admin@chnet.ro&response=
Server redirect status: Code: 404, Content cannot be read!
Bitdefender Traffic Light blocks double quad address as malcious.
pol