What is with this redirect?

polonus · 2014-04-13T13:28:45.000Z

See: http://killmalware.com/vidarrs-home.nl/# and https://www.virustotal.com/nl/url/9821906d0292bae0d8f5a8bfafd2860eeca2b13cf0184fdef9d5256ac8590bb7/analysis/
also consider: http://quttera.com/detailed_report/vidarrs-home.nl (16 malicious files there)
and from the File name: /wpscripts/global_navtree.js going to see: http://urlquery.net/report.php?id=1397395472700
Is that no longer there? At leastr being blacklisted by Google Safebrowsing,

polonus

polonus · 2014-04-13T16:52:18.000Z

See: http://killmalware.com/kitchencabinetssouthcarolina.com/

SE visitors redirects
Visitors from search engines are redirected
to: htxp://redoperabwo.ru → http://online.drweb.com/result/?lng=en&chromeplugin=1&url=http%3A%2F%2Fredoperabwo.ru
See web rep: https://www.mywot.com/en/scorecard/redoperabwo.ru?utm_source=addon&utm_content=popup
1261 sites infected with redirects to this URL
history of badness: http://app.webinspector.com/public/reports/show_history?id=20981772
Interesting zone file dump: “bio=4d31a43fab984cd8f2e1576765a7fdaff57c9e9a” → ns1.sedoparking.com. hostmaster.sedo.de. 2014040101 86400 10800 604800 86400 - redoperabwo dot ru,82.98.86.163,ns1 dot sedoparking dot com,Parked/expired,
Chrome blocked access to htxp://kitchencabinetssouthcarolina.com/ Chromebleed states site is vulnerable to heartbleed!
Starting query… [2014-04-13 16:53:55] Stay on this page for results!

Scanning target kitchencabinetssouthcarolina dot com …
Found 1 servers with port 443 open
Checking for OpenSSL Heartbleed vulnerability…

69.93.46.55 Vulnerable

pol

polonus · 2014-04-13T21:33:38.000Z

A redirect loop here: http://killmalware.com/nurunsports.com/
SE visitors redirects
Visitors from search engines are redirected
to: htxp://ifchepa.com/images/img.php
101 sites infected with redirects to this URL
Quttera finds: index
Severity: Suspicious
Reason: Detected suspicious redirection to external web resources at HTTP level.
Details: Detected HTTP redirection to htxp://ifchepa.com/images/img.php. (for which I get a 404 not found)
→ http://urlquery.net/report.php?id=1397424696500
File size[byte]: 18446744073709551615
File type: Unknown
MD5: 00000000000000000000000000000000
Scan duration[sec]: 0.001000

The active malware had to do with PHISHING, see another similar incident: htxp://gemmusic.org/lib.php?stop=2ZQhPkdsVyZbuNLy7mkTAvjzbQF9MHlO8LcWWPKERT0=

pol

Announcements