Site Scanner 10 February, 2013 We have re-enabled manual scanning, and plan to re-enable auto-scanning hopefully by next weekend. Home Sign up Members Area Pricing Info Networks News+ Member Quotes Our Links Live Statistics Known Attack Sites Victim Sites User #57 (eaglefox) received 1.00 Credits for showing you this page Victim sites I didn't do this last year, but I keep seeing the same sites over and over this year, so I figured out I'd let you know about another issue with hacking: "Victim sites".  A "victim site" is a site that gets hacked, and codes get put on it.  Then you are led to the site (usually by spam email links).  If you get infected, you blame the site owner, who often times doesn't know what's going on. Here is a list of redirects I got this week (October, 2011).  I checked several, and they appear to be mostly legitimate sites that have been defaced (injection script on home page) and an extra folder with a whacky name, where the really nasty stuff is housed (both phishing stuff and drive-by stuff).  Some of these sites have been listed as "reported attack sites" by Google and Firefox, but not all.  Some sites are being taken down by hosts, which is a shame, when in many cases, the owner of the site had no clue. I'll put the list of what I found, and add to it next week when I go through the spam folder again.  After the list, I'll put a few "tell-tale signs" for a risky URL. Example email: Subj: ACH Payment 0901816 Canceled Payment Notification #68745890 The ACH transaction (ID:68745890 ), recently initiated from your checking account (by you or any other person), was canceled by the other financial institution (the link is displayed as): http://nacha.org/report/48969656/detailis.php?n=2145 (but it actually goes to a 'victim site'): Victim sites: (do NOT go to these pages unless you have massive anti-everything on your pc): lilydesigns.org/svxx873/index.html csoftintl.com/~leo/7alhpg/index.html jaimegarralda.com/pho4pel/index.html justupit.com/hw1z9v5/index.html kartajouer.com/nzukryo/index.html 203.146.170.92/~jeewonbi/xwniz9e/index.html kevalicare.com/z2byfr4/index.html cedarlakepark.org/inoya0m/index.html kpmandassociates.com/jpz1m9s/index.html home.vicnet.net.au/~lasc/aiaeil/index.html ladoduarte.com/gu2nh4/index.html livekommunikation.net/me6ysi/index.html laminateflooring2get.com/5zhveu/index.html members.iinet.net.au/~maccadelic_new/kip5oq/index.html jonmqueen.org/i2g5v0/index.html laminateflooring2get.com/5zhveu/index.html madhusundergroup.com/ntq4rwn/index.html 68.168.100.135/~jinterio/rzlkv18/index.html laboutikjewelry.com/0vnsa3/index.html justpest.co.uk/9x8r4qf/index.html kenyard.co.uk/oo6h3h/index.html kartajouer.com/1iucz2n/index.html justpest.co.uk/9x8r4qf/index.html justpest.co.uk/q0mbf4v/index.html cutecountrycreations.com/ni4ag3c/index.html laboutikjewelry.com/0vnsa3/index.html meureal.com/7ejd6a/index.html -------------- 24 hours after I wrote this page, I ended up with another batch of them ------------------------ coptichistory.org/gpudls/index.html jepretstore.com/tfum27/index.html cp05.digitalpacificcom.au/~austraqc/2p2um8/index.html kennelvombello.com/nl4iic/index.html www.kpmandassociates.com/fxrxp0/index.html cutecountrycreations.com/bqqvkx/index.html laminateflooring2get.com/skmy7n/index.html ash.phpwebhosting.com/~maisel/5kmq1d/index.html legaljunction.in/ayqpqu/index.html afghanstudents.in/jp0ec8u/index.html bunduexpo.co.za/qyg10p/index.html 3dc.in/xwplug5/index.html jepretstore.com/kzft2u/index.html ricardtech.com/r01eks1/index.html magnisiakos-volou.gr/jfdu87p/index.html members.iinet.net.au/~maccadelic_new/oj2rfn/index.html me-me.info/0i6i8w/index.html lemaripakaian.com/0ql73x/index.html jenniferautry.com/fp3pau/index.html madhusundergroup.com/06elcu/index.html 203.146.170.92/~maikamum/92du8go/index.html 203.146.170.92/~kapimovi/zk73xh8/index.html 203.146.170.92/~jeewonbi/9k0on3t/index.html jaba.net.pl/gaiuf4/index.html looksymail.com/ovlnou7/index.html kpmandassociates.com/gchne2/index.html corporatestudies.org/o0udgv/index.html laboutikjewelry.com/uz23zr5/index.html 360companymarketingcom/wxojph/index.html bunduexpo.co.za/qyg10p/index.html maistel.com.br/sb1n51k/index.html jenniferautry.com/fp3pau/index.html csoftintl.com/~leo/6ihivzp/index.html kacreativeconsulting.com/ph48ewk/index.html latestautomotivenews.com/4q36c5/index.html members.iinet.net.au/~maccadelic_new/oj2rfn/index.html mastermindscs.com/jxatlh/index.html -------------- another 24 hours later, it seems to be slowing ------------------------ tierpsychologie-haltungsberatung.de/bfjyetc/index.html cx15.justhost.com/~thereiv1/478opuw/index.html thelifecenter.us/qwtkr57/index.html corporatestudies.org/3ruy6l/index.html 3dc.in/ni7li5/indexhtml server1.icswebhost.net/~tgscott/ig4y152/index.html tassenshop.nl/xl06d7/index.html coptichistory.org/h33hvzx/index.html tnttoast.99k.org/pcnmme/index.html sysdev.clanteam.com/eisbcfc/index.html -------------- one last batch, from a few days' of phishing --------------------------- crane.co.th/jl3o7ju/index.html computer-shuttle-service.de/0klmga/index.html tmquadrat.de/xa2lgl/index.html computer-shuttle-service.de/g41h1v/index.html adroitly.info/main.php lzenegtnly.squirly.info/main.php terremobili.com/fiksmv/index.html jepretstore.com/ubvvsh8/index.html computersteward.com/b7n514c/index.html terreetconscience.com/i3xqkd/index.html 203.146.170.92/~jeewonbi/1ryzic/index.html 203.146.170.92/~maikamum/t7xuiop/index.html 2.8a.5446.static.theplanet.com/~traveladmin/keq7nl/index.html thevox.altervista.org/0eucq6/index.html madhusundergroup.com/y5p41rp/index.html server.mcdarghconsulting.com/~mcdarghc/mf452mi/index.html cruisereizen.eu/qij6jt/index.html server.mcdarghconsulting.com/~mcdarghc/mf452mi/index.html cutecountrycreations.com/satudd6/index.html cutecountrycreations.com/apba3d/index.html pass66.dizinc.com/~theparak/3q1spv/index.html cx15.justhost.com/~thereiv1/478opuw/index.html ip-208-109-125-158.ip.secureserver.net/~theconfe/dik7n2/index.html maincorpmaintenancecom.au/diwarr/index.html roundsites.com/oy5tz8/index.html instantinternetlifestyle.com/3pt49z/index.html lamontagnesouscadre.com/ebxbxt/index.html toilettassen.nl/fp7tzs/index.html mantratrance.com/gt4swft/index.html Hints about suspicious site links: Any site that does not have a domain name (so it's http://#.#.#.#) should NOT be advertised Sites that have a tilde (~) after the first slash (/)... (i.e.: home.somesite.com/~someshortname)   This is a common trick to use a different/untracked folder on a server Sites with directories with nonsense names.  A directory of "programs", or "cgi-bin" might be okay, but "0vnsa3"?  The only reason for directories like that is to get site owners to think it's something "for the server", so they ignore the folder, if they ever see it at all. So, I'll add to this list as time permits.  If you know someone that owns one of these domains, let them know their sites are being hacked, and links to the hacked area is being spammed.  I got about 75 notes using these sites in the last 24 hours or so.  For the most part, site-scanner can find, and cleanup can remove most of this stuff. This site is a member of the VS-TEN Traffic Exchange Network This site is powered by VS-TrEx Traffic Exchange Software This site has been built with the Varisearch LLC Skeleton 2.0