|
You can find that sort of thing in spam emails.
On the surface it appears to be the ligit site but in the code tels a different story.
I thing the "#" makes it ignore anything after it.
I looked at the links from google and didn't see the redirect so it may be on the page itself.
I'll look at the source.
|
|
|
|
|
If you go to the desired url, it shows up fine. This only happens when you use a search engine, which tells me the site itself is fine.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
I have a packet capture doing it both ways there is a strange "Jump" when using google.
I'll have to research how this is done.
|
|
|
|
|
Here is the redirect.
Full request URI: http://jbfly.win:7711/jump.do?url=http%3A%2F%2Fwww.twotenperformance.com%2F
I would say it is probable that the site was compromised and it is redirecting depending on the referer.
Google if linked from google, none if direct url input, possibly some other site depending on what it's refer string was.
They need to check the backend scripts and any extra admins added.
I would say the "#" in this case is a way so it dosent go to that site after but tells the site where it going who the infected site was.
|
|
|
|
|
I checked all of the javascript, and I didn't see anything suspicious.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
it is something on the back end that is not showing up on the page we view thru the browser.
The referer is the site name not google for the redirect.
you would need to log into the site and look at the code behind.
|
|
|
|
|
|
If you have access to the site see what this is
"url=/nojavascript.aspx"
it is in the head tag at the top of the normal page.
I don't know if that is normal to put that there or not.
|
|
|
|
|
That's something that allows the site to react to someone that has javascript turned off. It displays an error page in that case. Nothing nefarious about that.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
I just wasn't sure if the code was changed or that was a secion that they did not add, i've seen several redirect scripts using the "No Script" tag.
|
|
|
|
|
Just droped this into google search and only got 1 hit.
"http://jbfly.win:7711/jump.do"
Views better In Google Chrome
There are to many pages and scripts to go thru by hand.
Perhaps this will give some ideas.
|
|
|
|
|
Here is a link to an article that explains how the redirect could happen.
[^]
I hope that helps them.
|
|
|
|
|
ledtech3 wrote: I thing the "#" makes it ignore anything after it. The hash is a goto, which should redirect you to an anchor on the same page with the ID "twotenperformance.com", which it hasn't got, so it defaults to the top of the page.
I can't see where this is happening. It's unlikely to be in twotenperformance.com's back-end, because the site redirected to appears to be a genuine merchant site, which would be unlikely to breach hacking laws.
There's nothing in the source of the redirect destination page that looks particularly suspicious (and it's identical to the source of the index.html file at the location).
Likewise in the search-engine page source (but it's probably too late to see anything, by the time the page has loaded).
Beats me.
Looks like some marketing moron has found a loophole in search-engine code/protocols.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
if you check some links on the page it lands on they are listed as malicous.
the referer for the redirect in my packet capture is the normal host name not google like you would think.
|
|
|
|
|
Just found some Interesting pages in my temp folder running a special string searcher I built.
I just have to figure out where they came from.
They contain the redirect script information.
Edit:
These turned out just be my searches for the string ingoogle and bing.
It also redirects using bing also.
modified 22-May-16 16:12pm.
|
|
|
|
|
I've tested a few other links it it only appears to be the main page.
By the traffic it appears something is checking the referer for that page.
Not sure what else it could be with out being able to view the the site code.
|
|
|
|
|
Is your website hosted by Arvixe?
Some unhelpful web experience with Arvixe happened recently...
Google Groups[^]
check for "bot.php" file on root, or a hacked Web.config
|
|
|
|
|
Yep, this was it. Someone hacked a server and installed a couple of files that redirected, modified the web config, and added an ftp account so they could go back in and do it again.
".45 ACP - because shooting twice is just silly" - JSOP, 2010
- You can never have too much ammo - unless you're swimming, or on fire. - JSOP, 2010
- When you pry the gun from my cold dead hands, be careful - the barrel will be very hot. - JSOP, 2013
|
|
|
|
|
At least you'll get some fun out of reporting it, and divulging the various addresses to sites like this one[^].
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
Shadows . . . they paint the sunshine.
It's Monday, tomorrow.
I wanna be a eunuchs developer! Pass me a bread knife!
|
|
|
|
|
It is 'Monday' today......the joys of the middle east Friday/Saturday weekend!
|
|
|
|
|
Here are some alternatives:
We rename Monday, maybe to Earthday. Earthday will just be the same as Monday though, just with another name.
We take Mondays as a day off as well, or we shift the weekend to a day earlier or later. In this case Sunday or Tuesday will just be the new "Monday", the first work day after your weekend.
We could never work again, but you know perfectly well that won't solve anything.
Or we could just never have weekends again, but that won't make people happy either.
So what you're basically saying is "It's the first day after the weekend, tomorrow." and since there will always be such a day in our current society I'd say Monday is much better than the alternative, never another day again.
Although the end of the world may not be so bad. At least we'd all be dead so it shouldn't really bother anyone. As an added bonus there would be no more war, hunger, crime, politics, and other suffering.
Bummer, it's Monday tomorrow
|
|
|
|
|
Sander Rossel wrote: At least we'd all be dead so it shouldn't really bother anyone
Except the cats, unless they very quickly evolve opposable thumbs...
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|
|
If anything they would be behind it all
|
|
|
|
|
Mine certainly would!
Evil, twisted little mind he has. This morning he jumped on the bed, walked up my body, kneaded my bladder, purred, and dribbled cold spit all down my arm.
He wanted breakfast, and OUT. NOW. YES, NOW. ME. OUT. NOW.
So I rise, he eats, I open door. He looks out at the rain and goes back to bed ... little sod.
Bad command or file name. Bad, bad command! Sit! Stay! Staaaay...
|
|
|
|