Today I clicked on a link from Google that supposed to lead me to the Esreality site, to my surprise I was redirected to absolutely different site, to be exact my browser was trying to load random site which is distributing viruses. This worked out for any links associated with Esreality. This will be probably work for other search enginges like yahoo and msn, but I'm too lazy to check. So I guessed it's another trivial htaccess hijack, where it's possible to observe some interesting rewrite conditions. The other site which is having the same IP (www.mousescore.com) is having the same issue even though there is nothing there. It's mystery for me, how it was hijacked (could be just an infected server, lawl), but it looks like hosting company (Fluent Ltd) isn't really aware after all. 8o)
See the log of wget:
>wget --referer=http://www.google.com "http://www.esreality.com"
--2009-04-30 20:01:59-- http://www.esreality.com/
Resolving www.esreality.com... 195.78.94.138
Connecting to www.esreality.com|195.78.94.138|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://blackporn1.com/in.cgi?4¶meter=sf [following]
--2009-04-30 20:01:59-- http://blackporn1.com/in.cgi?4¶meter=sf
Resolving blackporn1.com... 195.190.13.234
Connecting to blackporn1.com|195.190.13.234|:80... connected.
HTTP request sent, awaiting response... 302 Found
Cookie coming from blackporn1.com attempted to set domain to us-euro.biz
Location: http://tubeontvgl.com/show/?id=189&url=bb...n+disabled [following]
--2009-04-30 20:01:59-- http://tubeontvgl.com/show/?id=189&url=bb...n+disabled
Resolving tubeontvgl.com... 194.165.4.77
Connecting to tubeontvgl.com|194.165.4.77|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2403 (2.3K) [text/html]
Basically you can see that there are 2 redirects first to one ukrainian site then to the second. I do not suggest you to try loading these links. Besides this is also a message to the administrators of the site, since I couldn't find a "Contact" link, I guess you better contact your hoster and ask him to check htaccess if you are not having access to it.
See the log of wget:
>wget --referer=http://www.google.com "http://www.esreality.com"
--2009-04-30 20:01:59-- http://www.esreality.com/
Resolving www.esreality.com... 195.78.94.138
Connecting to www.esreality.com|195.78.94.138|:80... connected.
HTTP request sent, awaiting response... 302 Found
Location: http://blackporn1.com/in.cgi?4¶meter=sf [following]
--2009-04-30 20:01:59-- http://blackporn1.com/in.cgi?4¶meter=sf
Resolving blackporn1.com... 195.190.13.234
Connecting to blackporn1.com|195.190.13.234|:80... connected.
HTTP request sent, awaiting response... 302 Found
Cookie coming from blackporn1.com attempted to set domain to us-euro.biz
Location: http://tubeontvgl.com/show/?id=189&url=bb...n+disabled [following]
--2009-04-30 20:01:59-- http://tubeontvgl.com/show/?id=189&url=bb...n+disabled
Resolving tubeontvgl.com... 194.165.4.77
Connecting to tubeontvgl.com|194.165.4.77|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 2403 (2.3K) [text/html]
Basically you can see that there are 2 redirects first to one ukrainian site then to the second. I do not suggest you to try loading these links. Besides this is also a message to the administrators of the site, since I couldn't find a "Contact" link, I guess you better contact your hoster and ask him to check htaccess if you are not having access to it.
Edited by dunnno at 18:22 CDT, 30 April 2009 - 2905 Hits