Jump to content

[HH#774978] Issue 30639452: Malicious web shell at hxxp://doyouevergetsadfornoreasonandhavenoideawhy[.]lol/v5.php

HelioHost

By HelioHost
in Email Support

 Share

Recommended Posts

HelioHost Grand Master

HelioHost

Posted
Posted
Username: N/A, Server: N/A, Main Domain: N/A

Hello,

We have discovered a malicious web shell being hosted on your network:

hxxp://doyouevergetsadfornoreasonandhavenoideawhy[.]lol/v5.php [65.19.141.67]

Web shells are scripts that attackers upload to compromised web-servers in order to gain remote access. When accessed using a web browser, web shells can allow attackers to upload files, execute arbitrary commands on the server, and send spam. Web shells are often used to create phishing or malware attacks on the compromised server.

Attackers often attempt to disguise web shells as benign pages. Common techniques include returning a fake 404 page and making the web shell input fields on the page invisible. Please check the attacker is not attempting to hide the web shell before dismissing this report.

We understand that this site is simply a redirect to a page showing benign content, however it used to redirect to fraudulent content. The redirect is controlled by a fraudster so can be reused for future attacks, making its removal all the more important.

More information about the detected issue is provided at https://incident.netcraft.com/c8445feadb80/

Many thanks,

Netcraft

Phone: +44(0)1225 447500
Fax: +44(0)1225 448600
Netcraft Issue Number: 30646569

To contact us about updates regarding this attack, please respond to this email. Please note: replies to this address will be logged, but aren't always read. If you believe you have received this email in error, or you require further support, please contact: takedown@netcraft.com.

This mail can be parsed with x-arf tools. Visit http://www.xarf.org/ for more information about x-arf.

---
Attachment: none
Category: abuse
Date: 2022-04-12T12:32:21+00:00
Download-Link: http://doyouevergetsadfornoreasonandhavenoideawhy.lol/v5.php
Download-Port: 80
Report-ID: takedown-response+30639452@netcraft.com
Report-Type: malware-attack
Reported-From: takedown@netcraft.com
Schema-URL: http://www.xarf.org/schema/abuse_malware-attack_0.1.4.json
Source: 65.19.141.67
Source-Type: ipv4
User-Agent: Netcraft Takedown

Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...