Spam mail leading to gibberish site



  • One of our users regularly receives spam mails containing a shortened link. I got curious, so I decided to investigate one of those links and it took me to a plain text website with gibberish, as if someone created text from the autocorrect suggestions of their phone. This is the site in question: enter image description here

    What I don't understand is the URL, which also has gibberish parameters: enter image description here

    If you omit all parameters, it only takes to an empty white page.

    If you only type in the domain name you are lead to the legitimate site of a small business. However, there is a high probability that this site may have been compromised by an attacker, because of an existing security flaw (which I'm going to report to the site owner). So I was wondering if this php script was placed by an attacker.

    My question boils down to these two points:

    • What is going on with that php script and why does it only show something when passing these gibberish parameters?
    • Why would someone send spam mails to someone with a link that only leads to a gibberish plain text site? The site only contains basic html tags and I haven't been able to discover something malicious about it.

    Thanks.



  • One thing that comes in my mind by seeing this url is that maybe this: ?bob=1u1bga1mm1b0 is an unique ID that is related to this email, so when the person click on the email he/she will notify the spammers and tell them that they actually clicked this link or maybe they are trying to set some cookies to track activity or trying to initiate "man in the browser" attack, this are things we can just guess on, but maybe you can try and check if this domain is blacklisted, check if there are another hosts that are hosted on this server's IP address and check if they are the same blank pages, this may help you identify if this whole server has been compromised or maybe even notify the owner of the server in some way that something wrong is going on.


Log in to reply
 

Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2