We’d like to remind Forumites to please avoid political debate on the Forum.
This is to keep it a safe and useful space for MoneySaving discussions. Threads that are – or become – political in nature may be removed in line with the Forum’s rules. Thank you for your understanding.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Macbook web page redirecting
Comments
-
Yes, it's definitely their problem.
I would still scan your mac, for peace of mind that it hasn't been compromised in any way as a result of the exploit.0 -
Great, thanks for your help, I will scan it as well
0 -
scan with webroot for mac0
-
-
Still seeing it in all browsers. You can see the safebrowsing POST request (Palemoon)
IE:GET hxxp://www.bing.com/search?q=pageandwells.com&FORM=IE8SRC 200 OK (text/html) GET hxxp://www.pageandwells.com/ 302 Moved Temporarily to hxxp://www.atv-haltern-volleyball.de/includes/domit/xml_domit_lites_parser.php GET hxxp://www.atv-haltern-volleyball.de/includes/domit/xml_domit_lites_parser.php 302 Found to hxxp://www.shifajeddah.com/includes/PEAR/include/www/all.php GET hxxp://www.shifajeddah.com/includes/PEAR/include/www/all.php 302 Found to hxxp://www.google.com.br/ GET hxxp://www.google.com.br/ 200 OK (text/html)
Palemoon (Firefox)GET hxxp://www.pageandwells.com/ 302 Moved Temporarily to hxxp://www.atv-haltern-volleyball.de/includes/domit/xml_domit_lites_parser.php GET hxxp://www.atv-haltern-volleyball.de/includes/domit/xml_domit_lites_parser.php 302 Found to hxxp://www.shifajeddah.com/includes/PEAR/include/www/all.php POST hxxp://safebrowsing.clients.google.com/safebrowsing/gethash?client=navclient-auto-ffox&appver=20.0.1&pver=2.2&wrkey=AKEgNivK94Tp5h902iV3Jyz0ToPkNO3P9UUjP0AtrEUIF8H2rHfLjeFXaLJKI8Bpn_UYHcaCI1aoMf7dx5hMox__LwUa55obRQ== 200 OK (application/octet-stream) GET hxxp://www.atv-haltern-volleyball.de/includes/domit/xml_domit_lites_parser.php 302 Found to hxxp://www.shifajeddah.com/includes/PEAR/include/www/all.php GET hxxp://www.shifajeddah.com/includes/PEAR/include/www/all.php 403 Forbidden (text/html) GET hxxp://www.shifajeddah.com/favicon.ico 404 Not Found (text/html) GET hxxp://www.shifajeddah.com/favicon.ico 404 Not Found (text/html)
SRWare Iron (Chromium)GET hxxp://www.bing.com/fd/ls/GLinkPing.aspx?IG=1b500f0217974cfa9965ef37977731c6&CID=0EAB6431516964791DCF60E950486423&PM=Y&&ID=SERP,5107.1 200 OK (image/gif) GET hxxp://www.pageandwells.com/ 302 Moved Temporarily to hxxp://www.atv-haltern-volleyball.de/includes/domit/xml_domit_lites_parser.php GET hxxp://www.atv-haltern-volleyball.de/includes/domit/xml_domit_lites_parser.php 302 Found to hxxp://www.shifajeddah.com/includes/PEAR/include/www/all.php GET hxxp://www.shifajeddah.com/includes/PEAR/include/www/all.php 302 Found to hxxp://www.google.com.br/ GET hxxp://www.google.com.br/ 200 OK (text/html)
0 -
XP
Fine for me in Chrome but redirected to Googie Brazil in IE80 -
People really need to be careful if they're visiting the site - I wouldn't recommend doing so unless you know exactly what you're doing.
The site is redirecting to a domain hosting an exploit kit. Any hiccup could result in you being infected.0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 351.7K Banking & Borrowing
- 253.4K Reduce Debt & Boost Income
- 454K Spending & Discounts
- 244.7K Work, Benefits & Business
- 600.1K Mortgages, Homes & Bills
- 177.3K Life & Family
- 258.4K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.2K Discuss & Feedback
- 37.6K Read-Only Boards