Sponsored by..

Thursday 30 January 2014

WTF is s15443877[.]onlinehome-server[.]info?

Something that caught my eye was this Google Safebrowsing diagnostic for [donotclick]s15443877.onlinehome-server.info:

Safe Browsing

Diagnostic page for s15443877.onlinehome-server.info

What is the current listing status for s15443877.onlinehome-server.info?
This site is not currently listed as suspicious.
What happened when Google visited this site?
Of the 1746 pages we tested on the site over the past 90 days, 582 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2014-01-29, and the last time suspicious content was found on this site was on 2014-01-29.Malicious software includes 166 scripting exploit(s), 166 trojan(s), 89 exploit(s). Successful infection resulted in an average of 5 new process(es) on the target machine.
Malicious software is hosted on 198 domain(s), including mendozaempleos.com/, e-veleta.com/, forogozoropoto.2waky.com/.
155 domain(s) appear to be functioning as intermediaries for distributing malware to visitors of this site, including chebro.es/, formandfinishpdr.com/, mendozaempleos.com/.
This site was hosted on 1 network(s) including AS8560 (ONEANDONE-AS).
Has this site acted as an intermediary resulting in further distribution of malware?
Over the past 90 days, s15443877.onlinehome-server.info did not appear to function as an intermediary for the infection of any sites.
Has this site hosted malware?
No, this site has not hosted malicious software over the past 90 days.


Not only are (exactly) one third of the pages crawled hosting malware, but there are a staggering 198 domains spreading it. Usually it's just a handful of sites, but this is the most I've ever seen.

VirusTotal also shows some historical evil going on with the IP of 212.227.141.247 (1&1, Germany) and a Google of the site contents shows thousands of hits of what appears to be scraped content in Spanish.

It's hard to say just what this site is, but with Google diagnostics like that then it is unlikely to be anything good and blocking s15443877.onlinehome-server.info or 212.227.141.247 might be prudent.

2 comments:

Unknown said...

Scam email received


Bill must be paid before the end of the week
http://a1128967.sites.myregisteredsite.com/Document/Inquiry.zip?maggiewakefield@aliceadsl.fr



_____________
Tel.: +44-4567014808.

Anonymous said...

Constant Spam Labled " What App" from them yes it is a host of malware and an intermediary