Parked/unused domains land on Hungarian html pages/redirecting to malicious site

jenh · December 1, 2022, 6:23pm

I just discovered all 39 of my parked/unused domains land on Hungarian html pages that redirect to malicious gaming site. Where should I start to fix this?

M4rt1n · December 1, 2022, 8:46pm

You should start by posting all of them as code in a list, like:

domain1.com
domain2.com
domain3.com
[…]

Then people here can analyse them and help you.

jenh · December 1, 2022, 9:29pm

Here’s one

cargo-spectrum.biz

They are all like that.

jenh · December 1, 2022, 9:52pm

My web host already had me add an A record to point one of my unused domains i.e. newdomaingss123 dot com to my web server IP address. Then on the web server, we added a redirect to my primary domain. But that didn’t do anything.

We also created a temporary URL using SkipDNS and that didn’t work either.

M4rt1n · December 2, 2022, 6:37am

Your website got compromised/hacked and does not have anything to do with Cloudflare.

In your DOM/HTML there is this sectionby some filthy JS snippet. This is completely unrelated from Cloudflare and technically could be implemented anywhere. If multiple sites are affected and they all are on the same server, I would assume your server got infiltrated - specially since the faulty JS is actually getting served from your domain.

The filthy JS snippet looks something like this:

<script type="text/javascript">
[... JS ...]
(document, "script", "https://cargo-spectrum.biz/adapter.js");
[... JS ...]
</script>

You need to find and eliminate it. Could be on your server as a file somewhere, or actually already in your DB.

I would recommend approaching the problem like this:

log into your server via SSH and search recursively for *adapter.js*
log into your DB and search it for adapter.js
delete all the JS of your findings, if related to this bad JS snippet

M4rt1n · December 2, 2022, 6:47am

To have a quck-validation of the fact, that the /adapter.js is the culprit you can simply open your Dev-Console in your browser and block the file https://cargo-spectrum.biz/adapter.js (or even better something like *adapter.js. Then hardreload the page - now your page should work. It will just work for you and no one else, but that gives you the possibility to debug it

jenh · December 2, 2022, 7:12am

And thank you by the way. I totally appreciate your time. My last question is only me seeing if it’s a possibility.

system · December 5, 2022, 7:13am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Cloudflare Bug - My blog got redirected to this illegal site General dns , dash-ssl-tls , dash-getting-started , Account	46	7217	June 1, 2019
Squatting: Russian Website On My Domain Security dns	7	2357	September 1, 2018
Cloudflare Nameserver Redirect to Adult Domain Parking DNS & Network	3	2195	April 8, 2021
My domain baiak-legend.com has its DNS hosted on Cloudflare Dashboard	5	575	November 4, 2023
Main domain and parked domain with cloudflare Getting Started	5	4493	March 28, 2021

Parked/unused domains land on Hungarian html pages/redirecting to malicious site

Related topics