According to PublicWWW, there are approx. 2831 web pages infected with the recent DNS redirect malware. The malicious script is injected in the footer area, triggers randomly and affects all the website pages.
Try our Free site check.
DNS redirect malware is a type of malicious software that manipulates the Domain Name System (DNS).
The DNS system translates human-readable domain names (e.g., www.example.com) into IP addresses (e.g., 185.161.248.253). DNS malware interferes with this translation process to redirect users to malicious websites.
Malware cleanup steps for a.quartzquester.top
- Backup the website, including files and database;
- If WPCode Lite plugin is installed, check all the enabled scripts at /wp-admin/admin.php?page=wpcode ;
- Ask for a professional cleanup: Magefix, Sucuri WordFence or OneHourSiteFix – Magefix exclusively offers unlimited cleanups, site updates and security updates;
- Apply site updates regularly, focusing on security updates;
Malicious sequence:
Malicious IPs: 185.155.184.53, 65.21.30.17, 185.252.222.24, 185.161.248.253, Kisara LLC AS49202
Malicious domains: jaredbartlett.com, tracker-cloud.com, a.emberenchanter.top
Other domains: my-bonus-top.life, 2729.himbothroof.live, titanictooler.top, webdatafinder.com, protecios.com, adverproj.com, abracios.com, actumtextil.com, blowfishsystems.com, cockzen.com, directenergydealer.com, dkanedev.com, evecomplete.com, evolvett.com, g33k3ry.com, ghostcloudstudios.com, gnparks.com, habiteats.com, iprofitmizer.com, jiakravmaga.com, overoutters.com, panktiparikh.com, shakenagency.com, sirbids.com, skillsurger.com, smartlnk.ru, tysonvoigtlander.com, jmckim.com, emmastips.com, viqtorywins.com, lasinconsult.com.
URLs:
hxxps://webdatatrace.com/?uidcknak8ijvq33j0f3f98g
hxxps://protecios.com/?uidckj86uqjvq31l2vjf4bg
hxxps://abracios.com/?uidckhen2qjvq38eo4ktf2g
hxxps://greatservers.com/?uidckfeaoijvq38eo1saus0
hxxps://viqtorywins.com/?uidcka3d7ijvq38eo5334m0
hxxps://jaredbartlett.com/?uidck9sut2jvq38eo4qumtg
hxxps://allurexashleyalaura.com/?uidck9vifqjvq38eo4u1h7g
hxxts://qltuh.alpheratzscheat.top/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=ck9sut2jvq38eo4qumtg
hxxps://qltuh.canopusacrux.top/?pl=CHiI7Gh3GUyTa8XGgNqDyQ
hxxps://qltuh.abyssalforge.top/eyes-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ
https://qltuh.veinmaster.top
https://a.veinmaster.top/eyes-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ
https://a.stonecarv.top/eyes-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ
https://a.titanictooler.top/eyes-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ
https://qltuh.canopusacrux.top/?pl=CHiI7Gh3GUyTa8XGgNqDyQ&click_id=clndjaajvq3bs5jd3l4g
hxxps://qltuh.titanictooler.top/eyes-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ
hxxps://qltuh.quartzquester.top/eyes-robot/?pl=
hxxs://a.quartzquester.top/eyes-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ
hxxs://a.emberenchanter.top/eyes-robot/?pl=CHiI7Gh3GUyTa8XGgNqDyQ
hxxps://dns.google/resolve?name=infocusnyc.com.86-123-20-85.10321918.tracker-cloud.com&type=txt
hxxps://dns.google/resolve?name=www.venezia.net.86-123-20-85.345046.tracker-cloud.com&type=txt
hxxps://dns.google/resolve?name=www.pnliasi.ro.185-252-222-24.6585496.tracker-cloud.com&type=txt
ns1.tracker-cloud.com. admin.tracker-cloud.com. 1 86400 7200 3600000 3600
admin.tracker-cloud.com
Malicious nameservers:
brett.ns.cloudflare.com
crystal.ns.cloudflare.com
jillian.ns.cloudflare.com
justin.ns.cloudflare.com
ns1.ads-promo.com
admin.ads-promo.com
Titles:
Press “Allow” to verify, that you are not a robot
Appuyez sur “Autoriser” pour Vérifier que vous n’êtes pas un robot.
Drücken Sie “Zulassen”, um zu Überprüfen, ob Sie kein Roboter sind.
Sitecheck:
Malware Found, Known javascript malware: redirect?dns_txt.2.3
Decoded Javascript
base64 encoded:
Tools used in this investigation: https://urlscan.io/, https://dnslytics.com/, https://malwaredecoder.com/.
Need help?
Try our Free site check.