This topic contains 1 reply, has 2 voices, and was last updated by lmfao_my_mom_died 1 month, 2 weeks ago.
- August 6, 2020 at 11:28 am #291564
Alright so I don’t want to make this any bigger than it is but I was browsing and looking up information about OG usernames, I came across a website: http://www.deklaasjes.be. deklaasjes is a normal website for a football club somewhere in belgium. It has a folder called jnfcy and an totally unrelated file og-usernames-generator.html. So I think it is fairly certain this site got hacked somehow.
The following websites have something like this on their page (I uncluded the file folders for some)
icsmarketplace.amsdemo.info (folder = gvktmhh)
apwineandspirit.com (folder = oswfulo6p)
naivedyamcafe.com (folder = hqbby7he)
faithgas.com (folder = kqdph)
amsdemo.info (folder = 8wsaw)
I looked online for WanzHaxor and quickly found that there is a guy who calls himself Mr.xWanz403x and goes on sprees, hacks a bunch of sites. Maybe he’s a skid and uses some automated program but idk. I think he does it just to say “hey you’re site is vulnerable” or something so not very interesting. But why does it have these weird folders with links to other sites. Does anybody know what this is for?
- August 6, 2020 at 11:30 am #291566
maybe he does it for gaining some time deleting the logs (maybe?)
- August 6, 2020 at 11:30 am #291567
They are part of a ransomware detection/prevention mechanism. Honey folders if you were. They contain junk but ‘interesting’ data and when encrypted, ransomware detected/stopped.
Cybereason is one such example.
You must be logged in to reply to this topic.