ePrivacy and GPDR Cookie Consent by Cookie Consent
What is up with these weird folders on website domains (screenshots included) – Digitalmunition


Home Forums What is up with these weird folders on website domains (screenshots included)

This topic contains 1 reply, has 2 voices, and was last updated by  lmfao_my_mom_died 1 month, 2 weeks ago.

  • Author
  • #291564


    Alright so I don’t want to make this any bigger than it is but I was browsing and looking up information about OG usernames, I came across a website: http://www.deklaasjes.be. deklaasjes is a normal website for a football club somewhere in belgium. It has a folder called jnfcy and an totally unrelated file og-usernames-generator.html. So I think it is fairly certain this site got hacked somehow.


    I tried to acces the jnfcy folder but that was not possible. I tried looking for other files in jnfcy and found test.html (screenshot https://imgur.com/9NJS4XC). It was now that I noticed there were links at the bottom of the page (https://imgur.com/zrMCmB5). I clicked those links without having javascript turned off (so stupid, hopefully I didn’t get pwned). One link led me to a webpage with a backdoor shell login (https://imgur.com/1L38mJD). I was like wtf is going on. Btw it says ’email protected’ in the last screenshot because they thought I was a bot as I had javascript turned off. I later checked on a VM and it’s supposed to say [email protected]


    The following websites have something like this on their page (I uncluded the file folders for some)

    icsmarketplace.amsdemo.info (folder = gvktmhh)
    apwineandspirit.com (folder = oswfulo6p)
    naivedyamcafe.com (folder = hqbby7he)
    faithgas.com (folder = kqdph)
    amsdemo.info (folder = 8wsaw)


    I looked online for WanzHaxor and quickly found that there is a guy who calls himself Mr.xWanz403x and goes on sprees, hacks a bunch of sites. Maybe he’s a skid and uses some automated program but idk. I think he does it just to say “hey you’re site is vulnerable” or something so not very interesting. But why does it have these weird folders with links to other sites. Does anybody know what this is for?

  • #291566


    maybe he does it for gaining some time deleting the logs (maybe?)

  • #291567


    They are part of a ransomware detection/prevention mechanism. Honey folders if you were. They contain junk but ‘interesting’ data and when encrypted, ransomware detected/stopped.

    Cybereason is one such example.

You must be logged in to reply to this topic.