MarksScanners (Easier to Read Manuals) Hacked?

[jrl44430]

that would be how it works. it redirects you.
i had one years ago called conduit, it took some time to get rid of it.

Thanks. How did you get rid of if? Is my problem because I am running Vista?

 

[Wackyracer]

Download and scan you computer with malwarebytes 14day trial, then invest in the premium version.

 

[Ubbe]

I have used Norton and 2-3 other antvirus programs but since a couple of years back I use IOBits complete range of programs that are free and have worked perfect and seems to update as quick as any other program when a new ransomware or similar have been detected. The good thing is that users that get the pro version are allowed to share the key with free users so they can upgrade. It's only allowed 100 shares per key or something but there always seems to be a key available if you go to youtube and do a search for it.

I guess the company have that generous policy so you can try the pro version and then don't want to bother searching for a new key when it expires and instead buys a key from the company.

/Ubbe

 

[dave3825]

The google results point to www.marksscanners.com even tho its now at www.new.marksscanners.com. Had that problem a few days ago. Aslo the saved bookmarks I had no longer works and let me shop for pills. Mark is a member here but I do not know his member name. Maybe another admin might know or he will see this thread and chime in..

 

[w2lie]

I tried sending an e-mail to mark at marksscanners.com thinking that might be his e-mail, but I haven't heard back. Oh well.

 

[dave3825]

it could be your computer has a "google redirect virus".

I dont think its a virus as its doing the same thing on a brand new Win 10 install (bing with edge) and same thing on Ubuntu 18.04

 

[wtp]

once they are in your computer, i don't know what it could do.

 

[dave3825]

I am saying I don't think it is a virus because a brand new install of Windows 10 would not have a virus. And my Ubuntu, (Linux) does not use anything google. So no virus is on any of my machines.

 

[jeffdafoe]

My guess is the site was compromised somehow. I'd also guess that the site is serving a ratio of the original content versus the malware content. For example, a random 1 in 30 visits may get the compromised site. It's definitely there though, I've seen it twice and just saw it again. Also, here's one of the inner pages where you can see it all of the time http://marksscanners.com/106_197/106_197.shtml

 

[jeffdafoe]

OK or not see it all of the time. I see it in the window that got the hacked version of the site but if I go to the same link in another session, it redirects to new.marksscanners.com . That seems to be the basis of the compromise, the original content's sitting at new.marksscanners.com and the compromise sits at marksscanners.com and maybe also www.marksscanners.com where it instantly redirects most traffic to the original content. Google's also indexed the malicious content now.

 

[Wackyracer]

via several "whois" I get conflicting data, so it looks like someone hijacked the MARKSSCANNERS.com domain name. SO they put up a new one , it is so new there is no "whois" data for it yet.

Once all the servers catch up, everyone should be directed to new.marksscannners.com

 

[GTR8000]

Mark hasn't made any updates to the guides in nearly a year. He was last seen on RadioReference back in August. He has also removed all contact info from his website, where he used to have his email address on each page for those who wanted to contribute. I sent him an email a few months ago and received no reply.

I would say that it's looking like he has lost interest in maintaining the guides. The weirdness with his domain would seem to reinforce that notion.

 

[jrl44430]

I have used Norton and 2-3 other antvirus programs but since a couple of years back I use IOBits complete range of programs that are free and have worked perfect and seems to update as quick as any other program when a new ransomware or similar have been detected. The good thing is that users that get the pro version are allowed to share the key with free users so they can upgrade. It's only allowed 100 shares per key or something but there always seems to be a key available if you go to youtube and do a search for it.

I guess the company have that generous policy so you can try the pro version and then don't want to bother searching for a new key when it expires and instead buys a key from the company.

/Ubbe

I have IOBits and it did not find anything.

 

[KevinC]

I tried sending an e-mail to mark at marksscanners.com thinking that might be his e-mail, but I haven't heard back. Oh well.

Looks like his email is in this message...

He puts his email in all of the Intro sections. It's marksscanners at yahoo.com. He also on these forums as trunker.

 

[Blackink]

The google results point to www.marksscanners.com even tho its now at www.new.marksscanners.com. Had that problem a few days ago. Aslo the saved bookmarks I had no longer works and let me shop for pills. Mark is a member here but I do not know his member name. Maybe another admin might know or he will see this thread and chime in..

My old bookmarks sent me right to the new Marks scanner Web site..... That was the first thing I did when I first read this thread!

 

[belvdr]

via several "whois" I get conflicting data, so it looks like someone hijacked the MARKSSCANNERS.com domain name. SO they put up a new one , it is so new there is no "whois" data for it yet.

Once all the servers catch up, everyone should be directed to new.marksscannners.com

I'm confused but if I'm reading this right, there would never be any whois data on any subdomain or host, such as new.marksscanners.com. Unique whois data is only available at the domain level.

 

[jeffdafoe]

Assuming standard DNS SOA serial conventions, the DNS entries haven't been updated since 7/2017 .

 

[jrl44430]

Thanks to everyone who helped me. I was able to access the 996 and 325 pages by doing a system restore in control panel.

 

[dave3825]

You had to do system restore to view web pages at new.marksscanners.com?

 

[w2xq]

TracePing report for: marksscanners.com (184.168.27.39):
#: Hop IP address snt/rcv loss%StDevRTT min/avg/maxJitter avg/max, ms
1: 10.0.0.1 12/118%05/5/6 1/1
2: 96.120.73.85 12/118%112/14/18 3/6
3: 68.86.221.217 12/118%111/14/18 4/6
4: 96.108.142.73 12/118%114/16/20 3/6
5: 96.108.49.105 12/118%117/19/24 4/6
6: 4.68.71.125 11/109%419/23/35 6/11
7: 4.69.210.161 11/109%175/77/80 9/4
8: 4.28.83.74 11/109%1274/81/116 17/42
9: 148.72.32.11 11/109%1176/82/113 17/37
10: 184.168.0.73 11/109%175/77/81 9/3
11: 97.74.255.129 11/109%4376/120/183 87/107
12: 184.168.27.39 11/109%15676/131/600 108/524

Whois: 184.168.27.39 | GoDaddy.com LLC | AbuseIPDB

========

TracePing report for: marksscanners.com (184.168.27.39):
#: Hop IP address snt/rcv loss%StDevRTT min/avg/maxJitter avg/max, ms
1: 10.0.0.1 12/118%05/5/6 1/1
2: 96.120.73.85 12/118%112/14/18 3/6
3: 68.86.221.217 12/118%111/14/18 4/6
4: 96.108.142.73 12/118%114/16/20 3/6
5: 96.108.49.105 12/118%117/19/24 4/6
6: 4.68.71.125 11/109%419/23/35 6/11
7: 4.69.210.161 11/109%175/77/80 9/4
8: 4.28.83.74 11/109%1274/81/116 17/42
9: 148.72.32.11 11/109%1176/82/113 17/37
10: 184.168.0.73 11/109%175/77/81 9/3
11: 97.74.255.129 11/109%4376/120/183 87/107
12: 184.168.27.39 11/109%15676/131/600 108/524

Whois: 184.168.27.39 | GoDaddy.com LLC | AbuseIPDB

============

You can check the whois reports -- be sure to read to the page bottoms -- to see what's afoot. Also read About - AbuseIPDB for info on AbuseIPDB.