One of our users regularly receives spam mails containing a shortened link. I got curious, so I decided to investigate one of those links and it took me to a plain text website with gibberish, as if someone created text from the autocorrect suggestions of their phone. This is the site in question:
What I don’t understand is the URL, which also has gibberish parameters:
If you omit all parameters, it only takes to an empty white page.
If you only type in the domain name you are lead to the legitimate site of a small business. However, there is a high probability that this site may have been compromised by an attacker, because of an existing security flaw (which I’m going to report to the site owner). So I was wondering if this php script was placed by an attacker.
My question boils down to these two points:
- What is going on with that php script and why does it only show something when passing these gibberish parameters?
- Why would someone send spam mails to someone with a link that only leads to a gibberish plain text site? The site only contains basic html tags and I haven’t been able to discover something malicious about it.