Author Topic: http://us.acensusf.pw/  (Read 1270 times)

0 Members and 1 Guest are viewing this topic.

REDACTED

  • Guest
http://us.acensusf.pw/
« on: March 22, 2017, 01:02:53 PM »
Also, the pop-up that shows up when i attempt to get into my chrome browser app on my phone was not caught when scanned w avast mobile
(http://us.acensusf.pw/) I'm guessing this a virus. Please help me!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: http://us.acensusf.pw/
« Reply #1 on: March 22, 2017, 01:43:31 PM »
Hi superkatzmelagal,

Break these direct links for the unaware n00bs that may click after the links with htxp or -http

Yep, as it comes blocked by Google Safebrowsing as being a PHISH.
Re: https://www.virustotal.com/pl/url/ff2af2109853745fa90b1e3afbcc4b49676c59b34b3516b6a699e57a31ebf201/analysis/1490185411/
And again CloudFlare abuse, but missed here: http://urlquery.net/report.php?id=1490184736484
and here: https://urlscan.io/result/3161e8f3-38f9-4079-822d-739fcc8a79f6#summary
Further insecurity here: https://observatory.mozilla.org/analyze.html?host=us.acensusf.pw

CloudFlare rocketloader script from 2014 seems also not overtly secure i.m.o.:
http://www.domxssscanner.com/scan?url=http%3A%2F%2Fus.acensusf.pw%2Fcdn-cgi%2Fnexp%2Fdok3v%3D1613a3a185%2Fcloudflare%2Frocket.js
(vulnerability could spill over to Telerik.UI.Webresource.axd  :o ) etc.

But we should wait for an Avast Team Member to comment the PHISHing alert, as we here are just volunteers with relevant knowledge, but only Avast Team Members may block/unblock/alert).
Website could be compromised, is blacklisted by Google Safebrowsing, Quttera's and McAfee.
Cloaking detected: Checking for cloaking
There is a difference of 514 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page.
Quote
ajax.cloudflare dot com/cdn-cgi/nexp/dok3v=f2befc48d1/cloudflare.min.js
     status: (referer=-http:/www.ask.com/web?q=puppies)saved 60645 bytes eb092abaa978aa61b280753d9734c695b765026f
     info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
     info: [script] ajax.cloudflare dot com/cdn-cgi/nexp/dok3v=f2befc48d1/
     info: [decodingLevel=0] found JavaScript
     error: undefined function e.createTextNode
     error: undefined variable e
     info: Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn and browser=IE7/XP and browser=IE8/Vista and browser=Opera and browser=Firefox,      0 bytes
     info: Decoding option navigator.systemLanguage=en and navigator.systemLanguage=zh-cn and browser=IE7/XP and browser=IE8/Vista and browser=Opera and browser=Firefox,      74 bytes
     info: [element] URL=ajax.cloudflare.com/cdn-cgi/nexp/dok3v=f2befc48d1/undefined
     info: [1] no JavaScript
And you see with Cloaking the ever despicable Ask dot com (toolbar) is never far away.

Thanks for the heads-up anyway. ;)

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37506
  • Not a avast user
Re: http://us.acensusf.pw/
« Reply #2 on: March 22, 2017, 03:19:20 PM »