Author Topic: Website via api has cloaking...on a src=hxxp://sedoparking.com/frmpark/' website  (Read 428 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31188
  • malware fighter
Site given as under construction.

Checking for cloaking
There is a difference of 19894 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page.

Pop-up ad-code from hxtp://i1.cdn-image.com/__media__/js/min.js?v2.2 by Media.net Advertising FZ-LLC Dubai based, blocked for me by uBlock Origin.

Consider: https://urlscan.io/result/1576f582-a797-4f81-96d1-dfdeb3754a42/

Ransomeware has been spread from this IP, https://otx.alienvault.com/indicator/ip/208.91.197.27
Previously Malicious Host, Spamming, Malware Domain, Malware IP, C&C

See also https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Xn18LXN7XnV9W3R5Ll19Zw%3D%3D~enc

polonus (volunteer website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 81002
  • No support PMs thanks
I'm always suspicious of anything to do with SEO.
WinXP ProSP3/ Core2Duo E8300/ 4GB Ram/ avast! free 18.5.2342/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 19.2.2364/ WinPatrol+/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro7.11.0/ WinPatrol+/

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 31188
  • malware fighter
And right you are, DavidR.

Especially when it is a "SEO driven sedoparking" website.
Also a preferred target for hackers and malcreants, etc.
So be suspicious when you stumble upon such websites.
For most cases the history of IP and AS is a certain give-away in that direction.

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!