Author Topic: Website via api has cloaking...on a src=hxxp://sedoparking.com/frmpark/' website  (Read 264 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 30833
  • malware fighter
Site given as under construction.

Checking for cloaking
There is a difference of 19894 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page.

Pop-up ad-code from hxtp://i1.cdn-image.com/__media__/js/min.js?v2.2 by Media.net Advertising FZ-LLC Dubai based, blocked for me by uBlock Origin.

Consider: https://urlscan.io/result/1576f582-a797-4f81-96d1-dfdeb3754a42/

Ransomeware has been spread from this IP, https://otx.alienvault.com/indicator/ip/208.91.197.27
Previously Malicious Host, Spamming, Malware Domain, Malware IP, C&C

See also https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=Xn18LXN7XnV9W3R5Ll19Zw%3D%3D~enc

polonus (volunteer website security analyst and website error-hunter)

Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 80531
  • No support PMs thanks
I'm always suspicious of anything to do with SEO.
Core2Duo E8300/ 4GB Ram/ WinXP ProSP3/ avast! free 18.7.2354/ Firefox ESR, uBlock Origin, uMatrix/ MailWasher Pro7.8.0/ DropMyRights/ WinPatrol+/ Drive Image 7.1/ SnagIt 10.0/ avast! mobile security

Offline polonus

  • Avast Überevangelist
  • Maybe Bot
  • *****
  • Posts: 30833
  • malware fighter
And right you are, DavidR.

Especially when it is a "SEO driven sedoparking" website.
Also a preferred target for hackers and malcreants, etc.
So be suspicious when you stumble upon such websites.
For most cases the history of IP and AS is a certain give-away in that direction.

Damian
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!