Risk here is fingerprinting, because reads the windows installation date…
Re: https://www.virustotal.com/#/url/81e9c696dda896747f21ee865bc734d0db0ad4182c1c2bff45020c436c4e3d0e/detection
two to flag…parked domain being abused: https://www.virustotal.com/#/domain/iyfnzgb.com
malicious and phishing etc. https://www.shodan.io/host/208.91.196.46
Checking for cloaking
There is a difference of 84 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that’s trying to hide from browsers but make Google think there’s something else on the page
not flagged: https://urlquery.net/report/4e47ec0f-59eb-4454-ae55-6f8618d334be
top.location="-http://iyfnzgb.com/?domain=xandernet.net&dn=xandernet.net%2F&fp=c5CYYQmYvbp9nihZQYZnhkbBd%2FTWTt5OtlJCsghoq8Unc0YHZx7xguKoLnNSsaXfDwfSkb%2FnNSkuwBC2LABTaxFn6IF%2FHBZHQoJXs1q6kcLTNmbXYqr5rWzt2PH20c1zuQC%2FVoNtHut%2BMTfY8zH6NSqtFaC6x9CZJryaWKQfOec%3D&prvtof=j2qt2dyDjNYPJ22%2Bn23U1CT0jfm%2F7tvMgGVKz09V3yo%3D&poru=MgIvvo6dJSyUjG7ZD86wtLajraxA3OiZwlvV3cHIkNLYK7xPhxPz594pfWBwRbbwUEO5a1Nm%2BScnDZ58uXDMlc9FS65Kv3kXBGmLbTii%2B8g%3D&cifr=1&"; top.location="-http://iyfnzgb.com/?domain=xandernet.net&dn=xandernet.net%2F&fp=VvN%2FR0TYuhsH5Q0B%2FepRpyWCknw1j418z30k8wMbCIzDEvjrWri1BnGuqmKikbkv%2BLPY%2FQuj7aPStxCJikV7lFUUVgmagL9hFZ8BbfAHurKM415YO3dcebjySFBv3TEx%2FbziSUELwyVMo%2FKKuW90amzpm%2BjbUQ1nSDmfKbJ%2BbwV0Ycl7v0vn8CGTOQbvs%2FCN&prvtof=BkD7rdw6piJl6axEJP4KX2oyedsLFKPJTZvDvQWPmRw%3D&poru=zKAPukkbOwLWYUa6WmCsWFfGbZItxZnLGb41Ls8r4L%2FJ7TPwy3qUdmYZBBXozO%2BjGI87n4mumobsQf3Psg29W9ScntoXSLB0JGpZ6ajYMp8%3D&cifr=1&"; window.top.location = "-http://iyfnzgb.com/?domain=xandernet.net&dn=xandernet.net%2F&fp=c5CYYQmYvbp9nihZQYZnhkbBd%2FTWTt5OtlJCsghoq8Unc0YHZx7xguKoLnNSsaXfDwfSkb%2FnNSkuwBC2LABTaxFn6IF%2FHBZHQoJXs1q6kcLTNmbXYqr5rWzt2PH20c1zuQC%2FVoNtHut%2BMTfY8zH6NSqtFaC6x9CZJryaWKQfOec%3D&prvtof=Ax6kxaxhXhFP%2BaT8I9bQegbdlg5nHJMlL%2BEyNCiHc18%3D&poru=nDFAPaDUj8b2Czkg%2BhGxPNBU2v2a8NphM%2BBPXfrpTVGs3ZX5SCBys8hPhEPoqaE6ZD%2FsCUFYHFMlQDeczQPKl5p8ECasSYY1N4PTON0T0dg%3D&cifr=1&"; window.top.location = "-http://iyfnzgb.com/?domain=xandernet.net&dn=xandernet.net%2F&fp=VvN%2FR0TYuhsH5Q0B%2FepRpyWCknw1j418z30k8wMbCIzDEvjrWri1BnGuqmKikbkv%2BLPY%2FQuj7aPStxCJikV7lFUUVgmagL9hFZ8BbfAHurKM415YO3dcebjySFBv3TEx%2FbziSUELwyVMo%2FKKuW90amzpm%2BjbUQ1nSDmfKbJ%2BbwV0Ycl7v0vn8CGTOQbvs%2FCN&prvtof=z46V8McPHGBV5wlW%2FMyTFdoTfI4S56Ak4kEeCnE0Hnc%3D&poru=aDJzvyszwn1ViNUzI%2BuF3q5TcM2Masn%2BckqG6Oi0uJaJYiBjGWiqvY2FKoViUlfx3FonWTiylMp0fXiMoOUy%2BL8hI%2FGvlpNvfXt9zWL47wA%3D&cifr=1&"; Click here to proceed. Click here to proceed.Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=W3lmbnpnYi5eXW1gPHBbIz05UF0xSDlWNzEmI249eHxuI3t9bnt0Lm57dA%3D%3D~enc
Dom-Xss issues: Results from scanning URL: http://iyfnzgb.com/?pid=9po1h9v71&dn=xandernet.net/
Number of sources found: 3
Number of sinks found: 4 → if(window.top != self) / window.top.location = "-http://iyfnzgb.com/? /
{document.cookie = 'isframesetenabled=1; path=/; / href / frame source / document.cookie = 'isframesetenabled=1
var abp=abp||false;var scripts=document.getElementsByTagName("script");var script=scripts[scripts.length-1];if(script){var query=script.src.replace(/^[^\?]+\??/,"").split("&");var params={};for(var i=0;i<query.length;i++){var param=query[i].split("=");params[param[0]]=param[1]}if(params["ch"]==1)abp=true;else if(params["ch"]==2)abp=abp&&false};
Anyone? Blocked on same IP by avast security browser = -http://www.searchstarters.com/
See on IP → https://otx.alienvault.com/indicator/ip/208.91.196.46 & https://www.threatminer.org/host.php?q=208.91.196.46
likewise: https://urlquery.net/report/d44f3d95-5f67-49e3-b503-d1d28a2f1967
from virgin islands = (admin) Privacy Protection Service INC d/b/a PrivacyProtect.org
https://pastebin.com/NaXXJRz7 for /sk-logabpstatus.php? in address…
read analysis: https://www.reverse.it/sample/0a2ca004049e7f2c331bee021d5dfcf4894f289acad48305bdc91b451230a560?environmentId=100
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error hunter)