All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Dedirock's website seemingly got hacked and is showing a phishing page
Ballinwrld
Barred
https://dedirock.com
https://web.archive.org/web/20250916105702/https://dedirock.com/
I can see it trying to load even on the web archive, so I've determined it's not my PC or network's problem.
The Dedirock website is displaying a phishing website via iframe, which navigates to statswpmy.com (91.222.173.12) redirects to > https://chromusimus.com/ (91.222.173.27)
They create a cookie named 'iframe_shown_count' on the domain '.dedirock.com', which increases every time they show this fake Chrome update page, up to three times, and then it won't be shown anymore. When I deleted the cookie, the iframe started loading again until the counter reached 3.
The iframe is only shown when using a Windows OS (edit: thanks for the correction @oloke !) PC browser. It didn't show when using 'desktop mode' on mobile or when using the device toolbar to make the PC browser appear as a mobile device.
EDIT 2 ) It seems some sort of plugin is malformed, javascript code is injected in the html. Look at @TandM 's comment
Comments
reserved this comment slot
it only shows on Windows, i had to change my user agent to get it
Wordpress ...
Yeah, probably a leaky plugin or something like that.
There's some code in the homepage HTML with regards to a "Header Fix Tester", which contains Ukrainian comments, and references to statswpmy.com and trackingmyadsas.com, both registered to an Ukrainian registrar, which is probably the culprit.
Incoming drama?
the malicious script
https://pastecode.dev/s/7eq9ah8h
when i open the https://dedirock.com website, it ask me to update chrome, im using firefox.
both domains:
point to servers at @vsys_host , we should probably report them
Favorite Energy Drink?
I can hook it up
@DediRock
Best wishes
Dedirock ππ»π¬ website ππ¨ looks ππ hacked π΅οΈββοΈπ£ and π ββοΈβ οΈ showing ππ£ a phishing page π―πΈπ± but π Cryptomus π°ππ is still πβ π’ a ππ―β¨ legitimate πβοΈπ― organization ποΈπ€πΌ and we π₯πͺπ€ continue πβ‘π to follow π£πβ strict πππ international standards πβποΈ with our π₯πͺπ’ AML π‘οΈβοΈπ° + KYC ππβ compliance πβ π― staying πππ₯ rock solid ππ§±β¨ so π‘ pro tip: donβt π€β click π― suspicious links π³οΈπ and always π·οΈβ double-check ππ the real ππ Cryptomus website.
We have to stop this LET host on LET host violence
Ah yes just noticed
It's not even hidden , the js is injected in html itself
https://pastebin.com/HF48eGQf
Ah I was opening every js file that was loaded. thanks..
Ooof gotta love the internet
Ya checking seeing what happened, gnarly stuff. Well get it handled, and get to the bottom of it.
π₯HostDZire offers high-performance VPS and dedicated servers from top global locations including India, The Netherlands, USA, Singapore, Japan, and more.π₯
https://archive.is/vYQsC
Respect this is not a matter of publicity, it is something that no one would like to go through
What's wrong with you buddy
So we arenβt shitposting?
If this matter is shit idk but no one would want themselves on this situation
Then hook it up when you're done
Fuck that we shitpost to our hearts content or banned
They have recently offered $7/year VPS maybe. So you can understand.
Thanks TandM, that is good intel, checking it out.
Hell yeah, Shitpost or bust!!
on it, thank you
well this is certainly a development.