Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on August 31, 2017, 09:04:34 PM

Title: PHISHING continued from a parked domain address?
Post by: polonus on August 31, 2017, 09:04:34 PM: Original PHISH: https://urlquery.net/report/7a9020e8-5392-45d2-b675-2d72c8eff142
GoDaddy abuse: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fhealthymamashop.com%2Fatt%2Fclose
Earlier generic malware: https://otx.alienvault.com/indicator/url/http://healthymamashop.com/att/close
100/100% malicious: https://zulu.zscaler.com/submission/078b5310-e099-440c-9d46-47295b8bea9b
On parked domain - 3 fails & 3 warnings: https://asafaweb.com/Scan?Url=mcc.godaddy.com%2Fpark%2FqKWhrJq1oUchrz5zqJWwYaOvrt%3D%3D%2Ffe%2FnzcdYaEvLaE5pv5jLab%3D
Google flagged: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=healthymamashop.com&ref_sel=GSP2&ua_sel=ff&fs=1
script OK
Quote
window.parent.location.href = 'htxp://healthymamashop.com?reqp=1&reqr=nzcdYaEvLaE5pv5jLab=';
IP threat: https://ransomwaretracker.abuse.ch/ip/184.168.221.50/ Bad Host ...

polonus (volunteer website security analyst and website error-hunter)

SMF 2.0.18 | SMF © 2015, Simple Machines