Avast WEBforum

Other => Viruses and worms => Topic started by: polonus on March 10, 2023, 04:34:56 PM

Title: Why this link is not being flagged for phishing abuse?
Post by: polonus on March 10, 2023, 04:34:56 PM
Why after reports nothing was done towards following unsafe parked domain link?

Re: -https://go.microsoft.com/fwlink/p/?LinkId=187566

See multiple redirection links for this parked domain, e.g.
to -Final URL 
htxps://joakim.uddholm.com/posts/claiming-a-microsoft-shorturl-for-an-easy-phish
-> https://www.virustotal.com/gui/url/455a4246fbddb6aa8e13473ef18fc81d4cef7d609e8d81a78f3fe458d02a790a/details

No flagging whatsoever -> https://www.ip-lookup.org/score/78.47.94.92
=> https://www.shodan.io/domain/static.92.94.47.78.clients.your-server.de

Initial info credits go to Erik van Straten

polonus
Title: Re: Why this link is not being flagged for phishing abuse?
Post by: polonus on March 11, 2023, 01:23:59 PM
It is the method of claiming a dhorturl to go a-phishing, that is being demonstrated here.

The so-called safe unsafe websites. It is a hackers tale,
but MS & Google as such should be aware of potential abuse on parked domains.

That is the point being made here.

The site at "static.92.94.47.78.clients.your-server.de" is at least not used to abuse.

polonus
Title: Re: Why this link is not being flagged for phishing abuse?
Post by: polonus on March 18, 2023, 12:31:24 PM
Following site is being blocked by adblockers.
Not flagged here, but it is not safe, isn't it? Risk of abuse on parked site redirection.
Re: https://www.virustotal.com/gui/url/92f25fd879b6837d3dffeacbd18d781391549b74b1188091c23b6338e32ad3fd/details

Not flagged here either: https://urlscan.io/result/b2bee744-ff60-413e-91bc-f4e03bcd3085/

Finally redirects to -http://whairtoa.com/4/ is in Dr.Web malicious sites list!

-http://whairtoa.com/4/ is listed as spammer -> https://www.virustotal.com/gui/url/265fefbd68d0367a5dfd5ba17c3054977f8056edd241c1665680b0850a3d869?nocache=1  (spam abuse on a parked website)

polonus