Author Topic: PHISH and spammer site not detected?  (Read 1188 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33931
  • malware fighter
PHISH and spammer site not detected?
« on: February 26, 2014, 04:31:59 PM »
See: https://www.virustotal.com/nl/url/3efd6f1bbd7ff218a3ee79bd2c10d679f1262cd781c35f048cac4e86f5eebc1b/analysis/139342
and https://www.virustotal.com/nl/file/5cf51fd73e8c35111ed6aa4f625d15b6e56b6c1767c9971b2d0af4b0dd9b6e20/analysis/1393370888/7555/
and  http://support.clean-mx.de/clean-mx/phishing.php?descr=YourmailinglistproviderBelgian%20Network%20Solutions&sort=descr%20desc&response=alive
Bitdefender's TrafficLight blocks and WOT flags: https://www.mywot.com/en/scorecard/ymlp340.net?utm_source=addon&utm_content=popup-donuts
Quote
These domains appear to be used in rotation: a group is activated for a period of time, and then replaced by another group. Previous reports at PhishTank show that these domains once resided on other IP addresses, so they may be relocated periodically, possibly to avoid IP filtering:
confirmed: http://sameid.net/ip/87.237.13.68/
http://www.google.com/search?q=ymlp*.net+AS8368+site:phishtank.com
quote author = Myxt
See delegation issues here: http://dnscheck.pingdom.com/?domain=ymlp340.net
On the activities from there: https://www.projecthoneypot.org/ip_87.237.13.68
https://www.virustotal.com/nl/ip-address/87.237.13.68/information/  and recorded spammers ip: http://spam-ip.com/lookup-363100-87.237.13.68.html

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!