Author Topic: This PHISH detected yet? TrojanSpy:JS/Phish.E  (Read 2520 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
This PHISH detected yet? TrojanSpy:JS/Phish.E
« on: January 07, 2015, 12:04:38 AM »
See: https://www.virustotal.com/nl/url/c9bff48c12d20e5789ad7633a9f2acfa3abcc8e1d6078c6cfeb2df79c0d48063/analysis/1420584983/
Detected hidden reference to external web resource. Detected hidden iframe tag to '-gator4189.hostgator.com'
Code: [Select]
<iframe sandbox="allow-same-origin allow-scripts allow-top-navigation" id="preferedMethod" src="htxps://gator4189.hostgator.com:2096/unprotected/loader.html?random=8jBpeRd88FBG9McSFii2IJmjuie3AlF1aVWqVQ53RfiPeAr7FRAeKKSI9P1vudD1" style="display:none;">Blacklisted links: -cmathss.com//cpanel
-cmathss.com//a
-cmathss.com/about:blank
-cmathss.com/javascript:void(0)%3B
-cmathss.com//webmail
-cmathss.com/#
Warning for PHISH-ing attacks by Norton's: http://safeweb.norton.com/report/show?url=cmathss.com
-> https://www.virustotal.com/nl/file/404a4e8aa7287686d4bb61fd6edf63b021b6debc8960caf363d08842906c6fa9/analysis/
IP badness history: https://www.virustotal.com/nl/ip-address/108.167.180.186/information/

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Re: This PHISH detected yet? TrojanSpy:JS/Phish.E
« Reply #1 on: January 07, 2015, 01:59:56 AM »
Seems that Hostgator Domain Redirect Feature was worked on this site.
Re: http://wphostingdiscount.com/how-to-use-301-domain-redirection-using-hostgator-cpanel/

polonus

P.S. Pondus, thank you for pointing this out to me, another day where something was learnt.

D
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37614
  • Not a avast user
Re: This PHISH detected yet? TrojanSpy:JS/Phish.E
« Reply #2 on: January 07, 2015, 02:05:07 AM »
your welcome

the full  hxxp://cmathss.com/xxl/yourmailbox/index.html goes to a HostGator ERROR 404 - PAGE NOT FOUND  message


Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33932
  • malware fighter
Re: This PHISH detected yet? TrojanSpy:JS/Phish.E
« Reply #3 on: January 07, 2015, 02:42:46 AM »
Pondus,

Anyway WOT blocks site as well, even before redirecting: https://www.mywot.com/en/scorecard/cmathss.com
as a PHISH.

pol
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!