Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
FakeAV scan page and blackhole here.
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: FakeAV scan page and blackhole here. (Read 2426 times)
0 Members and 2 Guests are viewing this topic.
true indian
Guest
FakeAV scan page and blackhole here.
«
on:
July 17, 2013, 02:55:30 PM »
See:
http://urlquery.net/report.php?id=3802514
There are no IDS alerts but there is a blackhole exploit on the same IP
It locks chrome,FF,IE...dont go there without script protection!!.It doesnt harm your machine in anyway but just locks the browser and doesnt allow you to exit.If you fall prey to this open up the task manager and kill the browser and you should be safe again.
Undetected...reported to avast.
Logged
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: FakeAV scan page and blackhole here.
«
Reply #1 on:
July 17, 2013, 03:02:14 PM »
Good find, read also:
http://safeweb.norton.com/report/show?name=200.63.97.55
Recorded attack was for included: .:/usr/lib/php:/usr/local/lib/php
due to this exploit:
http://www.exploit-db.com/exploits/12192/
and via Joomla ->
http://forum.joomla.org/viewtopic.php?f=621&t=706027
Sucuri -> htxp://v5k45.ru/9o35drIVs8LH09Gn21eAVla3I2FKmOOLF/BsfCZqY3e2BIVFsJnUlKHmiKU42FK2dT3D.php
-> The address you entered is unnecessarily exposing the following response headers which divulge its choice of web platform:
1. Server: nginx/0.7.67
2. X-Powered-By: PHP/5.2.17
-> It looks like a cookie is being set without the "HttpOnly" flag being set (name : value): 1. cookie_fid : 5412
-> It doesn't look like an X-Frame-Options header was returned from the server which means that this website could be at risk of a clickjacking attack
Also consider:
https://www.virustotal.com/en/ip-address/200.63.97.55/information/
polonus
pol
«
Last Edit: July 17, 2013, 06:21:23 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Secondmineboy
Avast Evangelist
Massive Poster
Posts: 3645
Re: FakeAV scan page and blackhole here.
«
Reply #2 on:
July 18, 2013, 09:25:17 PM »
The Website is being blocked by Norton, cause it has Phishing Attacks by this URLs:
hxxp://200.63.97.55/~miltonm/language/images/ca7a46b12ac2617ecfeca05b1f551501
hxxp://200.63.97.55/~miltonm/language/images/163b732b7acfa15d7870adecea7e6326
Logged
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10
polonus
Avast Überevangelist
Probably Bot
Posts: 34065
malware fighter
Re: FakeAV scan page and blackhole here.
«
Reply #3 on:
July 18, 2013, 10:05:00 PM »
Hi Steven Winderlich,
Those are noth PHISHING attacks. See:
http://jsunpack.jeek.org/?report=0fc4a2ba63f3ce1ba930dac8df4c7ea5952435bd
and
http://jsunpack.jeek.org/?report=762d03bb5f616cea9dec490895f5055afacec8d8
Website has suspended status....see:
https://www.virustotal.com/en/ip-address/200.63.97.55/information/
seems to be dead according to here:
http://support.clean-mx.de/clean-mx/phishing.php?id=3471867
not being blacklisted now:
http://www.ipvoid.com/scan/200.63.97.55/
Damian
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Secondmineboy
Avast Evangelist
Massive Poster
Posts: 3645
Re: FakeAV scan page and blackhole here.
«
Reply #4 on:
July 18, 2013, 10:20:24 PM »
This is what Norton says:
http://safeweb.norton.com/report/show?url=http%3A%2F%2F200.63.97.55%2F~miltonm%2Flanguage%2F
The site is also blocked by Chrome as a Phishing Site. Picture added. (In German)
Logged
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10
Secondmineboy
Avast Evangelist
Massive Poster
Posts: 3645
Re: FakeAV scan page and blackhole here.
«
Reply #5 on:
July 18, 2013, 10:24:35 PM »
This is a scan of the age that Norton says its a pphishing site in the Link above:
https://www.virustotal.com/de/url/1b539283f42d7071c7855d6d8b56be656215dd7dd49a6957276b5274f39c0cc1/analysis/1374178869/
And thats the downloaded File:
https://www.virustotal.com/de/file/af62c522a141e91a8baacf42bc37506fd0729b1758c6254971196d2aed10ed2e/analysis/1330482437/
It is clean.
Logged
Windows 10 1909, 4 GB DDR3 RAM, 500 GB 5400 RPM HDD, 1366 by 768 LCD Screen, Intel Core i3 5010U Dual Core, Intel HD Graphics 5500
HUAWEI P30 Pro. Android 10
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
FakeAV scan page and blackhole here.