Author Topic: Look out - website still into phising, scamming and spamming!  (Read 2390 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
See: https://www.mywot.com/en/scorecard/amega.com
and poor qualification at Adquard's: http://adguard.com/en/adguard-report/amega.com/report.html
The malware is being given as dead now, but I have sources that report it is stiil active:
http://support.clean-mx.de/clean-mx/viruses.php?sort=firstseen%20desc&review=85.158.139.%
Site actually found to be taken down! amega.com,85.158.139.194,dns1.cscdns.net,Multiple IPs,
REGISTERED AND NO WEBSITE: http://whois.domaintools.com/amega.com
The viruscontent in a virusviewer: http://support.clean-mx.de/clean-mx/view_virusescontent.php?url=http%3A%2F%2Famega.com%2Fowa%2Fservice_directory%2Fsettings.php
Get no objects here now:
url   scheme   host   path   type   query   aid   cid   date   patterns   objects   name   affilition
hxtp://amega.com/owa/service_directory/settings.php   hxtp   amega.com   /owa/service_directory/settings.php   n/a            2015-03-03 14:55:10      
But owa service means spam, and spam means owa service- so read here:
http://garwarner.blogspot.nl/2009/10/targeted-urls-in-spam-owa-settings.html 
and  owa service means phishing also, read:
http://www.phishtank.com/user_verifications.php?page=731&username=SuIsh

So do not click malis from such sources, forewarned is forearmed,

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: March 03, 2015, 03:24:35 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Pondus

  • Probably Bot
  • ****
  • Posts: 37507
  • Not a avast user

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Look out - website still into phising, scamming and spamming!
« Reply #2 on: March 03, 2015, 03:19:54 PM »
Hej Pondus,

Good reporting, Pondus, but you may be mistaken.
He fortunately did not open it. Lucky for us all I also get now: Error: Supplied URL could not be fetched.
Their owa service is down or was taken down, but mind you cannot look for a down website,
because they never had any website running from amega dot com.
But look out for other IPs here: amega.com,85.158.139.194,dns1.cscdns.net,Multiple IPs,
Knujon reports them all:
http://knujon.com/nameservers/DNS1.CSCDNS.NET.html
Also read: http://dnstools.fastnext.com/index.php?fDNSreport=travellink.se

polonus
« Last Edit: March 03, 2015, 03:25:19 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33891
  • malware fighter
Re: Look out - website still into phising, scamming and spamming!
« Reply #3 on: March 03, 2015, 03:50:37 PM »
Here we see IP is up, but domain is LOCKED and SPAM reported: http://www.whoismind.com/whois/messagelabs.com.html
Read about Domain Locking: http://wiki.dreamhost.com/Domain_locking

pol
« Last Edit: March 03, 2015, 03:54:31 PM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!