Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Phishing domains worth blocking...Host1plus-cloud-server abuse!
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Phishing domains worth blocking...Host1plus-cloud-server abuse! (Read 2074 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33903
malware fighter
Phishing domains worth blocking...Host1plus-cloud-server abuse!
«
on:
September 06, 2016, 11:41:33 PM »
Coming to an online theater online soon: icsvalidation.su etc.
Wants an example for Suricata Emerging Threats IDS alert for "ET DNS Query for .su TLD (Soviet Union) Often Malware Related".
See:
http://urlquery.net/report.php?id=1473034336331
See:
https://virustotal.com/en/url/8fd10da1257e7dcd274974807caf829a782a97c2af9070f3410c159576c50709/analysis/1473137658/
[2]
https://virustotal.com/en/ip-address/154.16.205.3/information/
IP 154.16.205.3 Info creditsgo to T.S. & Erik van Straten
Also see:
https://virustotal.com/en/url/8fd10da1257e7dcd274974807caf829a782a97c2af9070f3410c159576c50709/analysis/1473137658/
polonus
Update: Site is hosted as Hostname = IP for AS.MAROSNET, Moscow. in Los Angelos for netblockowner DIEXDNS INFRASTRUCTURE IN RUSSIA via registrar=R01-REG-FID (transferred) re: ->
https://zeustracker.abuse.ch/monitor.php?registrar=R01-REG-FID
MySQL authenticated site - dns.freedns.review OpenSSH 5:3 (protocol 0.2) JSON (JSON is vuln. and not suitable for private data communication) - possible line of abuse credit card abuse.
D
«
Last Edit: September 07, 2016, 01:35:32 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33903
malware fighter
Re: Phishing domains worth blocking...Host1plus-cloud-server abuse!
«
Reply #1 on:
September 28, 2016, 06:07:21 PM »
Update:
The phishing mails are now seen actively launched through a phising campaign mainly directed at the Netherlands: e.g.
https://www.fraudehelpdesk.nl/vragen-meldingen-cpt/nepmail-omloop-uit-naam-van-ics-validatie/
various IDS alerts for it here:
http://urlquery.net/report.php?id=1473425258579
Has also been seen to appear here- list:
https://techhelplist.com/53-pastes
Has all signs of a RBN domain, ergo a CRIME-ONLY phishing domain.
Damian aka polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
polonus
Avast Überevangelist
Probably Bot
Posts: 33903
malware fighter
Re: Phishing domains worth blocking...Host1plus-cloud-server abuse!
«
Reply #2 on:
September 28, 2016, 10:27:02 PM »
Similar phishing from that same IP, but for another theater:
http://urlquery.net/report.php?id=1473565080981
See:
http://fetch.scritch.org/%2Bfetch/?url=www.us-bankofamerica.com%2F&useragent=Fetch+useragent&accept_encoding=
And here:
https://www.h3xed.com/web-and-internet/scam-text-message-from-855-254-9217-us-bankofamerica-com
Latest redirects here and is phishing:
http://urlquery.net/report.php?id=1475096990810
, see:
http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fww17.us-bankofamerica.com%2F
Listed here, which list is updated daily:
http://phishing.mailscanner.info/phishing.bad.sites.conf
polonus
«
Last Edit: September 28, 2016, 11:33:32 PM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Phishing domains worth blocking...Host1plus-cloud-server abuse!