« previous next »
Pages: [1]   Go Down

Author Topic: Is this PHISH-IP flagged?  (Read 1463 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Is this PHISH-IP flagged?
« on: April 26, 2017, 10:13:54 PM »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: Is this PHISH-IP flagged?
« Reply #1 on: April 26, 2017, 10:31:28 PM »
GoDaddy abuse and link to ransomeware detected to IP 50.63.202.58: https://www.herdprotect.com/ip-address-50.63.202.58.aspx
and https://ransomwaretracker.abuse.ch/ip/50.63.202.58/

Quote
GET /img.aspx?q=L3MkWGAkAGH3ZmN0AmZ0AGxjAGplAQHjZPHlAzpyZ3R1ZQNkWGV2MFHmpFHlAz4yZ3RjWGV2LlHmpGNyZwMyMvHmpGNyZwMzWGAkWGV2MJpyZ3RlZQR3ZQDlAwRmZQRjAvHlAzA5WGAkZFHlAaEaWGAkZvHlAatyZ3RyZwMhrvHmpGNyZwMzpPHmpGNyZwMbozpyZ3RkWGV2qTLyZ3R2WGV2pUNyZ3SuLvHlAaSyWGAkozLgpJI2pF1vLv0kBQt1AmR0ZGt2AGDjBQx0WGV2MzqjWGAkZN==-1 HTTP/1.1
Host: upath dot club

User-Agent: Mozilla/5.0 etc.
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: htxp://upath.club/?reqp=1&reqr=
United States
AS26496 GoDaddy.com, LLC 50.63.202.58
HTTP/1.1 200 OK
Content-Type: image/gif
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 26 Apr 2017 19:56:49 GMT
Age: 259
Transfer-Encoding: chunked
Connection: keep-alive
Re: https://asafaweb.com/Scan?Url=upath.club  1 errors:Fail and 2 Warning.

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline mchain

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 5625
  • Spartan Warrior
Re: Is this PHISH-IP flagged?
« Reply #2 on: April 26, 2017, 10:34:30 PM »
Getting a 404 unreachable atm for 50.63.202.52.  Just as well given what you've discovered.
Logged
Windows 10 Home 64-bit 22H2 Avast Premier Security version 24.1.6099 (build 24.1.88821.762)  UI version 1.0.797
 UI version 1.0.788.  Windows 11 Home 23H2 - Windows 11 Pro 23H2 Avast Premier Security version 24.2.6105 (build 24.1.8918.827) UI version 1.0.801

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Re: Is this PHISH-IP flagged?
« Reply #3 on: April 26, 2017, 11:14:42 PM »
Howdy mchain,

Again a GoDaddy secureserver dot net address "coming loose at the seams sort of", you know what I mean  ;)  :(
Host appears down now, as that is what you reports also. Wonder whether  they won't bone it out now as a sedo parking site, or take it down and have it out to the next domain to be hosted there until that one also "tumbles under because of issues, GoDaddy fails to address".

Hopeless bulk serving, actually. A party just in there to get you hooked and then you will not run away, just like the Comcast end-users.
Sad state of affairs, as you come to think of it, and bad for the security status of the overall infrastructure.

Damian
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »