See:
https://safeweb.norton.com/report/show?url=updowanow.bplaced.net phishing attack
blacklisted and likely compromised:
https://sitecheck.sucuri.net/results/updowanow.bplaced.net#blacklist-statusloaded: -http://updowanow.bplaced.net/
GoogleSafe:
OK Load:
322ms Server: 144.76.167.69
Apache/2.4 ASN: 24940 Germany
Hetzner Online GmbH Reverse DNS:
-server1.bplaced.net
using http and collecting passwords...
https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=updowanow.bplaced.net%2Fwebadm%2Fwp%2Fowa&ref_sel=GSP2&ua_sel=ff&fs=1The scan found some potential problems in the code, the links below should pop you down to the line.
line 204:
line 208:
excessive server header info poliferation - Server: Apache/2.4
on IP -
https://www.abuseipdb.com/whois/144.76.167.69 /
https://www.projecthoneypot.org/ip_144.76.167.69Reporting sources: ibm x-force exchange, quttera.com, c-sirt.org, malc0de.com, dul.ru, labs.snort.org, malwr.com, dnsbl.ahbl.org, tor.ahbl.org, openphish.com, virustotal.com, virustotal.com, cybercrime-tracker, urlquery.net, google safebrowsing, hphosts-phishing, phishtank, malc0de blacklist, cleanmx-malware, cleanmx-phishing -
https://cymon.io/144.76.167.69and
https://www.threatminer.org/host.php?q=144.76.167.69https://urlquery.net/report/91419f2c-a32f-4ddf-99c7-93a4b3e315fedetected - The full link that Norton give in the dropp down menu
https://virustotal.com/#/url/5b9f6f1cdfcf486b9100bdb316484b31e015dcf8b020e3e8904ba3653d7bb564/detection (thanks, Pondus
)
polonus
