« previous next »
Pages: [1]   Go Down

Author Topic: Checking a PHISH....  (Read 1023 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Checking a PHISH....
« on: September 20, 2017, 05:06:59 PM »
Re detected recently and earlier: https://urlquery.net/report/fc9accf8-b044-4bf0-8c97-63bd28da4260
Re: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=www.appl-access-limited.com&ref_sel=GSP2&ua_sel=ff&fs=1
Quote
   scheme   host   path   type   query   aid   cid   date   patterns   objects   name   affilition
-http://www.appl-access-limited.com   http   www.appl-access-limited.com      n/a            2017-09-20 16:34:03            
-https://www.google.com/recaptcha/api/challenge?k=6Lc6eOISAAAAAOyLSPIxozsSC7IDzE6MqT-1jjO3   -https   www.google.com   /recaptcha/api/challenge   n/a   k=6Lc6eOISAAAAAOyLSPIxozsSC7IDzE6MqT-1jjO3         2017-09-20 16:34:03            
-https://www.google.com/recaptcha/api/js/recaptcha.js   -https   www.google.com   /recaptcha/api/js/recaptcha.js   n/a            2017-09-20 16:34:03            
-http://www.google.com/js/th/5lsb50VzGvqjmOib75uFHb-kkf9dER4STNAOSRjgs30.js   -http   www.google.com   /js/th/5lsb50VzGvqjmOib75uFHb-kkf9dER4STNAOSRjgs30.js   n/a            2017-09-20 16:34:03            
https://www.google.com/recaptcha/api/reload?c=03AOmkcwIdh58K2vZWq5bLzPD4QtbKnb5w6dwwgFmvAtQ1B6grZKZrSG1qqiIq1sen_82aM1tUquUFXHvpBG2myRWRZJRP7kKYp_1DiFTWdf9vVnUtlcGtOQ73tiMNgLuK0wHAfsavukV8HN-Uz2A-ov7jd7uMu0k8qRM8LQL1VYdkKiRtBhk_nmJyjxO94gRjL3xCNTDSQNvTxQx0_q1-Fn9Sf1rsWu1s0A&k=6Lc6eOISAAAAAOyLSPIxozsSC7IDzE6MqT-1jjO3&reason=i&type=image&lang=en&th=,Ps9Xz9iwS1qrV4MBrpK2EF4Wt9giAZz9AAQeCUot-AD6O7EE0RF5EooUB9ivPDeeDSNgnBXhcI0zJE7xxs5OMgi4tMmgcgtbCGrlogviDBRuR7c9rtudwin8kLtqUyeHbB9Pjnq_wFslwZ9L71yqA0IH9kVk2qmQ9atW-YQhWfH8i60LCjZPkvjDTo_Dhv5ucwnqGQb7l3Yh7PpZutZxJU66J_U8d2av1vZfmC0lOrQIsoCOXHQf9_Qgz-z4m3wYqgZjP3FFpiiRwq100lSeS3gaBiK7leN5you8NFCzMkJa8WRLcxbLTh0K_e7JZl6fYE40wzd34HJvHB-5v68t31QGi1LsrNK6BvAOEkCgq15y93hw2R-EcdQSa2sAKSbDiU5dnS-Dx-x522lWeCWPpn5tzfFZwBMcWierrqbzO7EUZtnE6d7T   -https   www.google.com   /recaptcha/api/reload   n/a   c=03AOmkcwIdh58K2vZWq5bLzPD4QtbKnb5w6dwwgFmvAtQ1B6grZKZrSG1qqiIq1sen_82aM1tUquUFXHvpBG2myRWRZJRP7kKYp_1DiFTWdf9vVnUtlcGtOQ73tiMNgLuK0wHAfsavukV8HN-Uz2A-ov7jd7uMu0k8qRM8LQL1VYdkKiRtBhk_nmJyjxO94gRjL3xCNTDSQNvTxQx0_q1-Fn9Sf1rsWu1s0A&k=6Lc6eOISAAAAAOyLSPIxozsSC7IDzE6MqT-1jjO3&reason=i&type=image&lang=en&th=,Ps9Xz9iwS1qrV4MBrpK2EF4Wt9giAZz9AAQeCUot-AD6O7EE0RF5EooUB9ivPDeeDSNgnBXhcI0zJE7xxs5OMgi4tMmgcgtbCGrlogviDBRuR7c9rtudwin8kLtqUyeHbB9Pjnq_wFslwZ9L71yqA0IH9kVk2qmQ9atW-YQhWfH8i60LCjZPkvjDTo_Dhv5ucwnqGQb7l3Yh7PpZutZxJU66J_U8d2av1vZfmC0lOrQIsoCOXHQf9_Qgz-z4m3wYqgZjP3FFpiiRwq100lSeS3gaBiK7leN5you8NFCzMkJa8WRLcxbLTh0K_e7JZl6fYE40wzd34HJvHB-5v68t31QGi1LsrNK6BvAOEkCgq15y93hw2R-EcdQSa2sAKSbDiU5dnS-Dx-x522lWeCWPpn5tzfFZwBMcWierrqbzO7EUZtnE6d7T         2017-09-20 16:34:04            

Ip abuse: https://www.abuseipdb.com/check/81.88.63.46 Potential risk: https://otx.alienvault.com/indicator/ip/81.88.63.46/

DNS report: https://dnsspy.io/scan/appl-access-limited.com
Trojan activity on IP: http://www.malwareurl.com/ns_listing.php?as=AS39729

hidden owner data: https://www.scamadviser.com/check-website/appl-access-limited.com

An error occurred:
Input error: k: Format of site key was invalid  on iFrame...

https://www.scamadviser.com/check-website/appl-access-limited.com

polonus (volunteer website security analyst and website error-hunter)
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33900
  • malware fighter
Re: Checking a PHISH....
« Reply #1 on: September 20, 2017, 05:25:40 PM »
When we check in the source code here: -https://www.register.it/_js/libs/html5shiv/3.7.0/html5shiv.js
we get a suspicious: maxruntime exceeded 10 seconds on running this in - www.register.it/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/svg-support/js/min/svgs-inline-min.js  & 
Quote
-www.register.it/_js/libs/html5shiv/3.7.0/undefined benign
[nothing detected] (element)- www.register.it/_js/libs/html5shiv/3.7.0/undefined
     status: (referer=-www.register.it/_js/libs/html5shiv/3.7.0/html5shiv.js)saved 68630 bytes 3d9272a9ccffd96f823f0f777fbd506c0aa3c4ad
     info: [script] -html5shiv.googlecode.com/svn/trunk/html5.js
     info: [script] -code.jquery.com/jquery-1.12.3.min.js?ver=1.12.3
     info: [script] -www.register.it/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/svg-support/js/min/svgs-inline-min.js
     info: [script] -code.jquery.com/jquery-migrate-1.4.0.min.js?ver=1.4.0
     info: [img] -www.register.it/_img/header/logo.png
     info: [img] -www.register.it/wp-content/uploads/404_clipAcatTrace02c.png
     info: [img] -www.register.it/wp-content/uploads/404_clipAcatTrace02_left.png
     info: [img] -www.register.it/wp-content/uploads/404_clipAhp.png
     info: [img] -www.register.it/wp-content/uploads/404_clipAcp.png
     info: [img] -www.register.it/wp-content/uploads/404_clipAca2.png
     info: [img] -www.register.it/wp-content/uploads/2016/12/Picon2016_fill.png
     info: [img] -www.register.it/wp-content/uploads/2016/12/Picon2016_fill.png
     info: [img] -www.register.it/wp-content/uploads/2016/12/Picon2016_fill.png
     info: [img] -www.register.it/wp-content/uploads/2016/12/Picon2016_fill.png
     info: [img] -www.register.it/wp-content/uploads/2016/12/Picon2016_fill.png
     info: [img] -www.register.it/wp-content/uploads/2016/12/Picon2016_fill.png
     info: [img] -www.register.it/wp-content/uploads/2017/03/Picon2017_fill.png
     info: [img] -www.register.it/wp-content/uploads/Picon2016_fill.png
     info: [img] -www.register.it/wp-content/plugins/sitepress-multilingual-cms/res/flags/it.png
     info: [img] -www.register.it/wp-content/plugins/sitepress-multilingual-cms/res/flags/en.png
     info: [script] -maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js?ver=3.3.6
     info: [script] -www.register.it/wp-content/plugins/bwp-minify/min/?f=wp-content/themes/dada/asset/js/lib/jquery.mobile.touch.js,wp-content/themes/dada/asset/js/dada-privacyTextsRetriever.js,wp-content/themes/dada/asset/js/dada-cookies-management.js,wp-content/themes/dada/asset/js/dada-tracking-cfg.js,wp-includes/js/wp-embed.min.js,wp-content/plugins/sitepress-multilingual-cms/res/js/sitepress.js,wp-content/themes/dada/asset/js/dada-www.js,wp-content/themes/dada/asset/js/dada-request-collector.js,wp-content/themes/dada/asset/js/dada-language.js,wp-content/themes/dada/plugins/box/js/enqueue/generic.js
     info: [script] -www.register.it/_js/cookiecuttr/jquery.cookie.js
     info: [script] -www.register.it/_js/cookiecuttr/jquery.cookiecuttr.js
     info: [script] -www.register.it/_js/trkcookie.js
     info: [script] -www.register.it/_js/trk.js?ver=14
     info: [script] -www.register.it/_js/01.js?ver=23
     info: [script] -www.register.it/wp-content/themes/dada/asset/js/dada-tracking.js?ver=1.2
     info: [script] -www.register.it/wp-content/plugins/bwp-minify/min/?f=wp-content/themes/dada/plugins/video/js/enqueue/generic.js,wp-content/themes/dada/plugins/languageSwitcher/js/enqueue/general.js
     info: [iframe] -www.googletagmanager.com/ns.html?id=GTM-96QR
     info: [decodingLevel=0] found JavaScript
     error: undefined function b.attachEvent
     error: undefined variable b
     info: [element] URL=-www.register.it/_js/libs/html5shiv/3.7.0/undefined
     info: [1] no JavaScript
     file: 3d9272a9ccffd96f823f0f777fbd506c0aa3c4ad: 68630 bytes
     file: 9bbba02326099b6cf3cb93bde03e7055c34e8325: 75 bytes

polonus
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!
Pages: [1]   Go Up
« previous next »