Author Topic: This new PHISH detected? (Read 949 times)

polonus · « **on:** November 11, 2017, 12:15:24 PM »

Re: https://urlquery.net/report/ff18495f-a30a-4609-9aac-25c777b1a2f7
phishing via -cloud.githubusercontent.com
See: https://privacyscore.org/site/34460/ and https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=babaknoni101.000webhostapp.com&ref_sel=GSP2&ua_sel=ff&fs=1

polonus

polonus · « **Reply #1 on:** November 11, 2017, 03:20:17 PM »

For the PHISHING site, I get a 404 and a message there reads "no github page here" (Varnish open http proxy) ->
abuse on Fastly San Fransisco - risk rate 9 red out of 10: http://toolbar.netcraft.com/site_report?url=http://151.101.112.133
GitHub.com http server header

Track the trackers report:

Quote

url   scheme   host   path   type   query   aid   cid   date   patterns   objects   name   affilition
-http://babaknoni101.000webhostapp.com   http   -babaknoni101.000webhostapp.com      n/a            2017-11-11 15:08:21
-https://use.fontawesome.com/ee069c3df0.js   -https   use.fontawesome.com   -/ee069c3df0.js   n/a            2017-11-11 15:08:21
-https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js   -https   maxcdn.bootstrapcdn.com   /bootstrap/3.3.7/js/bootstrap.min.js   n/a            2017-11-11 15:08:21      * *
-http://cloud.githubusercontent.com%28null%29/   -http   cloud.githubusercontent.com%28null%29   /   n/a            2017-11-11 15:08:21

** just for this script a vulnerable retirable jQuery library detected: http://retire.insecurity.today/#!/scan/7643c21abe2306327c3e3e141a46caecc186a211e5d599487a1d1e9fe85bb4a7

and that is true also here: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fbabaknoni101.000webhostapp.com

polonus (volunteer website security analyst and website error-hunter)

Author Topic: This new PHISH detected? (Read 949 times)

polonus

This new PHISH detected?

polonus

Re: This new PHISH detected?