« previous next »
Pages: [1]   Go Down

Author Topic: Is this PHISH flagged by avast?  (Read 944 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33904
  • malware fighter
Is this PHISH flagged by avast?
« on: June 13, 2018, 09:48:07 PM »
See: https://urlquery.net/report/0466bf36-ea5a-4795-b46b-61a50311cf75
IDS alert for "ET CURRENT_EVENTS Possible Docusign Phishing Landing - Title over non SSL".
Flagged for PHISHing by Google Safebrowsing and others: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=ferdikuhy.co.vu&ref_sel=GSP2&ua_sel=ff&fs=1
Various instances of malware detected: https://sitecheck.sucuri.net/results/ferdikuhy.co.vu
and https://www.virustotal.com/#/url/6b79c10deba49b2385bbb48214975c8cf57a2e139c59fc97af5ada051bc284ed/detection
and https://www.virustotal.com/#/domain/ferdikuhy.co.vu
and https://www.virustotal.com/#/url/eaa123c0f82470fe354d29a38743db0924b151f31d8c02604e69a96884ad6ff2/detection

Site with vulnerable al.php- also consider the dead links:
DEADLINK##/voltpower/Andvre%20Doc.pdf/
DEADLIN -/voltpower/contacts.csv/
DEADLIN -/voltpower/file/Office%20365_files/MasterStyles15MVC.css
DEADLINK-/voltpower/file/Office%20365_files/shellg2corecss_11377998.css
DEADLINK-/voltpower/file/Office%20365_files/shellg2pluscss_baae2042.css
DEADLINK -/voltpower/file/Office%20365_files/O365ShellG2Plus.js
DEADLINK -/voltpower/file/Office%20365_files/Thumbs.db/
DEADLINK -/voltpower/file/css/Thumbs.db/
DEADLINK -/voltpower/file/css/bannerlogo.png
DEADLINK -/voltpower/file/otr.php
DEADLINK -/voltpower/file/Office%20365_files/css/Thumbs.db/

error in -https://s.aolcdn.com/os/landingpages/js/ad_1200.js
Quote
<?xml version="1.0" encoding="UTF-8"?> <Error><Code>NoSuchBucket</Code><Message>The specified bucket does not exist</Message><BucketName>aol-identity-statics</BucketName><RequestId>59312294CE2F3D03</RequestId><HostId>2xq9GimfT7gohFaM8URee3IZAuU1ds68PmJmNg3gmgumLA0PPgDgnZ9NzfvUbv7Eicr0t1D4hns=</HostId></Error>
Consider also the hoster of that IP: https://www.shodan.io/host/184.95.45.225 Apache Red Hat Enterprise Linux 7; CPE: cpe:/o:redhat:enterprise_linux:7 open ftp on srv3.hostingafull.com with a selfed-signed certificate as root!

polonus (volunteer website security analyst and website error-hunter)
« Last Edit: June 13, 2018, 10:07:59 PM by polonus »
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline savcin

  • Avast team
  • Full Member
  • *
  • Posts: 113
Re: Is this PHISH flagged by avast?
« Reply #1 on: June 14, 2018, 10:33:10 AM »
Detection has been created.
Logged
Pages: [1]   Go Up
« previous next »