Author Topic: New bid subdomain PHISHING campaign from IP 52.28.13.83 brought down already?  (Read 498 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 32620
  • malware fighter
See: https://urlquery.net/report/aaa0c665-83b1-4d39-9731-5c52746d51fe
This sub-domain could not be resolved: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LmZ8c3R8biNebHt8bnt9LmJbIw%3D%3D~enc
Threat events for IP: https://cymon.io/52.28.13.47
Amazon-02 abuse: https://urlscan.io/result/88163079-e9f9-46d4-b1ab-fd7e5a109f63
For me Trace Blocked this URL
Blocked due to Top Level Domain
-http://easiersites.bid/holeful/removeto?websiteid=quebec-abo-cb1NDiht  Trace extension blocked this tracker/phisher!

polonus (volunteer website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!