Author Topic: Is this address PHISHING?  (Read 861 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33292
  • malware fighter
Is this address PHISHING?
« on: February 11, 2020, 11:54:10 PM »
Saw this address making connections: -http://ats1.l7.search.vip.ir2.yahoo.com/

Checked here: https://www.virustotal.com/gui/url/1a4fef9f2c56dc8bb13a3321f585414034867dbb3f670c03bf2a8a2e20c81988/details
and for IP relations: https://www.virustotal.com/gui/ip-address/212.82.100.137/relations  (2 engines flag)
Suspicious content ->  / sc​ript > < /body> < /html> Content after the < /html> tag should be considered suspicious.

2:  < !-- -fe149.syc.search.bf1.yahoo.com Tue Feb 11 22:45:35 UTC 2020 --> cannot be resolved.

Also consider: https://www.shodan.io/host/212.82.100.137
Contact refused from -guce.search.yahoo.com/consent?brandType=eu&gcrumb=G2HZby4&done=https://nl.search.yahoo.com
Resolving to secure connection to: -https://nl.search.yahoo.com/?guccounter=1
-> location: -https://guce.search.yahoo.com/consent?brandType=eu&gcrumb=THZQ_4k&done=-https%3A%2F%2Fnl.search.yahoo.com%2F%3Fguccounter%3D1
Note: This line has redirected the request to -https://guce.search.yahoo.com/consent?brandType=eu&gcrumb=THZQ_4k&done=
-https%3A%2F%2Fnl.search.yahoo.com%2F%3Fguccounter%3D1
Re: https://www.shodan.io/host/66.218.84.137

polonus
« Last Edit: February 12, 2020, 12:41:58 AM by polonus »
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!