Avast community forum
Home
Help
Search
Login
Register
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Is this address PHISHING?
« previous
next »
Print
Pages: [
1
]
Go Down
Author
Topic: Is this address PHISHING? (Read 1320 times)
0 Members and 1 Guest are viewing this topic.
polonus
Avast Überevangelist
Probably Bot
Posts: 33900
malware fighter
Is this address PHISHING?
«
on:
February 11, 2020, 11:54:10 PM »
Saw this address making connections: -http://ats1.l7.search.vip.ir2.yahoo.com/
Checked here:
https://www.virustotal.com/gui/url/1a4fef9f2c56dc8bb13a3321f585414034867dbb3f670c03bf2a8a2e20c81988/details
and for IP relations:
https://www.virustotal.com/gui/ip-address/212.82.100.137/relations
(2 engines flag)
Suspicious content -> / script > < /body> < /html> Content after the < /html> tag should be considered suspicious.
2: < !-- -fe149.syc.search.bf1.yahoo.com Tue Feb 11 22:45:35 UTC 2020 --> cannot be resolved.
Also consider:
https://www.shodan.io/host/212.82.100.137
Contact refused from -guce.search.yahoo.com/consent?brandType=eu&gcrumb=G2HZby4&done=https://nl.search.yahoo.com
Resolving to secure connection to: -https://nl.search.yahoo.com/?guccounter=1
-> location: -https://guce.search.yahoo.com/consent?brandType=eu&gcrumb=THZQ_4k&done=-https%3A%2F%2Fnl.search.yahoo.com%2F%3Fguccounter%3D1
Note: This line has redirected the request to -https://guce.search.yahoo.com/consent?brandType=eu&gcrumb=THZQ_4k&done=
-https%3A%2F%2Fnl.search.yahoo.com%2F%3Fguccounter%3D1
Re:
https://www.shodan.io/host/66.218.84.137
polonus
«
Last Edit: February 12, 2020, 12:41:58 AM by polonus
»
Logged
Cybersecurity is more of an attitude than anything else. Avast Evangelists.
Use NoScript, a limited user account and a virtual machine and be safe(r)!
Print
Pages: [
1
]
Go Up
« previous
next »
Avast WEBforum
»
Other
»
Viruses and worms
(Moderators:
Maxx_original
,
misak
) »
Is this address PHISHING?