Author Topic: Why this link is not being flagged for phishing abuse?  (Read 1441 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33866
  • malware fighter
Why this link is not being flagged for phishing abuse?
« on: March 10, 2023, 04:34:56 PM »
Why after reports nothing was done towards following unsafe parked domain link?

Re: -https://go.microsoft.com/fwlink/p/?LinkId=187566

See multiple redirection links for this parked domain, e.g.
to -Final URL 
htxps://joakim.uddholm.com/posts/claiming-a-microsoft-shorturl-for-an-easy-phish
-> https://www.virustotal.com/gui/url/455a4246fbddb6aa8e13473ef18fc81d4cef7d609e8d81a78f3fe458d02a790a/details

No flagging whatsoever -> https://www.ip-lookup.org/score/78.47.94.92
=> https://www.shodan.io/domain/static.92.94.47.78.clients.your-server.de

Initial info credits go to Erik van Straten

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33866
  • malware fighter
Re: Why this link is not being flagged for phishing abuse?
« Reply #1 on: March 11, 2023, 01:23:59 PM »
It is the method of claiming a dhorturl to go a-phishing, that is being demonstrated here.

The so-called safe unsafe websites. It is a hackers tale,
but MS & Google as such should be aware of potential abuse on parked domains.

That is the point being made here.

The site at "static.92.94.47.78.clients.your-server.de" is at least not used to abuse.

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast Überevangelist
  • Probably Bot
  • *****
  • Posts: 33866
  • malware fighter
Re: Why this link is not being flagged for phishing abuse?
« Reply #2 on: March 18, 2023, 12:31:24 PM »
Following site is being blocked by adblockers.
Not flagged here, but it is not safe, isn't it? Risk of abuse on parked site redirection.
Re: https://www.virustotal.com/gui/url/92f25fd879b6837d3dffeacbd18d781391549b74b1188091c23b6338e32ad3fd/details

Not flagged here either: https://urlscan.io/result/b2bee744-ff60-413e-91bc-f4e03bcd3085/

Finally redirects to -http://whairtoa.com/4/ is in Dr.Web malicious sites list!

-http://whairtoa.com/4/ is listed as spammer -> https://www.virustotal.com/gui/url/265fefbd68d0367a5dfd5ba17c3054977f8056edd241c1665680b0850a3d869?nocache=1  (spam abuse on a parked website)

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!