As what i found was a fake email, that was not on blocked email list for some reason, Avast didn’t block it, for some reason. Firefox did found that its bad site.
This is when i clicked the link on the email:
Good find, and I will explain to you why. Abused at iodc.dk hoster in Denmark.
See how they wrought it with a free self signed letsencrypt certificate and a nameserver with a self signed one!
and for unknown AS (actually AS8502) and unknown location (Denmark),
see : http://urlquery.net/report.php?id=1497114416143
Nameserver brought us this info:
commonName=server.kamubisaja.info & ISC BIND 9.9.4 & DNS:cpanel.dataupdated.me &
Service Info: OS: Red Hat Enterprise Linux 7; CPE: cpe:/o:redhat:enterprise_linux:7
For that nameserver: http://toolbar.netcraft.com/site_report?url=server.kamubisaja.info
Nemeserver has a self-signed certificate installed, which is a big no-no security-wise and otherwise also.
No best practices: Warnings
Root installed on the server.
For best practices, remove the self-signed root from the server.
Evasive organisation working here, because Certificate status:
Unknown
Revocation check method:
Not available
Certificate Transparency:
Not embedded in certificate Only a serial number given and key size and Algoritm Type.
That’s all folks, and it is not cheering us up, name of the game a PHISH and a FRAUD.
polonus (volunteer website security analyst and website error-hunter)
Interesting resources. Anti-Hash - his service allows you to search for collisions to MD5 and SHA1 hashes, and thus restore with some probability hidden phrases. Also, there is an active search for collisions with the help of a small distributed computing network. Already know collisions to 2’939 different hashes are known.
You can enter an MD5 or SHA1 hash to search for their collisions, or vice versa, enter any word or phrase to calculate hashes for it.
