See: https://safeweb.norton.com/report/show?url=updowanow.bplaced.net phishing attack
blacklisted and likely compromised: https://sitecheck.sucuri.net/results/updowanow.bplaced.net#blacklist-status
loaded: -http://updowanow.bplaced.net/
GoogleSafe:
OK Load:
322ms Server: 144.76.167.69
Apache/2.4 ASN: 24940 Germany
Hetzner Online GmbH Reverse DNS:
-server1.bplaced.net

using http and collecting passwords…https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=updowanow.bplaced.net%2Fwebadm%2Fwp%2Fowa&ref_sel=GSP2&ua_sel=ff&fs=1

The scan found some potential problems in the code, the links below should pop you down to the line.

line 204:

line 208:

excessive server header info poliferation - Server: Apache/2.4

on IP - https://www.abuseipdb.com/whois/144.76.167.69 / https://www.projecthoneypot.org/ip_144.76.167.69
Reporting sources: ibm x-force exchange, quttera.com, c-sirt.org, malc0de.com, dul.ru, labs.snort.org, malwr.com, dnsbl.ahbl.org, tor.ahbl.org, openphish.com, virustotal.com, virustotal.com, cybercrime-tracker, urlquery.net, google safebrowsing, hphosts-phishing, phishtank, malc0de blacklist, cleanmx-malware, cleanmx-phishing - https://cymon.io/144.76.167.69
and https://www.threatminer.org/host.php?q=144.76.167.69

https://urlquery.net/report/91419f2c-a32f-4ddf-99c7-93a4b3e315fe

detected - The full link that Norton give in the dropp down menu
https://virustotal.com/#/url/5b9f6f1cdfcf486b9100bdb316484b31e015dcf8b020e3e8904ba3653d7bb564/detection (thanks, Pondus )

polonus