On Tue, December 11, 2018 1:58 pm, Sunny Marwah wrote:
Hi Sunny/All, Here's the summary.... The phishing attempt looks like this html code: h-t-t-p-s:/-/-pastebin DOT com/TL5WUJZh This first link is just a hijacked graphic and won't be in safebrowsing... h-t-t-p-s:-/-/gokdenizhealthtourism DOT com/js/logo.gif This next link, is the bad" phishing link is: h-t-t-p-s:/-/-nompao DOT com/boa.php The above link is currently blank and isn't in currently safebrowsing, however, you can report it here: https://safebrowsing.google.com/safebrowsing/report_badware/ VirusTotal is showing a clean link too on the phishing link: https://www.virustotal.com/#/url/27abfb7ec2849ebadf75dcf899bc0f2aa3a491897bcef3ad2179ed30bb2eb258/detection You can submit the sample to ClamAV to add detection of the phish contents here (regardless of the url's that are being used) https://www.clamav.net/reports/malware -- Cheers, Steve Twitter: @sanesecurity _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml