Phishing: get-fb-confirm-now.atwebpages.com

Phishing domain get-fb-confirm-now.atwebpages.com has been tagged as a malicious domain which is hosting content in order to phish unaware internet users. The domain get-fb-confirm-now.atwebpages.com should be considered dangerous and communication towards that domain should be flagged as malicious.

If you see someone sharing get-fb-confirm-now.atwebpages.com, then do not hesitate to inform them that they are sharing a phishing site. If you do not know the user, and you are sure that it is being done on purpose, it is wise to take a screenshot, so you can use it as evidence – once you have taken the screenshot, you can “block” the user in order to avoid future messages.

Malicious behavior which is often seen on phishing sites;

  • Fake forms which request personal information.
  • Affiliate surveys which generate an online revenue for the cybercriminals/scammers.
  • Download buttons which download malicious/adware applications or plugins.

phishing

Phishing: get-fb-confirm-now.atwebpages.com

If you have left information on the phishing domain get-fb-confirm-now.atwebpages.com

The chance is there that you are reading this because you have left information on the phishing site – if that is the case, we strongly recommend you to take action in order to minimize the damage which can be done by the phished data.

Inform the police

If you have left personal information which you do not want to see online, inform the police agency in your environment about the fact that you think that you have been phished. They will instruct you on which steps you need to take.

Affiliate programs

The second step is to make sure that you did not sign-up for any affiliate programs which demand a payment each week/day or per message. If that is the case, you need to search up the phone number on Google and make sure that you find instructions on how to disable the affiliate program.

You can also call up your phone provider to inform them that you have signed up for an affiliate program via a phishing page, if they care, they should continue to help you in order to disable that affiliate  program.

Your bank

Call your bank if you have left personal/financial information on the phishing page, they will be able to instruct you in which steps you need to take to minimize the effect of the performed phishing attack.

Your work

If you have left information on the phishing page with your “work/company” profile, then make sure that you inform your IT-manager or the “Cyber” Security Officer in the company. This will allow them to minimize the effect on the company.

What you should always have enabled

When you are using devices that contain private or sensitive information, we strongly recommend you to use an up to date anti-virus on that device. The anti-virus will protect your device against malicious applications. The use of a VPN is also recommended, the VPN will hide your IP from the outside world, making it hard for anyone on the internet to identify your location via the IP. This can also be done by using TOR.

Detailed information on get-fb-confirm-now.atwebpages.com

Current date:
2016-07-2
Currently hosted on IP:
83.125.22.169
Country:
DE
Autonomous System Number (ASN):

Pages hosted on IP:
29.300 pages

The pages which are hosted on 83.125.22.169 do not have to be malicious, the fact that the IP has been flagged is because of the fact that at least “one” page on get-fb-confirm-now.atwebpages.com was identified as a phishing page.

Domains which were/are hosted on 83.125.22.169:

  1. adamlawrence.fr
  2. aeriagenerator.com
  3. dbadabb.eu.pn
  4. euroasiatradingcorp.com
  5. evaggelinos.eu.pn
  6. get-fb-confirm-now.atwebpages.com
  7. microsoftvanilla.eu.pn
  8. privacyexplanation.eu.pn
  9. safeyouraccunts.myartsonline.com
  10. scuring.atwebpages.com
  11. station7.atwebpages.com
  12. take-online.com
  13. vidtake.com
  14. weatherbys-uk.com
  15. application.compagnie-xtivise.com
  16. australiangold.tk
  17. bitco-professional.ml
  18. confirmyouraccunt.atwebpages.com
  19. draugi1001.atwebpages.com
  20. ezbatteryreconditioningrevealed.co.nf

Hashes which are affiliated with that IP according to VirusTotal:

  1. fed00943c8c4002cdbdec19f2f534336a9aa240084cc63ad21fd24a4e82ecffe
  2. c56003b7fc749d5bed5bc3269d95a29ee9890e3fd22e7bff1db6753eb78b4acc
  3. 86d865cc58ebdc869c3fd864b0218c902b6626a7c9f3fa3d3dd44bac457965b6
  4. 6c75f6d942f3b8830e7faf33914759d2611e596a65bb7bb91bf13a3eacf25a34
  5. c01f294afe3335297cb4757928c06349ce6d19d9055d1d804f27475710ca8076
  6. 068e814c96492f7da81b447ecde67a2e7bc155e0660cfb5e2389102ddafb4285
  7. b4ea8016ca50bf196d6444cf1e10854e380788310b0c8df39d7604b7b718e388
  8. b30cad07989ba559180580562601eb32c3a86e869fcdccf4c989ef4e2f8869fb
  9. aa4d55de7729d60b72daa3819a6dc462cd791949ce09e2c38843cfdc503f6adc
  10. a01053a4f6706fed50155eeb686c7745e2590dcbc6ae74ff18760c85f95a817e
  11. c039b955adf1174a7fca939bab301a53aedb78017a04a9810ca6693dba144905
  12. ba67d6ac56b64121a4f96678dcf4296b3e4236448ebdcdceb0ba86236e8aa177
  13. 8ee506ff98a67d174c02d21a7bb8131a6d7591a9b52a645eed5d7e853eaadd31
  14. 65ed5f77fd8337a32ed1a9deb4eded525a0af2107a48c77667921c7c5ad48e56
  15. ee2793cec557899b63032de5390881b2edfdb8ee93c65c5ea03821e86fcb7ee7
  16. fdad048f0d30a6666fbe7d6690221a4f363027322010f144f27cdedd8bcb22f9
  17. 9da411b1609c9f6ba02dd3a634efb83dd61bb1d9bb3a79c81cb28df3036ef4bc
  18. 2d19fd530d1a8ff51eb7c3433c6e4921567f0ca94174a87639e60a543ea92258
  19. fd1a4bab6afa3f1cf0d73652fba1685b9d145ebd6fe7930eae572bbfad97b5ad
  20. e189a66eb5e85392d783ce03607e91c7f9a26e40324bd90ea73c8a2a80668d01
  21. ffa3bcf329ed085c6d4c0c79ce6d98ac589b92ecdd3471eda4a602d8045a5f13
  22. 8decfac583f30577b1fcd896ada42663d7e63f1d52b96e46bed1ce93e55ae8b9
  23. 599a5595b4191850691b760efc293830ddf61043b8c9af44e66fb5aaa13721d3
  24. 19eebdf91d6a205df65b6ac79e4d2b2b1d5461eb21f6c01639f109180001fe98
  25. 34d294f939f83dfb6948f2153ed81230224da1c76fcd7799a95924e9e8e9f0f7
  26. 2904da9eb12c0c16f5667d7dbc425aaa4010fd954d96a7162ca4014673171329
  27. e0c4833107df82a8bf8e3db434241ca6adee5fd1956ee0b59f82ad3f72813191
  28. 8ce96efd890427fd39b207afed5cb2275d2e9f8875ba1e29aaeb5cc5f3a19573
  29. 9e28ba029b0f19d76d72321a513e171a32530f0773d21621ec55b320b7bfe030
  30. 1b31575086a89492e84baa13136dcb2eae985928c6b2bbc5e2bce280701ebe67
  31. dc43430f098ac5309d795305b586653b6878d43077876af12640d1eb914832b2
  32. b59b5600c19c9ca5fbc4739119bdb630a7c982b86b6b6024f84ac8dd9b1c6489
  33. aa381c56a9af594a38ea09f7213c758d512ace2358ecbb962523a3874f4e35fe
  34. a34379001927c50ad7f73acf0c066e9e0fa4d434997a0718e853aac27869e7fd
  35. a4553943090560b48940c82b633bb700041235eb4efcad2ce0d1aaa17b794597
  36. 44f5ac03e62cd374363399fe3d03e6217fcadd432ceb2a7440d4faac164dee8a
  37. c2afefe955a6147d3dd52f6ff9aa1724e005a7dee90d59e9dd4eef197ded05e3
  38. 7f8bc35932cdb2fe7244626395bf6db09c3bc2a091db74e317ffd3887ad07c79
  39. 5f6b104330f70afcbb751a1e811b6fdc0795fe5f6efe2e909b260971565cf5bf
  40. 390478e8f49bb174ee40d9db6b88c5f49e9735da0a0649f97f5bb6b9eac17906
  41. 647379e84f7ee3a5362bc9c306063172ca42162b9263a537876dd1330ef0df38
  42. e09696a361ddddec833b41cb2099e352b100cb4e2ba908caf9b708847224bab3
  43. 6682cdf3c2809f138c62a452960d401261dc5f804342de122d447c25e777b113
  44. 967ab42e29d4f441c7b7e5803b5b6efc30cd4dacea91a8cd4e58e5ddf035ad70
  45. 65b22ca5e80a20840b55297babc7bd9aaeb035aa94ee71b8ec85d850169bf544
  46. c39653d6b09af1ce8e6243b52b5d3622a3fa85767c65ce09068b4417da172f46
  47. 9ff2088f42eb0517b45fca32d14b93dadeecb9626bff5735728481f4eac5f917
  48. d994af68b88d21e19f82c8039b91a01c7cd970bf67876366ae0dd167a1367dc1
  49. abcff3108d0fd5e9e94849c736b80a5592ef73397d15bed2cb2120a74ea6cc81
  50. c12094b8fc0bdb0540b1e4de58ba6d12f66d59e0e450a9afa761be783e8b795c
  51. d95746d80f8f445439d7ae8b0c52f4c4712a1e3a3c212056468851aeb8472e09
  52. 9f9e0446e80d693ed35e8bef043de90f51a581708441258a72aaf9c07c9ace0e
  53. 23df4713e980c815c3d3ac1a9e9e5c70a6443581dba2dcfce13cae092369cc4d
  54. c2848f5a0b481b16cbf1a98444cf8250a1556586d566408448a59d6198b5ec20
  55. 978e78629b474fca6109a51289b8989a27c5764b886254d3e667068e1abf2ab0
  56. bd7b911819854f0fc09c0fda698216cf48a5f44aaaa93fc4fb88656bc5f61140
  57. 13221d6f3f8035caa4b97a9c1bd336b44292ed5716f36d7e4840a1b498171854
  58. 439f6c1ce427577ab882e06da35f6f59f37ff44348a37aaecd6b481032336ad7
  59. 7bf3b42144d8d867f10e5e018ec386d1ef531de62be5b34bd524aac690c75849
  60. dec152694870ae4ec9ae2c77ef405e952b271c30ffd04a7bb13469c60526870b
  61. 324b5d2aa3aa05ee2134c00fe09de9464b0d8ff7811c15858213839f1d0e9eaf
  62. 1cc395bebd35387e07b8d2b3880bc7bd3ba53e7236e3fa1e3afb0dad8f0d53b1
  63. e1a71cd8f7cb7a81e829339846430247b0983601646e0b6692bbe6b29910d332
  64. 223ae8ae663fcfdc6f6ae616f6a34d32e8650cbf5c40389cc97002f27bbb8a53
  65. 3fd1c53e014edccd64aca61b7032eab65bdb7ecc1cd79a9250063e41a8a9143b
  66. 3341325cbd5fecbdecea5498b3a80ea6fcb702de75856f655a692c4643f8e06d
  67. c41f0f2e38d4274d631e1b229fff0ccae74b4cf20ffcf4b2a926b689608ea233
  68. 4f6a438bdbfe3c989187b7bb6144ab1ddf3182a4fd005b5755123868530de0dd
  69. 2c37c65eac0e4ad20b4f16b5b619f7634e3d7b07428a8e96fc1f94e77464c37a
  70. 2f3255e9941d80d93fb83d21f22421e421a41f6bea299784a12982f4b7818dc0

How to remove get-fb-confirm-now.atwebpages.com malware/adware/spyware

The removal of malicious content on your device can be done in various ways, below, you will be able to find tools which will help you to remove get-fb-confirm-now.atwebpages.com, and any other malicious content from your device.

Antivirus products

If you want to scan your device for malware, spyware and other type of malicious content – it is strongly recommended to use one of the AV products which are listed below, these AV products can be downloaded for free and are capable of finding and removing malware.

Extra “Anti-Rootkit”:

The antivirus products which are listed above, are free to use and can be downloaded from their official websites. They can cleanup your device from any content which have been left by get-fb-confirm-now.atwebpages.com.

Registry fix products

Malware and spyware often adjust the registry on the Windows device, it is strongly recommended to use the HijackThis tool by TrendMicro to clean-up malicious / bad registry key values. The HijackThis tool is fully automated so you do not need to be an expert to clean up the registry.

Temp / “trash” content removal

The next thing you want to cleanup are the temporary items which are hiding on your device. In order to cleanup those temporary items / trash, you can use the CCleaner tool from Piriform, this tool is free and it can be downloaded directly from their site – the tool is automated, and it will allow you to cleanup your device from unwanted temporary files (which can be leftovers of the malware/spyware).

Anti-Ransomware

If you want to protect yourself against Ransomware / Cryptoware malware then you can use the following products below, these products are preventive products, so they need to be installed before any ransomware attacks take place. These tools cannot be used to recover ransomware attacks – they are only protecting you against those type of attacks, but once an attack has taken place, it cannot be used for recovery.

Participate in malware research

The Cyberwarzone Community holds a forum for “Malware & Phishing research“, you are invited to participate on the forum. You do not need to sign-up, and it is totally free.

Extra information on get-fb-confirm-now.atwebpages.com

If you have extra information about this attack, and you are allowed to share that information, then please do not hesitate to add extra information to this post about get-fb-confirm-now.atwebpages.com via the comment section below. We thank you in advance.

Founder of Cyberwarzone.com.