Phishing domain has been tagged as a malicious domain which is hosting content in order to phish unaware internet users. The domain should be considered dangerous and communication towards that domain should be flagged as malicious.

Malicious behavior which is often seen on phishing sites;

  • Fake forms which request personal information.
  • Affiliate surveys which generate an online revenue for the cybercriminals/scammers.
  • Download buttons which download malicious/adware applications or plugins.



If you have left information on the phishing domain

The chance is there that you are reading this because you have left information on the phishing site – if that is the case, we strongly recommend you to take action in order to minimize the damage which can be done by the phished data.

Inform the police

If you have left personal information which you do not want to see online, inform the police agency in your environment about the fact that you think that you have been phished. They will instruct you on which steps you need to take.

Affiliate programs

The second step is to make sure that you did not sign-up for any affiliate programs which demand a payment each week/day or per message. If that is the case, you need to search up the phone number on Google and make sure that you find instructions on how to disable the affiliate program.

You can also call up your phone provider to inform them that you have signed up for an affiliate program via a phishing page, if they care, they should continue to help you in order to disable that affiliate  program.

Your bank

Call your bank if you have left personal/financial information on the phishing page, they will be able to instruct you in which steps you need to take to minimize the effect of the performed phishing attack.

Your work

If you have left information on the phishing page with your “work/company” profile, then make sure that you inform your IT-manager or the “Cyber” Security Officer in the company. This will allow them to minimize the effect on the company.

What you should always have enabled

When you are using devices that contain private or sensitive information, we strongly recommend you to use an up to date anti-virus on that device. The anti-virus will protect your device against malicious applications. The use of a VPN is also recommended, the VPN will hide your IP from the outside world, making it hard for anyone on the internet to identify your location via the IP. This can also be done by using TOR.

Detailed information on

Current date:
Currently hosted on IP:

Autonomous System Number (ASN):

Pages hosted on IP:
1 pages

The pages which are hosted on do not have to be malicious, the fact that the IP has been flagged is because of the fact that at least “one” page on was identified as a phishing page.

Domains which were/are hosted on


Hashes which are affiliated with that IP according to VirusTotal:

  1. c1d89dce5cce70a8a3ea500ccc8713ee2f218080a65b6e6756448fde92308405
  2. dad77b4e03da0b316a68760e47d7fa73d38b6aee78c004fbf5cb41b5a5d83ebf
  3. f7faa036319c5919fb9fb90ec6fa43be9d1534b900cc7e0c36dd29cbe9078299

Participate in malware research

The Cyberwarzone Community holds a forum for “Malware & Phishing research“, you are invited to participate on the forum. You do not need to sign-up, and it is totally free.

Extra information on

If you have extra information about this attack, and you are allowed to share that information, then please do not hesitate to add extra information to this post about via the comment section below. We thank you in advance.