On 2018-06-30 18:01:14 UTC, suspect-networks.io received the following abuse complaint from Sam Hauser on the IP address 185.35.138.112.


185.35.138.112
185.35.138.0/24 (2 abuse complaints)
255
AS62454 ZYZTM (2 complaints for 1 suspect networks of this AS)
- Netherlands
Sam Hauser
2018-06-30 18:01:14
phishing
This IP hosts quite an amount of different scam forwarding domains.

Example 1=

domain - x4a.koglilqbig.com
link - x4a.koglilqbig.com/?kw=5056&s1=179287712
Reason: fraudulent forwarding network/malicious resource

Evidence why malicious:
sitecheck.sucuri.net/results/x4a.koglilqbig.com
quttera.com/detailed_report/x4a.koglilqbig.com

Forwards to various fraud resources.

Fraud evidence:
urlscan.io/result/c95e0627-42b9-4f3d-9ff2-b77ee312e9cc#transactions

x4a.koglilqbig.com is part of a forwarding network which redirects to random sources.

In this example the redirect goal is
novelden.com

Reason why fraud:
onlinethreatalerts.com/article/2018/6/3/beware-of-novel-den-at-www-novelden-com-it-is-a-fraudulent-website

also listed on that page here:
malwareurl.com/ns_listing.php?ns=ns56.domaincontrol.com


Example 2=

domain= ougp8.easysuperlink.today

This is a fraud forwarding system. Offending link:
ougp8.easysuperlink.today/?kw=4468&s1=178708933

Redirect evidence:
urlscan.io/result/030199e5-55bf-469e-b005-ec58883268c7
gr8plays.com

Why a fraud forward?
onlinethreatalerts.com/article/2017/11/14/beware-of-www-gr8plays-com-it-is-a-fraudulent-website/

Reason: Rated malicious/phishing
1) virustotal.com/#/url/8b42ada3377a94441109163a89259e1626c26782298b90a6f74e9e370f3519f6/detection

2) transparencyreport.google.com/safe-browsing/search?url=http:%2F%2Fougp8.easysuperlink.today%2F%3Fkw%3D4468%26s1%3D178708933&hl=en

3) sitecheck.sucuri.net/results/ougp8.easysuperlink.today