Wednesday, October 11, 2017

Possible Malicious Adware Popup lp.amazinggiftnowforu.bid on Apple iPhone iOS

An annoying popup ad has been reported in October 2017. The ad uses the address lp.amazinggiftnowforu.bid.

When a website is loaded the browser was redirected to a page with an ad (scam) regarding Verizon giving away prizes. The domain name of the page was suspicious.

The ad appears as an obvious scam, saying ...

"YOU GOT THE SECRET CHANCE!

Verizon is giving out FREE GIFT! Press 'SPIN' and see if you win!"

DO NOT touch this ad, and avoid accidental touching of this ad. Close the window.

DEVELOPING ...


Results on urlscan.io report the following ...

lp.amazinggiftnowforu.bid  52.202.131.162
Submitted URL: http://lp.amazinggiftnowforu.bid
Effective URL: http://lp.amazinggiftnowforu.bid/
Submission: 14 minutes ago via manual, finished a few seconds later (October 11th 2017, 9:21:43 am)

This website contacted 1 IPs in 1 countries across 1 domains to perform 1 HTTP transactions. Of those, 0 were HTTPS (0 %) and 0% were IPv6.
The main IP is 52.202.131.162, located in Ashburn, United States and belongs to AMAZON-AES - Amazon.com, Inc., US.
In total, 0 B of data was transfered (sic), which is 0 B uncompressed. It took 0.395 seconds to load this page. 0 cookies were set, and 0 messages to the console were logged.

Note: This information has NOT been verified.

+ + + +

Results on Register.com whois ...


Domain Name: amazinggiftnowforu.bid
Registry Domain ID: DFE5930DB0FFE4E8999B2A8DE27CBDC5C-NSR
Registrar WHOIS Server:
Registrar URL: whois.publicdomainregistry.com
Updated Date: 2017-09-19T12:40:55Z
Creation Date: 2017-09-14T12:40:54Z
Registry Expiry Date: 2018-09-14T12:40:54Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone:
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: C00759A5CF31446B1BFB68C5373621A4A-ARI
Registrant Name: Domain Admin
Registrant Organization: Privacy Protect, LLC (PrivacyProtect.org)
Registrant Street: 10 Corporate Drive
Registrant Street:
Registrant Street:
Registrant City: Burlington
Registrant State/Province: MA
Registrant Postal Code: 01803
Registrant Country: US
Registrant Phone: +1.8022274003
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: contact@privacyprotect.org
Registry Admin ID: C00759A5CF31446B1BFB68C5373621A4A-ARI
Admin Name: Domain Admin
Admin Organization: Privacy Protect, LLC (PrivacyProtect.org)
Admin Street: 10 Corporate Drive
Admin Street:
Admin Street:
Admin City: Burlington
Admin State/Province: MA
Admin Postal Code: 01803
Admin Country: US
Admin Phone: +1.8022274003
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: contact@privacyprotect.org
Registry Tech ID: C00759A5CF31446B1BFB68C5373621A4A-ARI
Tech Name: Domain Admin
Tech Organization: Privacy Protect, LLC (PrivacyProtect.org)
Tech Street: 10 Corporate Drive
Tech Street:
Tech Street:
Tech City: Burlington
Tech State/Province: MA
Tech Postal Code: 01803
Tech Country: US
Tech Phone: +1.8022274003
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: contact@privacyprotect.org
Name Server: ns-690.awsdns-22.net
Name Server: ns-1588.awsdns-06.co.uk
Name Server: ns-1099.awsdns-09.org
Name Server: ns-386.awsdns-48.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2017-10-11T09:24:09Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

The WHOIS service offered by the Registry Operator, and the access to the records in the Registry Operator WHOIS database, are provided for information purposes only and is designed (i) to assist persons in determining whether a specific domain name registration record is available or not in the Registry Operator database and (ii) to obtain information related to the registration records of existing domain names. The Registry Operator cannot, under any circumstances, be held liable in such instances where the stored information would prove to be wrong, incomplete, or not accurate in any sense. By submitting a WHOIS query, you, the user, agree that you will not use this data: (i)to allow, enable or otherwise support in any way the transmission of unsolicited, commercial advertising or other solicitations whether via direct mail, email, telephone or otherwise; (ii)to enable high volume, automated, electronic processes that apply to the registry (or its systems); (iii)for target advertising in any possible way; (iv)to cause nuisance in any possible way to the registrants by sending (whether by automated, electronic processes capable of enabling high volumes or other possible means) messages to them; (v)to violate any law, rule, regulation or statute; and/or (vi)in contravention of any applicable data and privacy protection acts. Without prejudice to the above, it is explicitly forbidden to extract, copy and/or use or re-utilize in any form and by any means (electronically or not) the whole or a quantitatively or qualitatively substantial part of the contents of the WHOIS database without prior and explicit permission by Registry Operator, nor in any attempt hereof, or to apply automated, electronic processes to Registry Operator (or its systems or their designated third party Registry Service Provider's systems). You agree that any reproduction and/or transmission of data for commercial purposes will always be considered as the extraction of a substantial part of the content of the WHOIS database. By utilizing this website and/or submitting a query you agree to abide by this policy and accept that Registry Operator can take measures to limit the use of its WHOIS services in order to protect the privacy of its registrants or the integrity of the database. We reserve the right to make changes to these Terms and Conditions at any time without prior notice to you. It is your responsibility to review these Terms and Conditions each time you access or use the WHOIS service and to familiarise yourself with any changes. If you do not agree to the changes implemented by Registry Operator, your sole and exclusive remedy is to terminate your use of the WHOIS service.

By executing a query, in any manner whatsoever, you agree to abide by these Terms and Conditions. NOTE: FAILURE TO LOCATE A RECORD IN THE WHOIS DATABASE IS NOT INDICATIVE OF THE AVAILABILITY OF A DOMAIN NAME.

All domain names are subject to certain additional domain name registration
rules. For details, please visit our site at whois.nic.bid.

The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars.

Search Google
url: lp.amazinggiftnowforu.bid

SAMPLE: