Is this PHISHING website also "carding"?

[polonus]

See: https://www.phishtank.com/phish_detail.php?phish_id=6695710
Detection VT: https://www.virustotal.com/gui/url/e04f29dfc39500a14290ee50411f4e23e869b94b5173e607ab33934cca2faf1d/detection
1 minute ago...
Re: -http://geriyedonukislem.com/js/main.js
Inside this code we find:

rules: {
name: { required: true, regex: "^[a-zA-Z çÇşŞöÖıİüÜğĞ*]{1,50}$", maxlength: 50 },
tc: { required: true, regex: "^[1-9]{1}[0-9]{9}[0,2,4,6,8]{1}$", minlength: 11, maxlength: 11, validtc:"" }
},

Alerted is a https downgrade attack: chrome-extension://gcbommkclmclpchllfjekcdonpmejbdp/pages/cancel/index.html?originURL=http%3A%2F%2Fgeriyedonukislem.com%2F (HTTPS Everywhere).
See: https://sitereport.netcraft.com/?url=http%3A%2F%2Fgeriyedonukislem.com%2Fjs%2Fmain.js

polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)

[polonus]

Netcraft has Site Blocked: Suspected Phishing

This page has been blocked by the Netcraft Extension.

Blocked URL: hxxps://attyahoonettt.weebly.com/
See: https://www.phishtank.com/phish_detail.php?phish_id=6695724&frame=details

Consider results from scanning URL: -https://attyahoonettt.weebly.com/files/templateArtifacts.js?1595593588
Number of sources found: 43
Number of sinks found: 20  (search.results.hack)

Flagged: https://www.virustotal.com/gui/url/547b1a1ada2683054ba9d0a33cad2ad46a46f36e41ccf09ede33424cf9f43a42/detection

See: https://www.shodan.io/host/199.34.228.54

On the mainblog we stumble upon:

Retire.js
jquery   1.7.2   Found in -https://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js<br>Vulnerability info:
Medium   CVE-2012-6708 11290 Selector interpreted as HTML   
Medium   2432 3rd party CORS request may execute CVE-2015-9251   
Low   CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution   
Medium   Regex in its jQuery.htmlPrefilter sometimes may introduce XSS

JS errors:

ReferenceError: $ is not defined
 /files/theme/parallax.js:12

TypeError: Cannot read property 'setupContainer' of undefined
 /:165 HTMLDocument.()
  :3:98()
  HTMLDocument.G.c. (eval at exec_fn (:1:147), :42:472)()
  :3:98()
  c (:2:146)()
  :3:98()
  G (eval at exec_fn (:1:147), :42:498)()
  HTMLDocument.H (eval at exec_fn (:1:147), :49:154)()

SyntaxError: Invalid regular expression flags
  eval ()()
  :3:98()
  Object.c [as F_c] (:2:146)()
  Object.E_u (:3:267)()
  la (eval at exec_fn (:1:147), :60:53)()
  Object.create (eval at exec_fn (:1:147), :71:325)()
  d (eval at exec_fn (:1:147), :13:89)()

JavaScript frameworks

Mustache
2.1.3

React

pol

[polonus]

Domain/URL is currently flagged by Google under the Social Engineering (Phishing and Deceptive Sites) category.

A dangerous PHISHING website that also may crash your browser:
https://www.virustotal.com/gui/url/70de590e2b91ac5376190c7779e312892d00ebfe135c7315b4c66d311466af2e/detection
See: https://www.phishtank.com/phish_detail.php?phish_id=6697698
DOM-XSS issues:
Results from scanning URL: -http://www.amazon.co.jp.hpylqx.com/
Number of sources found: 0
Number of sinks found: 14
&
Results from scanning URL: -http://www.amazon.co.jp.hpylqx.com/Public/bootstrap/js/main.min.js
Number of sources found: 37
Number of sinks found: 0

Re: -http://www.amazon.co.jp.hpylqx.com/Public/pooper/main.min.js
&
Results from scanning URL: http://www.amazon.co.jp.hpylqx.com/Public/bootstrap/js/main.min.js
Number of sources found: 17
Number of sinks found: 2
&
Results from scanning URL: -http://www.amazon.co.jp.hpylqx.com/Public/bootstrap/js/main.min.js
Number of sources found: 42
Number of sinks found: 17

3 vulnerable libraries detected: https://retire.insecurity.today/#!/scan/513e7f7877e93a0597005bd1ff08395770c9f1fb6c4b889d07ab09e1401bf896

Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LnxtfHpdbi5eXS5qcC5ocHlscXguXl1tYFB1YmxbXmBwXV1we31gbXxbbi5tW24uanM%3D~enc
where pooper should read popper 

polonus (voluntere 3rd party cold recon website security analyst and webste error-hunter)

[polonus]

[SOLVED] here:

Not know this is a real PHISH?
Not flagged at VT: https://www.virustotal.com/gui/url/783e2deae3d4311edf276044bd95ac8f0cb7fe256fe5b379ccd5cda375f75ca4/detection
But not known at IP: https://www.shodan.io/host/166.62.6.39
See the vulnerabilities on this GoDaddy host.
Consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=fXt3fH0jc3BdW250c317I3t7bXMuXl1tYA%3D%3D~enc
Then avira detects: https://www.virustotal.com/gui/ip-address/166.62.6.39/detection
infested Word Document detections on IP relations: https://www.virustotal.com/gui/ip-address/166.62.6.39/relations

Avast detects as - This website is unsafe
This website has been marked as a phishing site. Phishing is an attempt to steal sensitive information from you like passwords, credit card numbers, etc.  OK. We have detection!

polonus

[polonus]

Here we probably have a PHISH, website also on self-signed DNS.
Reported at PHISHTank: https://www.phishtank.com/phish_detail.php?phish_id=6705388&frame=details
Not detected at VT: https://www.virustotal.com/gui/url/d43427506c0343da8b7c70cab015ffaba820478735b42b0c9ae4fd7290961aa3/details
But IP flagged: https://www.virustotal.com/gui/ip-address/107.180.25.2/relations
GoDaddy abuse: https://www.shodan.io/host/107.180.25.2
Anyway site is blacklisted, kicks up a 404 error.

polonus