Author Topic: Suspected fakeshop detected or FP?  (Read 1181 times)

0 Members and 1 Guest are viewing this topic.

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33590
  • malware fighter
Suspected fakeshop detected or FP?
« on: June 04, 2020, 03:40:10 PM »
Re: https://urlscan.io/result/732a482c-382e-454f-98d4-046c496aa22e/
Google Safebrowsing approved?

Now
Quote
<!DOCTYPE html><html><!--TS:1591277443/2020.06.04.21.30.43-->
<head><meta http-equiv="refresh" content="0; url=htXp://www.sliponsdk.com/"></head></html>
Netcraft blocks as Suspected Fake Shop
This page has been blocked by the Netcraft Extension.

Blocked URL: hxxp://www.sliponsdk.com/

But consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=d3d3LnNsW3BdbnMjay5eXW0%3D~enc

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline polonus

  • Avast √úberevangelist
  • Probably Bot
  • *****
  • Posts: 33590
  • malware fighter
Re: Suspected fakeshop detected or FP?
« Reply #1 on: June 04, 2020, 03:53:49 PM »
Another apparent fakesite exploiting unsub.php -> see screenshot here: https://urlscan.io/result/c4ed6e70-6e19-4b6d-bd12-8c625cae2aa8/ website uses HTML 4.01 Transitional DTD.  Not secure - do not give in any sensitive information.

About that form of SQL injection: https://vulners.com/osvdb/OSVDB:24242
combined with jQuery UI Core, headers - 1.11.4   7.3 vulnerable.
Abuse at https://www.shodan.io/host/217.78.247.81

polonus
Cybersecurity is more of an attitude than anything else. Avast Evangelists.

Use NoScript, a limited user account and a virtual machine and be safe(r)!

Offline Kiril10

  • Newbie
  • *
  • Posts: 2
Re: Suspected fakeshop detected or FP?
« Reply #2 on: December 02, 2021, 09:31:45 AM »

Hey @polonus,

I landed on a URL and Avast protection kicked in showing me the URL is of a FakeShop. Thanks.

I was wondering though how to mark URLs as FakeShop in case I land on a suspicious site?

What is the process?

Thanks for your help