A scam website to be blocked?

Given as being a scam and a PHISH on a possibly hacked website:
https://www.scamadviser.com/is-facebookhacker.softholics.com-a-fake-site.html

Given as potentially safe here: https://www.scamvoid.com/check/softholics.com/
Known privacy issues here: https://privacyscore.org/site/96142/
Detected retirable library: https://retire.insecurity.today/#!/scan/3313434ccc26e723b711bfe5a03528d04d38969498b19b4e10b2c0a049e16869
Errors found therin:

-facebookhacker.softholics.com/style/jquery-1.8.0.min.js
status: saved 92555 bytes f3a55f44fb81cf8ee908a3872841f70d6548f8c1
info: ActiveXDataObjectsMDAC detected Microsoft.XMLHTTP
info: [decodingLevel=0] found JavaScript
error: undefined function n.getElementsByTagName
error: undefined variable n
info: [element] URL=-facebookhacker.softholics.com/style/undefined *
info: [1] no JavaScript
file: f3a55f44fb81cf8ee908a3872841f70d6548f8c1: 92555 bytes
file: d5dba94a76a67a54f2b98b16227da20414542fd9: 72 bytes

  • analyzer.called CreateElement div //analyzer.url element = undefined
(info credits go out to christophe2, thanks).

Consider also: http://www.domxssscanner.com/scan?url=http%3A%2F%2Ffacebookhacker.softholics.com

polonus (volunteer website security analyst and website error-hunter)

Site appears to come from Belize, but originates from India (54% certainty).
Many other sites on that same IP:
192 Other WebSites On This Server with various spam- and scam-websites!
-tous-les-cheats.com Belize bz …0%
-sgim.biz Belize bz …0%
-anja-aus-berlin.com Belize bz …0%
-proven-diets.com Belize bz …0%
-blackbookv3.com United States us …0%
-codmw3free.com Belize bz …3%
-callofdutyblackopsfree.org Belize bz …14%
-hack.msn-facebook.com France fr …38%
-mediafirealbums.com Lithuania lt …62%
-abchcgdrops.com China cn …64%
-kubotamanual.com Lithuania lt …66%
-device-up.com Russian Federation ru …69%
-postaffiliate-network.com Belize bz …74%
-africanmango-shop.com Belize bz …87%
-q4w.biz Czech Republic cz …92%
-buy-frutaplanta.com China cn …0%
-mostbag.com United States us …0%
-splendid-traders.net Belize bz …0%
-largest-cash.com Belize bz …0%
-kamakdonald.com Belize bz …0%
-superhydroxycut.com China cn …0%
-aahotelandspa.com Belize bz …0%
-drugsinfocom.com India in …0%
-phentermine375.us China cn …0%
-premieroil-plc.co.uk United Kingdom uk …0%
-xtecinvestments.com Belize bz …0%
-sustainableadprofits.com Belize bz …0%
-bonplan.boutique Spain es …0%
-cpdeveloppement.net Belize bz …1%
-adnoc-uk.com Belize bz …9%
-turbocyclerpro.com Belize bz …12%

polonus

Another site with a high scam risk profile: -exahack.com
https://www.scamadviser.com/check-website/exahack.com

Organisation hidden via -PrivacyGuardian.org
Notes:-
Alert ResultThe owner of the website is using a service to hide their identity
Alert ResultThis website looks like it’s hosted on a compromised server
Alert ResultThis website is 59 Days old
Alert ResultThe website expected life (365 days) is relatively short.
Alert ResultThe website appears to be less than six months old
Nameserver: -ns250.cybernetaustralia.com - linux Cloudflare abuse.

Also consider: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.exahack.com%2Ffacebook-password-sniper.php
and Results from scanning URL: -https://www.exahack.com/js/script.js
Number of sources found: 43
Number of sinks found: 8

errors here:

wXw.exahack.com/facebook-password-sniper.php)saved 358744 bytes d4685fa63e52e8217ab5b1e8ab2ccbcc52b5c09c
info: [iframe] -s7.addthis.com/js/300/javascript:
info: [img] -ssl.gstatic.com/images/icons/gplus-
info: [iframe] http
info: [decodingLevel=0] found JavaScript-pis.google.com/js/platform.js
status: (referer=-www.exahack.com/facebook-password-sniper.php)saved 43994 bytes 51ebbb6a590dcab8e0c5ec57e78fa3a9cadf484b
info: [decodingLevel=0] found JavaScript
error: undefined function q.clearTimeout
error: undefined variable q
wXw.exahack.com/facebook-password-sniper.php)saved 3307 bytes 1ea355f120d3827bfd25cb2ce13f698dc3da575a
info: [decodingLevel=0] found JavaScript
error: undefined variable $
error: undefined function $
-s7.addthis.com/js/300/widget.js#pubid=ra-58aeec41c2b9be75
info: [decodingLevel=0] found JavaScript
error: line:40: SyntaxError: missing } in XML expression:
error: line:40: div.main-page-box {position:relative;top:30px;margin:auto;background-color:white;width:990px;}
error: line:40: …^
& undefined variable n

polonus (volunteer website security analyst and website error-hunter)

Potentially unsafe: https://www.scamadviser.com/check-website/mxspy.com
See: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=mxspy.com&ref_sel=GSP2&ua_sel=ff&fs=1
Warning User Enumeration is possible

The first two user ID’s were tested to determine if user enumeration is possible.

ID User Login
1 Lora Smith admin
2 None None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.

Warning Directory Indexing Enabled

In the test we attempted to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

[i]Scam alert is being missed out here: [/i] Reputation Check PASSED Google Safe Browse: OK Spamhaus Check: OK Compromised Hosts: OK Dshield Blocklist: OK Shadowserver C&C: OK Web Server: cloudflare X-Powered-By: None IP Address: 104.18.43.213 Hosting Provider: CloudFlare Shared Hosting: CloudFlare (Shared CDN IP)

polonus

Another candidate to be blocked, suggested to us by our good forum friend, christophe2,
(thank you very much, christophe2, for that contribution).
Site is USA based, but has it’s real location hidden: https://www.scamadviser.com/check-website/phonescouter.net
Name: WhoisGuard Protected
Organisation: WhoisGuard, Inc.
Street: P.O. Box 0823-03411
City: Panama
State: Panama
Server: P Address: 162.255.119.62 United States United States
Hosting Service: Namecheap
Hosting City: Los Angeles
Hosting Region: CA
Hosting Postal: 90064
Registrar: NAMECHEAP INC
Web : -http://www.namecheap.com
Domain Created: 2018-04-03 21:53:09
Domain Expires:
Domain Life: 0
Speed: Average (913ms)

806 Other WebSites On This Server
-diepdoctors.com United States us …93%
-meadorstudio.com Czech Republic cz …99%
-santafepaintingco.com United States us …100%
-ypvoyage.us Russian Federation ru …0%
-wfww.us United States us …0%
-maxdraws.com Sweden se …37%
-peelercam.com United States us …43%
-clminer.com United States us …49%
-makesmoneyonline.website United States us …53%
-mybtcworld.org United States us …54%
-charlesgoldmine.com United States us …54%
-btc-cash.info United States us …56%
-ravvs.info United States us …57%
-xeredrpjgu.trade United States us …57%
-facevertiser.com United States us …58%
-workwithmks.com United States us …59%
-bullionmovers.com United States us …59%
-musement.space United States us …59%
-thetravelporter.com United States us …62%
-figmoney.club United States us …62%
-theneosphere.com United States us …67%
-oincs.us Hong Kong hk …68%
-jobapplix.com United States us …69%
-kingsman.co United Kingdom uk …72%
-kindlecover.online United Kingdom uk …73%
-sainttropezbistro.com United States us …74%
-fashionlina.com United States us …76%
-needbreakthrough.com United States us …76%
-lakela.com China cn …77%
-viralno.info Serbia rs …78%
-lazada.srvr.site United Kingdom uk …78%

Re: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=phonescouter.net&ref_sel=GSP2&ua_sel=ff&fs=1

1 vulnerable library detected: https://retire.insecurity.today/#!/scan/b3c0da9328ef909d141392993cf0a1ce2c639690d5ab672b96103ea10ae8c289

F-grade status and recommendations: https://observatory.mozilla.org/analyze/www.phonescouter.net

See: https://privacyscore.org/site/96223/

Hidden iFrame: iframes
Any iframes? Yes there are. show.

Various abuse reported for that IP: https://cymon.io/162.255.119.62

polonus (volunteer website security analyst and website error-hunter)