Dangerous websites to block

hackingloopscom
wifipasser
com

These urls are all scam and dangerous, some are redirecting to offers with porn games!

Please update your database urgently!

Thanks

Chris

https://support.avast.com/article/258/ (Reporting Malware Samples)

Hi,

I did but not answer and the websites are still not blocked!

It’s urgent!

Thanks

Chris

I have blocked most of the URLs now.
Just to point a couple of things out:

  • we do not normally reply to malware submissions, so the “no answer” status is perfectly normal;
  • some of the URLs are not scammy in any way and therefore there is no reason for them to be blocked;
  • some of the URLs are at least 2 years old (so there is little urgency);
  • some of the URLs have been blocked for a couple of years already.
    H.

Hi,

Thanks

Chris

Hi Christophe2,

When we look for instance at facepirater*com, we see that the origin of the website has been hidden through PrivacyGuardian dot org.
Re: https://www.scamadviser.com/check-website/facepirater.com

Moreover full of errors and alerts here: https://privacyscore.org/site/94025/

Cloudflare abuse and considerable risk here: https://toolbar.netcraft.com/site_report?url=dc-ec1241b79c0a.facepirater.com
Hosted from Bulgaria through -blue.warez-host.com with ethical problems for warez and phishing involved: https://community.homeaway.com/thread/6557

Also consider: https://urlscan.io/domain/facepirater.com Nothing hosted on and nothing talking to this domain.
151 PHISHING alerts for IP: https://checkphish.ai/ip/104.24.120.59 (plain request cloudflare-nginx abuse).

polonus (volunteer website security analyst and website error-hunter)

Hi,

Thanks for your reply.

This website phish credit card information with a fake credit card form.

It should be blocked urgently!

Thanks

Best Regards

Chris

Thank you for the heads-up on these “hidden location” domains, Christophe2,
because that “” is the common denominator here,
and domains that have something to hide are suspicious by our standards,
and also cannot be trusted as a rule of thumb.

For just another website (from the country where I reside in, from Roosendaal in the Netherlands),
one domain which you provided for us to look into:
https://www.scamadviser.com/check-website/wifipasser.com

The website location is being hidden by Panamanian Whois Guard Protected Ltd.
Deemed to be popular but with a very low trust rating (‘naturellement revenant’ :o )

CMS issues and misconfiguration:

Warning Directory Indexing Enabled

In the test we attempted to list the directory contents of the uploads
and plugins folders to determine if Directory Indexing is enabled.

This is an information leakage vulnerability that can reveal sensitive information
regarding your site configuration or content.

/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.

Various issues: https://privacyscore.org/site/94080/

Several jQuery libraries to be retired: https://privacyscore.org/site/94080/

Also consider: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=wifipasser.com&ref_sel=GSP2&ua_sel=ff&fs=1

7 to flag here: https://www.virustotal.com/#/url/d5585ea54c471ad8271301d960dc2727dfdd1a2e7942a532a9ebce5e1f426699/detection

Quite some PHISHING going on on IP: https://checkphish.ai/ip/185.66.141.146http://whois.domaintools.com/185.66.141.146

PHISHING confirmed here: https://urlquery.net/report/24905d3e-5882-4948-a1b1-0059ae947425

Bien à vous,

polonus (volunteer website security analyst and website error-hunter)

Hi,

Thanks for your reply.

Did you blocked all the websites url I mentionned before?

Thanks

Best Regards

Chris

it is a phishing website that ask credit card information with a fake paymenr form!!!

Hi Chris,

I’ve viewed the website facepirater*com. They’re not asking for payment anywhere that I’ve seen.

The most questionable thing I’ve seen is of course it’s a hacking website for FB. It won’t actually hack anything. They’re asking you to call a phone number, which won’t do anything. (Except maybe charge you high fees? *Don’t call the phone number)

I don’t know if you’ve actually called this number and found out what they want - but it’s sufficed to say that people looking to “hack” a Facebook account are probably looking for a one-step click fix. Not a multi-step hack that involves calling people.

I can think of far easier ways to gain someones credentials. (Programs exist to do this. Chrome has historically saved “auto-fill” passwords in plain text. I’m not sure they still do, but I wouldn’t be surprised.)

So, it’s not a phishing website, but it’s not something that Avast! should be allowing either. (Given it’s questionable nature)

The detection for facepirater is live since 23.09. 2017, 17:19 CET, here is what happens when I try to open it on my computer:

https://i.imgur.com/Cf6Zdae.png

(Please note that “Phishing” doesn’t mean that it steals your credit card info, but we only have two “visible/outside” types - URL:Mal (malicious) and URL:Phishing (phishing) - and this one tends to be more of the second type.)

Where do you see it as clean?

Thanks

Chris

I see. So the AOS (Avast Online Security, the browser plugin) doesn’t recognize URLs marked as URL:Phishing. This is certainly a bug, and I think I know how to fix it. I even have two solutions, one is fast and one is good (as it always happens to be). I will let you guys know when I decide which solution to implement and what the ETA is.
Thanks for reporting the bug!

There is a pattern here for this type of PHISHING mail spam abuse.

A WhoisGuard Protected address from Panama registered at namecheap dot com.

So mail can pretend to come from any place,
The Netherlands for instance, but it is phrased in English.

Website - coming soon - only used as a webservice for targeted survey spam (tourist information survey to be filled out etc.),
in most cases right landing in your mail junk folder, so you’d just delete it without clicking.

Registrar here: http://whois.domaintools.com/newshall.net
Former UPC - Kralovehradecky Kraj - Cernilov - Ing. Petr Sramek - Spcom Cernilov
Liberty Global Operations
-77.48.123.120 is hosted on a dedicated server mail address: news AT newshall dot net
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.2.2
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
25/tcp open smtp Exim smtpd 4.89
53/tcp open domain ISC BIND get lost
80/tcp open http nginx
| http-methods:
|_ Potentially risky methods: TRACE

pol

Hi,

The bug is still here.

Best Regards

Chris

I am aware of that. I have found a couple of obstacles on the way, so it will take longer than I thought. I will keep you guys updated.

Woohoo!
The new version of our backend with the fix has just been released and I can confirm that facepirater[.]com is getting a red exclamation mark instead of a green tick.

https://i.imgur.com/nEBsNOX.png

Hi,

Please see dangerous URL that should be added in your database urgently, they are all phishing websites:
Thanks

Best Regards