hackingloopscom
wifipassercom
These urls are all scam and dangerous, some are redirecting to offers with porn games!
Please update your database urgently!
Thanks
Chris
hackingloopscom
wifipassercom
These urls are all scam and dangerous, some are redirecting to offers with porn games!
Please update your database urgently!
Thanks
Chris
→ https://support.avast.com/article/258/ (Reporting Malware Samples)
Hi,
I did but not answer and the websites are still not blocked!
It’s urgent!
Thanks
Chris
I have blocked most of the URLs now.
Just to point a couple of things out:
Hi,
Thanks
Chris
Hi Christophe2,
When we look for instance at facepirater*com, we see that the origin of the website has been hidden through PrivacyGuardian dot org.
Re: https://www.scamadviser.com/check-website/facepirater.com
Moreover full of errors and alerts here: https://privacyscore.org/site/94025/
Cloudflare abuse and considerable risk here: https://toolbar.netcraft.com/site_report?url=dc-ec1241b79c0a.facepirater.com
Hosted from Bulgaria through -blue.warez-host.com with ethical problems for warez and phishing involved: https://community.homeaway.com/thread/6557
Also consider: https://urlscan.io/domain/facepirater.com Nothing hosted on and nothing talking to this domain.
151 PHISHING alerts for IP: https://checkphish.ai/ip/104.24.120.59 (plain request cloudflare-nginx abuse).
polonus (volunteer website security analyst and website error-hunter)
Hi,
Thanks for your reply.
This website phish credit card information with a fake credit card form.
It should be blocked urgently!
Thanks
Best Regards
Chris
Thank you for the heads-up on these “hidden location” domains, Christophe2,
because that “” is the common denominator here,
and domains that have something to hide are suspicious by our standards,
and also cannot be trusted as a rule of thumb.
For just another website (from the country where I reside in, from Roosendaal in the Netherlands),
one domain which you provided for us to look into:
https://www.scamadviser.com/check-website/wifipasser.com
The website location is being hidden by Panamanian Whois Guard Protected Ltd.
Deemed to be popular but with a very low trust rating (‘naturellement revenant’ :o )
CMS issues and misconfiguration:
Warning Directory Indexing EnabledIn the test we attempted to list the directory contents of the uploads
and plugins folders to determine if Directory Indexing is enabled.This is an information leakage vulnerability that can reveal sensitive information
regarding your site configuration or content./wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Various issues: https://privacyscore.org/site/94080/
Several jQuery libraries to be retired: https://privacyscore.org/site/94080/
Also consider: https://aw-snap.info/file-viewer/?protocol=not-secure&tgt=wifipasser.com&ref_sel=GSP2&ua_sel=ff&fs=1
7 to flag here: https://www.virustotal.com/#/url/d5585ea54c471ad8271301d960dc2727dfdd1a2e7942a532a9ebce5e1f426699/detection
Quite some PHISHING going on on IP: https://checkphish.ai/ip/185.66.141.146 → http://whois.domaintools.com/185.66.141.146
PHISHING confirmed here: https://urlquery.net/report/24905d3e-5882-4948-a1b1-0059ae947425
Bien à vous,
polonus (volunteer website security analyst and website error-hunter)
Hi,
Thanks for your reply.
Did you blocked all the websites url I mentionned before?
Thanks
Best Regards
Chris
it is a phishing website that ask credit card information with a fake paymenr form!!!
Hi Chris,
I’ve viewed the website facepirater*com. They’re not asking for payment anywhere that I’ve seen.
The most questionable thing I’ve seen is of course it’s a hacking website for FB. It won’t actually hack anything. They’re asking you to call a phone number, which won’t do anything. (Except maybe charge you high fees? *Don’t call the phone number)
I don’t know if you’ve actually called this number and found out what they want - but it’s sufficed to say that people looking to “hack” a Facebook account are probably looking for a one-step click fix. Not a multi-step hack that involves calling people.
I can think of far easier ways to gain someones credentials. (Programs exist to do this. Chrome has historically saved “auto-fill” passwords in plain text. I’m not sure they still do, but I wouldn’t be surprised.)
So, it’s not a phishing website, but it’s not something that Avast! should be allowing either. (Given it’s questionable nature)
The detection for facepirater is live since 23.09. 2017, 17:19 CET, here is what happens when I try to open it on my computer:
https://i.imgur.com/Cf6Zdae.png
(Please note that “Phishing” doesn’t mean that it steals your credit card info, but we only have two “visible/outside” types - URL:Mal (malicious) and URL:Phishing (phishing) - and this one tends to be more of the second type.)
Where do you see it as clean?
Thanks
Chris
I see. So the AOS (Avast Online Security, the browser plugin) doesn’t recognize URLs marked as URL:Phishing. This is certainly a bug, and I think I know how to fix it. I even have two solutions, one is fast and one is good (as it always happens to be). I will let you guys know when I decide which solution to implement and what the ETA is.
Thanks for reporting the bug!
There is a pattern here for this type of PHISHING mail spam abuse.
A WhoisGuard Protected address from Panama registered at namecheap dot com.
So mail can pretend to come from any place,
The Netherlands for instance, but it is phrased in English.
Website - coming soon - only used as a webservice for targeted survey spam (tourist information survey to be filled out etc.),
in most cases right landing in your mail junk folder, so you’d just delete it without clicking.
Registrar here: http://whois.domaintools.com/newshall.net
Former UPC - Kralovehradecky Kraj - Cernilov - Ing. Petr Sramek - Spcom Cernilov
Liberty Global Operations
-77.48.123.120 is hosted on a dedicated server mail address: news AT newshall dot net
PORT STATE SERVICE VERSION
21/tcp open ftp vsftpd 2.2.2
22/tcp open ssh OpenSSH 5.3 (protocol 2.0)
25/tcp open smtp Exim smtpd 4.89
53/tcp open domain ISC BIND get lost
80/tcp open http nginx
| http-methods:
|_ Potentially risky methods: TRACE
pol
Hi,
The bug is still here.
Best Regards
Chris
I am aware of that. I have found a couple of obstacles on the way, so it will take longer than I thought. I will keep you guys updated.
Woohoo!
The new version of our backend with the fix has just been released and I can confirm that facepirater[.]com is getting a red exclamation mark instead of a green tick.
Hi,
Please see dangerous URL that should be added in your database urgently, they are all phishing websites:
Thanks
Best Regards