Site wxw.mobotok.ru is fake copy of wxw.molotok.ru Russian online auction.
The owner of wxw.mobotok.ru use it to steal user accounts from wxw.molotok.ru.
Confirmed:
http://urlquery.net/report.php?id=74677 | Fake
http://urlquery.net/report.php?id=74679 | Real
Fake domain is also new.
The content after the < /html> tag should be considered suspicious. Tthere we find “This document saved from htxps://ssl.molotok.ru/enter_login.php?”
And that is how it was done,
polonus
no IP block from Malwarebytes on this…
Hi Pondus,
I can see your point, because there is nothing malicious there. The only site that is duped by the copycat site is the real site. It is a bit like serp hijacking.
To-day malvertisers aren’t so much into infecting user computers but more into marketing schemes to fraudulently earn on legit site clicks. Also a form of cybercrime, but questionable whether av should flag this. More like a bad web rep issue,
polonus
also no alarm from URL list at VT or URLVoid
maybe it is very new ?