mobotok.ru is a fake copy of molotok.ru

system · June 23, 2012, 1:04pm

Site wxw.mobotok.ru is fake copy of wxw.molotok.ru Russian online auction.
The owner of wxw.mobotok.ru use it to steal user accounts from wxw.molotok.ru.

Donovan · June 24, 2012, 7:41pm

Confirmed:
http://urlquery.net/report.php?id=74677 | Fake
http://urlquery.net/report.php?id=74679 | Real

Fake domain is also new.

polonus · June 24, 2012, 9:35pm

The content after the < /html> tag should be considered suspicious. Tthere we find “This document saved from htxps://ssl.molotok.ru/enter_login.php?”
And that is how it was done,

polonus

Pondus · June 24, 2012, 9:38pm

no IP block from Malwarebytes on this…

polonus · June 24, 2012, 9:47pm

Hi Pondus,

I can see your point, because there is nothing malicious there. The only site that is duped by the copycat site is the real site. It is a bit like serp hijacking.
To-day malvertisers aren’t so much into infecting user computers but more into marketing schemes to fraudulently earn on legit site clicks. Also a form of cybercrime, but questionable whether av should flag this. More like a bad web rep issue,

polonus

Pondus · June 24, 2012, 9:51pm

also no alarm from URL list at VT or URLVoid

maybe it is very new ?

mobotok.ru is a fake copy of molotok.ru

Announcements