mobotok.ru is a fake copy of molotok.ru

Site wxw.mobotok.ru is fake copy of wxw.molotok.ru Russian online auction.
The owner of wxw.mobotok.ru use it to steal user accounts from wxw.molotok.ru.

Confirmed:
http://urlquery.net/report.php?id=74677 | Fake
http://urlquery.net/report.php?id=74679 | Real

Fake domain is also new.

The content after the < /html> tag should be considered suspicious. Tthere we find “This document saved from htxps://ssl.molotok.ru/enter_login.php?”
And that is how it was done,

polonus

no IP block from Malwarebytes on this…

Hi Pondus,

I can see your point, because there is nothing malicious there. The only site that is duped by the copycat site is the real site. It is a bit like serp hijacking.
To-day malvertisers aren’t so much into infecting user computers but more into marketing schemes to fraudulently earn on legit site clicks. Also a form of cybercrime, but questionable whether av should flag this. More like a bad web rep issue,

polonus

also no alarm from URL list at VT or URLVoid

maybe it is very new ?