scam websites list

Viruses and worms
1

Hi,

These websites are scams and phishing social networks (Facebook, Instagram, Snapchat, Twitter…). You should blocks them urgently:
These urls are all scam and dangerous, some are redirecting to offers with nude porn games!

Please update your database urgently!

Thanks

Chris

2

How to report >> https://forum.avast.com/index.php?topic=14433.msg1289438#msg1289438

If you have multiple, put them in notepad and name it URLs.txt and upload as a file

3

The second one on that list, only detected by Kaspersky’s:
https://www.virustotal.com/gui/url/25470f1eff6eefffb5efd4771bbd6a8a823a7a8812838981188bf620e17bd4bd/detection
Two detected for that IP under relations: https://www.virustotal.com/gui/ip-address/104.168.157.55/relations
See: https://www.shodan.io/host/104.168.157.55
7 red out of 10 risk grade: https://toolbar.netcraft.com/site_report?url=client-104-168-157-55.hostwindsdns.com
Consider also: https://hackfacebook2019.com.ipaddress.com/www.hackfacebook2019.com
XSS-DOM flaws: Results from scanning URL: -https://www.hackfacebook2019.com/js/index.js
Number of sources found: 47
Number of sinks found: 8 →
Example → "innerHTML"as source & ".value==“htxp://www.facebook.com/profileURL” as sink for instance.

This opening up to website: with results from scanning URL: -https://ajax.googleapis.com/ajax/libs/jquery/3.4.0/jquery.min.js
Number of sources found: 34
Number of sinks found: 15

No vulnerable jQuery libraries: https://retire.insecurity.today/#!/scan/f29d425f7418d2355ff7aae9da425ab39d2d36afcba88927676a847c904f27d7

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

4

Hi Christophe2,

With another example from the above scam websites’ list we find,
that an IP relations scan results on Virus Total will reveal best results.

Example:
https://www.virustotal.com/gui/url/cd4a4206557c9298d3119fcc6233734d9c787075dbd390cec9ae90cda1a54639/details
and then from the IP given:
https://www.virustotal.com/gui/ip-address/104.27.149.196/relations

So IP and IP related detections are much more informative than mere domain related scan results.

Question here is what is CloudFlare harboring on their cloud platform.
They are known to quickly react to abuse, but in the mean time their business core policy also, more often than not,
offers too wide a vulnerability window, and attracts cybercriminals all sorts to “open shop” to use their cloud service.

This all through a lenient invitation policy towards scammers and the likes.
They should be more restrictive to known to be bad rep websites,
and not turn a blind eye until some other instance like av flags abuse.

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

5

This also insecurity being found there: (Google alerts that website has terms commonly used in spam hacks)
See: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=bnR2Ynt0Z1t9W3MuXl1tYA%3D%3D~enc
Retirable jQuery libraries detected…
bootstrap 4.1.0 Found in -https://ntvbetgiris.com/js/bootstrap.min.js
Vulnerability info:
High 28236 XSS in data-template, data-content and data-title properties of tooltip/popover CVE-2019-8331
Medium 20184 XSS in data-target property of scrollspy CVE-2018-14041
Medium 20184 XSS in collapse data-parent attribute CVE-2018-14040
Medium 20184 XSS in data-container property of tooltip CVE-2018-14042
jquery 3.2.1 Found in -https://ntvbetgiris.com/js/jquery.min.js
Vulnerability info:
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution

And there is room for improvement of such a website on IP 104.31.74.9 → 314 recommendations for improvement,
found through linting: https://webhint.io/scanner/40d7f359-7d3b-415d-8648-731ef3e9b507

No Cloaking detected: https://toolbar.netcraft.com/site_report?url=https%3A%2F%2Fntvbetgiris.com

polonus