There is a phishing web site that begins with k3pd just like the official hyperlink within the sidebar right here, nonetheless this phishing web site ends with 5a7 as an alternative of the actual one. It was shill-posted first by JezzasDarknetDiscussions to a number of threads on The Hub earlier at the moment. The consumer was banned and the hyperlinks had been censored, nonetheless the positioning continues to be working and the attacker could possibly be trying to unfold the hyperlink elsewhere.
The web site is an effective duplicate of the login web page, it used to ask on your pin after the login particulars however now they tailored to some assaults and are performing a MITM assault proxying to the legit mirror beginning with ecleg2, stealing credentials as they accomplish that. The /verifySafeHeaven message is cast (doesn't confirm), as they’re changing all proxied cases of the ecleg2 url with the phishing url.
If any mods/admins need extra element to take corrective motion, let me know. Since they're proxying it may not be too arduous to fend them off.
submitted by /u/salvia-d
[comments]
Source link
The post WARNING – Active phishing web site found appeared first on Dream Market URL.
No comments:
Post a Comment