Fake WinSCP website
Hi all, I'm not sure to where to post this. I've used WinSCP myself for years and think this warrants a priority investigation on your end.
One of my users got hit by a drive-by-ad attack and in investigating – it looks like this domain likely is using ads to phish users and/or have them download malware. The user definitely did a 'google' search for winscp to be hit by this drive-by-ad attack.
I don't fully understand how the whois is returning the fake
WHOIS info from whois.com/whois
One of my users got hit by a drive-by-ad attack and in investigating – it looks like this domain likely is using ads to phish users and/or have them download malware. The user definitely did a 'google' search for winscp to be hit by this drive-by-ad attack.
I don't fully understand how the whois is returning the fake
winscp.net info but I guess the hypenation must be doing it somehow.
xn--wnscp-tsa[.]net
WHOIS info from whois.com/whois
wìnscp[.]net
Updated 1 minute ago
Domain Information
Domain:
wìnscp.net
Registrar:
Internet Domain Service BS Corp
Registered On:
2023-10-21
Expires On:
2024-10-21
Updated On:
2023-10-21
Status:
ok
Name Servers:
ns1.xn--wnscp-tsa[.]net
ns2.xn--wnscp-tsa[.]net
Icann.org shows what's going on, here's some more info.
Name: XN--WNSCP-TSA.NET
Internationalized Domain Name: wìnscp.net
Registry Domain ID: 2823464215_DOMAIN_NET-VRSN
Domain Status:
active
Nameservers:
NS1.XN--WNSCP-TSA.NET
NS2.XN--WNSCP-TSA.NET
Dates
Registry Expiration: 2024-10-21 14:27:24 UTC
Updated: 2023-10-21 14:34:45 UTC
Created: 2023-10-21 14:27:24 UTC
