whats the number? i cant access the site due to my webroot can u please post it? thank u
Interesting site with a simple setup, current site is open on ports 80 and 443 with basic Cloudflare WAF enabled. However, the real juicy stuff is the site it redirects to as this is just a landing page. Should redirect to vassal-jewish.xyz/click.php? BUT it seems that the page does not respond for me. Took a deeper look into Vassal and it has port 80, 443, and port 22 open. Ontop of that, when you strip the URL to just https://vassal-jewish.xyz its a login portal with what appears to be statistics.
To me that signifies that the /click.php? redirection is supposed to simulate the payment portal for getting "McAfee" whereas the domain redirect to /login.php is where the scammers are storing the credentials for later use.
More info to come, lets keep this domain open for now.
Turns out the domain is really an Application portal to a Analytics software called http://binom.org , after doing some editing to the login page I was able to unblur and remove the black backdrop so if you wanna see what they are running under the hood, here ya go https://filebin.net/udjse0ukjm9123l5/Binom.PNG?t=8wq3ads5
