Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Options
Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

Options

Topic review

martin

The domain xn--wnscp-tsa.net has been suspended.
brablc

We have received information that the domain has been suspended by Internet.bs. It now appears as unregistered, parked domain. Hopefully it cannot be used to harm anyone now.

xn--wnscp-tsa.net.   172800   IN   NS   ns1.parkingcrew.net.

xn--wnscp-tsa.net.   172800   IN   NS   ns2.parkingcrew.net.
xn--wnscp-tsa.net.   600   IN   A   99.83.175.80
brablc

Re: Fake WinSCP website

Hello, thank you very much for your report. We have reported a homoglyph domain (see gravel accent on i letter => ì) the abuse to the respective registrar and will monitor the situation closely. At this moment it looks like the domain redirects to YouTube video.
nws1

Fake WinSCP website

Hi all, I'm not sure to where to post this. I've used WinSCP myself for years and think this warrants a priority investigation on your end.

One of my users got hit by a drive-by-ad attack and in investigating – it looks like this domain likely is using ads to phish users and/or have them download malware. The user definitely did a 'google' search for winscp to be hit by this drive-by-ad attack.

I don't fully understand how the whois is returning the fake winscp.net info but I guess the hypenation must be doing it somehow.

xn--wnscp-tsa[.]net

WHOIS info from whois.com/whois

wìnscp[.]net
Updated 1 minute ago
Domain Information
Domain:
wìnscp.net
Registrar:
Internet Domain Service BS Corp
Registered On:
2023-10-21
Expires On:
2024-10-21
Updated On:
2023-10-21
Status:
ok
Name Servers:
ns1.xn--wnscp-tsa[.]net
ns2.xn--wnscp-tsa[.]net

Icann.org shows what's going on, here's some more info.

Name: XN--WNSCP-TSA.NET
Internationalized Domain Name: wìnscp.net
Registry Domain ID: 2823464215_DOMAIN_NET-VRSN
Domain Status:
active

Nameservers:
NS1.XN--WNSCP-TSA.NET

NS2.XN--WNSCP-TSA.NET

Dates
Registry Expiration: 2024-10-21 14:27:24 UTC
Updated: 2023-10-21 14:34:45 UTC
Created: 2023-10-21 14:27:24 UTC