Forum » Support and Bug Reports »

Post a reply

Before posting, please read how to report bug or request support effectively.

Bug reports without an attached log file are usually useless.

Username

Subject

Message body

Font colour:

Font size:

Options

Disable BBCode in this post

Notify me when a reply is posted (registered users only)

Add an Attachment

If you do not want to add an Attachment to your Post, please leave the Fields blank.

Filename

(maximum 10 MB; please compress large files; only common media, archive, text and programming file formats are allowed)

File Comment

Options

Private file (available to author and site moderators only)

Topic review

martin

2023-11-02

The domain xn--wnscp-tsa.net has been suspended.

brablc

2023-11-01 15:40

We have received information that the domain has been suspended by Internet.bs. It now appears as unregistered, parked domain. Hopefully it cannot be used to harm anyone now.

xn--wnscp-tsa.net.   172800   IN   NS   ns1.parkingcrew.net.

xn--wnscp-tsa.net.   172800   IN   NS   ns2.parkingcrew.net.

xn--wnscp-tsa.net.   600   IN   A   99.83.175.80

brablc

Re: Fake WinSCP website

2023-10-27 08:52

Hello, thank you very much for your report. We have reported a homoglyph domain (see gravel accent on i letter => ì) the abuse to the respective registrar and will monitor the situation closely. At this moment it looks like the domain redirects to YouTube video.

nws1

Fake WinSCP website

2023-10-26 18:46

Hi all, I'm not sure to where to post this. I've used WinSCP myself for years and think this warrants a priority investigation on your end.

One of my users got hit by a drive-by-ad attack and in investigating – it looks like this domain likely is using ads to phish users and/or have them download malware. The user definitely did a 'google' search for winscp to be hit by this drive-by-ad attack.

I don't fully understand how the whois is returning the fake winscp.net info but I guess the hypenation must be doing it somehow.

xn--wnscp-tsa[.]net

WHOIS info from whois.com/whois

wìnscp[.]net
Updated 1 minute ago
Domain Information
Domain:
wìnscp.net
Registrar:
Internet Domain Service BS Corp
Registered On:
2023-10-21
Expires On:
2024-10-21
Updated On:
2023-10-21
Status:
ok
Name Servers:
ns1.xn--wnscp-tsa[.]net
ns2.xn--wnscp-tsa[.]net

Icann.org shows what's going on, here's some more info.

Name: XN--WNSCP-TSA.NET
Internationalized Domain Name: wìnscp.net
Registry Domain ID: 2823464215_DOMAIN_NET-VRSN
Domain Status:
active

Nameservers:
NS1.XN--WNSCP-TSA.NET

NS2.XN--WNSCP-TSA.NET

Dates
Registry Expiration: 2024-10-21 14:27:24 UTC
Updated: 2023-10-21 14:34:45 UTC
Created: 2023-10-21 14:27:24 UTC

Post a reply

Topic review

Re: Fake WinSCP website

Fake WinSCP website

Documentation

Support

Associations

Follow Us