How do I get this phishing page shut down?

[Cleo]

It's been weeks. Still not detected.

VirusTotal

VirusTotal

www.virustotal.com

 

[roger_m]

It's been weeks. Still not detected.

VirusTotal

VirusTotal

www.virustotal.com

When I visit https://aufepts.top/, I get redirected to auspost.com.au, which is the legit Australia Post website.

 

[Jengo]

When I visit https://aufepts.top/, I get redirected to auspost.com.au, which is the legit Australia Post website.

Same here, Avast dont detect it as a phising page too. So probably al false positive from TS.

 

[codswollip]

 

[Sandbox Breaker]

TOP domains should be blocked by best practice. They are a serious issue.

 

[Cleo]

When I visit https://aufepts.top/, I get redirected to auspost.com.au, which is the legit Australia Post website.

Before the final redirect to the real AusPost website it puts a fake cookie with a type/extension mismatch in your browser's cache that looks like a real AusPost cookie. It was only doing it with Chrome.

 

[TairikuOkami]

Now a million dollar question, what is your purpose? Those webpages exist for a reason, to scam people, if they mistype an address.
Trying to report a fake webpage hosted on top, xyz or whatever TLD is pointless, they are designed to last for this purpose alone.

 

[nickstar1]

Blocked by malwarebytes browser guards TLD detection.

 

[Cleo]

Now a million dollar question, what is your purpose? Those webpages exist for a reason, to scam people, if they mistype an address.
Trying to report a fake webpage hosted on top, xyz or whatever TLD is pointless, they are designed to last for this purpose alone.

That's what I'm interested in. I want to see where the reporting has broken down. Why can't I report their certificate authority or their host? Nothing works?

 

[TairikuOkami]

Why can't I report their certificate authority or their host? Nothing works?

Certificate authority only verifies the authenticity of the webpage, it is not designed to handle malicious reports otherwise many "free" webpages would be shut down as the result.
When there is like 1 IT person on an island responsible for thousands of domains, he has his hands full, besides he is lucky to get paid, even $20 is a lot, so he does not really care.
Technically he only handles registrations, servers can be anywhere in the world and hosts move the responsibility to the TLD owner, so it is much easier and faster to let DNS to block.

The TLDs that distribute malware the most are.ga,.xyz,.cf,,tk,.org, and.ml. Phishing actors prefer to use.net domains, with.pw,.top,.ga, and.icu, following with notable volumes.

These are the top-level domains threat actors like the most

Out of over a thousand top-level domain choices, cyber-criminals and threat actors prefer a small set of 25, which accounts for 90% of all malicious sites.

www.bleepingcomputer.com