spiff
Executive Member
- Joined
- Oct 17, 2007
- Messages
- 6,962
- Reaction score
- 2,748
South Africa’s biggest forum. Discuss, discover, and connect with thousands of members.
arstechnica.com
No shyte, Sherlock..Are you clicking on some link received in a email ?
View attachment 1850154 is not their correct url (shown in AVG warning)
whatever. I looked at my router log and that dns didnt show. now looked at page sources and indeed it loads some script from that site. won't try to help again.No shyte, Sherlock..
This is obviously a URL loading as part of the many requests made when browsing to geewiz.co.za.. Not something OP is explicitly clicking on..
That's not the geewiz website, kinda gives you the problem right at the top.
That's not the geewiz website, kinda gives you the problem right at the top.

Been trying to figure out how it was encoded but not having much luck with that.. the initiator chain is also suspect..That js looks extremely sus. Bunch of obfuscated functions that looks to be masquerading as jsquery.
It's a URL that loads when browsing to geewiz.co.za...That's not the geewiz website, kinda gives you the problem right at the top.
Yeah checking the websitethen what is the right website?
my first pic is the result of clicking on www.geewiz.co.za
I've used geewiz many times before and never got a scam alert like this.
View attachment 1850160

That website is likely compromised and used as a zombie to serve that jQuery script file which itself is also probably messed with to steal information from the victimIt's a real domain for the Pescara province
In Italy, so really odd that there is a call to it in Geewiz![]()
AVG just shuts it down immediately.That website is likely compromised and used as a zombie to serve that jQuery script file which itself is also probably messed with to steal information from the victim
Yeah checking the website
View attachment 1850164
View attachment 1850165
May need to bring it up to them?
"Web 2.0" all the way down. Loose collection of external tools, utilities and code over which the "dev" has no insight, control or concept of supply chain attacks.That website is likely compromised and used as a zombie to serve that jQuery script file