Maximum Order........ $40 max sale
- Thread starter Zee09
- Start date
Run, don't walk away from that site.
Zee09
$200 Site Donor 2023
- Joined
- May 5, 2018
- Messages
- 21,095
I'm too old to
Do not order from that site. SCAM.
I work in Cybersecurity, PM me the link, and I will run it through our tools.
What site is this?
Zee09
$200 Site Donor 2023
- Joined
- May 5, 2018
- Messages
- 21,095
Sent...I checked it with online tools
Nothing came up...thanks
What site this is seems as mysterious as the limitation.
Zee09 sent me the site, and I ran it through an analysis that we might commonly do at work on a site that was reported to the Security Operations Center (SOC) or the links in an email that were reported to us as phishing. I first reported this to Zee09, but also he said it was ok to share it with the group.
We have a VirusTotal enterprise subscription, so I ran it through that first. One security vendor out of 90 on VirusTotal found it suspicious. That's not always an indicator of something nefarious, some of the engines on VirusTotal are overly sensitive. The public scan on VT indicated the same, which is here: https://www.virustotal.com/gui/url/6251f5ae6fe324cafdffe44a09b60ac85dfc4fd9b9741c3a28a15995ba3076ed
Ipabusedb had no bad reports, domain redirected to a Cloudflare content delivery network, which is common. https://www.abuseipdb.com/check/104.21.2.239
Cisco Talos reputation was neutral, meaning no bad reports. https://talosintelligence.com/reputation_center/lookup?search=sydiesmart.shop
Urlscan.io found 9 IPs used within the site code but all in the US, which is positive but not conclusive, there are bad sites in the US also. 9 detected technologies including Woo Commerce, WordPress, Google Fonts, Google Tag Manager, Underscore.js, Jquery and Jquery Migrate, none of which are inherently bad. https://urlscan.io/result/0196684d-491b-74bb-afcb-e17909559c74/
I also further ran the resultant IPs of incuded services through AbuseIPDB, you can do that through Urlscan.io on subdomains/sub-service IPs that are unpacked. Some of the resultant Google CDNs had reports, but that's not that uncommon due to them being used by many, many sites.
I forgot to mention to Zee06, but I also checked all this against our internally built blacklist which includes scraping several security focused Cybersecurity blacklists as well as manual entries that we've observed to be bad over time and added to our list, there were no hits on any observed IPs.
Based on all this, I ran it through the browser on my work PC and it's not blocked by any of our controls which include FireEye IDS and Palo Alto Network's Next Gen Firewalls, which would include our blacklist and also FE/Palo intelligence and Perimeter team's hand-picked blacklists that the firewall scrapes for bad IPs. I also checked it on Palo Alto Networks' Test a Site and it is categorized as shopping and also Low-Risk, which would indicate that it's been in existence for at least 90 days, which would be a good indicator that the vendors hosting the site also think it's ok, as sites that are doing bad stuff tend to have their sites taken down by the hosting provider once it's become evident to the security community what's hosted there. https://urlfiltering.paloaltonetworks.com/query/
My opinion is that the site is benign. This is only my opinion as a security practitioner, not an absolute guarantee.
However it does have the look of something created by an Instagram or TikTok influencer. That's not necessarily bad, but it makes me wonder why they're selling filters.
Anyway if you wish to proceed there are some numbers at the bottom of the page that you can send a support inquiry to, I guess. Maybe use a throw-away text messaging service online to send your inquiry, not your actual phone, so they can't bug you later with something like "come back to our site again to shop!"
Brons2...out
We have a VirusTotal enterprise subscription, so I ran it through that first. One security vendor out of 90 on VirusTotal found it suspicious. That's not always an indicator of something nefarious, some of the engines on VirusTotal are overly sensitive. The public scan on VT indicated the same, which is here: https://www.virustotal.com/gui/url/6251f5ae6fe324cafdffe44a09b60ac85dfc4fd9b9741c3a28a15995ba3076ed
Ipabusedb had no bad reports, domain redirected to a Cloudflare content delivery network, which is common. https://www.abuseipdb.com/check/104.21.2.239
Cisco Talos reputation was neutral, meaning no bad reports. https://talosintelligence.com/reputation_center/lookup?search=sydiesmart.shop
Urlscan.io found 9 IPs used within the site code but all in the US, which is positive but not conclusive, there are bad sites in the US also. 9 detected technologies including Woo Commerce, WordPress, Google Fonts, Google Tag Manager, Underscore.js, Jquery and Jquery Migrate, none of which are inherently bad. https://urlscan.io/result/0196684d-491b-74bb-afcb-e17909559c74/
I also further ran the resultant IPs of incuded services through AbuseIPDB, you can do that through Urlscan.io on subdomains/sub-service IPs that are unpacked. Some of the resultant Google CDNs had reports, but that's not that uncommon due to them being used by many, many sites.
I forgot to mention to Zee06, but I also checked all this against our internally built blacklist which includes scraping several security focused Cybersecurity blacklists as well as manual entries that we've observed to be bad over time and added to our list, there were no hits on any observed IPs.
Based on all this, I ran it through the browser on my work PC and it's not blocked by any of our controls which include FireEye IDS and Palo Alto Network's Next Gen Firewalls, which would include our blacklist and also FE/Palo intelligence and Perimeter team's hand-picked blacklists that the firewall scrapes for bad IPs. I also checked it on Palo Alto Networks' Test a Site and it is categorized as shopping and also Low-Risk, which would indicate that it's been in existence for at least 90 days, which would be a good indicator that the vendors hosting the site also think it's ok, as sites that are doing bad stuff tend to have their sites taken down by the hosting provider once it's become evident to the security community what's hosted there. https://urlfiltering.paloaltonetworks.com/query/
My opinion is that the site is benign. This is only my opinion as a security practitioner, not an absolute guarantee.
However it does have the look of something created by an Instagram or TikTok influencer. That's not necessarily bad, but it makes me wonder why they're selling filters.
Anyway if you wish to proceed there are some numbers at the bottom of the page that you can send a support inquiry to, I guess. Maybe use a throw-away text messaging service online to send your inquiry, not your actual phone, so they can't bug you later with something like "come back to our site again to shop!"
Brons2...out
Zee09
$200 Site Donor 2023
- Joined
- May 5, 2018
- Messages
- 21,095
Thank you Brons2
I started thinking about this site.
It hasn't been updated since the Tariff mess but I'm starting to suspect these products ship directly from China or HK via the E packet ( site address is Georgia )
dirt cheap shipping which limits the weight to 2 kg for the package and they may automatically calculate the combined weight and the $40 level seems to be the cut off point...
Weird but they sent me straight to PayPal and with the restrictions the filters no longer became a deal .
EG and PG filters. I don't think your credit card is their interest.
I guess it's safe to show the link now because of @Brons2 hard work but not a place to do business with... IMO.
.
https://sydiesmart.shop
I started thinking about this site.
It hasn't been updated since the Tariff mess but I'm starting to suspect these products ship directly from China or HK via the E packet ( site address is Georgia )
dirt cheap shipping which limits the weight to 2 kg for the package and they may automatically calculate the combined weight and the $40 level seems to be the cut off point...
Weird but they sent me straight to PayPal and with the restrictions the filters no longer became a deal .
EG and PG filters. I don't think your credit card is their interest.
I guess it's safe to show the link now because of @Brons2 hard work but not a place to do business with... IMO.
.
https://sydiesmart.shop
I also work in cybersecurity. Looking at the "About Us" link on that site indicates that the business address is located in Lawrenceville, GA. A quick Google Map search showed it is a residential address in a neighborhood. Performing a reverse address search on whitepages.com give the current resident. I won't reveal any information I obtained but feel free to perform your own search based on what I just described.
From what I can tell, it must be some sort of drop shipping type of business. Look at this as well - https://www.trustpilot.com/review/sydiesmart.shop. Not good. at all.
Also check this site - https://malwaretips.com/blogs/sydiesmart-shop/. Again, not good at all. Run like hell (to borrow a Pink Floyd song).
There are more review sites (just google "sydiesmart.shop scam") but I think this is enough to make a determination.
From what I can tell, it must be some sort of drop shipping type of business. Look at this as well - https://www.trustpilot.com/review/sydiesmart.shop. Not good. at all.
Also check this site - https://malwaretips.com/blogs/sydiesmart-shop/. Again, not good at all. Run like hell (to borrow a Pink Floyd song).
There are more review sites (just google "sydiesmart.shop scam") but I think this is enough to make a determination.
Zee09
$200 Site Donor 2023
- Joined
- May 5, 2018
- Messages
- 21,095
I think you're just jealous
Definitely a drop ship and a fraud
but the $40 routine was a turn on for me
thanks
Yeah I agree with you 100%.
Unfortunately in my organization the "powers that be" are pretty sensitive to what gets blocked, and just the fact that a site sells inferior chineseium junk is not enough to get stuff blocked. So long as the site does not try to install malware, or contact a C&C network, or mess with the registry on an endpoint, or some other thing directly related to cybersecurity it won't get blocked. Sucks but it is what it is. Lawyers...
Either drop shipper or small time reseller which lends to the sales limit, I remember going to a coworkers house years ago and their roommate had stacks and stacks of LED headlights; he'd buy them in bulk and sell them online.
Either way, I tend to avoid less than polished and reputable when shopping online.
Similar threads
