Zscaler Blog

Get the latest Zscaler blog updates in your inbox

Security Research

QQ Phishing Sites Stay Under The Radar

August 16, 2010 - 2 min read

In April, Mike reported an increase of QQ phishing sites. This does not come as a surprise, QQ is the equivalent of Google + eBay + Paypal in China. QQ first started as an Instant Messaging site and has now evolved as a Chinese web giant, with e-mail, search, online auctions, online payments, etc.

QQ Security Center

The main target here is the QQ Security Center aq.qq.com, which is used, among other things, to retrieve lost passwords, confirm account ownership, etc. The phishing sites are exact copies of the original site.

Most of the sites spotted are still live, and not blocked by Google Safe Browsing or Phishtank:

  • hxxp://www.qqaq.info/
  • hxxp://aq.qq.com.inddexx.com/
  • hxxp://aqq.txfree.net/aq/
  • hxxp://aq.qq.com.cgi-get.tencant.com.cn/
  • hxxp://aq.qq.sevrivae.cn-indvx.com/index.asp
  • hxxp://qq2010hd.h7.8210.cn/qq/88.htm

Phishing site hxxp://www.qaq.info/

QQ Rewards

The other popular QQ phishing target is the Reward Center, where QQ rewards users for using their services. Fake QQ Reward Centers attempt to steal user credentials. Like for the QQ Security center scam, all phishing pages are nearly identical, and not detected by Phistank or Google SafeBrowsing.

QQ Reward phishing page

Some of the phishing pages are:

  • hxxp://ctqq.in/qq/
  • hxxp://asdsdf.ns3.lianfa.info/qq2010/
  • hxxp://1111aaaa.01kro.idcqq.net/3/
  • hxxp://qqtx08.tk/
  • hxxp://nghfyu585.us3.hg288m.com/qq1/
  • etc.

hxxp://qqtx08.tk/ QQ phishing site

I've seen only one QQ phishing site flagged by Google Safe Browsing while reviewing more than 20 QQ phishing sites, and the domain was already down: hxxp://qqli.go.3322.org/

-- Julien

Explore more Zscaler blogs

A cyber criminal shopping for malware
Agniane Stealer: Dark Web’s Crypto Threat
Read Post
Business people walking through a city
The Impact of the SEC’s New Cybersecurity Policies
Read Post
Digital cloud illuminated in blue
Security Advisory: Remote Code Execution Vulnerability (CVE-2023-3519)
Read Post
The TOITOIN Trojan: Analyzing a New Multi-Stage Attack Targeting LATAM Region
Read Post
01 / 02
dots pattern

Get the latest Zscaler blog updates in your inbox

By submitting the form, you are agreeing to our privacy policy.