is this website trusted ?

Never heard of this website

@bikidas2060 @getready @Fanil @LORDofTheDRINKS

Fake details in the domain whois database and can go poof anytime with a simple data transparency report, well other aspects just screaming that there's something wrong with them can be refurbished phones or outright fraud who knows, more power to you.

Fake or maybe fraud also not much of price difference too not sure what attracted your friend.

https://www.consumercomplaints.in/unboxyourmobi...

TL;DR stay away from them for piece of mind and healthy lifestyle, you can get iphones for cheap if you are a business owner with GST or just wait for big sales. Even croma has nice offers than them sometimes like few days prior you could have gotten an iPhone 13 for 56K without any offers and for 51 K with hdfc cc(offer price no longer the same).

Seems fake sirji

LORDofTheDRINKS wrote:

Fake details in the domain whois database and can go poof anytime with a simple data transparency report, well other aspects just screaming that there's something wrong with them can be refurbished phones or outright fraud who knows, more power to you.

Funny thing is, a genuine apple reseller in India uses similar free type ssl certificate as this site. I know many small ecomm sites don't have deep pockets but buying even a basic paid ssl to differentiate themselves from such sites is worth it.

guest_999 wrote:
Funny thing is, a genuine apple reseller in India uses similar free type ssl certificate as this site. I know many small ecomm sites don't have deep pockets but buying even a basic paid ssl to differentiate themselves from such sites is worth it.

Free SSLs aren't bad but instead helping the internet to be a secure place(somewhat), the decision lies with the ecommerce provider there can be better SSLs or just plain transparency, the usual way (for me) to identify the fraud websites are from their whois records and legal pages, SSL checks are completely optional and not required unless we are talking about a phishing ecommerce portals.

LORDofTheDRINKS wrote:

Free SSLs aren't bad but instead helping the internet to be a secure place(somewhat), the decision lies with the ecommerce provider there can be better SSLs or just plain transparency, the usual way (for me) to identify the fraud websites are from their whois records and legal pages, SSL checks are completely optional and not required unless we are talking about a phishing ecommerce portals.

It shows your "sincerity", kind of like how you dress your best on the day you are going to give an interview for a good job in a prestigious company. You wouldn't go there thinking that why spend 1.5k on a branded formal shirt when cheap generic version is available for less than 500 in local shop, right? I don't know about you but if I see a ecomm site dealing with lakhs of rupees worth of txns daily/monthly & still using a free R3 ssl certificate then it make me seriously doubt if that ecomm site is spending anything remotely close to what is required on their cyber security(same above example, if a person can't buy a 1.5k shirt then assuming him to buy 2k branded formal shoes for a very important meeting is simply dreaming).

As for making the internet a better place, I regularly see fraud/phishing sites using such free ssl certificates which given the huge emphasis on "secure padlock sign in browser address bar" make them even more dangerous compared to typical fraud/phishing sites. Also, ssl certificate has nothing to do with security anyway other than MITM attacks as most data breaches occur on website server itself.

guest_999 wrote:

It shows your "sincerity", kind of like how you dress your best on the day you are going to give an interview for a good job in a prestigious company. You wouldn't go there thinking that why spend 1.5k on a branded formal shirt when cheap generic version is available for less than 500 in local shop, right? I don't know about you but if I see a ecomm site dealing with lakhs of rupees worth of txns daily/monthly & still using a free R3 ssl certificate then it make me seriously doubt if that ecomm site is spending anything remotely close to what is required on their cyber security(same above example, if a person can't buy a 1.5k shirt then assuming him to buy 2k branded formal shoes for a very important meeting is simply dreaming).

As for making the internet a better place, I regularly see fraud/phishing sites using such free ssl certificates which given the huge emphasis on "secure padlock sign in browser address bar" make them even more dangerous compared to typical fraud/phishing sites. Also, ssl certificate has nothing to do with security anyway other than MITM attacks as most data breaches occur on website server itself.

I agree with your point, if a site is dealing in millions with a free SSL specially powered by CF it would raise a flag immediately but not everyone is educational about stuffs related to SSL cryptography and varients if they see a green padlock, it automatically ticks that website as somewhat okay to deal with. It generally boils down the information one can collect for that website with dork queries and such, sure anyone with some knowledge can identify these types of websites but what about the majority? As for sincerity part not every business tends to spend on SSL when they can get it for free like for example nutrabay is powered by CF free SSL not even LE R3 so will it be considered as fraud/scam? no it won't, if they want they can surely afford an expensive EV certs but are they worth it? not much than the R3 they are just cryptographic things nothing more nothing less and one can even get certs from amazon for their fraud projects it's all about how they did it.

LORDofTheDRINKS wrote:
I agree with your point, if a site is dealing in millions with a free SSL specially powered by CF it would raise a flag immediately but not everyone is educational about stuffs related to SSL cryptography and varients if they see a green padlock, it automatically ticks that website as somewhat okay to deal with. It generally boils down the information one can collect for that website with dork queries and such, sure anyone with some knowledge can identify these types of websites but what about the majority? As for sincerity part not every business tends to spend on SSL when they can get it for free like for example nutrabay is powered by CF free SSL not even LE R3 so will it be considered as fraud/scam? no it won't, if they want they can surely afford an expensive EV certs but are they worth it? not much than the R3 they are just cryptographic things nothing more nothing less and one can even get certs from amazon for their fraud projects it's all about how they did it.

My concern was mainly regarding small/unknown ecomm sites. If tomorrow Amazon start using R3 certificate for some good PR then it won't change my opinion of the amazon security but if a genuine apple reseller in India is using R3 then it definitely makes me doubt it. It is like you have to spend money first on creating your brand image & then you can think about other things. I searched a while back on prices of paid ssl certificates & they don't seem that much costly, in fact I am pretty sure even these small ecomm sites spend more on their employees conveyance & entertaining business guests in hotel etc than buying a basic paid ssl with DV or OV & not even EV(DV for 15k, OV for 21k & EV for 36k per year).
https://shop.globalsign.com/en-in/ssl/doma...sl

guest_999 wrote:
My concern was mainly regarding small/unknown ecomm sites. If tomorrow Amazon start using R3 certificate for some good PR then it won't change my opinion of the amazon security but if a genuine apple reseller in India is using R3 then it definitely makes me doubt it. It is like you have to spend money first on creating your brand image & then you can think about other things. I searched a while back on prices of paid ssl certificates & they don't seem that much costly, in fact I am pretty sure even these small ecomm sites spend more on their employees conveyance & entertaining business guests in hotel etc than buying a basic paid ssl with DV or OV & not even EV(DV for 15k, OV for 21k & EV for 36k per year).
https://shop.globalsign.com/en-in/ssl/doma...sl

I know right, no one wants to pay for SSLs nowadays, i was a customer of global sign for three years straight for their alphassl wildcard range it was around $90/year but after the entry of CF the DV SSL certs started falling greatly then comes the LE with free DV SSLs for all and the market fell completely DVs can be bought starting $10 that's the reason i rolls out the SSL checks unless i need to dive deep and uncover the hideout, new ecommerce portals with free certs are definitely doubtful and thus need more verification checks for surety.

LORDofTheDRINKS wrote:
I know right, no one wants to pay for SSLs nowadays, i was a customer of global sign for three years straight for their alphassl wildcard range it was around $90/year but after the entry of CF the DV SSL certs started falling greatly then comes the LE with free DV SSLs for all and the market fell completely DVs can be bought starting $10 that's the reason i rolls out the SSL checks unless i need to dive deep and uncover the hideout, new ecommerce portals with free certs are definitely doubtful and thus need more verification checks for surety.

but sometimes the whois data is hidden

Dealcharmer wrote:

but sometimes the whois data is hidden

Registrant data isn't the only thing you can get from whois there is registration date, updation date and nameservers just need to process them accordingly, around 80% scammy websites are registered within 5-7 months and most probably using cloudflare to hide their origin, rule that out and you can identify most of the dodgy websites.

LORDofTheDRINKS wrote:
Registrant data isn't the only thing you can get from whois there is registration date, updation date and nameservers just need to process them accordingly, around 80% scammy websites are registered within 5-7 months and most probably using cloudflare to hide their origin, rule that out and you can identify most of the dodgy websites.

Control, sir, control. Otherwise, scammers/fraudsters have to sleep hungry...😉
Anyway, most of the technicalities that you and @guest_999 discussed will go over the head for most of the Dimers, except those engaged in the Tech domains.

UniqueDimer wrote:
Control, sir, control. Otherwise, scammers/fraudsters have to sleep hungry...😉
Anyway, most of the technicalities that you and @guest_999 discussed will go over the head for most of the Dimers, except those engaged in the Tech domains.

That's what i thought, let's rest the topic here for today.

not even heared about it

LORDofTheDRINKS wrote:
Registrant data isn't the only thing you can get from whois there is registration date, updation date and nameservers just need to process them accordingly, around 80% scammy websites are registered within 5-7 months and most probably using cloudflare to hide their origin, rule that out and you can identify most of the dodgy websites.

I'm a complete neophyte in this regard, and my ignorance might irritate you, but apart from the green padlock symbol,  how can I quickly identity dubious websites?

NeoM wrote:

I'm a complete neophyte in this regard, and my ignorance might irritate you, but apart from the green padlock symbol,  how can I quickly identity dubious websites?

Read this thread from top to bottom and you might find all the details there is. Try it for once, More power to you.

Check what payment gateway they are using. If the website using wallets or upi like paytm, phone pay, gpay, most probably website is fake. Even if the website is genuine, you can't expect after sale support like flipkart, amazon in case you find issues with the product. All help, return FAQ on websites are copy pasted so don't believe you are 100% sure.

LORDofTheDRINKS wrote:
Read this thread from top to bottom and you might find all the details there is. Try it for once, More power to you.

I did. I learnt about whois.com, dork queries, and data transparency report. I don't know how to perform/fetch the dork queries or data transparency reports. I checked the whois data for unboxyourmobile.com and I found it suspicious that a proper address/phone number was not provided but I'm not sure if that's enough.

NeoM wrote:

I did. I learnt about whois.com, dork queries, and data transparency report. I don't know how to perform/fetch the dork queries or data transparency reports. I checked the whois data for unboxyourmobile.com and I found it suspicious that a proper address/phone number was not provided but I'm not sure if that's enough.

Whois.com isn't the tool i recommend, i mostly use my own in-house tools for data accuracy and updated results, dork queries are special search queries one can use on search engines for example using site:foo.bar on google search will only result the webpages for foo.bar domain/website, there are many ways to do that just keep searching and you will eventually find all the dork queries you can use, data transparency report is a complaint we usually file to registrar or registry if we sees anything suspicious in the whois data base. The last piece that gives away the website authenticity is the website itself, you just need a keen eye to identify such details and you are good to go. There are other methods as well but they might go over board following the nu-processable knowledge and tools required to deal with them. Stick to basic and you will do just fine atleast for most of the websites. More power to you.

This website is genuinely fake.

LORDofTheDRINKS wrote:
Whois.com isn't the tool i recommend, i mostly use my own in-house tools for data accuracy and updated results, dork queries are special search queries one can use on search engines for example using site:foo.bar on google search will only result the webpages for foo.bar domain/website, there are many ways to do that just keep searching and you will eventually find all the dork queries you can use, data transparency report is a complaint we usually file to registrar or registry if we sees anything suspicious in the whois data base. The last piece that gives away the website authenticity is the website itself, you just need a keen eye to identify such details and you are good to go. There are other methods as well but they might go over board following the nu-processable knowledge and tools required to deal with them. Stick to basic and you will do just fine atleast for most of the websites. More power to you.

Thank you for sharing such important, useful information.