Is fredericavonstade.com safe?

brand impersonation

The page hosted on fredericavonstade.com fully clones Etsy's UI, JavaScript infrastructure (etsy.com CDN scripts, etsy-icon SVGs, wt-* CSS classes, Etsy's bot-detection/DataDome tag, Sentry integration, webpack bundle URLs), and branding assets, while presenting a gambling/slot platform (TS138) as if it were a legitimate Etsy product listing. The Etsy logo SVG path data is embedded verbatim. All navigation, cart, favorites, and header elements mirror Etsy's live site exactly. (location: page.html:1-1101, title tag (line 18), SVG logo (lines 313-315), script srcs (lines 800-805))

malicious redirect

The scanned URL is fredericavonstade.com but all internal links, canonical tags, og:url, breadcrumb schema, and navigation hrefs redirect users to restaurantdesfleurs.com/menu — a completely different domain. The AMP link points to amp.t0t0sl0t138.it.com. This multi-hop redirect chain (fredericavonstade.com → restaurantdesfleurs.com → potentially t0t0sl0t138.it.com) is consistent with SEO cloaking and traffic-steering infrastructure for an illegal gambling operation. (location: page.html:20 (amphtml), line 270 (og:url), lines 285-288 (canonical/alternate), lines 310, 393, 405, 417, 440, 450, 813, 821, 850)

social engineering

The page employs multiple high-pressure social engineering tactics to drive gambling deposits: fabricated urgency ('Diskon segera berahir 01:03:56' — discount ending countdown), false scarcity ('52,970 people bought this in the last 24 hours'), inflated fake discount (90% off, Rp 880,000 marked down to Rp 88,000), manufactured 5-star reviews with Indonesian-language testimonials praising easy jackpots and RTP manipulation, and a fake 'Star Seller' badge. These techniques are designed to coerce impulsive financial decisions toward an unlicensed gambling site. (location: page-text.txt:970 (popularity claim), line 994 (90% off), line 1000 (countdown timer), page.html:62-114 (fake reviews in schema))

brand impersonation

Twitter/X Card metadata, Open Graph tags, Apple App Links, and Android App Links all reference genuine Etsy app IDs (iOS: 477128284, Android: com.etsy.android) and etsy:// deep-link URI schemes, falsely associating the TS138 gambling site with the legitimate Etsy mobile application. This would cause mobile users clicking social-media previews to be directed toward the gambling content under Etsy's trusted brand identity. (location: page.html:256-279 (twitter/og/applink meta tags))

hidden content

The page embeds gambling-promotion content (slot gacor, RTP bocoran, jackpot maxwin) inside structured data JSON-LD blocks (Product, FAQPage, VideoObject, BreadcrumbList, Organization schemas) that are invisible to users but fully readable by search engine crawlers and AI agents parsing structured data. The VideoObject schema falsely claims a video at a restaurantdesfleurs.com URL while linking the contentUrl to a legitimate Etsy video CDN (v.etsystatic.com), mixing real Etsy assets with fraudulent metadata to boost search credibility. (location: page.html:22-246 (JSON-LD script blocks))

social engineering

The FAQ schema (JSON-LD) contains fabricated legitimacy claims: 'TS138 merupakan platform slot online resmi yang sudah tersertifikasi dan terdaftar resmi' (TS138 is an officially certified and registered platform), falsely asserting regulatory compliance to reduce user skepticism toward an unlicensed gambling operation. (location: page.html:143-148 (FAQPage JSON-LD, certification answer))

phishing

The page presents a fully functional e-commerce purchase flow (add to cart, quantity selector, color/size variants, personalization field, checkout buttons) under the spoofed Etsy interface, but all form actions and links resolve to restaurantdesfleurs.com. The pre-scan context flags 3 credential forms and 5 off-domain form actions, indicating that payment or account credential submission would be directed to attacker-controlled infrastructure rather than Etsy. (location: .brin-context.md: credential_form_count=3, off_domain_form_actions=5; page.html:351 (gnav-search form action=/search.php))