Threat Advisory: Additional Fake Petstock E-Commerce Sites

We’re aware of fraudulent websites pretending to be Petstock and attempting to mislead customers.

Read on for key details or View the full statement here

Key Points

• Two additional fraudulent e-commerce sites have been identified that impersonate Petstock.
• The domains are part of the same campaign observed in April 2026
• Login credentials entered into the phishing sites may enable threat actors to log into legitimate Petstock customer accounts.
• Credit card details and personally identifiable information entered during the checkout process are expected to be used for fraudulent purposes.
• WOW Group SOC has requested a Cloudflare banner to warn visitors of the fraudulent nature of the two newly identified websites.

Overview

On 20 April 2026, WOW Group SOC reported on a fraudulent website impersonating Petstock.
Two additional fake Petstock e-commerce sites (hosted at hxxps://petstockshop[.]shop and hxxps://petstockhubprime[.]shop) have since been identified. The sites are identical to the previously reported phishing site hosted at hxxps://petstockhub[.]shop.
Since at least 21 May 2026, the two phishing sites have been impersonating Petstock's legitimate customer website.
As with the previously identified site, the newly identified fraudulent sites purportedly offer generous discounts including up to 70% off and free worldwide shipping. The sites contain fraudulent login and checkout forms designed to capture personal and financial information.

Threat Detail

The fraudulent domains petstockshop[.]shop and petstockhubprime[.]shop were registered via Dynadot Inc on 30 April 2026 and 15 May 2026 respectively.
This is the same registrar as petstockhub[.]shop was registered via on 17 April 2026.

The fake Petstock sites include a login page as well as a signup page. Any valid Petstock customer credentials entered into the phishing sites could enable unauthorised access into legitimate Petstock customer accounts.

During the checkout process, the two new sites load an iframe from the domain jigfdrercetv654734[.]shop - a different domain to the domain (kkyq[.]shop) used by the original website. Users enter their credit card details directly into this external iframe instead of the main site. The checkout page establishes a WebSocket connection with this external server while the payment form is open. After submitting payment details, the iframe displays a 3-D Secure verification page to the
user.
Both of the domains are Cloudflare-hosted. WOW Group SOC has requested a Cloudflare banner to warn website visitors of the fraudulent nature of both websites.

What to do if you entered your details

If you entered your Petstock login details on a website you now believe may be fraudulent, please change your Petstock password as soon as possible.

If you entered payment details, contact your bank or card provider immediately and let them know your card details may have been compromised.

You should also keep an eye on your accounts for any unusual activity.

We are working with relevant partners to help reduce the impact of these fraudulent websites and protect our customers.

Customer safety is very important to us, and we’ll continue to monitor for scams that misuse the Petstock name.

If you’re ever unsure whether a website, offer or message is really from Petstock, please visit www.petstock.com.au directly or contact our Customer Care team via live chat, phone (13 PETS), or submit an enquiry