Author

Topic: 2 Fake Blockchain.com site with redirection (Read 369 times)

sr. member
Activity: 1232
Merit: 379
June 16, 2020, 03:29:53 PM
#5
Good Catch OP,  This Phishing Site Keeps Sending Me Mails Everyday That My Account Isn't Verified, If You Have Been Getting This Mails Please Ignore It, They Just Trying To Scam Users. The Reason Why Scammers Tried To Imitate Website Is Changing Name At All Times,  The First Well Known Website Of This Was Blockchain.info, Now Redirected To Blockchain.com.  So Hackers Aren't Sleeping,  They Into The Game Now.
legendary
Activity: 2268
Merit: 18748
To avoid this attack in Firefox and Tor, do the following:

Open a new tab
Type about:config and hit enter
Accept the warning if one appears
Search for the string network.IDN_show_punycode
Change the value to true

This will make these domains display as "xn--xxxxx" rather than the site name they are trying to imitate. Chromium based browsers should warn you about punycode domains automatically, provided they are up to date.

Another simple way to avoid falling victim to sites like this which pretend to be other sites, often web wallets and exchanges, is to use a good password manager such as KeePass. KeePass will automatically recognize that it is a fake site and won't input your user name or password.
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
Good catch OP.

Phishing sites always happen where we have to be able to catch and they should not allow to look for victims with this thread so the beginners can find out that this is phishing so don't just click or log in there.
sr. member
Activity: 1498
Merit: 326
Vave.com - Crypto Casino
They simply using special characters so it would not be noticed that is a fake site. Nice find OP, this will avoid some users here when they search for the real website of blockchain. When user searches for the keyword does these two sites shown on Google list? Or you just find it on the web?
hero member
Activity: 2870
Merit: 594
Another fake blockchain.com sites using homograph attack. However, this is different, once you go to that site it will redirect to a another phishing site and that sells hardware wallet.

Code:
ḇlockchain.com (xn--lockchain-zy5d.com)
Code:
blockchaĭn.com (xn--blockchan-xob.com)

Archive: http://archive.is/jZeNy


Quote
Whois Record for Ḇlockchain.com
How does this work?
 Domain Profile
Registrant   Registration Private
Registrant Org   Domains By Proxy, LLC
Registrant Country   us
Registrar   GoDaddy.com, LLC
IANA ID: 146
URL: http://www.godaddy.com
Whois Server: whois.godaddy.com

(p)
Registrar Status   clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Dates   130 days old
Created on 2020-02-07
Expires on 2021-02-07
Updated on 2020-02-07

https://whois.domaintools.com/xn--lockchain-zy5d.com
Jump to: