Topic: 2 Fake Blockchain.com site with redirection (Read 364 times)
Good Catch OP, This Phishing Site Keeps Sending Me Mails Everyday That My Account Isn't Verified, If You Have Been Getting This Mails Please Ignore It, They Just Trying To Scam Users. The Reason Why Scammers Tried To Imitate Website Is Changing Name At All Times, The First Well Known Website Of This Was Blockchain.info, Now Redirected To Blockchain.com. So Hackers Aren't Sleeping, They Into The Game Now.
To avoid this attack in Firefox and Tor, do the following:
Open a new tab
Type about:config and hit enter
Accept the warning if one appears
Search for the string network.IDN_show_punycode
Change the value to true
This will make these domains display as "xn--xxxxx" rather than the site name they are trying to imitate. Chromium based browsers should warn you about punycode domains automatically, provided they are up to date.
Another simple way to avoid falling victim to sites like this which pretend to be other sites, often web wallets and exchanges, is to use a good password manager such as KeePass. KeePass will automatically recognize that it is a fake site and won't input your user name or password.
Open a new tab
Type about:config and hit enter
Accept the warning if one appears
Search for the string network.IDN_show_punycode
Change the value to true
This will make these domains display as "xn--xxxxx" rather than the site name they are trying to imitate. Chromium based browsers should warn you about punycode domains automatically, provided they are up to date.
Another simple way to avoid falling victim to sites like this which pretend to be other sites, often web wallets and exchanges, is to use a good password manager such as KeePass. KeePass will automatically recognize that it is a fake site and won't input your user name or password.
Good catch OP.
Phishing sites always happen where we have to be able to catch and they should not allow to look for victims with this thread so the beginners can find out that this is phishing so don't just click or log in there.
Phishing sites always happen where we have to be able to catch and they should not allow to look for victims with this thread so the beginners can find out that this is phishing so don't just click or log in there.
They simply using special characters so it would not be noticed that is a fake site. Nice find OP, this will avoid some users here when they search for the real website of blockchain. When user searches for the keyword does these two sites shown on Google list? Or you just find it on the web?
Another fake blockchain.com sites using homograph attack. However, this is different, once you go to that site it will redirect to a another phishing site and that sells hardware wallet.
Archive: http://archive.is/jZeNy
https://whois.domaintools.com/xn--lockchain-zy5d.com
Code:
ḇlockchain.com (xn--lockchain-zy5d.com)
Code:
blockchaĭn.com (xn--blockchan-xob.com)
Archive: http://archive.is/jZeNy
Quote
Whois Record for Ḇlockchain.com
How does this work?
Domain Profile
Registrant Registration Private
Registrant Org Domains By Proxy, LLC
Registrant Country us
Registrar GoDaddy.com, LLC
IANA ID: 146
URL: http://www.godaddy.com
Whois Server: whois.godaddy.com
(p)
Registrar Status clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Dates 130 days old
Created on 2020-02-07
Expires on 2021-02-07
Updated on 2020-02-07
How does this work?
Domain Profile
Registrant Registration Private
Registrant Org Domains By Proxy, LLC
Registrant Country us
Registrar GoDaddy.com, LLC
IANA ID: 146
URL: http://www.godaddy.com
Whois Server: whois.godaddy.com
(p)
Registrar Status clientDeleteProhibited, clientRenewProhibited, clientTransferProhibited, clientUpdateProhibited
Dates 130 days old
Created on 2020-02-07
Expires on 2021-02-07
Updated on 2020-02-07
https://whois.domaintools.com/xn--lockchain-zy5d.com
Jump to: