Author

Topic: 2 New Fake Chipmixer website (Read 323 times)

hero member
Activity: 1344
Merit: 540
May 18, 2020, 05:46:10 AM
#19
I've written a short guide on where to report those abuses here, Domain host and their abuse contact. So for those who are not familiar, you can refer to that thread.
hero member
Activity: 2842
Merit: 772
May 18, 2020, 05:36:58 AM
#18
Quick Update:

The second website has been taken down already.

But namecheap is slow to react, I urge everyone to help the community by reporting the first website to them.

Reported the second site in my end. So let's see, namecheap is one of the biggest domain registrar out there so they might be a lot of reports for them to review, specially that there are a lot of cyber criminals taking this opportunity to create Covid-related themes so it might take some time. So let's just wait and see how it goes. Thanks for the fair warning again.
copper member
Activity: 1204
Merit: 737
✅ Need Campaign Manager? TG > @TalkStar675
May 17, 2020, 10:40:57 PM
#17
The second website has been taken down already.
That's great,,, I don’t know how many people have already lost their funds due to this kinda phishing sites but i am damn sure that these scammers will continue with another domain.


But namecheap is slow to react, I urge everyone to help the community by reporting the first website to them.
As far as i know namecheap support system is quite good but due to heavy work loads sometime its require little bit extra time to take action from their end. Hope they will take proper action as soon as possible and definitely i will submit report from my side for drawing their attention on this matter and faster actions too.
hero member
Activity: 2870
Merit: 594
May 17, 2020, 09:45:07 PM
#16
Quick Update:

The second website has been taken down already.

But namecheap is slow to react, I urge everyone to help the community by reporting the first website to them.
sr. member
Activity: 2030
Merit: 269
May 15, 2020, 12:57:22 AM
#15
If you bookmarked the real Chipmixer site and you have a metacert extension or similar extension you are safe, not really surprising, it's one of the top mixing site in the business and hackers are making big bucks imitating or creating a phishing site.
legendary
Activity: 2366
Merit: 2054
May 14, 2020, 07:00:45 PM
#14
Maybe try to subscribe dnstwister to avoid scam, see link below to know how much similar chipmixer domain.

https://dnstwister.report/search?ed=636869706d697865722e636f6d

Quote
We identified 324 domains similar to chipmixer.com.
60 domains resolved to an A or MX record



I find over 500+ on union https://dnstwister.report/search?ed=636869706d69786572777a78747a62772e6f6e696f6e

Quote
We identified 579 domains similar to chipmixerwzxtzbw.onion.
No domains resolved to an A or MX record

dns twisster will alarming you when new similar created.

then report it.
legendary
Activity: 2576
Merit: 1655
May 14, 2020, 05:47:16 PM
#13
Alternatively, you can report the abuse on the following:

(1) https://www.namesilo.com/report_abuse.php
(2) https://support.namecheap.com/index.php?/Tickets/Submit

Reported both of them.

From Namecheap:

Quote
Your request has been received
We have received your request and our team will get back to you shortly. You can log in to the helpdesk to review the status of your request, or check your email for further updates.

General Information   
 
Ticket ID    #PWA-170-71983
First and Last Name    xxxx
Email    xxxx
Type    Issue
Priority    High

From my experience reporting sites from both domain registrar, it usually took 2-3 before they take it offline. Crossing our fingers that no one will fall for this trick.

legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
May 14, 2020, 10:58:39 AM
#12
Use link from post number 3 and report both link to Google, more reports will surely result in a quick reaction and both sites will be blocked in Chrome&Firefox which are the browsers with the most users these days. Another option is report them to registrar or domain provider, but from some personal experience it seems to me that they rarely react positively to such reports. Part of the responsibility is definitely on the hosting company, but as in the case of Google ads, it’s obvious that no one wants or can check things like this.
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
May 14, 2020, 10:20:06 AM
#11
I think I've seen a similar letter with other known exchanges like Binance. That special character is being used by these abusers to fake websites that has letter e on its domain.
Most of the phishing sites are based on homograph letter. You can change the i,a,e which looks same as the actual one and it makes easy to target even very smart trader with a lot of experience. It's an old school method of phishing.
Yes, those characters.

It's old as it is but the sad thing is that there's still plenty of victims they get.
sr. member
Activity: 1372
Merit: 322
May 14, 2020, 09:11:52 AM
#10
I think I've seen a similar letter with other known exchanges like Binance. That special character is being used by these abusers to fake websites that has letter e on its domain.
Most of the phishing sites are based on homograph letter. You can change the i,a,e which looks same as the actual one and it makes easy to target even very smart trader with a lot of experience. It's an old school method of phishing.
legendary
Activity: 2296
Merit: 1014
May 14, 2020, 09:03:22 AM
#9
This is the original chipmixer site and I just want to get the difference because I didnt get the information on the OP. Please add the original site and the details too for comparison, great for readers.
My guess is that they dont work alone and its like a group of people who are really crazy about other peoples possessions.
Agree here, adding original site for comparision is good thing to do.
If someone posess such skills, copying over and over his fake website with different domain names isnt that hard.
Phishing is one of main scam techniques in world wide web since forever Tongue. You can't eliminate them, there are so much of them, so best thing to do is educate the public about it.
hero member
Activity: 3024
Merit: 680
★Bitvest.io★ Play Plinko or Invest!
May 14, 2020, 08:40:20 AM
#8
I think I've seen a similar letter with other known exchanges like Binance. That special character is being used by these abusers to fake websites that has letter e on its domain.
hero member
Activity: 2660
Merit: 551
May 14, 2020, 06:52:30 AM
#7
I wonder why there are always multiple phishing website that has similar fancy characters like this! "ẹ". Similarly, the other thread created by has also a similar fancy character in their URL in creating fake Ledger website.

I think these are created by the same person or group of person! Anyways, link for reporting phishing link.

https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
[email protected] - email the link here!

Probably those are created by one group of cyber criminals.

And it's really hard to detect at first glance, and we can see that this is a sophisticated attack using Chipmixer. There is a wonderful tool to check for Punny code here.

https://www.punycoder.com/

One way to able check on it is to click the padlock, -> certificate

legendary
Activity: 2800
Merit: 2736
Farewell LEO: o_e_l_e_o
May 14, 2020, 06:39:27 AM
#6

This is very frustrating for me. All those days, I used to think that homograph attack can be caught using copy paste but with this , it seems there no difference with the original e. 🤔

Try yourself with Ctrl+F and then type e you will see both are highlighted below.

e : English letter
: homograph letter
legendary
Activity: 1974
Merit: 1150
May 14, 2020, 05:13:44 AM
#5
Code:
https://chipmixer.com/

~snip
My guess is that they dont work alone and its like a group of people who are really crazy about other peoples possessions.
legendary
Activity: 2338
Merit: 10802
There are lies, damned lies and statistics. MTwain
May 14, 2020, 05:09:49 AM
#4
I wonder why there are always multiple phishing website that has similar fancy characters like this! "ẹ". <…>
Simply in order to make the URL name as close as possible to the original one they are trying to mimic. A little dot (as is the visual appearance) is a minor difference that may go unnoticed (who’s got a perfectly clean screen without any smudges on it?), and that is what the phishing site is counting on. Other classical spins are skipping or adding a letter, or permuting a couple of them.

All these tricks are detectable if one is paying close attention, but not fast to spot when in a rush, or the site is not a regular site and one is landing there for the first time.
legendary
Activity: 1904
Merit: 1563
May 14, 2020, 04:06:19 AM
#3
I wonder why there are always multiple phishing website that has similar fancy characters like this! "ẹ". Similarly, the other thread created by has also a similar fancy character in their URL in creating fake Ledger website.

I think these are created by the same person or group of person! Anyways, link for reporting phishing link.

https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
[email protected] - email the link here!
legendary
Activity: 2506
Merit: 1394
May 14, 2020, 04:01:09 AM
#2
ChipMixer should be aware of this. It's really amazing how scammers can easily copy the original website. I also saw some fake Bitcoin mixers website before especially around bull run 2017.
Better if we also report these domains to their registrar or domain provider,
[email protected] and [email protected]
hero member
Activity: 2870
Merit: 594
May 14, 2020, 03:34:01 AM
#1

(1) Take notice of the . Another type of  homograph attack. Just created more than two weeks ago.

Code:
chipmixẹr.com - https://xn--chipmixr-z30d.com/



Quote
Registrar   NAMECHEAP INC NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status   addPeriod, clientTransferProhibited
Dates   18 days old
Created on 2020-04-26
Expires on 2021-04-26
Updated on 0000-12-31

http://whois.domaintools.com/xn--chipmixr-z30d.com



(2) This one is a classic Typosquatting, or URL hijacking. Also this is created around two weeks ago.

Notice the S.

Code:
https://chipmixers.io/



Quote
Registrar   Namesilo, LLC
IANA ID: 1479
URL: http://www.namesilo.com
Whois Server: whois.namesilo.com

(p)
Registrar Status   clientTransferProhibited, serverTransferProhibited
Dates   15 days old
Created on 2020-04-29
Expires on 2021-04-29
Updated on 2020-04-29

http://whois.domaintools.com/chipmixers.io
Jump to: