Again, Phishing Iancoleman | Bitcointalksearch.org

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: Chikito on October 28, 2020, 08:32:18 AM

of course, the scammer will use the same server to create a new domain.

If that's the case, some basement guy hosting a bunch of fake websites on a single server, then their IP address can be blocked with a firewall and this will disable access to all of those sites until the scammer gets a new IP (which requires them to temporarily take the sites offline while rebooting)

Someone can code a script that queries the DNS information of typosquatting domains, extract the IP addresses, and make a list out of them for pasting into a firewall program. Or set up a name server for people to use and put a firewall with the list on that. It would only catch phishing domains though, not scam domains with completely different names.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Searching around (base on the first phrase on the scam screen), I encounter a few other sites with a distant name to the original, but similar interface. Although some of them reference the original github source code (down the bottom of the screen), giving an additional link to their own (and thus claiming somehow that their version is allegedly based on the original version), the all seem a danger to me:

Code:

https[colon]//coinomi.github[dot]io/tools/bip39/
https[colon]//crypto.greenhex[dot]net/bip39-personal-standalone[dot]html
https[colon]//s3.amazonaws[dot]com/groovehq/uploaded/9e08fc9sg6ppxst6nbhc015wedgbt85n6xw6xnm88krwi2bdj6?1486558363

I’m not going to investigate if there is even a trace of legitimacy in any of them, but clearly the risk of not using the original legit site is tremendous, however we come accross the alternative site.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Losing track of how many times I am copying and pasting this. Any one of these steps would be enough to prevent you from falling victim to this scam. Practice all of them for maximum safety.

Quote from: o_e_l_e_o on November 29, 2019, 06:22:27 AM

Stop using Google to find the website of exchanges, services, or wallets.

Stop following random links without checking the URL.

Start using uBlock Origin.

Never type your seed in anywhere.

How many times does this need repeated?

webtricks

legendary

Activity: 1918

Merit: 1728

It's actually a bad idea to provide direct form on the website to generate mnemonic code. It would have been better if Ian Coleman only provided source code on the website so the only option user had was to copy the whole code, paste that in any text editor and then run the file in his browser.

Providing the functionality of address generation directly on the website without any explicit 'warning text' on the top has exposed the users to several potential vulnerabilities (phishing site being the one) because newbies will always prefer generating addresses quickly on the website rather than downloading the page and running it offline.

If there wasn't a form on the website, it wouldn't be possible for anyone to imitate the website and steal the private information.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Quote from: Chikito on October 28, 2020, 08:32:18 AM

what phishing website create next?

Every single on of the same websites being normally used as phishing sites. It's pretty safe to assume that as long as phishing sites still work for tricking the less-informed, they will continue to exist.

masulum

legendary

Activity: 2324

Merit: 1604

hmph..

Quote from: Charles-Tim on October 28, 2020, 08:50:19 AM

Domain providers are not working enough to let people not to use such fake domain, if I am a domain provider, I would have known this will only lead to scam site,

I have an experience working in domain provider service, why they are accepting related domain, because sometimes we can found 2 similar companies name. If domain provider blocked 1 of them before any evidence of scam sites, it can be wrong and will make their reputations bad.

How to solve this? all domain provider have abuse report, so we can take advantages from this, if you find scammers or phishing sites, you can report it, if you have enough proof, the domain will be taken down by them. But, it need few weeks for service provider to check it, except there are several user report that site it will become priority investigations, and it will be faster to taken down that domains.

Charles-Tim

legendary

Activity: 1512

Merit: 4795

Leading Crypto Sports Betting & Casino Platform

I found this to be true, I was even confused when you coded it up there, it is so similar to iancoleman.io, the site will truly be a phishing site with no two intentions than to scam anyone that mistakely input his/her seed phrase, or who mistakenly use the fake site to generate seed phrase. Domain providers are not working enough to let people not to use such fake domain, if I am a domain provider, I would have known this will only lead to scam site, and google is also good in spreading false information, making scam more easily and unknowingly accessible to people which could later be victims.

Chikito

legendary

Activity: 2366

Merit: 2054

Damn, Scammer everywhere!.

I won't create a new thread but this is important for us and also newbie, the last day ago I have a warning electrum phishing website and today got recently new phishing iancoleman.

Code:

https://incoleman.io/

Normally, a real website need sub/virgule bip39 like this https://iancoleman.io/bip39/

how I found this phishing?

accidentally, searching bip39 keyword in the google searching box.

Please, install AdBlock now.

let's see the relationship that IP

https://www.virustotal.com/gui/ip-address/190.115.18.218/relations

of course, the scammer will use the same server to create a new domain.

Domain Information:

Quote

IP Address: 190.115.18.218
Domain Name: incoleman.io
Registry Domain ID: D503300001187922502-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2020-10-20T12:52:15Z
Creation Date: 2020-10-20T12:52:12Z
Registry Expiry Date: 2021-10-20T12:52:12Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc

what phishing website create next?

Topic: Again, Phishing Iancoleman (Read 162 times)