Another phishing site | Bitcointalksearch.org

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: jerry0 on April 01, 2019, 12:44:11 PM

<...>

Absolutely compromised. Do not go near the "to" site unless you are trying to report on how it works. In summary, if you log into the site, they will have your access credentials to Bitcointalk.

Quote from: DdmrDdmr on February 21, 2019, 10:46:09 AM

Beware!!!!

It seems that the .to phishing version of Bitcointalk is back online today, after being down for a few months. That is likely one of the main sources for hacked accounts around here.
The crazy thing is that it now displays a gambling site popup screen, which is obviously not forum policy. Data is nearly up-to-date with forum, and is barely a day off.

I never ventured to try to log onto the .to site before, but for the sake of it, I tried now with fake data. What it does is capture your login/password, and then immediately redirect you to the proper .org version of the forum, where you are back to the login screen. The impression you get is that you are on the correct site, but suffered a connection glitch that made the site ask you for your credentials twice. The fuckers …

jerry0

full member

Activity: 1750

Merit: 186

I also seen bitcointalk.to site. So that is phishing site? I saw that site when using my web browsing laptop. So if you log in with that site your bitcointalk acct get compromised?

hugeblack

legendary

Activity: 2702

Merit: 4002

Does this word have any meaning in Russian or Dutch? "fonstavka"

Quote from: https://www.siteleaks.com/www.fonstavka.com

fonstavka.com has a global Alexa ranking of 1173109 and ranked 24600 in Russia. The website server is using IP address 185.82.210.23 and is hosted in Netherlands. The Google page rank of this website is -1/10.

It works since 2016 so it may be one of the oldest scammers in this forum, the good thing is that you can not log in so it is not easy to hack accounts because of the alert "ERROR for site owner: Invalid domain for site key."

BTW:

Quote from: http://fonstavka.com/index.php

You can now buy fonstavka.com souvenirs by spending your sMerit.

You can now buy ~~fonstavka.com~~ NOT bitcointalk.org

theyoungmillionaire

sr. member

Activity: 375

Merit: 1021

Just in case no one loves you, I love you 3000.

Quote from: o_e_l_e_o on April 01, 2019, 05:13:33 AM

Also, if you add these phishing sites to your hosts file as I have detailed above, and your browser will flat out refuse to open them.

To support Leo. People will not be able to access the said sites if it is added in your hosts file, even if you wrongly clicked the said phishing sites.

Example:

It is much safer.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Well it seems that the fonstavka site displays the KYC news at the top of the screen, whilst the .to version of this forum has not caught up yet. The former would be more dangerous than the latter due to it catching-up quickly. Fortunately its domain name is crap.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

To everyone saying they bookmark sites to prevent this from happening - bookmarking rather than searching for the site every time you want to use it can help, but be aware that it isn't foolproof. Be aware that there is malware which exists which can change your bookmarks or redirect your browser from the legit site to a fake one. You should be manually checking the URL of every site before you log in.

Also, if you add these phishing sites to your hosts file as I have detailed above, and your browser will flat out refuse to open them.

bhadz

hero member

Activity: 2520

Merit: 568

Payment Gateway Allows Recurring Payments

Quote from: Bitcoin_Arena on March 31, 2019, 05:46:25 PM

Quote from: bhadz on March 31, 2019, 03:48:33 PM

Thanks for finding it out, a lot of phishing sites that are trying to imitate the whole forum's(SMF) theme. Although for most, we used to check the URL if it's a correct one, there's still some people who are new to the forum that doesn't care much about the URL but just looks at the theme of the forum and they are the ones who are prone to this kind of phishing site.

Even when one is browsing and tired. You can easily be fooled by the website.
That's why i prefer searching using the forum's search button but sometimes it disappoints and over delays. Other times it brings up some server time out error

Bookmarking the forum and other websites that you regularly visit will save you from these phishing links.

joniboini

legendary

Activity: 2170

Merit: 1789

Quote from: jerry0 on March 31, 2019, 09:27:20 PM

So this site is basically pretending to be this site? Any risk of visiting that site? Or only if you visit it and enter your login information?

1. Yes.
2. Not sure what the risk is if you only visit it.
3. If you enter your login information, it is highly likely your login data will be used by the hacker to steal your account.

jerry0

full member

Activity: 1750

Merit: 186

So this site is basically pretending to be this site? Any risk of visiting that site? Or only if you visit it and enter your login information?

Bitcoin_Arena

copper member

Activity: 2114

Merit: 1814

฿itcoin for all, All for ฿itcoin.

Quote from: bhadz on March 31, 2019, 03:48:33 PM

Thanks for finding it out, a lot of phishing sites that are trying to imitate the whole forum's(SMF) theme. Although for most, we used to check the URL if it's a correct one, there's still some people who are new to the forum that doesn't care much about the URL but just looks at the theme of the forum and they are the ones who are prone to this kind of phishing site.

Even when one is browsing and tired. You can easily be fooled by the website.
That's why i prefer searching using the forum's search button but sometimes it disappoints and over delays. Other times it brings up some server time out error

bhadz

hero member

Activity: 2520

Merit: 568

Payment Gateway Allows Recurring Payments

Thanks for finding it out, a lot of phishing sites that are trying to imitate the whole forum's(SMF) theme. Although for most, we used to check the URL if it's a correct one, there's still some people who are new to the forum that doesn't care much about the URL but just looks at the theme of the forum and they are the ones who are prone to this kind of phishing site.

hyunee

full member

Activity: 476

Merit: 100

That picture looks like this forum. I wonder why that site has the database of that site the same as BCT. It's not a coincidence for that site just to create the account Baofeng was searching right?

Quote from: nakamura12 on March 31, 2019, 02:28:07 PM

This is why I add bitcointalk.org everytime I search a thread or a topic in bitcointalk and check if the domain name under the title is the right/correct domain that I was looking for. If I want to search for this thread in google this is what I would do, Another phishing site bitcointalk.org and you can compare the result if you don't add bitcointalk.org in everything you want to search.

I bookmarked bitcointalk on my browser that's why I will not have mistakes in going to BCT.

nakamura12

hero member

Activity: 2268

Merit: 669

Bitcoin Casino Est. 2013

This is why I add bitcointalk.org everytime I search a thread or a topic in bitcointalk and check if the domain name under the title is the right/correct domain that I was looking for. If I want to search for this thread in google this is what I would do, Another phishing site bitcointalk.org and you can compare the result if you don't add bitcointalk.org in everything you want to search.

Edit: I open the said domain because of what DdmrDdmr stated that the site is extremely up-to-date which is a 100% TRUE and I also spotted that there is a difference between bitcointalk post and fonstavka dot com's copy of the same post that I posted earlier in this forum. See all those bitcointalk.org? When you compare the same post in the fonstavka with this one all bitcointalk.org I mention in this thread will be changed into fonstavka(.)com. Refer Image below.

kingpin4321

member

Activity: 280

Merit: 14

Thanks for this piece of information and your efforts to tackling issues like this is highly welcomed.
I am really against clicking on entering an unknown site without properly investigating it.
I guess this warning would be adhered to by the forum users

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: crairezx20 on March 31, 2019, 12:40:21 PM

<...>

It does seem to be online now. It is extremely up-to-date, to the point that I created a post a minute ago on our correct forum site, and I can already see it on the fonstavka site. I’m not sure If they scrape the messages, or simply encapsulate the forum within a frame on their site, but it’s pretty spooky (except for the fact that the domain name is pretty obvious).

The Captcha does not work for me either (test with care and at your own risk …), and I figure they are setting the site up and still require something there.

crairezx20

legendary

Activity: 1638

Merit: 1046

I'm trying to register through this site but their captcha is not working properly there is a captcha error shows when registering.

This phishing site is already been discussed here before and there are many BTCtalk member mention this website.
Here's the old thread about this site https://bitcointalksearch.org/topic/add-httpfonstavkacom-as-newold-phishing-site-5010082

And I noticed that some old thread that already indexed in google(2015 and 2016) there is someone wearing signature with this link. So it means someone uses this website before here on the forum past years ago to promote it here on the forum.

Use this term in google fonstavka.com site:bitcointalk.org

o_e_l_e_o

legendary

Activity: 2268

Merit: 18748

Another one to be added to your hosts files then.

On Windows, navigate to "C:\Windows\System32\Drivers\etc\", and open the hosts file in a text editor.
On Mac, navigate to "/private/etc/", and open the hosts file in a text editor.
On Linux, open terminal and write "sudo nano /etc/hosts"

Add the following two lines to the bottom of the hosts file:

Code:

0.0.0.0 bitcointalk.to
0.0.0.0 fonstavka.com

Your browser will now be unable to open those two phishing sites.

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

It doesn’t seem to be working now (error 403 Forbidden).

It’s also curious to see that Scamadvider showed the site to be 95% trustworthy, stating that it "looks safe" until I forced it to refresh the data. Now it has changed to 66% trustworthy, with a bunch of warnings. Possibly the fact that is seems off-line has driven the rating down. I’ll have re refresh it again when it get back online.

Even so, it’s pretty flagrant that it’s a phishing clone.

The ".to" version has got too greedy now and shows a gambling banner as a splash screen, which is something unusual and surely should put any stray person on alert.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Well damn. At least this one is easier to spot though as the domain is very different, compared to that bitcointalk.to one. Screw the latter, I admit I almost got tricked into that one.

Another reason to use "google:bitcointalk.org" on your search queries(assuming you're using Google) to make sure the legitimate results come out.

r1s2g3

sr. member

Activity: 742

Merit: 395

I am alive but in hibernation.

All the clone just prove how popular is bitcointalk is and how much our account in risk if we do not put attention to the url.
Better to permanently mark this site url in your browser.

hacker1001101001

sr. member

Activity: 1288

Merit: 415

One more!! Shocked

Thats pretty risky buy the way and any new user could get affected by this and end up being totally compressed with username and Passwords.

I also think this is the main source of accounts hacks happing lately.

Just for caution and more people could report I am dropping the link here. ( Its unclickable )

Phishing site: fonstavkdotcom

It would be good if you move the thread to B&H board, as most of the newbies are the once getting affected and it better suits there.

Baofeng

legendary

Activity: 2576

Merit: 1655

I was doing a follow up investigation on merit abusers I caught Merit Abuse?. So I just copy a address from one of those suspected abusers and search on Google.

Weird, I was quite surprised to see the result, so I click on that link and Lo and Behold:

It was a exact copy of this forum. So I headed to Google's report page and submit this one as a bitcointalk phishing site. So again, just another warning to check everything before you login. Or added it in your /etc/hosts so that your computer won't access that site as a safe measure.

Edit: Those Accounts have been tagged by Lauda already.

Topic: Another phishing site (Read 457 times)