Topic: Host-file to deal with phishing sites (Read 642 times)

The hosts file is intended to resolve domain names. For example you have a machine in your LAN called "petunia" at 192.168.1.2, you would do

192.168.1.2 petunia

So if you ping petunia your os knows this means 192.168.1.2 before asking a dns server.

Now here comes the important part hd49728: Do NOT, i repeat DO NOT put URLs in there!

You have to REMOVE the http and the / parts, like this:

http://privatemgrgg.pw/vcruntime140.dll -> privatemgrgg.pw

0.0.0.0 privatemgrgg.pw NOT 0.0.0.0 http://privatemgrgg.pw/vcruntime140.dll as you have been doing.

This is a file for manual domain name resolution, it is not a browser and it is not supposed to interpret neither URLs nor files or folders or files within (no /).

When you type the url in the browser, the browser will ask your os what IP address number that domain name has, the browser does NOT ask what http://privatemgrgg.pw/vcruntime140.dll is, it asks for privatemgrgg.pw but you defined http://privatemgrgg.pw/vcruntime140.dll in the hosts file which won't match what the browser (or program) is asking and it won't get "blocked" (resolved to oblivion).


Note that this "blocking trick" may no longer work with newer browsers since they have started to resolve dns using third parties like google's or cloudflare (so called "secure") dns resolvers bypassing the OS entirely by default (YMMV).


Yes there is a way to have your OS do secure dns resolving while NOT handling your dns history to the usual suspects, install dnscrypt-proxy and configure it accordingly. Remember to set your browser to not use their own "secure built-in" resolution as well...


PS: Just because its Linux doesn't mean it comes with nano. You should have used the exact same wording as the other OSes: "open the hosts file with a text editor".

That one is the latest phishing site that tries to fake the smartmixer.io. Be careful and stay safe.

Do you notice the dissapearance of 'r' character, smatmixer.io (phishing site) and the official (smartmixer.io)?

@hd49728 kindly include again this phishing link which is identical to the previous phishing attempts but now uses another phishing site though it is still using the same style and methodology.

Kindly include this links also to your host file list, maybe the OP of this thread - [Warning] Phishing Blockchain.info  forgot to share this phishing link
and these connected phishing sites under that same IP as posted by @JeromeTash

I updated OP with the newest phishing site I saw. If you saw new phishing sites, please let me know by reporting them here.
Thank you.

@hd49728 , kindly update this to your list. Thank you.



Related thread: [Warning] Fake Brave Bounty Program Giving 1,500 BAT Tokens to each participant!

Sure, you can use the host-file for free, and if you find out any new phishing site, please let me know by replying here, then I will add them into OP.
Regarding to email security, you can use the following site: https://haveibeenpwned.com/
It is very simple to use: Typing your email address, then enter to see it has already been compromised or not. In case your email has been already compromised, it's your turn to reset your password and consider to enhance security and privacy for your email.
There are two types of results:
1. Bad: pwned!

2. Good: no pwnage found!
You should take action as quickly as possible if your email checking result fall into the first type.

Thanks for the list I will add this on my host file, I also use Metacert by Cryptonite extension but it is trial only. The icon turns green when it is safe and black if not. Every day there are new phishing sites created so we need to be careful to look carefully on the URL if it is correct before entering something and don't click suspicious links on the email.

Dangerous sites are not really dangerous ones, if people don't careless to visit, create and log in their accounts on such sites with same passwords on other sites. Generally, people can protect themselves from such sites by maintaining good web-surfing behaviors. It's key thing to self-protect from dangerous phishing sites.

There's no doubt that phishing sites are one of the dangerous thing that you can imagine that might/will happen to you if you got yourself getting phished by a phishing site which you mentioned that they can get your information and it can be sold. Anyway, bookmark could also be compromised the same as the clipboard hijacking.

Being victimized by phishing sites and being phished is far most horrible thing you could let yourself get into. Phishing is technically the heaviest and the one that you should avoid in terms of cybercrimes for it would cost you so much and will put you in danger. Once the site collected all of your information and everything you'll be putting using your clipboard you're doomed. That's why everyone, especially the newbies, should be very careful and vigilant upon entering sites and downloading applications. I could agree that for them to avoid it, theybcould bookmark their most visited sites so if one that looks and acts the same suddenly appeared they would know that it wasn't the site they used to visit and it might be risky using it.

Those sites have been masked already, but I would prefer to leave them here as an example of phishing sites with punny codes.
Moreover, there is another topic from wwzsocki: What is Punycode and how to protect yourself from Homograph Phishing attacks?. In that topic, you can see some phishing sites that use punny codes.

I saw a thread on fake site of Bitblender, that was shutdown by their team (likely scam exited) months ago:
[Warning] Fake Bitblender site
That site is added to the host file in OP (last line in OP list)

I added it to host-file in OP. Thank you, Baofeng.
Like that annoying animated avatar (becoin):
First time I saw it, I tried to clean my computer screen, honestly.  

That's not a solution (I mean coinmarket n stuff). Phisers not only targets exchange, they can also target gambling sites or other sites which are popular in the crypto community. They can attack by hiding it in hyperlink behind the text in email or other ways and someone can fall for it believing it as a actual link to the site.

I think it is the only way- by spreading the awareness about such attempts and ways to avoid it. GJ @OP , BTW didn't knew
about Punycode so thanks.

We can see lot of new phishing sites popup every day so its impossible to find out all those sites upto date but all we can do is login to the coinmarket cap and login to the exchange from the link placed there,I hope there is no phishing sites will attack by this way.

For too often usage bookmarking the sites really important.

I added those phishing exchanges to host-file in OP, took them from MEE6 Discord bot SCAM ALERT Phishing exchanges !!

Exactly, even after I have read about the dots, still I was trying to clean the screen. First, with a finger   and later with a special spray. I was sure is just dust.

I think this one is the biggest threat from all fake URL's I have seen so far.

Sometimes, it looks like dust on computer screen, and most of us don't realize it. It is very risky, especially for careless guys. I remember there is user whom wear animated avatar of an ant, and at first time I saw that avatar, I thought there is an ant on my computer screen. That's weird but funny when I discovered that is an avatar.