Pages:
Author

Topic: Host-file to deal with phishing sites (Read 660 times)

legendary
Activity: 2030
Merit: 1569
CLEAN non GPL infringing code made in Rust lang
January 31, 2020, 10:06:32 AM
#27

On Windows, navigate to "C:\Windows\System32\Drivers\etc\", and open the hosts file in a text editor.
On Mac, navigate to "/private/etc/", and open the host file in a text editor.
On Linux, open terminal and write "sudo nano /etc/hosts"

Add the following two lines to the bottom of the hosts file:
Code:
0.0.0.0 bitcointalk.to
0.0.0.0 fonstavka.com

Your browser will now be unable to open those two phishing sites.

So, what is new in this thread?
Steps to add phishing sites, and turn them off are above, what we need is list of phishing site.

So, if you know any phishing sites, please leave them here, I will add them to the list. I hope that we all will make a long list of phishing sites.

The hosts file is intended to resolve domain names. For example you have a machine in your LAN called "petunia" at 192.168.1.2, you would do

192.168.1.2 petunia

So if you ping petunia your os knows this means 192.168.1.2 before asking a dns server.

Now here comes the important part hd49728: Do NOT, i repeat DO NOT put URLs in there!

You have to REMOVE the http and the / parts, like this:

http://privatemgrgg.pw/vcruntime140.dll -> privatemgrgg.pw

0.0.0.0 privatemgrgg.pw NOT 0.0.0.0 http://privatemgrgg.pw/vcruntime140.dll as you have been doing.

This is a file for manual domain name resolution, it is not a browser and it is not supposed to interpret neither URLs nor files or folders or files within (no /).

When you type the url in the browser, the browser will ask your os what IP address number that domain name has, the browser does NOT ask what http://privatemgrgg.pw/vcruntime140.dll is, it asks for privatemgrgg.pw but you defined http://privatemgrgg.pw/vcruntime140.dll in the hosts file which won't match what the browser (or program) is asking and it won't get "blocked" (resolved to oblivion).


Note that this "blocking trick" may no longer work with newer browsers since they have started to resolve dns using third parties like google's or cloudflare (so called "secure") dns resolvers bypassing the OS entirely by default (YMMV).


Yes there is a way to have your OS do secure dns resolving while NOT handling your dns history to the usual suspects, install dnscrypt-proxy and configure it accordingly. Remember to set your browser to not use their own "secure built-in" resolution as well...


PS: Just because its Linux doesn't mean it comes with nano. You should have used the exact same wording as the other OSes: "open the hosts file with a text editor".
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
January 29, 2020, 09:50:02 PM
#26
Code:
0.0.0.0 smatmixer.io
That one is the latest phishing site that tries to fake the smartmixer.io. Be careful and stay safe.

Do you notice the dissapearance of 'r' character, smatmixer.io (phishing site) and the official (smartmixer.io)?
sr. member
Activity: 1078
Merit: 310
November 07, 2019, 08:19:14 AM
#25
Another email I received today with same strategy using another name airdrop portal, ask to fill spreadsheet very same with @OP stories. Here is the proof from email I received.





Code:
https://brave-drop.info

@hd49728 kindly include again this phishing link which is identical to the previous phishing attempts but now uses another phishing site though it is still using the same style and methodology.
sr. member
Activity: 1078
Merit: 310
November 06, 2019, 12:23:51 AM
#24
Kindly include this links also to your host file list, maybe the OP of this thread - [Warning] Phishing Blockchain.info  forgot to share this phishing link
Code:
https://biockcheln.info/

and these connected phishing sites under that same IP as posted by @JeromeTash

More information about the IP address used by scammer. There are 9 malicious/phishing URLs under the same IP address

WARNING

DO NOT VISIT THE LINKS

Code:
http://iocaibitcoins.com/
https://iocaibitcoins.com/
https://lolibitcoins.net/
http://privatemgrgg.pw/vcruntime140.dll
https://localbicolns.org/
http://localbicolns.org/
http://mgsocl.su/api/check.get
http://mgsocl.su/api/gate.get
http://dress-x.ru/freebl3.dll
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
November 05, 2019, 11:54:07 PM
#23
I updated OP with the newest phishing site I saw. If you saw new phishing sites, please let me know by reporting them here.
Thank you.
Code:
0.0.0.0 https://litecoln.org/
sr. member
Activity: 1078
Merit: 310
October 22, 2019, 10:02:08 PM
#22
@hd49728 , kindly update this to your list. Thank you. Smiley


Code:
Phishing Link: https://bounty-brave.info/ 

Related thread: [Warning] Fake Brave Bounty Program Giving 1,500 BAT Tokens to each participant!
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
October 21, 2019, 08:16:43 AM
#21
Thanks for the list I will add this on my host file, I also use Metacert by Cryptonite extension but it is trial only. The icon turns green when it is safe and black if not. Every day there are new phishing sites created so we need to be careful to look carefully on the URL if it is correct before entering something and don't click suspicious links on the email.
Sure, you can use the host-file for free, and if you find out any new phishing site, please let me know by replying here, then I will add them into OP.
Regarding to email security, you can use the following site: https://haveibeenpwned.com/
It is very simple to use: Typing your email address, then enter to see it has already been compromised or not. In case your email has been already compromised, it's your turn to reset your password and consider to enhance security and privacy for your email.
There are two types of results:
1. Bad: pwned!
Quote
Oh no — pwned!
Pwned on X breached sites and found no pastes (subscribe to search sensitive breaches)

2. Good: no pwnage found!
Quote
Good news — no pwnage found!
No breached accounts and no pastes (subscribe to search sensitive breaches)
You should take action as quickly as possible if your email checking result fall into the first type.
full member
Activity: 1176
Merit: 162
October 20, 2019, 01:06:32 PM
#20
Thanks for the list I will add this on my host file, I also use Metacert by Cryptonite extension but it is trial only. The icon turns green when it is safe and black if not. Every day there are new phishing sites created so we need to be careful to look carefully on the URL if it is correct before entering something and don't click suspicious links on the email.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
October 20, 2019, 12:34:31 PM
#19
Dangerous sites are not really dangerous ones, if people don't careless to visit, create and log in their accounts on such sites with same passwords on other sites. Generally, people can protect themselves from such sites by maintaining good web-surfing behaviors. It's key thing to self-protect from dangerous phishing sites.
hero member
Activity: 2268
Merit: 669
Bitcoin Casino Est. 2013
October 20, 2019, 11:11:08 AM
#18
Being victimized by phishing sites and being phished is far most horrible thing you could let yourself get into. Phishing is technically the heaviest and the one that you should avoid in terms of cybercrimes for it would cost you so much and will put you in danger. Once the site collected all of your information and everything you'll be putting using your clipboard you're doomed. That's why everyone, especially the newbies, should be very careful and vigilant upon entering sites and downloading applications. I could agree that for them to avoid it, theybcould bookmark their most visited sites so if one that looks and acts the same suddenly appeared they would know that it wasn't the site they used to visit and it might be risky using it.


There's no doubt that phishing sites are one of the dangerous thing that you can imagine that might/will happen to you if you got yourself getting phished by a phishing site which you mentioned that they can get your information and it can be sold. Anyway, bookmark could also be compromised the same as the clipboard hijacking.
hero member
Activity: 1750
Merit: 589
October 20, 2019, 06:31:45 AM
#17
- Never create accounts on newborn, strange sites/ forums if you do not make your own research about those sites.

And do not use the same or similar email and password when opening different accounts on different websites even after making your research, sites could be hacked and you would not want your entire online activity compromised. If possible have records of all your log in details on different accounts, especially if you're into cryptocurrency and could be using different exchanges at the same time.

Also, Have you most frequently visited sites bookmarked.

Being victimized by phishing sites and being phished is far most horrible thing you could let yourself get into. Phishing is technically the heaviest and the one that you should avoid in terms of cybercrimes for it would cost you so much and will put you in danger. Once the site collected all of your information and everything you'll be putting using your clipboard you're doomed. That's why everyone, especially the newbies, should be very careful and vigilant upon entering sites and downloading applications. I could agree that for them to avoid it, theybcould bookmark their most visited sites so if one that looks and acts the same suddenly appeared they would know that it wasn't the site they used to visit and it might be risky using it.

legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
September 18, 2019, 02:05:02 AM
#16
Those sites have been masked already, but I would prefer to leave them here as an example of phishing sites with punny codes.
Code:
https://stéllar.org/account-viewer/#!/
https://mediụm.com/blog/stellar-community/third-lumen-distribution-program/
https://claimlumens.org/a64bff5080fb2bb636b2e2b7940f04ad

https://xn--stllar-cva.org/account-viewer/#!/
https://xn--medim-9d2b.com/blog/stellar-community/third-lumen-distribution-program/
Moreover, there is another topic from wwzsocki: What is Punycode and how to protect yourself from Homograph Phishing attacks?. In that topic, you can see some phishing sites that use punny codes.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
September 05, 2019, 09:00:01 PM
#15
I saw a thread on fake site of Bitblender, that was shutdown by their team (likely scam exited) months ago:
[Warning] Fake Bitblender site
Code:
https://bitblender[dot]eu/
That site is added to the host file in OP (last line in OP list)
Code:
0.0.0.0 https://bitblender.eu/
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 26, 2019, 08:49:20 PM
#14
Code:
 PHISHING LINK - https://brave-browser.info/


I added it to host-file in OP. Thank you, Baofeng.
Exactly, even after I have read about the dots, still I was trying to clean the screen. First, with a finger  Wink and later with a special spray. I was sure is just dust.
Like that annoying animated avatar (becoin):
First time I saw it, I tried to clean my computer screen, honestly.   Roll Eyes
legendary
Activity: 2576
Merit: 1655
August 26, 2019, 07:13:46 AM
#13
Code:
  PHISHING LINK - https://brave-browser.info/

legendary
Activity: 3094
Merit: 1472
August 24, 2019, 03:18:43 PM
#12
We can see lot of new phishing sites popup every day so its impossible to find out all those sites upto date but all we can do is login to the coinmarket cap and login to the exchange from the link placed there,I hope there is no phishing sites will attack by this way.

For too often usage bookmarking the sites really important.

That's not a solution (I mean coinmarket n stuff). Phisers not only targets exchange, they can also target gambling sites or other sites which are popular in the crypto community. They can attack by hiding it in hyperlink behind the text in email or other ways and someone can fall for it believing it as a actual link to the site.

I think it is the only way- by spreading the awareness about such attempts and ways to avoid it. GJ @OP , BTW didn't knew
about Punycode so thanks.
sr. member
Activity: 910
Merit: 284
August 24, 2019, 08:47:20 AM
#11
We can see lot of new phishing sites popup every day so its impossible to find out all those sites upto date but all we can do is login to the coinmarket cap and login to the exchange from the link placed there,I hope there is no phishing sites will attack by this way.

For too often usage bookmarking the sites really important.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 24, 2019, 08:33:01 AM
#10
I added those phishing exchanges to host-file in OP, took them from MEE6 Discord bot SCAM ALERT Phishing exchanges !!
Code:
0.0.0.0 mercatox.org
0.0.0.0 bitplace.org
0.0.0.0 coinpalace.org
0.0.0.0 exmo.space
0.0.0.0 poficrypt.com
0.0.0.0 coinsweet.org
0.0.0.0 cryptexcurrency.com
0.0.0.0 crypton-bnb.com
0.0.0.0 cryptexplatform.com
0.0.0.0 crypto-trader24.com
0.0.0.0 24xfast.com
0.0.0.0 24xtransfer.com
0.0.0.0 24xtrade.com
0.0.0.0 24burntrade.com
0.0.0.0 bitusual.com
0.0.0.0 24fastcoin.com
0.0.0.0 social-info.ru
0.0.0.0 margo-event.com
0.0.0.0 www.social-analysis.ru
0.0.0.0 24spacetrade.com
0.0.0.0 24xholding.com
0.0.0.0 ancebit.com
0.0.0.0 24xcointrade.com
0.0.0.0 24bestchanger.com
0.0.0.0 24xhold.com
0.0.0.0 cryptextrade.com
0.0.0.0 tradexblue.com
0.0.0.0 bitmate24.com
0.0.0.0 poficrypt.com
0.0.0.0 evrostyle.net
0.0.0.0 24excoin.com
0.0.0.0 fastchange24.com
0.0.0.0 cryptonplatform.io
0.0.0.0 best-xtrades.com
0.0.0.0 tradexmate.com
0.0.0.0 fixtradecorp.com
0.0.0.0 bitbeaxy.com
0.0.0.0 24bitstamp.com
0.0.0.0 mercatox.org
0.0.0.0 crypto-change24.com
0.0.0.0 bitspace24.com
0.0.0.0 bitbns.org
0.0.0.0 24coindesk.com
0.0.0.0 coinsbank.store
0.0.0.0 xcryptoplatform.com
0.0.0.0 bitshumb.com
legendary
Activity: 2744
Merit: 1708
First 100% Liquid Stablecoin Backed by Gold
August 24, 2019, 06:46:53 AM
#9
Sometimes, it looks like dust on computer screen...

Exactly, even after I have read about the dots, still I was trying to clean the screen. First, with a finger  Wink and later with a special spray. I was sure is just dust.

I think this one is the biggest threat from all fake URL's I have seen so far.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
August 23, 2019, 12:10:04 PM
#8
Sometimes, it looks like dust on computer screen, and most of us don't realize it. It is very risky, especially for careless guys. I remember there is user whom wear animated avatar of an ant, and at first time I saw that avatar, I thought there is an ant on my computer screen. That's weird but funny when I discovered that is an avatar.
Pages:
Jump to: