Pages:
Author

Topic: [List] Phishing Cryptocurrency Site - page 4. (Read 11573 times)

legendary
Activity: 2366
Merit: 2054
August 02, 2021, 07:01:57 PM
Phishing Uniswap

Code:
http://app.uniswap.org.airdrop-holders-liquidity.com

scammer trying to trap the user with false connects with metamask to get the mnemonic seed.



Quote
IP Address: 192.99.170.97
domain Name: app.uniswap.org.airdrop-holders-liquidity.com

https://www.virustotal.com/gui/ip-address/192.99.170.97/relations




Also, be aware of fake google ads bitcoin core



Code:
https://www.biltucoin.org/

legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 30, 2021, 12:17:59 PM
wallectconnect.com Phishing

Website:
Code:
https://wallectconnect.com/
Archived: https://archive.is/tYEEH

Quote
Domain name: wallectconnect.com
Registry Domain ID: 2603139687_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2021-04-06T08:34:13.00Z
Registrar Registration Expiration Date: 2022-04-06T08:34:13.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068



Official site: https://walletconnect.org/

Always avoid phishing sites and pay attention to the URL if it's better then you have to save it in bookmarks
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 26, 2021, 03:06:42 PM
Shibaswap Phishing Site

Website:
Code:
https://www.shibaswap.pw/
Archived: https://web.archive.org/web/20210726195819/https://www.shibaswap.pw/

Quote
Domain Name: SHIBASWAP.PW
Registry Domain ID: D239117758-CNIC
Registrar WHOIS Server: whois.joker.com
Registrar URL: http://joker.com
Updated Date: 2021-06-23T21:43:41.0Z
Creation Date: 2021-06-14T21:22:33.0Z
Registry Expiry Date: 2022-06-14T23:59:59.0Z
Registrar: CSL Computer Service Langenbach GmbH
Registrar IANA ID: 113




https://www.facebook.com/permalink.php?story_fbid=111089124597542&id=102901985416256

Phishing has appeared on my Facebook homepage and now they have more and more fake pages and the now I've been trying to report it, the more people report it the sooner it will be killed

Keep checking back especially for newbies who just see this on your Facebook.

SWAP official website: https://shibaswap.com/
hero member
Activity: 1064
Merit: 639
July 26, 2021, 08:50:12 AM
Another bitcoin & ethereum fake giveaway

website Link:
Code:
https://eventbyether.org
https://eventbyether.org/btc/
https://eventbyether.org/eth
Archive
Quote
   1 days old
Created on 2021-07-25
Expires on 2022-07-25
Updated on 2021-07-25



Wallet addresses:
Code:
Btc: 17fSZdSZMPXE4qcVENAYECk8WqwJC77yR5
Eth: 0x7f3e8fe83ED1024a50d9936A974306D5eD130Db3
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 23, 2021, 07:52:44 AM
@mole0815 can post it here.

Again, Phishing Chipmixer

Where I found it?, google searching.
I also found a fake review about Chipmixer and even that is the same as what you just said, it seems this review has been around since 9-09-2020 was published.

The scammers actually insert their phishing sites in their original writings, if they don't look carefully, of course this will be a trap too.

https://bitcoin2.biz/mixer/7-chipmixer-review.html Fake review

Onion URL: https://chipmixerwzxtzbw.online/ Fake



The URL writing looks real but when clicked or copied the URL will be different.



Kraken Phishing Site

Website:
Code:
https://kraken-yb.com/sing-in/sign-in/us-home/
https://kraken-zp.com/sing-in/sign-in/us-home/
Archived: https://archive.is/hIRiV

Quote
Kraken-zp.com

1 days old
Created on 2021-07-22
Expires on 2022-07-22
Updated on 0000-12-31
Quote
Kraken-Yb.com

5 days old
Created on 2021-07-18
Expires on 2022-07-18
Updated on 0000-12-31


The display at login is the same there is no difference but we have to check the URL clearly and it is very different.

So they created the same 2 phishing sites.

When I wanted to open the Kraken site and do a search, it turned out that there was a phishing site that was tucked into the first page of Google search.

[moderator's note: consecutive posts merged]
legendary
Activity: 2366
Merit: 2054
July 23, 2021, 06:17:22 AM
Possibly this is also the same thing with scamers who have created free domains from free servers/VPS and it seems this might be an easier trick to get more domains.
sure, there are many vouches for free VPS and domain that possibility the scammer create the phishing site only one day.




@mole0815 can post it here.

Again, Phishing Chipmixer

Code:
https://chipmixẹr.com

Code:
https://xn--chipmixr-z30d.com



Where I found it?, google searching.



Quote
Domain Name: chipmixẹr.com
IP Address: 162.213.251.90
Domain Name: XN--CHIPMIXR-Z30D.COM
Registry Domain ID: 2518953138_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2021-04-01T08:02:34Z
Creation Date: 2020-04-26T15:22:12Z
Registry Expiry Date: 2022-04-26T15:22:12Z

The IP's relationship. https://www.virustotal.com/gui/ip-address/162.213.251.90/relations

Code:
https://exellentinvest.com/
https://todaycoin.club/
hero member
Activity: 1064
Merit: 639
July 23, 2021, 01:38:04 AM
WalletConnect phishing website.


Website link:
Code:
https://www.livewallet-connect.site/

Archive: https://archive.vn/ZDZIE

Domain info.
Quote
4 days old
Created on 2021-07-18
Expires on 2022-07-18
Updated on 2021-07-18



Domain names on the same IP address:
Code:
www.livewallet-connect.site
www.capitalasia.postalswiftdelivery.com
capitalasia.postalswiftdelivery.com
groups-pnc.com
walletextention.com
livewallet-connect.site
cryptwalletconnect.com
walletsynchronizations.live
amakaclarafoundation.org
fortisonline.online
sxriuzi.com
seacroneglobal.com
savvykulture.com
laughinggoatlagos.com
enochxchange.com
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 22, 2021, 12:19:50 PM
Exodus Phishing Wallet

Website:
Code:
https://exoduxs.com/
Archived: https://archive.is/wip/fIDv4

A scammer just bought 1 server/VPS and create many domains (free) at the same time. this has been happening ever since this thread was created. which can be proven by the IP relationship with every site he created.

Just be careful when the website comes from those IPs, they could be trying to another way.
Possibly this is also the same thing with scamers who have created free domains from free servers/VPS and it seems this might be an easier trick to get more domains.
hero member
Activity: 1064
Merit: 639
July 19, 2021, 12:19:13 AM
blockchain wallet phishing website promoted through google ads.

website:
Code:
https://login.blockcchalh.com/#/login



Interestingly if we try to access this website through PC, it looks something like this


It seems that scammers only targeting mobiles users.
legendary
Activity: 2366
Merit: 2054
July 18, 2021, 10:44:30 PM
Trust Wallet - This trick is still using the same no change at all however they have updated the domain today, and I think they have plenty of backup domains to create a phishing site.
A scammer just bought 1 server/VPS and create many domains (free) at the same time. this has been happening ever since this thread was created. which can be proven by the IP relationship with every site he created.

Just be careful when the website comes from those IPs, they could be trying to another way.

Code:
https://trust-wallet-app.xyz/

https://www.virustotal.com/gui/ip-address/104.21.78.15/relations

Found this
Code:
ethereum-code.me

Code:
https://atomicwailet.io/

https://www.virustotal.com/gui/ip-address/185.178.208.182/relations

Found this
Code:
www.itrustwallet.org
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 17, 2021, 09:28:33 AM
Trust Wallet Fake Wallet
Trust Wallet Fake Wallet
Code:
https://atomicwallet.dev/

Trust Wallet and Atomic Phishing

Website:
Code:
https://trust-wallet-app.xyz/
https://atomicwailet.io/

Info Domain

Quote
Created on 2021-07-17
Expires on 2022-07-17
Updated on 2021-07-17

Quote
73 days old
Created on 2021-05-05
Expires on 2022-05-05
Updated on 2021-07-04









Trust Wallet - This trick is still using the same no change at all however they have updated the domain today, and I think they have plenty of backup domains to create a phishing site.

Atomic - Still the same before but the domain must be considered again, the fraudsters always scamers in the spelling of the domain letters.

Keep your assets.
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 15, 2021, 08:34:11 AM
Dangerous sites never click them all phishing

Website:
Code:
https://x2elon.space/
https://m-poloniex.us/login-access/us-login/Login.php
https://bittrex-global-on.com/
Archived:
https://archive.is/wip/dDEgP
https://archive.is/wip/FmiHz
https://archive.is/wip/TdCUW

Info Domain
https://whois.domaintools.com/x2elon.space
https://whois.domaintools.com/m-poloniex.us
https://whois.domaintools.com/bittrex-global-on.com







Elon Musk Giveaway - is fake and no one gives double rewards after sending BTC, beware.

Poloniex is a phishing site pay attention to the URL.

Bittrex is the same as Poloniex a phishing site and pays attention to the URL again.

Better to bookmark the original site to your browser.
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 13, 2021, 09:04:13 AM
Metamask Phishing Wallet

Website:
Code:
https://extension-metamask.com.maxoutsms.com/
https://osterialatela.it/metamask/form.php
Archived:
https://archive.is/lDHVy
https://web.archive.org/web/20210713135755/https://extension-metamask.com.maxoutsms.com/

Quote
Domain Name: maxoutsms.com
Registry Domain ID: 2480891938_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2020-10-23T10:44:11Z
Creation Date: 2020-01-16T12:02:44Z
Registrar Registration Expiration Date: 2022-01-16T12:02:44Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146





Metamask is another target for phishing and now with this new domain the trick is almost the same just a little change in appearance but we should be able to examine it in more detail.

What @DroomieChikito said we should check the URL and bookmark it to the browser to make it much safer and no need to type again.
hero member
Activity: 1064
Merit: 639
July 12, 2021, 12:23:00 PM
Bitcoincash phishing website

Website:
Code:
https://www.bitcolncash.org/wallets/#mobile-wallets

Domain info:
Quote
242 days old
Created on 2020-11-12
Expires on 2021-11-12
Updated on 2021-03-11

legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 12, 2021, 06:56:28 AM
Trust Wallet Fake Wallet

Trust Wallet Fake Wallet

Website:
Code:
https://trustwalleta.com/
Archived: https://web.archive.org/web/20210712114407/https://trustwalleta.com/

Quote
Created on 2021-07-12
Expires on 2022-07-12
Updated on 0000-12-31



The script remains the same as before, just changing the domain, pay attention again and never enter a phrase/seed on any site.

Keep your assets.
legendary
Activity: 2366
Merit: 2054
July 11, 2021, 07:06:32 AM
Trust Wallet Fake Wallet

Coinomi phishing site

We found too many phishing wallet, trust wallet, coinomi and,

Phishing Metamask Wallet

Code:
https://meta-mask.co



The scammer uses the same trick as above by inserting the mnemonic seed to get all user coins. as we know metamask wallet only asks mnemonic seed if the user first registering the wallet. this means if already registered the user only needs a password. An important point is always double-checked the URL and bookmarked it into the browser.

Domain Information;

Quote
IP Address: 67.207.81.229
Domain Name: meta-mask.co
Registry Domain ID: DD0B3077F0D0F4E3B82D5AD385883EC41-NSR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2021-05-22T14:42:01Z
Creation Date: 2021-05-17T14:41:56Z
Registry Expiry Date: 2022-05-17T14:41:56Z
Registrar: NameCheap, Inc.




again,

Phishing exodus wallet

Code:
https://exoduswebv.com/



never giving up your mnemonic seed into the phishing site.
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 08, 2021, 09:52:06 AM
Coinomi phishing site

Website:
Code:
https://tatsks.com/
Archived: https://web.archive.org/web/20210708144814/https://tatsks.com/

Quote
315 days old
Created on 2020-08-27
Expires on 2021-08-27
Updated on 2020-08-27



The trick is the same as above Coinomi also never asks for a phrase on its website and this is clearly a phishing site that asks for your phrase and I think in terms of domains, they are very different, only the script is the same, so pay attention again more carefully.

Scammers like him have spread many phishing sites with different or the same scripts, so don't just randomly enter suspicious phrases.

Official site: https://www.coinomi.com/en/
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 08, 2021, 08:32:45 AM
Trust Wallet Fake Wallet

Website:
Code:
https://xn--tustwallet-85b.com/
Archived: https://web.archive.org/web/20210708133029/https://xn--tustwallet-85b.com/

Quote
Domain name: xn--tustwallet-85b.com
Registry Domain ID: 2625228437_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2021-07-08T12:19:57.00Z
Registrar Registration Expiration Date: 2022-07-08T12:19:57.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068



Never enter a private key/phrase on this phishing site, it's clear that there are many traps now, avoid it and look at it more carefully.

Don't be in a hurry and truswallet never asks for a key phrase/key on its website.
legendary
Activity: 2366
Merit: 2054
July 04, 2021, 10:36:24 PM
Fake and Phishing pancakeswap tools

Code:
http://hiccup.pancakeswap.tools

https://archive.is/WNyeN



Quote
IP Address: 62.210.177.59
Geolocation: FR (France), N/A, N/A, N/A N/A - Google Maps
Reverse DNS: s12.cdn-hd.com
Domain Check
Domain Name: hiccup.pancakeswap.tools
Top Level Domain: TOOLS (Manufacturing Industry)

The relation IP address with scammer; https://www.virustotal.com/gui/ip-address/62.210.177.59/relations



Be careful nobs, always check the URL correctly, and don't give any seed/private key.
legendary
Activity: 2394
Merit: 1049
Smart is not enough, there must be skills
July 02, 2021, 07:04:41 AM
Website: exodus.cx
Code:
https://exodus.ac
DEAD


Website:
Code:
https://exocdus.co/
Archived: https://web.archive.org/web/20210702120108/https://exocdus.co/

Quote
Domain Name: exocdus.co
Registry Domain ID: DF30A1D443461467F8407478A87604E7A-NSR
Registrar WHOIS Server:
Registrar URL: https://key-systems.net
Updated Date: 2021-05-31T10:15:26Z
Creation Date: 2021-05-26T10:15:20Z
Registry Expiry Date: 2022-05-26T10:15:20Z
Registrar: Key-Systems GmbH
Registrar IANA ID: 269


The appearance of phishing sites is almost the same as those found above.

Phishing still continues to rely on the same script and only the domains are constantly changed like this, there is no tired of the fraudsters continuing to take their actions by displaying on google ad pages when doing a search.
Pages:
Jump to: