[List] Phishing Cryptocurrency Site - page 4.

Chikito

legendary

Activity: 2366

Merit: 2054

Phishing Uniswap

Code:

http://app.uniswap.org.airdrop-holders-liquidity.com

scammer trying to trap the user with false connects with metamask to get the mnemonic seed.

Quote

IP Address: 192.99.170.97
domain Name: app.uniswap.org.airdrop-holders-liquidity.com

https://www.virustotal.com/gui/ip-address/192.99.170.97/relations

Also, be aware of fake google ads bitcoin core

Code:

https://www.biltucoin.org/

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

wallectconnect.com Phishing

Website:

Code:

https://wallectconnect.com/

Archived: https://archive.is/tYEEH

Quote

Domain name: wallectconnect.com
Registry Domain ID: 2603139687_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2021-04-06T08:34:13.00Z
Registrar Registration Expiration Date: 2022-04-06T08:34:13.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068

Official site: https://walletconnect.org/

Always avoid phishing sites and pay attention to the URL if it's better then you have to save it in bookmarks

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Shibaswap Phishing Site

Website:

Code:

https://www.shibaswap.pw/

Archived: https://web.archive.org/web/20210726195819/https://www.shibaswap.pw/

Quote

Domain Name: SHIBASWAP.PW
Registry Domain ID: D239117758-CNIC
Registrar WHOIS Server: whois.joker.com
Registrar URL: http://joker.com
Updated Date: 2021-06-23T21:43:41.0Z
Creation Date: 2021-06-14T21:22:33.0Z
Registry Expiry Date: 2022-06-14T23:59:59.0Z
Registrar: CSL Computer Service Langenbach GmbH
Registrar IANA ID: 113

https://www.facebook.com/permalink.php?story_fbid=111089124597542&id=102901985416256

Phishing has appeared on my Facebook homepage and now they have more and more fake pages and the now I've been trying to report it, the more people report it the sooner it will be killed

Keep checking back especially for newbies who just see this on your Facebook.

SWAP official website: https://shibaswap.com/

CryptoYar

hero member

Activity: 1064

Merit: 639

Another bitcoin & ethereum fake giveaway

website Link:

Code:

https://eventbyether.org
https://eventbyether.org/btc/
https://eventbyether.org/eth

Archive

Quote

1 days old
Created on 2021-07-25
Expires on 2022-07-25
Updated on 2021-07-25

Wallet addresses:

Code:

Btc: 17fSZdSZMPXE4qcVENAYECk8WqwJC77yR5
Eth: 0x7f3e8fe83ED1024a50d9936A974306D5eD130Db3

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Quote from: Chikito on July 23, 2021, 06:17:22 AM

@mole0815 can post it here.

Again, Phishing Chipmixer

Where I found it?, google searching.

I also found a fake review about Chipmixer and even that is the same as what you just said, it seems this review has been around since 9-09-2020 was published.

The scammers actually insert their phishing sites in their original writings, if they don't look carefully, of course this will be a trap too.

https://bitcoin2.biz/mixer/7-chipmixer-review.html Fake review

Onion URL: https://chipmixerwzxtzbw.online/ Fake

The URL writing looks real but when clicked or copied the URL will be different.

Kraken Phishing Site

Website:

Code:

https://kraken-yb.com/sing-in/sign-in/us-home/
https://kraken-zp.com/sing-in/sign-in/us-home/

Archived: https://archive.is/hIRiV

Quote

Kraken-zp.com

1 days old
Created on 2021-07-22
Expires on 2022-07-22
Updated on 0000-12-31

Quote

Kraken-Yb.com

5 days old
Created on 2021-07-18
Expires on 2022-07-18
Updated on 0000-12-31

The display at login is the same there is no difference but we have to check the URL clearly and it is very different.

So they created the same 2 phishing sites.

When I wanted to open the Kraken site and do a search, it turned out that there was a phishing site that was tucked into the first page of Google search.

[moderator's note: consecutive posts merged]

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: $crypto$ on July 22, 2021, 12:19:50 PM

Possibly this is also the same thing with scamers who have created free domains from free servers/VPS and it seems this might be an easier trick to get more domains.

sure, there are many vouches for free VPS and domain that possibility the scammer create the phishing site only one day.

@mole0815 can post it here.

Again, Phishing Chipmixer

Code:

https://chipmixẹr.com

Code:

https://xn--chipmixr-z30d.com

Where I found it?, google searching.

Quote

Domain Name: chipmixẹr.com
IP Address: 162.213.251.90
Domain Name: XN--CHIPMIXR-Z30D.COM
Registry Domain ID: 2518953138_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2021-04-01T08:02:34Z
Creation Date: 2020-04-26T15:22:12Z
Registry Expiry Date: 2022-04-26T15:22:12Z

The IP's relationship. https://www.virustotal.com/gui/ip-address/162.213.251.90/relations

Code:

https://exellentinvest.com/
https://todaycoin.club/

CryptoYar

hero member

Activity: 1064

Merit: 639

WalletConnect phishing website.

Website link:

Code:

https://www.livewallet-connect.site/

Archive: https://archive.vn/ZDZIE

Domain info.

Quote

4 days old
Created on 2021-07-18
Expires on 2022-07-18
Updated on 2021-07-18

Domain names on the same IP address:

Code:

www.livewallet-connect.site
www.capitalasia.postalswiftdelivery.com
capitalasia.postalswiftdelivery.com
groups-pnc.com
walletextention.com
livewallet-connect.site
cryptwalletconnect.com
walletsynchronizations.live
amakaclarafoundation.org
fortisonline.online
sxriuzi.com
seacroneglobal.com
savvykulture.com
laughinggoatlagos.com
enochxchange.com

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Exodus Phishing Wallet

Website:

Code:

https://exoduxs.com/

Archived: https://archive.is/wip/fIDv4

Quote from: Chikito on July 18, 2021, 10:44:30 PM

A scammer just bought 1 server/VPS and create many domains (free) at the same time. this has been happening ever since this thread was created. which can be proven by the IP relationship with every site he created.

Just be careful when the website comes from those IPs, they could be trying to another way.

Possibly this is also the same thing with scamers who have created free domains from free servers/VPS and it seems this might be an easier trick to get more domains.

CryptoYar

hero member

Activity: 1064

Merit: 639

blockchain wallet phishing website promoted through google ads.

website:

Code:

https://login.blockcchalh.com/#/login

Interestingly if we try to access this website through PC, it looks something like this

It seems that scammers only targeting mobiles users.

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: $crypto$ on July 17, 2021, 09:28:33 AM

Trust Wallet - This trick is still using the same no change at all however they have updated the domain today, and I think they have plenty of backup domains to create a phishing site.

A scammer just bought 1 server/VPS and create many domains (free) at the same time. this has been happening ever since this thread was created. which can be proven by the IP relationship with every site he created.

Just be careful when the website comes from those IPs, they could be trying to another way.

Quote from: $crypto$ on July 17, 2021, 09:28:33 AM

Code:

https://trust-wallet-app.xyz/

https://www.virustotal.com/gui/ip-address/104.21.78.15/relations

Found this

Code:

ethereum-code.me

Quote from: $crypto$ on July 17, 2021, 09:28:33 AM

Code:

https://atomicwailet.io/

https://www.virustotal.com/gui/ip-address/185.178.208.182/relations

Found this

Code:

www.itrustwallet.org

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Quote from: $crypto$ on July 12, 2021, 06:56:28 AM

Quote from: $crypto$ on July 08, 2021, 08:32:45 AM

Trust Wallet Fake Wallet

Quote from: Chikito on June 16, 2021, 07:50:36 PM

Code:

https://atomicwallet.dev/

Trust Wallet and Atomic Phishing

Website:

Code:

https://trust-wallet-app.xyz/
https://atomicwailet.io/

Info Domain

Quote

Created on 2021-07-17
Expires on 2022-07-17
Updated on 2021-07-17

Quote

73 days old
Created on 2021-05-05
Expires on 2022-05-05
Updated on 2021-07-04

Trust Wallet - This trick is still using the same no change at all however they have updated the domain today, and I think they have plenty of backup domains to create a phishing site.

Atomic - Still the same before but the domain must be considered again, the fraudsters always scamers in the spelling of the domain letters.

Keep your assets.

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Dangerous sites never click them all phishing

Website:

Code:

https://x2elon.space/
https://m-poloniex.us/login-access/us-login/Login.php
https://bittrex-global-on.com/

Archived:
https://archive.is/wip/dDEgP
https://archive.is/wip/FmiHz
https://archive.is/wip/TdCUW

Info Domain
https://whois.domaintools.com/x2elon.space
https://whois.domaintools.com/m-poloniex.us
https://whois.domaintools.com/bittrex-global-on.com

Elon Musk Giveaway - is fake and no one gives double rewards after sending BTC, beware.

Poloniex is a phishing site pay attention to the URL.

Bittrex is the same as Poloniex a phishing site and pays attention to the URL again.

Better to bookmark the original site to your browser.

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Metamask Phishing Wallet

Website:

Code:

https://extension-metamask.com.maxoutsms.com/
https://osterialatela.it/metamask/form.php

Archived:
https://archive.is/lDHVy
https://web.archive.org/web/20210713135755/https://extension-metamask.com.maxoutsms.com/

Quote

Domain Name: maxoutsms.com
Registry Domain ID: 2480891938_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2020-10-23T10:44:11Z
Creation Date: 2020-01-16T12:02:44Z
Registrar Registration Expiration Date: 2022-01-16T12:02:44Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146

Metamask is another target for phishing and now with this new domain the trick is almost the same just a little change in appearance but we should be able to examine it in more detail.

What @DroomieChikito said we should check the URL and bookmark it to the browser to make it much safer and no need to type again.

CryptoYar

hero member

Activity: 1064

Merit: 639

Bitcoincash phishing website

Website:

Code:

https://www.bitcolncash.org/wallets/#mobile-wallets

Domain info:

Quote

242 days old
Created on 2020-11-12
Expires on 2021-11-12
Updated on 2021-03-11

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Quote from: $crypto$ on July 08, 2021, 08:32:45 AM

Trust Wallet Fake Wallet

Trust Wallet Fake Wallet

Website:

Code:

https://trustwalleta.com/

Archived: https://web.archive.org/web/20210712114407/https://trustwalleta.com/

Quote

Created on 2021-07-12
Expires on 2022-07-12
Updated on 0000-12-31

The script remains the same as before, just changing the domain, pay attention again and never enter a phrase/seed on any site.

Keep your assets.

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: $crypto$ on July 08, 2021, 08:32:45 AM

Trust Wallet Fake Wallet

Quote from: $crypto$ on July 08, 2021, 09:52:06 AM

Coinomi phishing site

We found too many phishing wallet, trust wallet, coinomi and,

Phishing Metamask Wallet

Code:

https://meta-mask.co

The scammer uses the same trick as above by inserting the mnemonic seed to get all user coins. as we know metamask wallet only asks mnemonic seed if the user first registering the wallet. this means if already registered the user only needs a password. An important point is always double-checked the URL and bookmarked it into the browser.

Domain Information;

Quote

IP Address: 67.207.81.229
Domain Name: meta-mask.co
Registry Domain ID: DD0B3077F0D0F4E3B82D5AD385883EC41-NSR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2021-05-22T14:42:01Z
Creation Date: 2021-05-17T14:41:56Z
Registry Expiry Date: 2022-05-17T14:41:56Z
Registrar: NameCheap, Inc.

again,

Phishing exodus wallet

Code:

https://exoduswebv.com/

never giving up your mnemonic seed into the phishing site.

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Coinomi phishing site

Website:

Code:

https://tatsks.com/

Archived: https://web.archive.org/web/20210708144814/https://tatsks.com/

Quote

315 days old
Created on 2020-08-27
Expires on 2021-08-27
Updated on 2020-08-27

The trick is the same as above Coinomi also never asks for a phrase on its website and this is clearly a phishing site that asks for your phrase and I think in terms of domains, they are very different, only the script is the same, so pay attention again more carefully.

Scammers like him have spread many phishing sites with different or the same scripts, so don't just randomly enter suspicious phrases.

Official site: https://www.coinomi.com/en/

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Trust Wallet Fake Wallet

Website:

Code:

https://xn--tustwallet-85b.com/

Archived: https://web.archive.org/web/20210708133029/https://xn--tustwallet-85b.com/

Quote

Domain name: xn--tustwallet-85b.com
Registry Domain ID: 2625228437_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 0001-01-01T00:00:00.00Z
Creation Date: 2021-07-08T12:19:57.00Z
Registrar Registration Expiration Date: 2022-07-08T12:19:57.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068

Never enter a private key/phrase on this phishing site, it's clear that there are many traps now, avoid it and look at it more carefully.

Don't be in a hurry and truswallet never asks for a key phrase/key on its website.

Chikito

legendary

Activity: 2366

Merit: 2054

Fake and Phishing pancakeswap tools

Code:

http://hiccup.pancakeswap.tools

https://archive.is/WNyeN

Quote

IP Address: 62.210.177.59
Geolocation: FR (France), N/A, N/A, N/A N/A - Google Maps
Reverse DNS: s12.cdn-hd.com
Domain Check
Domain Name: hiccup.pancakeswap.tools
Top Level Domain: TOOLS (Manufacturing Industry)

The relation IP address with scammer; https://www.virustotal.com/gui/ip-address/62.210.177.59/relations

Be careful nobs, always check the URL correctly, and don't give any seed/private key.

$crypto$

legendary

Activity: 2394

Merit: 1049

Smart is not enough, there must be skills

Quote from: Chikito on June 28, 2021, 08:20:37 PM

Quote from: $crypto$ on June 17, 2021, 06:43:59 AM

Website: exodus.cx

Code:

https://exodus.ac

DEAD

Website:

Code:

https://exocdus.co/

Archived: https://web.archive.org/web/20210702120108/https://exocdus.co/

Quote

Domain Name: exocdus.co
Registry Domain ID: DF30A1D443461467F8407478A87604E7A-NSR
Registrar WHOIS Server:
Registrar URL: https://key-systems.net
Updated Date: 2021-05-31T10:15:26Z
Creation Date: 2021-05-26T10:15:20Z
Registry Expiry Date: 2022-05-26T10:15:20Z
Registrar: Key-Systems GmbH
Registrar IANA ID: 269

The appearance of phishing sites is almost the same as those found above.

Phishing still continues to rely on the same script and only the domains are constantly changed like this, there is no tired of the fraudsters continuing to take their actions by displaying on google ad pages when doing a search.

Topic: [List] Phishing Cryptocurrency Site - page 4. (Read 11572 times)