Author

Topic: [SCAM] pangoıinminer.com (homograph/Punycode attack)!!! (Read 167 times)

legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
Look who's back [new account = Sirocco3] promoting the "link in the subject field" after a short hiatus and it appears that he/she included another fake website in the mix as well...

Reference Link:
Latest posts of Sirocco3 [archived]

Tagged and "created a flag".

Added to the first post!
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
pangoiinminer .com

Code:
https://www.xn--pangoinminer-54b.com/shop/

Lynx without UTF-8 support displays that as: pangoM-DM-1inminer.com.

This is actually a good offensive tool that can be made against homographic punycode. The entire page is read, all of the HTTP[ S ]:// links are extracted by regex up to the next slash (don't worry, HTML on regex is fine in this case, and then if there are any junked-up characters like M-DM-1, then it is definiely a punycode link and a bot can report it to moderators.

To ease system load, it can periodically refresh "most recent unread posts" - but it has the disadvantage that it report the post if it comes from anybody. That means this post itself would also get reported to mods.
legendary
Activity: 2394
Merit: 2223
Signature space for rent
The type of domain itself is suspicious to me. I don't click these types of a domain when I see them. Any legit brand wouldn't choose this kinda fucking domain. So we need just stay away from such suspicious things that we aren't familiar with. Shouldn't be greedy, so you can avoid a lot of scams in your life. Thanks, OP for sharing with us, keep it up.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
I wonder why he has not been nuked yet.
It probably has something to do with the fact that it only counted as a phishing/spoofed website, but it's not going to have a negative effect on this case since I'm pretty sure the scammer in question realized he/she got caught and edited the subject field of the above thread with a smiley before it got deleted [not sure why ninjastic.space doesn't have the edited version].

Wait, are people who post scam/phishing links always nuked as well?
AFAIK, this usually doesn't happen but perhaps there's been some exceptions in the past:


Btw, thanks guys for supporting the flag Smiley
legendary
Activity: 1526
Merit: 1359
Upon reviewing his profile, it appears that the moderators have deleted all of his posts. I wonder why he has not been nuked yet
Wait, are people who post scam/phishing links always nuked as well? I thought they usually nuke mostly newly created spambots and profiles that share malicious links or malware.

It is a newbie account with only two posts, and both were used to spread malicious links. I would nuke his ass. Grin
https://ninjastic.space/search?author=Innominer
legendary
Activity: 2338
Merit: 1261
Heisenberg
Upon reviewing his profile, it appears that the moderators have deleted all of his posts. I wonder why he has not been nuked yet
Wait, are people who post scam/phishing links always nuked as well? I thought they usually nuke mostly newly created spambots and profiles that share malicious links or malware.
legendary
Activity: 1526
Merit: 1359
Upon reviewing his profile, it appears that the moderators have deleted all of his posts. I wonder why he has not been nuked yet.

I supported the flag.
legendary
Activity: 2968
Merit: 3406
Crypto Swap Exchange
What happened :
While I was browsing the Mining board, I noticed a new user with a couple of posts [one of them is a newly created thread] that clearly shows he/she is shilling for a specific website and when I looked closer, I noticed it's one of those Punycode attacks!
- It appears that they're taking advantage of the fact that the original website (previous archive) is currently down!

Scammers Profile Link:
Innominer

Reference Link:
Latest posts of Innominer [archived]

Additional Notes:
If you go to their website and copy everything from the search bar and post it anywhere, it'll lead to the following result:

Code:
https://www.xn--pangoinminer-54b.com/shop/

Tagged and "created a flag".

Update:

Look who's back [new account = Sirocco3] promoting the "link in the subject field" after a short hiatus and it appears that he/she included another fake website in the mix as well...

Reference Link:
Latest posts of Sirocco3 [archived]

Tagged and "created a flag".
Jump to: