Bitcoin Forum

Every day we fund the phishing website always burning and try to scam people. I did a lot of catch of them and reported on safe browsing google (https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en)

What tool to find it?

https://dnstwister.report/

https://i.ibb.co/m57pBy1/1.png (https://ibb.co/yFJ2RkG)

dnstwister is a good tool to find a similar domain and find potential phishing. We can subscribe and alert us when someone makes the same domain.
For example, I put localbitcoins.com on the following box

https://i.ibb.co/XCB90VD/2.png (https://ibb.co/S3T2YJc)
https://i.ibb.co/gg7FJRg/3.png (https://ibb.co/VBNpTqB)

https://dnstwister.report/search?ed=6c6f63616c626974636f696e732e636f6d

Well, we can see 438 domains similar to localbitcoins.com and 242 domains resolved to an IP address.
Not at all online and Phishing, maybe was reported and when checking it one by one some people still selling similar domain and other one make referal into localbitcoins.



Another one to check phishing site is https://www.phishtank.com/

https://i.ibb.co/VpBbScM/12.png (https://ibb.co/cXTRFS2)



and sometimes I use https://www.virustotal.com/gui/home/search [insert IP address on box to find relation domain]

https://i.ibb.co/QkktWfz/1.png (https://ibb.co/kJJvLxk)
https://i.ibb.co/RbRbkFS/2.png (https://imgbb.com/)


Happy hunting and don't forget to report https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Good job man. I have been searching this type tools since long time. And today I have found something which maybe help me. And I have tried the first one. It looks good and cool.

Great,  I'm a little bit surprised coz this kind of website exist, thank to you.
Btw, here's another website where we can report some phishing sites or scam/fake : https://etherscamdb.info/.
It's also about crypto where you can see some list of scam sites like phishing sites.
BUT, the best report we can do is to report on their particular registrar, it is much better to be take down immediately, emailing them will do, just provide the link of suspected scam/phishing website.

Np, when you have good knowledge, you can run code by looking for suspicious TLS certificate issuances

https://github.com/x0rz/phishing_catcher

Phishing catcher using Certstream.
CertStream is getting data from the Certificate Transparency Log (CTL) to monitor for suspicious keywords.
https://blog.0day.rocks/catching-phishing-using-certstream-97177f0d499a

Tool for monitoring similar web are goods for exchange and wallet developer to avoid phishing.

What do when we report it?, I see website like:
Those are Still active. We have to report it to https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en first then https://etherscamdb.info before someone confuse to clicking the link on table.

Welcome to my collection, DroomieChikito. You did a great guide.

Guide to using phishing_catcher on Linux/ubuntu terminal

Requirement:

- Python2 or Python3

↩
↩
↩
Running catcher
↩

https://i.postimg.cc/G2RhGHqp/ezgif-com-video-to-gif-1.gif

I got a lot Suspicious link. Let's try your self, dwyor

The way newbie users get alerted about phishing web site also important. If software browser like Firefox or anti virus software alert users when they visit phishing web site, then it will save a lot of users from scam.

That would be good but some alerts from anti virus software is not accurate all the time. Sometimes the alerts are not what the software says. I suggest you use the provided tips and tools to use catching phishing sites to avoid getting phished without you knowing that your info are already taken.

This tool dnstwister.report is interesting it can also find the Punycode domains which are available and not yet registered to any domain provider.

I don't think if it is good to put this tool here because they can use that tool to make a fake/phishing website(it means it also helps scammers to find Punycode domain)

Take a look at this one as a sample that I found from that tool


If you enter that domain to chrome and firefox browser the result will be bitcointalķ.org no difference to the original website (orig:bitcointalk.org) the only thing you will notice is the letter k if you check the URL carefully. And the Punycode domain is very cheap to register to any domain provider.

I don't think if it's fine to post this tool here what do you think?

I am good.
No problem to me when remove this tool purpose to avoid scammer using it. I am posted because of helping phishing hunter to find and reporting malicious site.

Additional sites for reporting some phishing websites or scam website is this: https://cryptoscamdb.org/report (new) or this: https://etherscamdb.info/report (old)
These websites has also list of some identified phishing or scams about cryptocurrency websites.
I also using these websites after reporting it to the google's safebrowsing website.

I am suggesting for owner website to subscribe dnstwister, when someone already made similarly will notify by email

I’ve been looking for this site on and off for a couple of days recently. I’d thought I’d find it quickly, remembering the existence of this thread, but looking over my merited posts is rather futile to find posts. I’ve now resorted to bookmarking it, as it is a nice tool that goes a long way to show just how easy it is to make a type mismatch and end up on some spooky site.

True dat. If we're lucky, Chrome might give us a heads up but it's pretty much a cat-and-mouse game between the good and bad hackers.