Title: 2 New Fake Ledger Website Post by: Yaunfitda on May 11, 2020, 02:31:15 AM Be careful, there are two new fake ledger wallet using Homograph Attack.
(1) Code: ledgèr.com - http://xn--ledgr-7ra.com/ https://i.imgur.com/VW1dx7h.png This one pop up 04/26/2020 Quote Whois Record for Ledgèr.com Domain Profile Registrant REDACTED FOR PRIVACY Registrant Country ua Registrar PSI-USA, Inc. dba Domain Robot IANA ID: 151 URL: https://www.psi-usa.info,http://www.psi-usa.info Whois Server: whois.psi-usa.info (p) Registrar Status clientTransferProhibited Dates 14 days old Created on 2020-04-26 Expires on 2021-04-26 Updated on 2020-04-26 Name Servers NS35.HOSTERBOX.COM (has 1,296 domains) NS36.HOSTERBOX.COM (has 1,296 domains) Tech Contact REDACTED FOR PRIVACY REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY (p) (f) IP Address 158.69.243.52 - 170 other sites hosted on this http://whois.domaintools.com/xn--ledgr-7ra.com (2) Code: ledǵer.com - xn--leder-b3b.com https://i.imgur.com/Tt5TTJQ.png This one 05/06/2020: Quote Registrant WhoisGuard Protected Registrant Org WhoisGuard, Inc. Registrant Country pa Registrar NAMECHEAP INC NameCheap, Inc. IANA ID: 1068 URL: http://www.namecheap.com Whois Server: whois.namecheap.com (p) Registrar Status addPeriod, clientTransferProhibited Dates 4 days old Created on 2020-05-06 Expires on 2021-05-06 Updated on 0000-12-31 Name Servers DNS1.NAMECHEAPHOSTING.COM (has 823,881 domains) DNS2.NAMECHEAPHOSTING.COM (has 823,881 domains) Tech Contact WhoisGuard Protected WhoisGuard, Inc. P.O. Box 0823-03411, Panama, Panama, pa (p) (f) IP Address 162.213.251.190 - 87 other sites hosted on this http://whois.domaintools.com/xn--leder-b3b.com Title: Re: 2 New Fake Ledger Website Post by: mk4 on May 11, 2020, 04:04:52 AM I really doubt that are only 2 new ones. Phishing sites are simply scams that will reappear and reappear. Also noting that it's highly likely that these phishing sites are also owned by some people that ran previously reported phishing sites.
tldr; educate yourself about scam sites in general so you wouldn't need to watch out for every new phishing sites being created. Title: Re: 2 New Fake Ledger Website Post by: TravelMug on May 11, 2020, 04:50:17 AM Good catch, it's better to report this new sites so that it will be taken down. It's really going to be a catch and mouse game here. Hackers are going to be active creating this fake sites. Yes, education is the key here, get yourself some knowledge on how not to fall for this kind of trick.
Title: Re: 2 New Fake Ledger Website Post by: SFR10 on May 11, 2020, 06:36:27 AM Be careful, there are two new fake ledger wallet using Homograph Attack. Thanks for informing us. It's worth mentioning the solutions for this type of Punycode attack as well...~Snipped~ In Firefox [IIRC, TOR has a similar function] you have the option of seeing their real look/image/character:
I checked "Microsoft Edge" and it automatically showed its real character [for the above two websites] but couldn't find a solution for Chrome [I used to think their "IDN policy" was good enough]. - Anyone knows a way to make them appear as they are [without using third party extensions]? Title: Re: 2 New Fake Ledger Website Post by: taufik123 on May 11, 2020, 06:52:35 AM the url used is almost the same as the original website url. the only difference is the use of the alphabet "è".
if we are not thorough this will be dangerous. Phishing sites like this are mostly made by scammers to trick users into being able to do activities on fake websites that they make to get their user data. Maybe only 2 of these websites were identified, but there will be many other phishing websites made by scammers. The best way to avoid this is to bookmark the original site that you have already visited. Title: Re: 2 New Fake Ledger Website Post by: Lucius on May 11, 2020, 11:00:22 AM Second site is identical to what I report few days ago -> Ledger Fake Site/s - Seed stealers! (https://bitcointalk.org/index.php?topic=5198563.msg54379474#msg54379474).
It is possible that it is the same person or someone is selling this way of earning money on the black market. I reported that site 4 days ago, but I can still access it via Firefox. Google phishing report is obviously like everything else in slow mode, and that goes to the hand of those who do things like this. Title: Re: 2 New Fake Ledger Website Post by: Yaunfitda on May 12, 2020, 01:38:04 PM Second site is identical to what I report few days ago -> Ledger Fake Site/s - Seed stealers! (https://bitcointalk.org/index.php?topic=5198563.msg54379474#msg54379474). It is possible that it is the same person or someone is selling this way of earning money on the black market. I reported that site 4 days ago, but I can still access it via Firefox. Google phishing report is obviously like everything else in slow mode, and that goes to the hand of those who do things like this. If you are talking about this website: Code: https://ledger.cl/ Yes, they are very similar, the look and the feel of the website, but when I check the domain name behind, they are different. But we all know how criminal works, so probably someone is selling the theme in dark market or other hackers forums that's why it keeps popping. Quote Tech Contact — IP Address 45.13.252.118 - 69 other sites hosted on this server IP Location Netherlands - Flevoland - Dronten - Mb Adresu Valda ASN Netherlands AS47583 AS-HOSTINGER, LT (registered Apr 04, 2011) Hosting History 2 changes on 3 unique name servers over 0 year http://whois.domaintools.com/ledger.cl @SFR10 - unfortunately, there's no similar setting available in Chrome or other Chromium based browsers another one, not new but still very dangerous. Code: lędger.com - https://xn--ldger-j0a.com/ https://i.imgur.com/SYhw3hu.png Title: Re: 2 New Fake Ledger Website Post by: Lucius on May 12, 2020, 02:53:26 PM If you are talking about this website: Code: https://ledger.cl/ Yes about that site, as I linked in my post. This is a classic seed stealer, and a very stupid way for someone to lose everything they have in a matter of seconds. another one, not new but still very dangerous. Code: lędger.com - https://xn--ldger-j0a.com/ Very deceptive page, in addition to very convincingly copying the original site (with the current offer) by clicking on green Ledger Wallet button users is asked to enter seed. I wish we can send them some type of code that will steal all they have, so we can pay victims back. That would be very cool 8) Title: Re: 2 New Fake Ledger Website Post by: boyptc on May 12, 2020, 03:12:03 PM Many scammers do target ledger today.
Because a lot of new crypto people would choose them as their main hardware wallet and there's also an ongoing discount for their sale. Ledger isn't alone on battling these scammers. The best way to avoid this is to bookmark the original site that you have already visited. And newbies shouldn't just search them on google but type the exact domain on the address bar. |