Bitcoin Forum

(1) Take notice of the ẹ. Another type of  homograph attack. Just created more than two weeks ago.


https://i.imgur.com/aptKgCN.png


http://whois.domaintools.com/xn--chipmixr-z30d.com

---

(2) This one is a classic Typosquatting, or URL hijacking. Also this is created around two weeks ago.

Notice the S.


https://i.imgur.com/FCQyiLW.png


http://whois.domaintools.com/chipmixers.io

ChipMixer should be aware of this. It's really amazing how scammers can easily copy the original website. I also saw some fake Bitcoin mixers website before especially around bull run 2017.
Better if we also report these domains to their registrar or domain provider,
abuse@namecheap.com and abuse@namesilo.com

I wonder why there are always multiple phishing website that has similar fancy characters like this! "ẹ". Similarly, the other thread created by has also a similar fancy character in their URL in creating fake Ledger website.

I think these are created by the same person or group of person! Anyways, link for reporting phishing link.

https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
phishing-report@us-cert.gov - email the link here!

Simply in order to make the URL name as close as possible to the original one they are trying to mimic. A little dot (as is the visual appearance) is a minor difference that may go unnoticed (who’s got a perfectly clean screen without any smudges on it?), and that is what the phishing site is counting on. Other classical spins are skipping or adding a letter, or permuting a couple of them.

All these tricks are detectable if one is paying close attention, but not fast to spot when in a rush, or the site is not a regular site and one is landing there for the first time.

---

This is the original chipmixer site and I just want to get the difference because I didnt get the information on the OP. Please add the original site and the details too for comparison, great for readers.

My guess is that they dont work alone and its like a group of people who are really crazy about other peoples possessions.

https://talkimg.com/images/2023/05/14/blob5cde194a71e63263.png
This is very frustrating for me. All those days, I used to think that homograph attack can be caught using copy paste but with this ẹ, it seems there no difference with the original e. 🤔

Try yourself with Ctrl+F and then type e you will see both are highlighted below.

e : English letter
ẹ : homograph letter

Probably those are created by one group of cyber criminals.

And it's really hard to detect at first glance, and we can see that this is a sophisticated attack using Chipmixer. There is a wonderful tool to check for Punny code here.

https://www.punycoder.com/

One way to able check on it is to click the padlock, -> certificate

https://i.imgur.com/kkZZOgA.png

I think I've seen a similar letter with other known exchanges like Binance. That special character is being used by these abusers to fake websites that has letter e on its domain.

Agree here, adding original site for comparision is good thing to do.
If someone posess such skills, copying over and over his fake website with different domain names isnt that hard.
Phishing is one of main scam techniques in world wide web since forever :P. You can't eliminate them, there are so much of them, so best thing to do is educate the public about it.

Most of the phishing sites are based on homograph letter. You can change the i,a,e which looks same as the actual one and it makes easy to target even very smart trader with a lot of experience. It's an old school method of phishing.

Yes, those characters.

It's old as it is but the sad thing is that there's still plenty of victims they get.

Use link from post number 3 and report both link to Google, more reports will surely result in a quick reaction and both sites will be blocked in Chrome&Firefox which are the browsers with the most users these days. Another option is report them to registrar or domain provider, but from some personal experience it seems to me that they rarely react positively to such reports. Part of the responsibility is definitely on the hosting company, but as in the case of Google ads, it’s obvious that no one wants or can check things like this.

Alternatively, you can report the abuse on the following:

(1) https://www.namesilo.com/report_abuse.php
(2) https://support.namecheap.com/index.php?/Tickets/Submit

Reported both of them.

From Namecheap:


From my experience reporting sites from both domain registrar, it usually took 2-3 before they take it offline. Crossing our fingers that no one will fall for this trick.

Maybe try to subscribe dnstwister to avoid scam, see link below to know how much similar chipmixer domain.

https://dnstwister.report/search?ed=636869706d697865722e636f6d


https://i.postimg.cc/kghGMLND/g.png

I find over 500+ on union https://dnstwister.report/search?ed=636869706d69786572777a78747a62772e6f6e696f6e


dns twisster will alarming you when new similar created.

then report it.

If you bookmarked the real Chipmixer site and you have a metacert extension or similar extension you are safe, not really surprising, it's one of the top mixing site in the business and hackers are making big bucks imitating or creating a phishing site.

Quick Update:

The second website has been taken down already.

But namecheap is slow to react, I urge everyone to help the community by reporting the first website to them.

That's great,,, I don’t know how many people have already lost their funds due to this kinda phishing sites but i am damn sure that these scammers will continue with another domain.

As far as i know namecheap support system is quite good but due to heavy work loads sometime its require little bit extra time to take action from their end. Hope they will take proper action as soon as possible and definitely i will submit report from my side for drawing their attention on this matter and faster actions too.

Reported the second site in my end. So let's see, namecheap is one of the biggest domain registrar out there so they might be a lot of reports for them to review, specially that there are a lot of cyber criminals taking this opportunity to create Covid-related themes so it might take some time. So let's just wait and see how it goes. Thanks for the fair warning again.

I've written a short guide on where to report those abuses here, Domain host and their abuse contact (https://bitcointalk.org/index.php?topic=5245615.0). So for those who are not familiar, you can refer to that thread.