Host-file to deal with phishing sites

[hd49728]

Thanks for the list I will add this on my host file, I also use Metacert by Cryptonite extension but it is trial only. The icon turns green when it is safe and black if not. Every day there are new phishing sites created so we need to be careful to look carefully on the URL if it is correct before entering something and don't click suspicious links on the email.

Sure, you can use the host-file for free, and if you find out any new phishing site, please let me know by replying here, then I will add them into OP.
Regarding to email security, you can use the following site: https://haveibeenpwned.com/
It is very simple to use: Typing your email address, then enter to see it has already been compromised or not. In case your email has been already compromised, it's your turn to reset your password and consider to enhance security and privacy for your email.
There are two types of results:
1. Bad: pwned!

Oh no — pwned!
Pwned on X breached sites and found no pastes (subscribe to search sensitive breaches)

2. Good: no pwnage found!

Good news — no pwnage found!
No breached accounts and no pastes (subscribe to search sensitive breaches)

You should take action as quickly as possible if your email checking result fall into the first type.

[1713996760]

1713996760

[1713996760]

1713996760

[1713996760]

1713996760

[lobat999]

@hd49728 , kindly update this to your list. Thank you.

Code:

Phishing Link: https://bounty-brave.info/ 

Related thread: [Warning] Fake Brave Bounty Program Giving 1,500 BAT Tokens to each participant!

[hd49728]

I updated OP with the newest phishing site I saw. If you saw new phishing sites, please let me know by reporting them here.
Thank you.

Code:

0.0.0.0 https://litecoln.org/

[lobat999]

Kindly include this links also to your host file list, maybe the OP of this thread - [Warning] Phishing Blockchain.info  forgot to share this phishing link

Code:

https://biockcheln.info/

and these connected phishing sites under that same IP as posted by @JeromeTash

More information about the IP address used by scammer. There are 9 malicious/phishing URLs under the same IP address

WARNING

DO NOT VISIT THE LINKS

Code:

http://iocaibitcoins.com/
https://iocaibitcoins.com/
https://lolibitcoins.net/
http://privatemgrgg.pw/vcruntime140.dll
https://localbicolns.org/
http://localbicolns.org/
http://mgsocl.su/api/check.get
http://mgsocl.su/api/gate.get
http://dress-x.ru/freebl3.dll

[lobat999]

Another email I received today with same strategy using another name airdrop portal, ask to fill spreadsheet very same with @OP stories. Here is the proof from email I received.

Code:

https://brave-drop.info

@hd49728 kindly include again this phishing link which is identical to the previous phishing attempts but now uses another phishing site though it is still using the same style and methodology.

[hd49728]

Code:

0.0.0.0 smatmixer.io

That one is the latest phishing site that tries to fake the smartmixer.io. Be careful and stay safe.

Do you notice the dissapearance of 'r' character, smatmixer.io (phishing site) and the official (smartmixer.io)?

[Artemis3]

On Windows, navigate to "C:\Windows\System32\Drivers\etc\", and open the hosts file in a text editor.
On Mac, navigate to "/private/etc/", and open the host file in a text editor.
On Linux, open terminal and write "sudo nano /etc/hosts"

Add the following two lines to the bottom of the hosts file:

Code:

0.0.0.0 bitcointalk.to
0.0.0.0 fonstavka.com

Your browser will now be unable to open those two phishing sites.

So, what is new in this thread?
Steps to add phishing sites, and turn them off are above, what we need is list of phishing site.

So, if you know any phishing sites, please leave them here, I will add them to the list. I hope that we all will make a long list of phishing sites.

The hosts file is intended to resolve domain names. For example you have a machine in your LAN called "petunia" at 192.168.1.2, you would do

192.168.1.2 petunia

So if you ping petunia your os knows this means 192.168.1.2 before asking a dns server.

Now here comes the important part hd49728: Do NOT, i repeat DO NOT put URLs in there!

You have to REMOVE the http and the / parts, like this:

http://privatemgrgg.pw/vcruntime140.dll -> privatemgrgg.pw

0.0.0.0 privatemgrgg.pw NOT 0.0.0.0 http://privatemgrgg.pw/vcruntime140.dll as you have been doing.

This is a file for manual domain name resolution, it is not a browser and it is not supposed to interpret neither URLs nor files or folders or files within (no /).

When you type the url in the browser, the browser will ask your os what IP address number that domain name has, the browser does NOT ask what http://privatemgrgg.pw/vcruntime140.dll is, it asks for privatemgrgg.pw but you defined http://privatemgrgg.pw/vcruntime140.dll in the hosts file which won't match what the browser (or program) is asking and it won't get "blocked" (resolved to oblivion).


Note that this "blocking trick" may no longer work with newer browsers since they have started to resolve dns using third parties like google's or cloudflare (so called "secure") dns resolvers bypassing the OS entirely by default (YMMV).


Yes there is a way to have your OS do secure dns resolving while NOT handling your dns history to the usual suspects, install dnscrypt-proxy and configure it accordingly. Remember to set your browser to not use their own "secure built-in" resolution as well...


PS: Just because its Linux doesn't mean it comes with nano. You should have used the exact same wording as the other OSes: "open the hosts file with a text editor".