2 New Fake Ledger Website

[Yaunfitda]

Be careful, there are two new fake ledger wallet using Homograph Attack.

(1)

Code:

ledgèr.com - http://xn--ledgr-7ra.com/

This one pop up 04/26/2020

Whois Record for Ledgèr.com
 Domain Profile
Registrant   REDACTED FOR PRIVACY
Registrant Country   ua
Registrar   PSI-USA, Inc. dba Domain Robot
IANA ID: 151
URL: https://www.psi-usa.info,http://www.psi-usa.info
Whois Server: whois.psi-usa.info

(p)
Registrar Status   clientTransferProhibited
Dates   14 days old
Created on 2020-04-26
Expires on 2021-04-26
Updated on 2020-04-26    
Name Servers   NS35.HOSTERBOX.COM (has 1,296 domains)
NS36.HOSTERBOX.COM (has 1,296 domains)
 
Tech Contact   REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
(p) (f)
IP Address   158.69.243.52 - 170 other sites hosted on this

http://whois.domaintools.com/xn--ledgr-7ra.com


(2)

Code:

 ledǵer.com - xn--leder-b3b.com 

This one 05/06/2020:

Registrant   WhoisGuard Protected
Registrant Org   WhoisGuard, Inc.
Registrant Country   pa
Registrar   NAMECHEAP INC NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status   addPeriod, clientTransferProhibited
Dates   4 days old
Created on 2020-05-06
Expires on 2021-05-06
Updated on 0000-12-31    
Name Servers   DNS1.NAMECHEAPHOSTING.COM (has 823,881 domains)
DNS2.NAMECHEAPHOSTING.COM (has 823,881 domains)
 
Tech Contact   WhoisGuard Protected
WhoisGuard, Inc.
P.O. Box 0823-03411,
Panama, Panama, pa

(p) (f)
IP Address   162.213.251.190 - 87 other sites hosted on this

http://whois.domaintools.com/xn--leder-b3b.com

[1715020615]

1715020615

[1715020615]

1715020615

[1715020615]

1715020615

[mk4]

I really doubt that are only 2 new ones. Phishing sites are simply scams that will reappear and reappear. Also noting that it's highly likely that these phishing sites are also owned by some people that ran previously reported phishing sites.

tldr; educate yourself about scam sites in general so you wouldn't need to watch out for every new phishing sites being created.

[TravelMug]

Good catch, it's better to report this new sites so that it will be taken down. It's really going to be a catch and mouse game here. Hackers are going to be active creating this fake sites. Yes, education is the key here, get yourself some knowledge on how not to fall for this kind of trick.

[SFR10]

Be careful, there are two new fake ledger wallet using Homograph Attack.

~Snipped~

Thanks for informing us. It's worth mentioning the solutions for this type of Punycode attack as well...

In Firefox ^{[IIRC, TOR has a similar function]} you have the option of seeing their real look/image/character:

• Type "about:config" in the address bar.
• On the page with "Proceed with Caution" warning, click "Accept the Risk and Continue".
• Click "Show All".
• Look for "network.IDN_show_punycode" then double click it ^{[changes from false to true]}.
• Refresh the page.

I checked "Microsoft Edge" and it automatically showed its real character ^{[for the above two websites]} but couldn't find a solution for Chrome ^{[I used to think their "IDN policy" was good enough]}.
- Anyone knows a way to make them appear as they are ^{[without using third party extensions]}?

[taufik123]

the url used is almost the same as the original website url. the only difference is the use of the alphabet "è".

if we are not thorough this will be dangerous. Phishing sites like this are mostly made by scammers to trick users into being able to do activities on fake websites that they make to get their user data.
Maybe only 2 of these websites were identified, but there will be many other phishing websites made by scammers.

The best way to avoid this is to bookmark the original site that you have already visited.

[Lucius]

Second site is identical to what I report few days ago -> Ledger Fake Site/s - Seed stealers!.

It is possible that it is the same person or someone is selling this way of earning money on the black market. I reported that site 4 days ago, but I can still access it via Firefox. Google phishing report is obviously like everything else in slow mode, and that goes to the hand of those who do things like this.

[Yaunfitda]

Second site is identical to what I report few days ago -> Ledger Fake Site/s - Seed stealers!.

It is possible that it is the same person or someone is selling this way of earning money on the black market. I reported that site 4 days ago, but I can still access it via Firefox. Google phishing report is obviously like everything else in slow mode, and that goes to the hand of those who do things like this.

If you are talking about this website:

Code:

https://ledger.cl/

Yes, they are very similar, the look and the feel of the website, but when I check the domain name behind, they are different. But we all know how criminal works, so probably someone is selling the theme in dark market or other hackers forums that's why it keeps popping.

Tech Contact   —
IP Address   45.13.252.118 - 69 other sites hosted on this server
 
IP Location   Netherlands - Flevoland - Dronten - Mb Adresu Valda
ASN   Netherlands AS47583 AS-HOSTINGER, LT (registered Apr 04, 2011)
Hosting History   2 changes on 3 unique name servers over 0 year

http://whois.domaintools.com/ledger.cl

@SFR10 - unfortunately, there's no similar setting available in Chrome or other Chromium based browsers


another one, not new but still very dangerous.

Code:

lędger.com - https://xn--ldger-j0a.com/

[Lucius]

If you are talking about this website:

Code:

https://ledger.cl/

Yes about that site, as I linked in my post. This is a classic seed stealer, and a very stupid way for someone to lose everything they have in a matter of seconds.

another one, not new but still very dangerous.

Code:

lędger.com - https://xn--ldger-j0a.com/

Very deceptive page, in addition to very convincingly copying the original site (with the current offer) by clicking on green Ledger Wallet button users is asked to enter seed. I wish we can send them some type of code that will steal all they have, so we can pay victims back. That would be very cool

[boyptc]

Many scammers do target ledger today.

Because a lot of new crypto people would choose them as their main hardware wallet and there's also an ongoing discount for their sale.

Ledger isn't alone on battling these scammers.

The best way to avoid this is to bookmark the original site that you have already visited.

And newbies shouldn't just search them on google but type the exact domain on the address bar.