Look out for this fake and clone Chipmixer.com

[cryptomaniac_xxx]

Did some testing again.

1. Go to Khipmixer. c o m (I intentionally did this and see what will happen)

2. You will be redirected to a fake and malicious clone site

Code:

https://chipmlxer.com/

Hard to see the difference right? but if you will have to copy this and paste it to like Excel and increase the font site, you will see this one.



And this is how the site looks like:



No visual difference whatsoever.

And according to whois, this site was created last month and just updated 2020-07-05

Whois Record for ChipMlxEr.com
 Domain Profile
Registrant   Admin Contact
Registrant Org   PrivateName Services Inc.
Registrant Country   ca
Registrar   PSI-USA, Inc. dba Domain Robot
IANA ID: 151
URL: https://www.psi-usa.info,http://www.psi-usa.info
Whois Server: whois.psi-usa.info

(p)
Registrar Status   clientTransferProhibited
Dates   34 days old
Created on 2020-06-18
Expires on 2021-06-18
Updated on 2020-07-05   Whois History 
Name Servers   ADI.NS.CLOUDFLARE.COM (has 20,709,720 domains)
SRI.NS.CLOUDFLARE.COM (has 20,709,720 domains)
Reverse NS   
Tech Contact   Admin Contact
PrivateName Services Inc.
1100-1200 West 73rd Avenue,
Vancouver, BC, V6P 6G5, ca

(p) (f)
IP Address   104.31.68.46 - 624 other sites hosted on this server
Reverse IP 
IP Location   United States Of America - Texas - Dallas - Cloudflare Inc.
ASN   United States Of America AS13335 CLOUDFLARENET, US (registered Jul 14, 2010)
Domain Status   Registered And Active Website
IP History   9 changes on 9 unique IP addresses over 3 years   Hosting History 
Registrar History   3 registrars with 2 drops

https://whois.domaintools.com/chipmlxer.com

[Vaculin]

Great job on finding the fake site, it's really a clone, I visit the site and I can see the same interface like the original, we should be careful more now, a lot of scammers are making a lot of ways to steal money, and thanks to you for making us aware. (+1, run of our merit)

[hd49728]

You can move the topic to the Scam accusation. Click on move topic at the left bottom corner, next choose that board and move the topic.

[bct_ail]

This is good that you found this. I would never type 'K' instead of 'C' on my keyboard.. On the keyboard, they are not close together either.

[DdmrDdmr]

Somebody out there has got a hard-on for redirecting similar named fake sites to the referenced site in the OP:

Code:

https://chipmlxer.com/

In fact, I just tried 20 or so random sited from the list of similarly named sited provided by DNSTwister (see below), and 18 or so redirected to the above referenced site.

Khipmixer is third on this list (but as I said, there are many that redirect to the scam site):
https://dnstwister.report/search?ed=7777772e636869706d697865722e636f6d

[bct_ail]

In fact, I just tried 20 or so random sited from the list of similarly named sited provided by DNSTwister (see below), and 18 or so redirected to the above referenced site.

Khipmixer is third on this list (but as I said, there are many that redirect to the scam site):
https://dnstwister.report/search?ed=7777772e636869706d697865722e636f6d

That is really madness. So what can you do to be sure, that you have the right internet domain www.chipmixer.com? Trust your search engine? Trust the original thread at bitcointalk?
And what can chipmixer do? Could they additionally provide the IP address, because there is less mistyping of numbers?

[Japinat]

Thank for this very useful post of yours, I'm pretty sure if there's no other close site on CM anymore this time, there will be more in the future as CM is a very popular tumbler, especially in the forum. You can keep this thread and compile all the close sites of CM.

[DdmrDdmr]

<…>

One could bookmark the site, to avoid misspelling the site’s name, and ending-up in the wrong place. Even so, one should check the resulting URL just in case someone managed to tamper with your bookmarks.

In order to avoid people falling for the most common mistakes typing the domain URL, some corporations buy some of these alternative domains solely for redirecting (to the correct site) purposes. Nevertheless, as can be seen in the DNS twister link I provided, the list is long, and hard (+ expensive) to cover, with more potential alt-sites added at any point in time.

Using the IP instead of the URL would not really be user-friendly for the general public, and the core public for their product would not really be too adept to it’s usage. Besides, if they change IP for some reason, the site would not be located straight off.

[o_e_l_e_o]

Trust your search engine?

Never blindly trust links from a search engine. Many search engines (and Google is the worst for this) allow people, including scammers, to pay to boost their sites up the rankings. Often the top results from Google link to scam/clone/phishing sites.

Trust the original thread at bitcointalk?

This is certainly safer than trusting a search engine. It's impossible to fake a thread with 100 pages of replies from familiar and established members. Provided the first post hasn't been edited (which it currently hasn't since January 2018), then the link contained is probably the correct one. https://bitcointalk.org/index.php?topic=1935098.0

I always use the .onion link - http://www.chipmixerwzxtzbw.onion - when using ChipMixer. I can't remember ever seeing a phishing attempt for this link, but someone feel free to correct me. Certainly it's far rarer for scammers to create fake .onion links, because it is time consuming and potentially expensive for them to create a link with the same prefix ("chipmixer"), and they will scam fewer people with it than with a clearnet link.

[Kakmakr]

How long does it take you to type chipmixer.com .....really... ? These sites have the shortest and easiest Url's to type and people are still to lazy to type the Url when they need to navigate to a site. 

I want to be cruel for one moment and say, if you fall for this... because you were too lazy to type a Url, then you deserve to lose your money. I do not even use bookmarks for the sites that I use, because those can also be changed by hackers.

Tip : Type short Url's ....it will save you a lot of money. 

[TryNinja]

Report them to CloudFlare: https://www.cloudflare.com/abuse/

We accept the following kinds of reports:

[...]
Phishing & malware

You can report abuse using the reporting form below. Cloudflare will forward abuse reports that appear to be substantially complete to the responsible website hosting provider and to the website owner.

[taufik123]

In plain view and if not careful with one letter "l" this will deceive many people. types of phishing websites with the same template 100% and almost the same domain name often found. This phishing method is also growing until now.

I usually do bookmark for important sites, but I also always check whether the site is still correct or something has changed. and I also always take note of the site URL in my notebook.

Another way that I use is to utilize the Web Anti-Virus feature that is on Kaspersky.
When I search with the keyword "chipmixer" there will be a sign or Kaspersky logo next to the website name. it proves that the website is safe to visit.


But my question is, is this a safe way to find out phishing websites as mentioned by the OP?

[TryNinja]

But my question is, is this a safe way to find out phishing websites as mentioned by the OP?

No. All Kaspersky does is verify if a website is marked as a malware (and maybe phishing?) in their database. If I create a new ChipMixer phishing website right now, they won't know it's a phishing website. All they will see is that there is no bad records for the website.

Now, If my website is known for spreading malware, and someone reports it to them, then it will show up as a bad website.

[joniboini]

I usually do bookmark for important sites, but I also always check whether the site is still correct or something has changed. and I also always take note of the site URL in my notebook.

Doing this is usually enough, unless your device got infected with malware or your dns was hijacked so even if you type the correct address, it will be redirected to another domain. You need to be careful especially if you occasionally use public network.

[LTU_btc]

It's interesting way how you found this phishing website. I doubt that's possible to misstype Chipmixer name in such way - k instead of c. Anyway, it's bad that this website is still online and weren't taked down by Cloudflare or hosting providers...

This is certainly safer than trusting a search engine. It's impossible to fake a thread with 100 pages of replies from familiar and established members. Provided the first post hasn't been edited (which it currently hasn't since January 2018), then the link contained is probably the correct one. https://bitcointalk.org/index.php?topic=1935098.0

Nothing is impossible. It's not likely scenario, but what if someone will hack Chipmixer Bitcointalk account and will replace link in OP. Yes, you can see edit date, but you can't know that post was edited by original owner.

[o_e_l_e_o]

Yes, you can see edit date, but you can't know that post was edited by original owner.

Well, that's my point. The post hasn't been edited in over 2 and a half years, so you know the link contained within it is correct. If the post is edited more recently, then you have no way of knowing if it is the original owner or someone who has hacked the account, unless it is also accompanied by signed messages from relevant addresses or PGP keys.

[bct_ail]

Yes, you can see edit date, but you can't know that post was edited by original owner.

Well, that's my point. The post hasn't been edited in over 2 and a half years, so you know the link contained within it is correct. If the post is edited more recently, then you have no way of knowing if it is the original owner or someone who has hacked the account, unless it is also accompanied by signed messages from relevant addresses or PGP keys.

I also think it makes sense to save the link and wait 1-2 days before you start mixing. If the account has been hacked after all and chipmixer.com linked to a scam site, it should certainly be detected within 2 days.