[SCAM] pangoıinminer.com (homograph/Punycode attack)!!!

[SFR10]

What happened :
While I was browsing the Mining board, I noticed a new user with a couple of posts ^{[one of them is a newly created thread]} that clearly shows he/she is shilling for a specific website and when I looked closer, I noticed it's one of those Punycode attacks!
^{- It appears that they're taking advantage of the fact that the original website (previous archive) is currently down!}

Scammers Profile Link:
Innominer

Reference Link:
Latest posts of Innominer ^[archived]

• pangoıinminer.com/shop/ ^[archived]

Additional Notes:
If you go to their website and copy everything from the search bar and post it anywhere, it'll lead to the following result:

Code:

https://www.xn--pangoinminer-54b.com/shop/

Tagged and "created a flag".
Update:

Look who's back ^{[new account = Sirocco3]} promoting the "link in the subject field" after a short hiatus and it appears that he/she included another fake website in the mix as well...

Reference Link:
Latest posts of Sirocco3 ^[archived]

• miner.ebang.cn.com ^[archived] - I believe the original website is or was "miner.ebang.com.cn" instead!
  

Tagged and "created a flag".

[1714898243]

1714898243

[1714898243]

1714898243

[1714898243]

1714898243

[Stalker22]

Upon reviewing his profile, it appears that the moderators have deleted all of his posts. I wonder why he has not been nuked yet.

I supported the flag.

[JeromeTash]

Upon reviewing his profile, it appears that the moderators have deleted all of his posts. I wonder why he has not been nuked yet

Wait, are people who post scam/phishing links always nuked as well? I thought they usually nuke mostly newly created spambots and profiles that share malicious links or malware.

[Stalker22]

Upon reviewing his profile, it appears that the moderators have deleted all of his posts. I wonder why he has not been nuked yet

Wait, are people who post scam/phishing links always nuked as well? I thought they usually nuke mostly newly created spambots and profiles that share malicious links or malware.

It is a newbie account with only two posts, and both were used to spread malicious links. I would nuke his ass.
https://ninjastic.space/search?author=Innominer

[SFR10]

I wonder why he has not been nuked yet.

It probably has something to do with the fact that it only counted as a phishing/spoofed website, but it's not going to have a negative effect on this case since I'm pretty sure the scammer in question realized he/she got caught and edited the subject field of the above thread with a smiley before it got deleted ^{[not sure why ninjastic.space doesn't have the edited version]}.

Wait, are people who post scam/phishing links always nuked as well?

AFAIK, this usually doesn't happen but perhaps there's been some exceptions in the past:

• 23. When deciding if a user has broken the rules, the staff have the right to follow their interpretation of the rules.[e]
  

Btw, thanks guys for supporting the flag

[The Cryptovator]

The type of domain itself is suspicious to me. I don't click these types of a domain when I see them. Any legit brand wouldn't choose this kinda fucking domain. So we need just stay away from such suspicious things that we aren't familiar with. Shouldn't be greedy, so you can avoid a lot of scams in your life. Thanks, OP for sharing with us, keep it up.

[NotATether]

pangoiinminer .com

Code:

https://www.xn--pangoinminer-54b.com/shop/

Lynx without UTF-8 support displays that as: pangoM-DM-1inminer.com.

This is actually a good offensive tool that can be made against homographic punycode. The entire page is read, all of the HTTP[ S ]:// links are extracted by regex up to the next slash (don't worry, HTML on regex is fine in this case, and then if there are any junked-up characters like M-DM-1, then it is definiely a punycode link and a bot can report it to moderators.

To ease system load, it can periodically refresh "most recent unread posts" - but it has the disadvantage that it report the post if it comes from anybody. That means this post itself would also get reported to mods.

[SFR10]

Look who's back ^{[new account = Sirocco3]} promoting the "link in the subject field" after a short hiatus and it appears that he/she included another fake website in the mix as well...

Reference Link:
Latest posts of Sirocco3 ^[archived]

• miner.ebang.cn.com ^[archived] - I believe the original website is or was "miner.ebang.com.cn" instead!
  

Tagged and "created a flag".
Added to the first post!