Fake/Phishing Defillama Website

[TravelMug]

What happened: Fake/Phishing Defillama Website

Website:

Code:

https://xn--dfllama-bya1b.com/
xn--dfillama-4db.com

Archived: https://web.archive.org/save/xn--dfillama-4db.com

Whois Information:

Code:

Domain Name: xn--dfllama-bya1b.com
Registry Domain ID: 2819434667_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.internet.bs
Registrar URL: 
Updated Date: 2023-10-05T13:32:17Z
Creation Date: 2023-10-05T13:32:14Z
Registrar Registration Expiration Date: 2024-10-05T13:32:14Z
Registrar: Internet Domain Service BS Corp.
Registrar IANA ID: 2487
Registrar Abuse Contact Email: abuse[at]internet.bs
Registrar Abuse Contact Phone: +1.5163015301

This kind of attack is very dangerous as it uses " “Homoglyph Attacks.”.

I try to put the fake and the real website and it's really hard to distinguish it at first look even the domain name is very similar in a glance.

So hopefully we can spread the news again s that no one can be victims here.

[1714608922]

1714608922

[1714608922]

1714608922

[1714608922]

1714608922

[1714608922]

1714608922

[1714608922]

1714608922

[1714608922]

1714608922

[pinggoki]

What is a Homoglyph Attack? Does this attack have something to do with text being similar with the original website since Homo means similar and glyph is similar to text or runes? The resemblance definitely is uncanny but if you are using Defillama, the logo would be a dead giveaway already, I would give them bonus points for making it as similar as possible to the original website. You also should post the original website so other users like me can see the difference since you've said that even the domain name is almost indistinguishable. Good catch OP, hopefully you can catch more and you have reported this to what registry they have registered the domain so it can be taken down.

[robelneo]

This kind of attack is very dangerous as it uses " “Homoglyph Attacks.”.

I try to put the fake and the real website and it's really hard to distinguish it at first look even the domain name is very similar in a glance.

For the full definition of “Homoglyph Attacks.”. here it is

Homoglyphs are characters that resemble each other, such as the letter O and zero (‘0’), the Latin letter “H” and the Cyrillic letter “H,” or the uppercase “I” (“I”) and the lowercase letter “l” (L), which look identical in a sans serif font (like Calibri). In advanced phishing attacks today, phishing emails may contain homoglyph characters.

What is a Homoglyph Attack?

At first glance, it is hard to distinguish you have to check for details before you notice that it is a Homoglyph Attack if you are not familiar with the interface of the original site or you did not bookmark the original site you can easily fall to this kind of attack.

Always be familiar with the site you're using and always bookmark it, it's your mark that the site is safe, and always check a special character on the domain, a legit domain seldom uses a special character.

[Bitcoin_Arena]

What is a Homoglyph Attack? Does this attack have something to do with text being similar with the original website since Homo means similar and glyph is similar to text or runes?

You just answered yourself. Lol

The resemblance definitely is uncanny but if you are using Defillama, the logo would be a dead giveaway already, I would give them bonus points for making it as similar as possible to the original website. You also should post the original website so other users like me can see the difference since you've said that even the domain name is almost indistinguishable.

For a newbie who is not so familiar with the site, they can still fall for the homograph attack

[Baofeng]

What is a Homoglyph Attack? Does this attack have something to do with text being similar with the original website since Homo means similar and glyph is similar to text or runes?

You just answered yourself. Lol

The resemblance definitely is uncanny but if you are using Defillama, the logo would be a dead giveaway already, I would give them bonus points for making it as similar as possible to the original website. You also should post the original website so other users like me can see the difference since you've said that even the domain name is almost indistinguishable.

For a newbie who is not so familiar with the site, they can still fall for the homograph attack

That is so true, in this case, If you type what the OP put here, this is what you are going to see:



So it's really hard to distinguished it the beginning and you think you are in the right website because it's very visually similar. Anyone can read everything about it in this blog:

https://www.malwarebytes.com/blog/news/2017/10/out-of-character-homograph-attacks-explained

In an internationalized domain name (IDN) homograph attack, a threat actor creates and registers one or several fake domains using at least one look-alike character from a different language. Again, hypothetically, one might register google.com, but not before swapping the Latin small letter O (U+006F) with the Greek small letter Omicron (U+03BF).

[albon]

in this case, If you type what the OP put here, this is what you are going to see:



So it's really hard to distinguished it the beginning and you think you are in the right website because it's very visually similar.

One moment of lack of focus and distraction can lead to opening a phishing domain through email, AdSense ads, or in social media applications without paying attention to the characters of the domain, whether they are Latin or non-Latin, different languages, or symbols, etc. This can have serious consequences for people who are deceived by these visual tricks, as homograph attacks are considered a slightly advanced level of regular phishing domains. Even most of the phishing domains that rely on homograph attacks have identical templates to the official domains. Bookmarking official domains in the browser can be a good idea, and using browser extensions that detect these phishing and scam domains when opened by the user inadvertently or rushed.

[Yaunfitda]

in this case, If you type what the OP put here, this is what you are going to see:



So it's really hard to distinguished it the beginning and you think you are in the right website because it's very visually similar.

One moment of lack of focus and distraction can lead to opening a phishing domain through email, AdSense ads, or in social media applications without paying attention to the characters of the domain, whether they are Latin or non-Latin, different languages, or symbols, etc. This can have serious consequences for people who are deceived by these visual tricks, as homograph attacks are considered a slightly advanced level of regular phishing domains. Even most of the phishing domains that rely on homograph attacks have identical templates to the official domains. Bookmarking official domains in the browser can be a good idea, and using browser extensions that detect these phishing and scam domains when opened by the user inadvertently or rushed.

Just used our common sense and I think it will be good for us. The problem is that there are newbies though who's focus is to make money very quick in this market and so they don't understand what the difference with this kind of website and they just click without thinking.

Yeah, there are other ways, like bookmarking and use browser extensions that detect phishing site. Still not late for this newbies to learn everything here and not how to get phished, and it's not that hard to understand, to be honest.