Altcoins Talks - Cryptocurrency Forum
Further Discussions => Reputation, Scams & Phishing => Topic started by: Freemind on January 20, 2025, 11:07:22 AM
-
I found this website: mixtum.to which is a pretty simple copy of the original website https://mixtum.io.
Domain: mixtum.to
Created on: Wed Oct 30 23:07:15 2024
Last edited on: Wed Oct 30 23:55:01 2024
Expires on: Thu Oct 30 23:07:15 2025
Primary host add: None
Primary host name: margaret.ns.cloudflare.com
Secondary host add: None
Secondary host name: watson.ns.cloudflare.com
END
The malicious domain (mixtum.to) was registered just over two months ago, while the original domain (mixtum.io) was registered in 2018.
Domain: mixtum.io
Registrar: NameCheap, Inc.
Registered On: 2018-08-11
Expires On: 2025-08-11
Updated On: 2022-09-25
Status: clientTransferProhibited
Name Servers: dawn.ns.cloudflare.com
zod.ns.cloudflare.com
-
Wait a minute, both looks the same. I would have definitely fall for that.
Nice catch +1. ;)
Btw since the site is fake, what should be done to take them down? Because they are still online and many who doesn't use forums like atltalk wouldn't know. There is no way for us to know which one is the real one at first glance.
-
The oldest registered domain is the original. It's also good to check the forums to see the ANN of the mixers so you can compare the information. When we have doubts about which mixer, when we can see several very similar URLs, is the original, it is as simple as consulting the data that any whois tool can provide us.
There are many tools available, some examples are:
https://lookup.icann.org
https://www.whois.com
https://who.is/
We should also think that it is possible for a mixer to have multiple domains (mirrors), these should be listed somewhere on the original official website.
-
~snip
+1 for actually spotting out another quite obvious scam and phishing site. One major thing to notice about them Is that they basically make use of cheap domain names and very informal ones at that you can notice that from their extension. A website as big as a mixer obviously shouldn't be using a very odd extension of .to. Well nevertheless people that will fall for it the most are actually those that are not used to mixtum.
Still there are a few differences in their landing pages and I wonder how they were able to prevent the warning sign from popping up when you visit a fake site.
-
+1 for actually spotting out another quite obvious scam and phishing site. One major thing to notice about them Is that they basically make use of cheap domain names and very informal ones at that you can notice that from their extension. A website as big as a mixer obviously shouldn't be using a very odd extension of .to. Well nevertheless people that will fall for it the most are actually those that are not used to mixtum.
Still there are a few differences in their landing pages and I wonder how they were able to prevent the warning sign from popping up when you visit a fake site.
They usually use domains that can be as similar as possible to the original domain, so when a user does not carry out several checks they can confuse it with the original domain and fall into the trap.
The differences in the landing pages are normal, they cannot put the same information (such as Bitcoin addresses for example) or their trap would be less solid.
-
Nice catch +1
The signature campaign has helped reduce phishing links but it is essential to copy the link (especially .onion) from their links here or via BitList.
Or bookmark the official links and verify the signature before sending bitcoins.
-
I found this website: mixtum.to which is a pretty simple copy of the original website https://mixtum.io
This is a good way to check creation date of domains to see if they are legit or not, but this works only for older services.
Sadly people are falling for this all the time, that is why scammers are always creating fake services like this.
Note that sometimes they use punny codes for domain names, so at first glance domains could look almost identical to original.