hosts icon indicating copy to clipboard operation
hosts copied to clipboard
verified publisher icon StevenBlack

[False Negative]: add 29 phishing domains (dexsceerner.net, app.dexscreener-home.net, ...)

Open ninjacatcher opened this issue 7 months ago • 0 comments

Executive Summary

This report documents 29 domain(s) that have been identified as part of active phishing operations. These domains exhibit characteristics consistent with malicious infrastructure and pose an immediate security risk to internet users.

The following 29 domain(s) have been analyzed and confirmed as participating in phishing campaign(s):

dexsceerner.net
app.dexscreener-home.net
dexscreener-home.net
traolerjoe.org
traderjoexyz.bylfg.org
bylfg.org
v2-o-p-e-n-s-e-a.com
susni-swap.com
sushi.swap-ether.site
swap-ether.site
open-sea.market-ntf.com
market-ntf.com
hyperilquid.org
hyperilquid.xyz-trade.com
xyz-trade.com
tangem.ing
tacngcm.com
raydiumx.org
ray-swap.net
raydium.io-sol.org
io-sol.org
w-atomicwallet.com
atomiciwallet.com
base-bridqe.com
base.bridge-home.net
bridge-home.net
v3-dappradar.com
app.darppadar.com
darppadar.com

Threat Analysis

Phishing Attack Details

These domains are part of a phishing campaign targeting сompanies and cryptocurrency holders/investors. The attackers use fake login pages and tampered software to steal seeds/keys.

Technical Details

  • Use Cloudflare (maybe Pro or Business) accounts
  • Cloacked, if the request does not comply with the rules, redirect to a non-existent subdomain "www.www."

Detections

dexsceerner.net 
https://safeweb.norton.com/report/show?url=dexsceerner.net
https://www.virustotal.com/gui/domain/dexsceerner.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=dexsceerner.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=dexsceerner.net
https://maltiverse.com/hostname/dexsceerner.net
https://www.quad9.net/result/?url=dexsceerner.net
app.dexscreener-home.net 
https://safeweb.norton.com/report/show?url=app.dexscreener-home.net
https://www.virustotal.com/gui/domain/app.dexscreener-home.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=app.dexscreener-home.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=app.dexscreener-home.net
https://maltiverse.com/hostname/app.dexscreener-home.net
https://www.quad9.net/result/?url=app.dexscreener-home.net
traolerjoe.org 
https://safeweb.norton.com/report/show?url=traolerjoe.org
https://www.virustotal.com/gui/domain/traolerjoe.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=traolerjoe.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=traolerjoe.org
https://maltiverse.com/hostname/traolerjoe.org
https://www.quad9.net/result/?url=traolerjoe.org
traderjoexyz.bylfg.org 
https://safeweb.norton.com/report/show?url=traderjoexyz.bylfg.org
https://www.virustotal.com/gui/domain/traderjoexyz.bylfg.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=traderjoexyz.bylfg.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=traderjoexyz.bylfg.org
https://maltiverse.com/hostname/traderjoexyz.bylfg.org
https://www.quad9.net/result/?url=traderjoexyz.bylfg.org
v2-o-p-e-n-s-e-a.com 
https://safeweb.norton.com/report/show?url=v2-o-p-e-n-s-e-a.com
https://www.virustotal.com/gui/domain/v2-o-p-e-n-s-e-a.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=v2-o-p-e-n-s-e-a.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=v2-o-p-e-n-s-e-a.com
https://maltiverse.com/hostname/v2-o-p-e-n-s-e-a.com
https://www.quad9.net/result/?url=v2-o-p-e-n-s-e-a.com
susni-swap.com 
https://safeweb.norton.com/report/show?url=susni-swap.com
https://www.virustotal.com/gui/domain/susni-swap.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=susni-swap.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=susni-swap.com
https://maltiverse.com/hostname/susni-swap.com
https://www.quad9.net/result/?url=susni-swap.com
sushi.swap-ether.site 
https://safeweb.norton.com/report/show?url=sushi.swap-ether.site
https://www.virustotal.com/gui/domain/sushi.swap-ether.site?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=sushi.swap-ether.site
https://urlfiltering.paloaltonetworks.com/single_cr/?url=sushi.swap-ether.site
https://maltiverse.com/hostname/sushi.swap-ether.site
https://www.quad9.net/result/?url=sushi.swap-ether.site
open-sea.market-ntf.com 
https://safeweb.norton.com/report/show?url=open-sea.market-ntf.com
https://www.virustotal.com/gui/domain/open-sea.market-ntf.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=open-sea.market-ntf.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=open-sea.market-ntf.com
https://maltiverse.com/hostname/open-sea.market-ntf.com
https://www.quad9.net/result/?url=open-sea.market-ntf.com
hyperilquid.org 
https://safeweb.norton.com/report/show?url=hyperilquid.org
https://www.virustotal.com/gui/domain/hyperilquid.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=hyperilquid.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=hyperilquid.org
https://maltiverse.com/hostname/hyperilquid.org
https://www.quad9.net/result/?url=hyperilquid.org
hyperilquid.xyz-trade.com 
https://safeweb.norton.com/report/show?url=hyperilquid.xyz-trade.com
https://www.virustotal.com/gui/domain/hyperilquid.xyz-trade.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=hyperilquid.xyz-trade.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=hyperilquid.xyz-trade.com
https://maltiverse.com/hostname/hyperilquid.xyz-trade.com
https://www.quad9.net/result/?url=hyperilquid.xyz-trade.com
tangem.ing 
https://safeweb.norton.com/report/show?url=tangem.ing
https://www.virustotal.com/gui/domain/tangem.ing?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=tangem.ing
https://urlfiltering.paloaltonetworks.com/single_cr/?url=tangem.ing
https://maltiverse.com/hostname/tangem.ing
https://www.quad9.net/result/?url=tangem.ing
tacngcm.com 
https://safeweb.norton.com/report/show?url=tacngcm.com
https://www.virustotal.com/gui/domain/tacngcm.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=tacngcm.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=tacngcm.com
https://maltiverse.com/hostname/tacngcm.com
https://www.quad9.net/result/?url=tacngcm.com
raydiumx.org 
https://safeweb.norton.com/report/show?url=raydiumx.org
https://www.virustotal.com/gui/domain/raydiumx.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=raydiumx.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=raydiumx.org
https://maltiverse.com/hostname/raydiumx.org
https://www.quad9.net/result/?url=raydiumx.org
ray-swap.net 
https://safeweb.norton.com/report/show?url=ray-swap.net
https://www.virustotal.com/gui/domain/ray-swap.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=ray-swap.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=ray-swap.net
https://maltiverse.com/hostname/ray-swap.net
https://www.quad9.net/result/?url=ray-swap.net
raydium.io-sol.org 
https://safeweb.norton.com/report/show?url=raydium.io-sol.org
https://www.virustotal.com/gui/domain/raydium.io-sol.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=raydium.io-sol.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=raydium.io-sol.org
https://maltiverse.com/hostname/raydium.io-sol.org
https://www.quad9.net/result/?url=raydium.io-sol.org
w-atomicwallet.com 
https://safeweb.norton.com/report/show?url=w-atomicwallet.com
https://www.virustotal.com/gui/domain/w-atomicwallet.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=w-atomicwallet.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=w-atomicwallet.com
https://maltiverse.com/hostname/w-atomicwallet.com
https://www.quad9.net/result/?url=w-atomicwallet.com
atomiciwallet.com 
https://safeweb.norton.com/report/show?url=atomiciwallet.com
https://www.virustotal.com/gui/domain/atomiciwallet.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=atomiciwallet.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=atomiciwallet.com
https://maltiverse.com/hostname/atomiciwallet.com
https://www.quad9.net/result/?url=atomiciwallet.com
base-bridqe.com 
https://safeweb.norton.com/report/show?url=base-bridqe.com
https://www.virustotal.com/gui/domain/base-bridqe.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=base-bridqe.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=base-bridqe.com
https://maltiverse.com/hostname/base-bridqe.com
https://www.quad9.net/result/?url=base-bridqe.com
base.bridge-home.net 
https://safeweb.norton.com/report/show?url=base.bridge-home.net
https://www.virustotal.com/gui/domain/base.bridge-home.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=base.bridge-home.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=base.bridge-home.net
https://maltiverse.com/hostname/base.bridge-home.net
https://www.quad9.net/result/?url=base.bridge-home.net
v3-dappradar.com 
https://safeweb.norton.com/report/show?url=v3-dappradar.com
https://www.virustotal.com/gui/domain/v3-dappradar.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=v3-dappradar.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=v3-dappradar.com
https://maltiverse.com/hostname/v3-dappradar.com
https://www.quad9.net/result/?url=v3-dappradar.com
app.darppadar.com 
https://safeweb.norton.com/report/show?url=app.darppadar.com
https://www.virustotal.com/gui/domain/app.darppadar.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=app.darppadar.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=app.darppadar.com
https://maltiverse.com/hostname/app.darppadar.com
https://www.quad9.net/result/?url=app.darppadar.com

Targeted Brands

  • dexsceerner[.]net, app[.]dexscreener-home[.]net - DEX Screener (dexscreener.com)
  • traolerjoe[.]org, traderjoexyz[.]bylfg[.]org - TradeJoe (lfj.gg)
  • v2-o-p-e-n-s-e-a[.]com, open-sea[.]market-ntf[.]com - OpenSea (OpenSea.io)
  • susni-swap[.]com, sushi[.]swap-ether[.]site - SushiSwap (sushi.com)
  • hyperilquid[.]org, hyperilquid[.]xyz-trade[.]com - Hyperliquid (hyperliquid.xyz)
  • tangem[.]ing, tacngcm[.]com - Tangem Wallet (tangem.com)
  • raydiumx[.]org, ray-swap[.]net, raydium[.]io-sol[.]org - Raydium (raydium.io)
  • w-atomicwallet[.]com, atomiciwallet[.]com - Atomic Wallet (atomicwallet.io)
  • base-bridqe[.]com, base[.]bridge-home[.]net - Base Bridge (base.org)
  • v3-dappradar[.]com, app[.]darppadar[.]com - DappRadar (DappRadar.com)

Temporal Information

  • Date of Identification and Submission: 2025-04-29
  • Estimated Campaign Activity Start: Approximately 7-14 days prior to detection

Screenshots

https://radar.cloudflare.com/api/url-scanner/c4d8977d-428e-4bdc-bcf1-85b1f297124e/screenshot?resolution=desktop https://radar.cloudflare.com/api/url-scanner/23557c7d-258b-449e-ad4c-a1ede899b38c/screenshot?resolution=desktop https://radar.cloudflare.com/api/url-scanner/a1778b7f-edda-4df2-98e4-40328e8f7f75/screenshot?resolution=desktop https://radar.cloudflare.com/api/url-scanner/f9751fc2-ae83-4475-8e54-8c5a23341d23/screenshot?resolution=desktop https://radar.cloudflare.com/api/url-scanner/68e0ceab-4641-4377-9f56-b56825bd9d6b/screenshot?resolution=desktop https://radar.cloudflare.com/api/url-scanner/964d9222-863c-4001-b6bb-e4814f36e7eb/screenshot?resolution=desktop https://urlquery.net/report/b7ec644f-b052-47d2-9f04-f2d621fecf3f/screenshot https://radar.cloudflare.com/api/url-scanner/d545b07a-041f-4680-8577-adc8c935ed1c/screenshot?resolution=desktop https://radar.cloudflare.com/api/url-scanner/4a44f308-2f5a-423c-b8ca-ed2112c078c9/screenshot?resolution=desktop

Screenshots

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

ninjacatcher avatar Apr 29 '25 21:04 ninjacatcher