hosts
hosts copied to clipboard
StevenBlack
[False Negative]: add 40 phishing domains (mdexswap.live, thebalan-er.com, ...)
Executive Summary
This report documents 40 domain(s) that have been identified as part of active phishing operations. These domains exhibit characteristics consistent with malicious infrastructure and pose an immediate security risk to internet users.
The following 40 domain(s) have been analyzed and confirmed as participating in phishing campaign(s):
mdexswap.live
thebalan-er.com
dodoexchange.live
v4-biswap.com
app.kyberwsap.net
kyberwsap.net
kyberswap-v2.xyz
www.v2-biswap.pro
v2-biswap.pro
biswap.org-earn.net
org-earn.net
soildly.xyz
exchange.soildly.pro
soildly.pro
www.spooky-swap.pro
spooky-swap.pro
spooky.io-swap.net
io-swap.net
app.thorswap-v2.xyz
thorswap-v2.xyz
thor-swap.xyz
v2-mdex.xyz
app.rndex.xyz
rndex.xyz
www.v2-velodrorne.com
v2-velodrorne.com
velodrome.finance-superchain.net
finance-superchain.net
helplive-ledger.com
www.ledger.limited
ledger.limited
kodiak-finance.org
camelot-swap.com
camelot.exc-v3.com
exc-v3.com
camelot-ex.net
zeddexexchange.live
app.rabbltx.xyz
rabbltx.xyz
rabbitx.pro
Threat Analysis
Phishing Attack Details
These domains are part of a phishing campaign targeting сompanies and cryptocurrency holders/investors. The attackers use fake login pages and tampered software to steal seeds/keys.
Technical Details
- Use Cloudflare (maybe Pro or Business) accounts
- Cloacked, if the request does not comply with the rules, redirect to a non-existent subdomain "www.www." (in most cases)
Detections
mdexswap.live
https://safeweb.norton.com/report/show?url=mdexswap.live
https://www.virustotal.com/gui/domain/mdexswap.live?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=mdexswap.live
https://urlfiltering.paloaltonetworks.com/single_cr/?url=mdexswap.live
https://maltiverse.com/hostname/mdexswap.live
https://www.quad9.net/result/?url=mdexswap.live
thebalan-er.com
https://safeweb.norton.com/report/show?url=thebalan-er.com
https://www.virustotal.com/gui/domain/thebalan-er.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=thebalan-er.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=thebalan-er.com
https://maltiverse.com/hostname/thebalan-er.com
https://www.quad9.net/result/?url=thebalan-er.com
dodoexchange.live
https://safeweb.norton.com/report/show?url=dodoexchange.live
https://www.virustotal.com/gui/domain/dodoexchange.live?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=dodoexchange.live
https://urlfiltering.paloaltonetworks.com/single_cr/?url=dodoexchange.live
https://maltiverse.com/hostname/dodoexchange.live
https://www.quad9.net/result/?url=dodoexchange.live
v4-biswap.com
https://safeweb.norton.com/report/show?url=v4-biswap.com
https://www.virustotal.com/gui/domain/v4-biswap.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=v4-biswap.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=v4-biswap.com
https://maltiverse.com/hostname/v4-biswap.com
https://www.quad9.net/result/?url=v4-biswap.com
app.kyberwsap.net
https://safeweb.norton.com/report/show?url=app.kyberwsap.net
https://www.virustotal.com/gui/domain/app.kyberwsap.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=app.kyberwsap.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=app.kyberwsap.net
https://maltiverse.com/hostname/app.kyberwsap.net
https://www.quad9.net/result/?url=app.kyberwsap.net
kyberswap-v2.xyz
https://safeweb.norton.com/report/show?url=kyberswap-v2.xyz
https://www.virustotal.com/gui/domain/kyberswap-v2.xyz?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=kyberswap-v2.xyz
https://urlfiltering.paloaltonetworks.com/single_cr/?url=kyberswap-v2.xyz
https://maltiverse.com/hostname/kyberswap-v2.xyz
https://www.quad9.net/result/?url=kyberswap-v2.xyz
www.v2-biswap.pro
https://safeweb.norton.com/report/show?url=www.v2-biswap.pro
https://www.virustotal.com/gui/domain/www.v2-biswap.pro?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=www.v2-biswap.pro
https://urlfiltering.paloaltonetworks.com/single_cr/?url=www.v2-biswap.pro
https://maltiverse.com/hostname/www.v2-biswap.pro
https://www.quad9.net/result/?url=www.v2-biswap.pro
biswap.org-earn.net
https://safeweb.norton.com/report/show?url=biswap.org-earn.net
https://www.virustotal.com/gui/domain/biswap.org-earn.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=biswap.org-earn.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=biswap.org-earn.net
https://maltiverse.com/hostname/biswap.org-earn.net
https://www.quad9.net/result/?url=biswap.org-earn.net
soildly.xyz
https://safeweb.norton.com/report/show?url=soildly.xyz
https://www.virustotal.com/gui/domain/soildly.xyz?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=soildly.xyz
https://urlfiltering.paloaltonetworks.com/single_cr/?url=soildly.xyz
https://maltiverse.com/hostname/soildly.xyz
https://www.quad9.net/result/?url=soildly.xyz
exchange.soildly.pro
https://safeweb.norton.com/report/show?url=exchange.soildly.pro
https://www.virustotal.com/gui/domain/exchange.soildly.pro?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=exchange.soildly.pro
https://urlfiltering.paloaltonetworks.com/single_cr/?url=exchange.soildly.pro
https://maltiverse.com/hostname/exchange.soildly.pro
https://www.quad9.net/result/?url=exchange.soildly.pro
www.spooky-swap.pro
https://safeweb.norton.com/report/show?url=www.spooky-swap.pro
https://www.virustotal.com/gui/domain/www.spooky-swap.pro?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=www.spooky-swap.pro
https://urlfiltering.paloaltonetworks.com/single_cr/?url=www.spooky-swap.pro
https://maltiverse.com/hostname/www.spooky-swap.pro
https://www.quad9.net/result/?url=www.spooky-swap.pro
spooky.io-swap.net
https://safeweb.norton.com/report/show?url=spooky.io-swap.net
https://www.virustotal.com/gui/domain/spooky.io-swap.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=spooky.io-swap.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=spooky.io-swap.net
https://maltiverse.com/hostname/spooky.io-swap.net
https://www.quad9.net/result/?url=spooky.io-swap.net
app.thorswap-v2.xyz
https://safeweb.norton.com/report/show?url=app.thorswap-v2.xyz
https://www.virustotal.com/gui/domain/app.thorswap-v2.xyz?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=app.thorswap-v2.xyz
https://urlfiltering.paloaltonetworks.com/single_cr/?url=app.thorswap-v2.xyz
https://maltiverse.com/hostname/app.thorswap-v2.xyz
https://www.quad9.net/result/?url=app.thorswap-v2.xyz
thor-swap.xyz
https://safeweb.norton.com/report/show?url=thor-swap.xyz
https://www.virustotal.com/gui/domain/thor-swap.xyz?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=thor-swap.xyz
https://urlfiltering.paloaltonetworks.com/single_cr/?url=thor-swap.xyz
https://maltiverse.com/hostname/thor-swap.xyz
https://www.quad9.net/result/?url=thor-swap.xyz
v2-mdex.xyz
https://safeweb.norton.com/report/show?url=v2-mdex.xyz
https://www.virustotal.com/gui/domain/v2-mdex.xyz?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=v2-mdex.xyz
https://urlfiltering.paloaltonetworks.com/single_cr/?url=v2-mdex.xyz
https://maltiverse.com/hostname/v2-mdex.xyz
https://www.quad9.net/result/?url=v2-mdex.xyz
app.rndex.xyz
https://safeweb.norton.com/report/show?url=app.rndex.xyz
https://www.virustotal.com/gui/domain/app.rndex.xyz?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=app.rndex.xyz
https://urlfiltering.paloaltonetworks.com/single_cr/?url=app.rndex.xyz
https://maltiverse.com/hostname/app.rndex.xyz
https://www.quad9.net/result/?url=app.rndex.xyz
www.v2-velodrorne.com
https://safeweb.norton.com/report/show?url=www.v2-velodrorne.com
https://www.virustotal.com/gui/domain/www.v2-velodrorne.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=www.v2-velodrorne.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=www.v2-velodrorne.com
https://maltiverse.com/hostname/www.v2-velodrorne.com
https://www.quad9.net/result/?url=www.v2-velodrorne.com
velodrome.finance-superchain.net
https://safeweb.norton.com/report/show?url=velodrome.finance-superchain.net
https://www.virustotal.com/gui/domain/velodrome.finance-superchain.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=velodrome.finance-superchain.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=velodrome.finance-superchain.net
https://maltiverse.com/hostname/velodrome.finance-superchain.net
https://www.quad9.net/result/?url=velodrome.finance-superchain.net
helplive-ledger.com
https://safeweb.norton.com/report/show?url=helplive-ledger.com
https://www.virustotal.com/gui/domain/helplive-ledger.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=helplive-ledger.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=helplive-ledger.com
https://maltiverse.com/hostname/helplive-ledger.com
https://www.quad9.net/result/?url=helplive-ledger.com
www.ledger.limited
https://safeweb.norton.com/report/show?url=www.ledger.limited
https://www.virustotal.com/gui/domain/www.ledger.limited?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=www.ledger.limited
https://urlfiltering.paloaltonetworks.com/single_cr/?url=www.ledger.limited
https://maltiverse.com/hostname/www.ledger.limited
https://www.quad9.net/result/?url=www.ledger.limited
kodiak-finance.org
https://safeweb.norton.com/report/show?url=kodiak-finance.org
https://www.virustotal.com/gui/domain/kodiak-finance.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=kodiak-finance.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=kodiak-finance.org
https://maltiverse.com/hostname/kodiak-finance.org
https://www.quad9.net/result/?url=kodiak-finance.org
camelot-swap.com
https://safeweb.norton.com/report/show?url=camelot-swap.com
https://www.virustotal.com/gui/domain/camelot-swap.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=camelot-swap.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=camelot-swap.com
https://maltiverse.com/hostname/camelot-swap.com
https://www.quad9.net/result/?url=camelot-swap.com
camelot.exc-v3.com
https://safeweb.norton.com/report/show?url=camelot.exc-v3.com
https://www.virustotal.com/gui/domain/camelot.exc-v3.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=camelot.exc-v3.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=camelot.exc-v3.com
https://maltiverse.com/hostname/camelot.exc-v3.com
https://www.quad9.net/result/?url=camelot.exc-v3.com
camelot-ex.net
https://safeweb.norton.com/report/show?url=camelot-ex.net
https://www.virustotal.com/gui/domain/camelot-ex.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=camelot-ex.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=camelot-ex.net
https://maltiverse.com/hostname/camelot-ex.net
https://www.quad9.net/result/?url=camelot-ex.net
zeddexexchange.live
https://safeweb.norton.com/report/show?url=zeddexexchange.live
https://www.virustotal.com/gui/domain/zeddexexchange.live?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=zeddexexchange.live
https://urlfiltering.paloaltonetworks.com/single_cr/?url=zeddexexchange.live
https://maltiverse.com/hostname/zeddexexchange.live
https://www.quad9.net/result/?url=zeddexexchange.live
app.rabbltx.xyz
https://safeweb.norton.com/report/show?url=app.rabbltx.xyz
https://www.virustotal.com/gui/domain/app.rabbltx.xyz?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=app.rabbltx.xyz
https://urlfiltering.paloaltonetworks.com/single_cr/?url=app.rabbltx.xyz
https://maltiverse.com/hostname/app.rabbltx.xyz
https://www.quad9.net/result/?url=app.rabbltx.xyz
rabbitx.pro
https://safeweb.norton.com/report/show?url=rabbitx.pro
https://www.virustotal.com/gui/domain/rabbitx.pro?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=rabbitx.pro
https://urlfiltering.paloaltonetworks.com/single_cr/?url=rabbitx.pro
https://maltiverse.com/hostname/rabbitx.pro
https://www.quad9.net/result/?url=rabbitx.pro
Targeted Brands
- mdexswap[.]live - MDEX (mdex.com)
- thebalan-er[.]com - Balancer DeFi (balancer.fi)
- dodoexchange[.]live - Dodo Exchange (dodoex.io)
- v4-biswap[.]com - Biswap (biswap.org)
- app[.]kyberwsap[.]net, kyberswap-v2[.]xyz - KyberSwap (kyberswap.com)
- www[.]v2-biswap[.]pro, biswap[.]org-earn[.]net - Biswap (biswap.org)
- soildly[.]xyz, exchange[.]soildly[.]pro - Solidly (solidly.exchange)
- www[.]spooky-swap[.]pro, spooky[.]io-swap[.]net - SpookySwap (spooky.fi)
- app[.]thorswap-v2[.]xyz, thor-swap[.]xyz - ThorSwap (thorswap.finance)
- v2-mdex[.]xyz, app[.]rndex[.]xyz - MDEX (mdex.com)
- www[.]v2-velodrorne[.]com, velodrome[.]finance-superchain[.]net - Velodrome (velodrome.finance)
- helplive-ledger[.]com - Ledger (ledger.io)
- www[.]ledger[.]limited - Ledger (ledger.io)
- kodiak-finance[.]org - Kodiak Finance (kodiak.finance)
- camelot-swap[.]com, camelot[.]exc-v3[.]com - Camelot DEX (app.camelot.exchange)
- camelot-ex[.]net, camelot[.]exc-v3[.]com - Camelot DEX (app.camelot.exchange)
- zeddexexchange[.]live - ZedDex (zeddex.com)
- app[.]rabbltx[.]xyz, rabbitx[.]pro - RabbitX (rabbitx.com)
Temporal Information
- Date of Identification and Submission: 2025-05-02
- Estimated Campaign Activity Start: Approximately 7-14 days prior to detection
Screenshots
(If screenshots are not displayed, see the scans pages)
Screenshots
