hosts icon indicating copy to clipboard operation
hosts copied to clipboard
verified publisher icon StevenBlack

[False Negative]: add 38 phishing domains (alpaca-flnance.com, app.alpacaflnance.com, ...)

Open ninjacatcher opened this issue 7 months ago • 0 comments

Executive Summary

This report documents 38 domain(s) that have been identified as part of active phishing operations. These domains exhibit characteristics consistent with malicious infrastructure and pose an immediate security risk to internet users.

The following 38 domain(s) have been analyzed and confirmed as participating in phishing campaign(s):

alpaca-flnance.com
app.alpacaflnance.com
alpacaflnance.com
theuni-swap.com
us-ledger.io
en-bitcoin.org
bitccincore.com
dapp.radar-home.com
radar-home.com
raydium.io-sol.vip
io-sol.vip
sushi.swap-ether.net
swap-ether.net
camelot.exc-v3.org
exc-v3.org
kodiak.finance.io-v6.bet
io-v6.bet
app.spookyswap-v3.com
spookyswap-v3.com
tcangcm.com
biswap.org-earn.com
desablums.com
org-earn.com
velodrome.finance-superchain.org
finance-superchain.org
app-uni-infos.com
0maill.com
trusltwcllct.com
elcctrum.cc
coiincmi.com
ray-sol.net
en-trezor.io
alicante-news.com
trezor.fit
xrp-electrum.net
electrummonero.com
electrum-xmr.net
electrum-bch.net

Threat Analysis

Phishing Attack Details

These domains are part of a phishing campaign targeting сompanies and cryptocurrency holders/investors. The attackers use fake login pages and tampered software to steal seeds/keys.

Technical Details

  • Use Cloudflare (maybe Pro or Business) accounts
  • Cloacked, if the request does not comply with the rules, redirect to a non-existent subdomain "www.www." (in most cases)

Detections

alpaca-flnance.com 
https://safeweb.norton.com/report/show?url=alpaca-flnance.com
  https://www.virustotal.com/gui/domain/alpaca-flnance.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=alpaca-flnance.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=alpaca-flnance.com
  https://maltiverse.com/hostname/alpaca-flnance.com
  https://www.quad9.net/result/?url=alpaca-flnance.com
app.alpacaflnance.com 
https://safeweb.norton.com/report/show?url=app.alpacaflnance.com
  https://www.virustotal.com/gui/domain/app.alpacaflnance.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=app.alpacaflnance.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=app.alpacaflnance.com
  https://maltiverse.com/hostname/app.alpacaflnance.com
  https://www.quad9.net/result/?url=app.alpacaflnance.com
theuni-swap.com 
https://safeweb.norton.com/report/show?url=theuni-swap.com
  https://www.virustotal.com/gui/domain/theuni-swap.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=theuni-swap.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=theuni-swap.com
  https://maltiverse.com/hostname/theuni-swap.com
  https://www.quad9.net/result/?url=theuni-swap.com
us-ledger.io 
https://safeweb.norton.com/report/show?url=us-ledger.io
  https://www.virustotal.com/gui/domain/us-ledger.io?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=us-ledger.io
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=us-ledger.io
  https://maltiverse.com/hostname/us-ledger.io
  https://www.quad9.net/result/?url=us-ledger.io
en-bitcoin.org 
https://safeweb.norton.com/report/show?url=en-bitcoin.org
  https://www.virustotal.com/gui/domain/en-bitcoin.org?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=en-bitcoin.org
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=en-bitcoin.org
  https://maltiverse.com/hostname/en-bitcoin.org
  https://www.quad9.net/result/?url=en-bitcoin.org
bitccincore.com 
https://safeweb.norton.com/report/show?url=bitccincore.com
  https://www.virustotal.com/gui/domain/bitccincore.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=bitccincore.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=bitccincore.com
  https://maltiverse.com/hostname/bitccincore.com
  https://www.quad9.net/result/?url=bitccincore.com
dapp.radar-home.com 
https://safeweb.norton.com/report/show?url=dapp.radar-home.com
  https://www.virustotal.com/gui/domain/dapp.radar-home.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=dapp.radar-home.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=dapp.radar-home.com
  https://maltiverse.com/hostname/dapp.radar-home.com
  https://www.quad9.net/result/?url=dapp.radar-home.com
raydium.io-sol.vip 
https://safeweb.norton.com/report/show?url=raydium.io-sol.vip
  https://www.virustotal.com/gui/domain/raydium.io-sol.vip?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=raydium.io-sol.vip
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=raydium.io-sol.vip
  https://maltiverse.com/hostname/raydium.io-sol.vip
  https://www.quad9.net/result/?url=raydium.io-sol.vip
sushi.swap-ether.net 
https://safeweb.norton.com/report/show?url=sushi.swap-ether.net
  https://www.virustotal.com/gui/domain/sushi.swap-ether.net?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=sushi.swap-ether.net
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=sushi.swap-ether.net
  https://maltiverse.com/hostname/sushi.swap-ether.net
  https://www.quad9.net/result/?url=sushi.swap-ether.net
camelot.exc-v3.org 
https://safeweb.norton.com/report/show?url=camelot.exc-v3.org
  https://www.virustotal.com/gui/domain/camelot.exc-v3.org?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=camelot.exc-v3.org
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=camelot.exc-v3.org
  https://maltiverse.com/hostname/camelot.exc-v3.org
  https://www.quad9.net/result/?url=camelot.exc-v3.org
kodiak.finance.io-v6.bet 
https://safeweb.norton.com/report/show?url=kodiak.finance.io-v6.bet
  https://www.virustotal.com/gui/domain/kodiak.finance.io-v6.bet?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=kodiak.finance.io-v6.bet
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=kodiak.finance.io-v6.bet
  https://maltiverse.com/hostname/kodiak.finance.io-v6.bet
  https://www.quad9.net/result/?url=kodiak.finance.io-v6.bet
app.spookyswap-v3.com 
https://safeweb.norton.com/report/show?url=app.spookyswap-v3.com
  https://www.virustotal.com/gui/domain/app.spookyswap-v3.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=app.spookyswap-v3.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=app.spookyswap-v3.com
  https://maltiverse.com/hostname/app.spookyswap-v3.com
  https://www.quad9.net/result/?url=app.spookyswap-v3.com
tcangcm.com 
https://safeweb.norton.com/report/show?url=tcangcm.com
  https://www.virustotal.com/gui/domain/tcangcm.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=tcangcm.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=tcangcm.com
  https://maltiverse.com/hostname/tcangcm.com
  https://www.quad9.net/result/?url=tcangcm.com
biswap.org-earn.com 
https://safeweb.norton.com/report/show?url=biswap.org-earn.com
  https://www.virustotal.com/gui/domain/biswap.org-earn.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=biswap.org-earn.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=biswap.org-earn.com
  https://maltiverse.com/hostname/biswap.org-earn.com
  https://www.quad9.net/result/?url=biswap.org-earn.com
desablums.com 
https://safeweb.norton.com/report/show?url=desablums.com
  https://www.virustotal.com/gui/domain/desablums.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=desablums.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=desablums.com
  https://maltiverse.com/hostname/desablums.com
  https://www.quad9.net/result/?url=desablums.com
velodrome.finance-superchain.org 
https://safeweb.norton.com/report/show?url=velodrome.finance-superchain.org
  https://www.virustotal.com/gui/domain/velodrome.finance-superchain.org?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=velodrome.finance-superchain.org
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=velodrome.finance-superchain.org
  https://maltiverse.com/hostname/velodrome.finance-superchain.org
  https://www.quad9.net/result/?url=velodrome.finance-superchain.org
app-uni-infos.com 
https://safeweb.norton.com/report/show?url=app-uni-infos.com
  https://www.virustotal.com/gui/domain/app-uni-infos.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=app-uni-infos.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=app-uni-infos.com
  https://maltiverse.com/hostname/app-uni-infos.com
  https://www.quad9.net/result/?url=app-uni-infos.com
0maill.com 
https://safeweb.norton.com/report/show?url=0maill.com
  https://www.virustotal.com/gui/domain/0maill.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=0maill.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=0maill.com
  https://maltiverse.com/hostname/0maill.com
  https://www.quad9.net/result/?url=0maill.com
trusltwcllct.com 
https://safeweb.norton.com/report/show?url=trusltwcllct.com
  https://www.virustotal.com/gui/domain/trusltwcllct.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=trusltwcllct.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=trusltwcllct.com
  https://maltiverse.com/hostname/trusltwcllct.com
  https://www.quad9.net/result/?url=trusltwcllct.com
elcctrum.cc 
https://safeweb.norton.com/report/show?url=elcctrum.cc
  https://www.virustotal.com/gui/domain/elcctrum.cc?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=elcctrum.cc
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=elcctrum.cc
  https://maltiverse.com/hostname/elcctrum.cc
  https://www.quad9.net/result/?url=elcctrum.cc
coiincmi.com 
https://safeweb.norton.com/report/show?url=coiincmi.com
  https://www.virustotal.com/gui/domain/coiincmi.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=coiincmi.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=coiincmi.com
  https://maltiverse.com/hostname/coiincmi.com
  https://www.quad9.net/result/?url=coiincmi.com
ray-sol.net 
https://safeweb.norton.com/report/show?url=ray-sol.net
  https://www.virustotal.com/gui/domain/ray-sol.net?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=ray-sol.net
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=ray-sol.net
  https://maltiverse.com/hostname/ray-sol.net
  https://www.quad9.net/result/?url=ray-sol.net
en-trezor.io 
https://safeweb.norton.com/report/show?url=en-trezor.io
  https://www.virustotal.com/gui/domain/en-trezor.io?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=en-trezor.io
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=en-trezor.io
  https://maltiverse.com/hostname/en-trezor.io
  https://www.quad9.net/result/?url=en-trezor.io
alicante-news.com 
https://safeweb.norton.com/report/show?url=alicante-news.com
  https://www.virustotal.com/gui/domain/alicante-news.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=alicante-news.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=alicante-news.com
  https://maltiverse.com/hostname/alicante-news.com
  https://www.quad9.net/result/?url=alicante-news.com
trezor.fit 
https://safeweb.norton.com/report/show?url=trezor.fit
  https://www.virustotal.com/gui/domain/trezor.fit?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=trezor.fit
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=trezor.fit
  https://maltiverse.com/hostname/trezor.fit
  https://www.quad9.net/result/?url=trezor.fit
xrp-electrum.net 
https://safeweb.norton.com/report/show?url=xrp-electrum.net
  https://www.virustotal.com/gui/domain/xrp-electrum.net?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=xrp-electrum.net
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=xrp-electrum.net
  https://maltiverse.com/hostname/xrp-electrum.net
  https://www.quad9.net/result/?url=xrp-electrum.net
electrummonero.com 
https://safeweb.norton.com/report/show?url=electrummonero.com
  https://www.virustotal.com/gui/domain/electrummonero.com?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=electrummonero.com
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=electrummonero.com
  https://maltiverse.com/hostname/electrummonero.com
  https://www.quad9.net/result/?url=electrummonero.com
electrum-xmr.net 
https://safeweb.norton.com/report/show?url=electrum-xmr.net
  https://www.virustotal.com/gui/domain/electrum-xmr.net?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=electrum-xmr.net
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=electrum-xmr.net
  https://maltiverse.com/hostname/electrum-xmr.net
  https://www.quad9.net/result/?url=electrum-xmr.net
electrum-bch.net 
https://safeweb.norton.com/report/show?url=electrum-bch.net
  https://www.virustotal.com/gui/domain/electrum-bch.net?nocache=1
  https://talosintelligence.com/reputation_center/lookup?search=electrum-bch.net
  https://urlfiltering.paloaltonetworks.com/single_cr/?url=electrum-bch.net
  https://maltiverse.com/hostname/electrum-bch.net
  https://www.quad9.net/result/?url=electrum-bch.net

Targeted Brands

  • alpaca-flnance.com - Alpaca Finance (alpacafinance.org)
  • app.alpacaflnance.com - Alpaca Finance (alpacafinance.org)
  • alpacaflnance.com - Alpaca Finance (alpacafinance.org)
  • theuni-swap.com - Uniswap (uniswap.org)
  • us-ledger.io - Ledger (ledger.com)
  • en-bitcoin.org - Bitcoin (bitcoin.org)
  • bitccincore.com - Bitcoin Core (bitcoincore.org)
  • dapp.radar-home.com - DappRadar (dappradar.com)
  • radar-home.com - DappRadar (dappradar.com)
  • raydium.io-sol.vip - Raydium (raydium.io)
  • io-sol.vip - Raydium (raydium.io)
  • sushi.swap-ether.net - SushiSwap (sushi.com)
  • swap-ether.net - SushiSwap (sushi.com)
  • camelot.exc-v3.org - Camelot DEX (camelot.exchange)
  • exc-v3.org - Camelot DEX (camelot.exchange)
  • kodiak.finance.io-v6.bet - Kodiak Finance (kodiak.finance)
  • io-v6.bet - Kodiak Finance (kodiak.finance)
  • app.spookyswap-v3.com - SpookySwap (spooky.fi)
  • spookyswap-v3.com - SpookySwap (spooky.fi)
  • tcangcm.com - Tangem (tangem.com)
  • biswap.org-earn.com - Biswap (biswap.org)
  • org-earn.com - Biswap (biswap.org)
  • velodrome.finance-superchain.org - Velodrome Finance (velodrome.finance)
  • finance-superchain.org - Velodrome Finance (velodrome.finance)
  • app-uni-infos.com - Uniswap (uniswap.org)
  • trusltwcllct.com - Trust Wallet (trustwallet.com)
  • elcctrum.cc - Electrum (electrum.org)
  • ray-sol.net - Raydium (raydium.io)
  • en-trezor.io - Trezor (trezor.io)
  • trezor.fit - Trezor (trezor.io)
  • xrp-electrum.net - Electrum (electrum.org)
  • electrummonero.com - Electrum (electrum.org)
  • electrum-xmr.net - Electrum (electrum.org)
  • electrum-bch.net - Electrum (electrum.org)

Temporal Information

  • Date of Identification and Submission: 2025-05-04
  • Estimated Campaign Activity Start: Approximately 7-14 days prior to detection

Screenshots

(If screenshots are not displayed, see the scans pages)

Screenshots

No screenshots available.

ninjacatcher avatar May 04 '25 16:05 ninjacatcher