p-crypto.ru

[Qiq123]

Good afternoon. Please double-check the site of p-crypto.ru for phishing. This is a regular news site. If suspicions will confirm, let me know. Maybe he was hacked.

[Qiq123]

can I determine which page contains the malicious code?

[409H]

It's most likely testing positive on a fuzzy match to mycrypto.com - Will investigate

[Qiq123]

Just such a situation: for users who use MetaMask this site seems to be phishing and thus they refuse to cooperate. We need to resolve this issue as soon as possible. Thank you.

[409H]

The domain is hosted on 141.8.192.95 - which also hosted a couple fake crowdsale sites. Can you comment on this?

https://urlscan.io/ip/141.8.192.95

[Qiq123]

This Ip was given automatically when registering a hosting one month ago (https://sprinthost.ru/). Personally, I have only the site p-crypto.ru on this Ip. Probably earlier or sometime this Ip hoster gave other users to other sites.

[Qiq123]

Answer technical support sprinthost

Sprinthost support service 13:45 (20 hours ago) to whom: me Hello.

From the entire list of sites that is provided on the page - https://urlscan.io/search/#page.ip:%22141.8.192.95%22 all sites except yours are already blocked. You can check this information by clicking on the links to the sites.

Since you are using a virtual hosting service, several hundred or even thousands of sites can be located within the same IP address.

Despite the objective impossibility of monitoring the content on all sites, we monitor the most suspicious, and we also work on blocking malicious sites.

The essence of the following. When I go to my site p-crypto.ru metamask displays message

although in fact there is no phishing. They write that on this ip there are still sites https://urlscan.io/ip/141.8.192.95 who carry out this activity.

All correspondence here https://github.com/MetaMask/eth-phishing-detect/issues/1097

Rate this answer: https://sprinthost.ru/score/tickets/2682506/6062b0cc010ae5440fd41c9c3009c086