Closed Qiq123 closed 6 years ago
can I determine which page contains the malicious code?
It's most likely testing positive on a fuzzy match to mycrypto.com
- Will investigate
Just such a situation: for users who use MetaMask this site seems to be phishing and thus they refuse to cooperate. We need to resolve this issue as soon as possible. Thank you.
The domain is hosted on 141.8.192.95 - which also hosted a couple fake crowdsale sites. Can you comment on this?
This Ip was given automatically when registering a hosting one month ago (https://sprinthost.ru/). Personally, I have only the site p-crypto.ru on this Ip. Probably earlier or sometime this Ip hoster gave other users to other sites.
Sprinthost support service 13:45 (20 hours ago) to whom: me Hello.
From the entire list of sites that is provided on the page - https://urlscan.io/search/#page.ip:%22141.8.192.95%22 all sites except yours are already blocked. You can check this information by clicking on the links to the sites.
Since you are using a virtual hosting service, several hundred or even thousands of sites can be located within the same IP address.
Despite the objective impossibility of monitoring the content on all sites, we monitor the most suspicious, and we also work on blocking malicious sites.
The essence of the following. When I go to my site p-crypto.ru metamask displays message
although in fact there is no phishing. They write that on this ip there are still sites https://urlscan.io/ip/141.8.192.95 who carry out this activity.
All correspondence here https://github.com/MetaMask/eth-phishing-detect/issues/1097
Rate this answer: https://sprinthost.ru/score/tickets/2682506/6062b0cc010ae5440fd41c9c3009c086
Good afternoon. Please double-check the site of p-crypto.ru for phishing. This is a regular news site. If suspicions will confirm, let me know. Maybe he was hacked.