Skip to content

Add 29 phishing domains: dexsceerner.net, app.dexscreener-home.net, ... #1662

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
ninjacatcher wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add 29 phishing domains: dexsceerner.net, app.dexscreener-home.net, ... #1662

ninjacatcher wants to merge 1 commit into from

Conversation

@ninjacatcher
Copy link

@ninjacatcher ninjacatcher commented Apr 29, 2025

Executive Summary

This report documents 29 domain(s) that have been identified as part of active phishing operations. These domains exhibit characteristics consistent with malicious infrastructure and pose an immediate security risk to internet users.

The following 29 domain(s) have been analyzed and confirmed as participating in phishing campaign(s):

dexsceerner.net
app.dexscreener-home.net
dexscreener-home.net
traolerjoe.org
traderjoexyz.bylfg.org
bylfg.org
v2-o-p-e-n-s-e-a.com
susni-swap.com
sushi.swap-ether.site
swap-ether.site
open-sea.market-ntf.com
market-ntf.com
hyperilquid.org
hyperilquid.xyz-trade.com
xyz-trade.com
tangem.ing
tacngcm.com
raydiumx.org
ray-swap.net
raydium.io-sol.org
io-sol.org
w-atomicwallet.com
atomiciwallet.com
base-bridqe.com
base.bridge-home.net
bridge-home.net
v3-dappradar.com
app.darppadar.com
darppadar.com

Threat Analysis

Phishing Attack Details

These domains are part of a phishing campaign targeting сompanies and cryptocurrency holders/investors.
The attackers use fake login pages and tampered software to steal seeds/keys.

Technical Details

  • Use Cloudflare (maybe Pro or Business) accounts
  • Cloacked, if the request does not comply with the rules, redirect to a non-existent subdomain "www.www."

Detections

dexsceerner.net 
https://safeweb.norton.com/report/show?url=dexsceerner.net
https://www.virustotal.com/gui/domain/dexsceerner.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=dexsceerner.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=dexsceerner.net
https://maltiverse.com/hostname/dexsceerner.net
https://www.quad9.net/result/?url=dexsceerner.net
app.dexscreener-home.net 
https://safeweb.norton.com/report/show?url=app.dexscreener-home.net
https://www.virustotal.com/gui/domain/app.dexscreener-home.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=app.dexscreener-home.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=app.dexscreener-home.net
https://maltiverse.com/hostname/app.dexscreener-home.net
https://www.quad9.net/result/?url=app.dexscreener-home.net
traolerjoe.org 
https://safeweb.norton.com/report/show?url=traolerjoe.org
https://www.virustotal.com/gui/domain/traolerjoe.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=traolerjoe.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=traolerjoe.org
https://maltiverse.com/hostname/traolerjoe.org
https://www.quad9.net/result/?url=traolerjoe.org
traderjoexyz.bylfg.org 
https://safeweb.norton.com/report/show?url=traderjoexyz.bylfg.org
https://www.virustotal.com/gui/domain/traderjoexyz.bylfg.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=traderjoexyz.bylfg.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=traderjoexyz.bylfg.org
https://maltiverse.com/hostname/traderjoexyz.bylfg.org
https://www.quad9.net/result/?url=traderjoexyz.bylfg.org
v2-o-p-e-n-s-e-a.com 
https://safeweb.norton.com/report/show?url=v2-o-p-e-n-s-e-a.com
https://www.virustotal.com/gui/domain/v2-o-p-e-n-s-e-a.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=v2-o-p-e-n-s-e-a.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=v2-o-p-e-n-s-e-a.com
https://maltiverse.com/hostname/v2-o-p-e-n-s-e-a.com
https://www.quad9.net/result/?url=v2-o-p-e-n-s-e-a.com
susni-swap.com 
https://safeweb.norton.com/report/show?url=susni-swap.com
https://www.virustotal.com/gui/domain/susni-swap.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=susni-swap.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=susni-swap.com
https://maltiverse.com/hostname/susni-swap.com
https://www.quad9.net/result/?url=susni-swap.com
sushi.swap-ether.site 
https://safeweb.norton.com/report/show?url=sushi.swap-ether.site
https://www.virustotal.com/gui/domain/sushi.swap-ether.site?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=sushi.swap-ether.site
https://urlfiltering.paloaltonetworks.com/single_cr/?url=sushi.swap-ether.site
https://maltiverse.com/hostname/sushi.swap-ether.site
https://www.quad9.net/result/?url=sushi.swap-ether.site
open-sea.market-ntf.com 
https://safeweb.norton.com/report/show?url=open-sea.market-ntf.com
https://www.virustotal.com/gui/domain/open-sea.market-ntf.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=open-sea.market-ntf.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=open-sea.market-ntf.com
https://maltiverse.com/hostname/open-sea.market-ntf.com
https://www.quad9.net/result/?url=open-sea.market-ntf.com
hyperilquid.org 
https://safeweb.norton.com/report/show?url=hyperilquid.org
https://www.virustotal.com/gui/domain/hyperilquid.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=hyperilquid.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=hyperilquid.org
https://maltiverse.com/hostname/hyperilquid.org
https://www.quad9.net/result/?url=hyperilquid.org
hyperilquid.xyz-trade.com 
https://safeweb.norton.com/report/show?url=hyperilquid.xyz-trade.com
https://www.virustotal.com/gui/domain/hyperilquid.xyz-trade.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=hyperilquid.xyz-trade.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=hyperilquid.xyz-trade.com
https://maltiverse.com/hostname/hyperilquid.xyz-trade.com
https://www.quad9.net/result/?url=hyperilquid.xyz-trade.com
tangem.ing 
https://safeweb.norton.com/report/show?url=tangem.ing
https://www.virustotal.com/gui/domain/tangem.ing?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=tangem.ing
https://urlfiltering.paloaltonetworks.com/single_cr/?url=tangem.ing
https://maltiverse.com/hostname/tangem.ing
https://www.quad9.net/result/?url=tangem.ing
tacngcm.com 
https://safeweb.norton.com/report/show?url=tacngcm.com
https://www.virustotal.com/gui/domain/tacngcm.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=tacngcm.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=tacngcm.com
https://maltiverse.com/hostname/tacngcm.com
https://www.quad9.net/result/?url=tacngcm.com
raydiumx.org 
https://safeweb.norton.com/report/show?url=raydiumx.org
https://www.virustotal.com/gui/domain/raydiumx.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=raydiumx.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=raydiumx.org
https://maltiverse.com/hostname/raydiumx.org
https://www.quad9.net/result/?url=raydiumx.org
ray-swap.net 
https://safeweb.norton.com/report/show?url=ray-swap.net
https://www.virustotal.com/gui/domain/ray-swap.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=ray-swap.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=ray-swap.net
https://maltiverse.com/hostname/ray-swap.net
https://www.quad9.net/result/?url=ray-swap.net
raydium.io-sol.org 
https://safeweb.norton.com/report/show?url=raydium.io-sol.org
https://www.virustotal.com/gui/domain/raydium.io-sol.org?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=raydium.io-sol.org
https://urlfiltering.paloaltonetworks.com/single_cr/?url=raydium.io-sol.org
https://maltiverse.com/hostname/raydium.io-sol.org
https://www.quad9.net/result/?url=raydium.io-sol.org
w-atomicwallet.com 
https://safeweb.norton.com/report/show?url=w-atomicwallet.com
https://www.virustotal.com/gui/domain/w-atomicwallet.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=w-atomicwallet.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=w-atomicwallet.com
https://maltiverse.com/hostname/w-atomicwallet.com
https://www.quad9.net/result/?url=w-atomicwallet.com
atomiciwallet.com 
https://safeweb.norton.com/report/show?url=atomiciwallet.com
https://www.virustotal.com/gui/domain/atomiciwallet.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=atomiciwallet.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=atomiciwallet.com
https://maltiverse.com/hostname/atomiciwallet.com
https://www.quad9.net/result/?url=atomiciwallet.com
base-bridqe.com 
https://safeweb.norton.com/report/show?url=base-bridqe.com
https://www.virustotal.com/gui/domain/base-bridqe.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=base-bridqe.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=base-bridqe.com
https://maltiverse.com/hostname/base-bridqe.com
https://www.quad9.net/result/?url=base-bridqe.com
base.bridge-home.net 
https://safeweb.norton.com/report/show?url=base.bridge-home.net
https://www.virustotal.com/gui/domain/base.bridge-home.net?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=base.bridge-home.net
https://urlfiltering.paloaltonetworks.com/single_cr/?url=base.bridge-home.net
https://maltiverse.com/hostname/base.bridge-home.net
https://www.quad9.net/result/?url=base.bridge-home.net
v3-dappradar.com 
https://safeweb.norton.com/report/show?url=v3-dappradar.com
https://www.virustotal.com/gui/domain/v3-dappradar.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=v3-dappradar.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=v3-dappradar.com
https://maltiverse.com/hostname/v3-dappradar.com
https://www.quad9.net/result/?url=v3-dappradar.com
app.darppadar.com 
https://safeweb.norton.com/report/show?url=app.darppadar.com
https://www.virustotal.com/gui/domain/app.darppadar.com?nocache=1
https://talosintelligence.com/reputation_center/lookup?search=app.darppadar.com
https://urlfiltering.paloaltonetworks.com/single_cr/?url=app.darppadar.com
https://maltiverse.com/hostname/app.darppadar.com
https://www.quad9.net/result/?url=app.darppadar.com

Targeted Brands

  • dexsceerner[.]net, app[.]dexscreener-home[.]net - DEX Screener (dexscreener.com)
  • traolerjoe[.]org, traderjoexyz[.]bylfg[.]org - TradeJoe (lfj.gg)
  • v2-o-p-e-n-s-e-a[.]com, open-sea[.]market-ntf[.]com - OpenSea (OpenSea.io)
  • susni-swap[.]com, sushi[.]swap-ether[.]site - SushiSwap (sushi.com)
  • hyperilquid[.]org, hyperilquid[.]xyz-trade[.]com - Hyperliquid (hyperliquid.xyz)
  • tangem[.]ing, tacngcm[.]com - Tangem Wallet (tangem.com)
  • raydiumx[.]org, ray-swap[.]net, raydium[.]io-sol[.]org - Raydium (raydium.io)
  • w-atomicwallet[.]com, atomiciwallet[.]com - Atomic Wallet (atomicwallet.io)
  • base-bridqe[.]com, base[.]bridge-home[.]net - Base Bridge (base.org)
  • v3-dappradar[.]com, app[.]darppadar[.]com - DappRadar (DappRadar.com)

Temporal Information

  • Date of Identification and Submission: 2025-04-29
  • Estimated Campaign Activity Start: Approximately 7-14 days prior to detection

Screenshots

Evidence

Screenshots

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

Screenshot

@ninjacatcher
Copy link
Author

ninjacatcher commented Apr 29, 2025

+2,349
−2,321
but everything seems to be fine ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ninjacatcher