add yotpo[.]com to add-wildcard-domain #511

g0d33p3rsec · 2024-11-21T23:10:25Z

Phishing Domain/URL/IP(s):

http://em.yotpo.com/ls/click?upn=u001.-2FemWfc87t0MOUEjl1SkAEoimo91FmpUR-2BKpXpfKlemNaYngWWk3jyI7OnE0kJZoWkzybE6M7gtHzmXTNtkwX3vXZf0wHukhCbip4awKsMfmbGJqpeyBK9YCXZooChhIiBTapBcfWBHBF-2B2sl8AYw9xjytQ0tn8Qx2zl8m7ZIzXexAmM4ORRuw1kd63DPVGoPm1PoZX1ZopNNHfTKdRlOSmNx-2FDN-2FVo7s2lDxjQpHmWs-3DbTar_X-2FbAZB1iEW9akNSX35oqPA-2FbffOO3ULBYayntBYqrf85-2FLMKCX5iMCMHgc2C3vwQHj-2BMjCD3rZr3YENAO-2F62E78Fq5EB-2FNq5dR3jbBoOZ9UWUWFcoROHoEHGxm0XJMaqHy0-2BNdOleI3Hlo2b7NzuIrJ21EMK0SzPJ6gVKF83pTS2ykmf2sF4WlTZYXq5jzi9RzS3i-2F0Ef3ZDyok9KsiFfWroNXOECKf68ZjIY2PMaTsjFz6a6VDFMN-2Bm2CTjr0q2SYwA1jt2InPNrrgetXjONRBJzkgKErV8G4ElqBSijZmeRFfEoyFRuY7E9V0iKxo5ZZfepveEqaMbvSu5HpdI4ZdMKVsSwxCzpkb4Ed-2BVBle0CWwIHM-2F-2BREN6mWoa6dfz1qkC88-2BT3hNvrRJQOCE-2BXBytbGkiejtndg70SxBkyXYzZ0LtSQHlDPNxldUqEqXvr-2BjH7EqUIoS5ybmTr5LJZmZVDEXTUKRj5UyG9Zx-2FC8FVUkpuCS294RwWhYsv8Hnc1vqDmNMOMC36Ii2LD93GQgI38-2BJNQ23swH8rPHwAR8KbOr69fMP7TfYB1g7pIkThtBFU7Hr7ZGmmbJeAVOizxxSIqYtS6yonx-2FfMKrRLI8Y-3D

Impersonated domain

https://metamask.io/

Describe the issue

Domain is being used for phishing MetaMask users. The domain is being protected by Cloudfare and redirects to Wikipedia when scanned from a sandbox but has a documented history. The related posts are included in the additional resources.

Related external source

https://urlscan.io/result/52284e24-388a-4d59-a08e-c643881aa5bb/
https://www.virustotal.com/gui/url/a4bb23d70ee59646068216dd25a1670d5384092233996208129ace595d2ca459
https://app.any.run/tasks/a16fe9a1-a656-4266-91ec-5c2782c6b3f9
https://www.reddit.com/r/BinanceUS/comments/1awq4zx/believe_i_got_a_phishing_scam_regarding_metamask/
https://www.tokentrace.com/post/metamask-phishing-email-protect-your-crypto-assets
https://any.run/report/2131d0f2b16f534275a7150f49ff750ec92c695ecd5e2c88189a48ea4e653710/72484f09-bcde-4dd6-806b-5386c194e4ed
https://any.run/report/886659a97808099c0e2566cc0c63f814d5709283804953ce14f538c145c18adc/53ebc68d-e763-4749-82bb-ce31e591ba45

Screenshot

Click to expand

domain used for metamask phishing

@g0d33p3rsec

g0d33p3rsec · 2024-11-23T17:55:12Z

@spirillen check out the timezone in the lure email xD

spirillen · 2024-11-24T06:44:04Z

I'm not surprised. The Chinese are coming after you, they won't not just a piece of the pot, they wont the entire pot for them self

add yotpo[.]com to add-wildcard-domain

573cf5e

domain used for metamask phishing

spirillen merged commit c6df107 into Phishing-Database:main Nov 22, 2024
1 check passed

g0d33p3rsec deleted the add-yotpo.com-to-wildcard-list branch November 23, 2024 17:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

add yotpo[.]com to add-wildcard-domain #511

add yotpo[.]com to add-wildcard-domain #511

g0d33p3rsec commented Nov 21, 2024

g0d33p3rsec commented Nov 23, 2024

spirillen commented Nov 24, 2024

add yotpo[.]com to add-wildcard-domain #511

add yotpo[.]com to add-wildcard-domain #511

Conversation

g0d33p3rsec commented Nov 21, 2024

Phishing Domain/URL/IP(s):

Impersonated domain

Describe the issue

Related external source

Screenshot

g0d33p3rsec commented Nov 23, 2024

spirillen commented Nov 24, 2024