Suspicious Domain Activity


#1

new user so can’t start a new topic so sorry for taking over this one!

I followed a link from https://twitter.com/etherdeIta to the apparent “ether delta airdrop” https://t.co/4ybFLW2Ieb

it takes you to apparently the correct etherdelta dot com domain /airdrop page.

A quick check of the source shows they are stealing private keys and then displaying a random amount of ETH you’ve been rewarded with.

If you copy and paste the URL you get a url xn–eterdelta-m75d dot com/airdrop.html

How have they done this hack?
Have they taken over etherdelta’s cloudflare account or their DNS servers or website?


Masking URL Forwarding
#2

I’d recommend using the form here to report the domain and your findings:

https://www.cloudflare.com/abuse/form