409h / etheraddresslookup Goto Github PK

My company's domain ethereal.capital is coming up as being on your blacklist but should not be.

Please remove it ASAP.

Regards,
Kristoffer Sheather
Ethereal Capital

ethermine.org is giving me the metamask blacklist error page - just started happening 20 minutes ago.... what's the deal? I can't check my mining dashboard anymore.

ethermine.org is a legit website, has it been hacked or something?

Hey, just found an unpleasant bug — EtherAddressLookup highlights torrent magnet link as Ether address. You could check here.

Blocking all sites where rn replaces m, vv replaces w and v replaces w might be prudent ;)

Love the extension!

It does make browsing Etherscan a pain though, check the screenshot:

Hey Harry,

As discussed, here is some more info about the scamming address, who is impersonating our ICO.

Here are a list of the fake sites:
iconexus.tk
iconexus.ml
iconexus.ga
iconexus.cf

If you require any information about our ICO (real address, real domain, etc), please do not hesitate to ask me.

Thanks.

https://twitter.com/etherdelta?lang=en&lang=en did you check it out before blacklisting?

This is important work. I'm curious about incorporating it into MetaMask (MIT).

See: https://twitter.com/sniko_/status/912345449134219264

General consensus was yes.

We need to add logic to choose from a preset of block explorers in a dropdown as right now it defaults to etherscan.io and people have other favourites.

For some reason, http://etherbtc.io, a website providing time sensitive information about the EtherBTC (ETHB) initial coin offering, is listed as a "known phishing site." It is not a phishing site at all. The only information we are requesting when someone is registering for our ICO is their name, email address, and their "wallet address," AKA their "account address," starting with 0x, which we need in order to send them free ETHB for registering and setting up their MyEtherWallet.

We'd greatly appreciate it if you would remove http://etherbtc.io from your blacklist and instead, add it to your whitelist so anyone running metamask is not scared away from registering for our ICO which takes place in 9 days. Thank you for promptly making this change.

my computer got blacklisted when I tried to signup on
ethero.net
[email protected]

Following on from issue #136 we need to implement an ENS domain lookup in the same fashion as standard Ethereum address lookup works.

ethercard.io blocked for me,
but i dont see him in blacklist

Hello!
Very much I ask you to help with the resolution of the arisen problem!
I registered on the ICON website and September 20 took part in the pre-sale of coins, transferring 4.98 Ether from the purse 0xC4841948e38d180F77e0292f0137CC866d5F090f (MyEtherWallet) and received 12450 coins. The wallet is available at: https://www.myetherwallet.com
Literally the next day I went to the hospital, where I lay for a whole month - they discovered oncology. While lying in the hospital I remembered that on September 20, by the evening I decided to check the receipt of coins into the account and saw a message in the Slack (the link on which was located on the ICON website and has now been changed to the Telegram), allegedly from the ICON site, that there were some difficulties with transferring coins and all are asked to come urgently and check their wallets. Next, there was a link to the purse site CORRECT !!! I was frightened and hurried to go to the link by entering a file and password. And only then I saw that the site address is not quite correct: http://myethereumwalletntw.com/
I immediately left this site, but in the hospital remembering about this case and reading on the Internet, I realized that I got on a spy site and entered there a file and a password. And so they now have 99.9% of my file and password from the wallet. Then I found on the Internet that the site was found to be fake and blocked from 27.09.2017. ((((((
myethereumwalletntw.com
Archive History Share
URL: http://myethereumwalletntw.com/
Category: Phishing - MyEtherWallet
Status: Offline (September 27th, 2017, 19:09:27 UTC)
IP: 5.230.195.199
EtherAddressLookup: Blocked
Google Safe Browsing: Blocked
Nameservers:
ns200.01isp.com
ns201.01isp.net

I immediately took out the remnants of Ether from my wallet, transferred the remainders from the miner pool and immediately led them to another purse (now on the account of 0,009 Ether), but I can not withdraw the coins yet !!! And now I'm very much afraid that when the coins are unfrozen, I will not have time to dispose of them and they will be stolen!
They have a file and password from the wallet, but only ICON can link the purse address to my login (email) and password. Can there be any way out of this situation, so I do not lose tokens ?? Help and advise please !!!! For me it is very significant money, especially in this health situation.
I will send and photos and documents for ICON (when the process begins - I can send for earlier as an option) - I'll pass the test. What should I do after this? How to secure coins in your wallet and not let them go to scammers?
On the Internet and the answers to the questions I read that everything in the wallet takes place in the client's browser and you can not change the file and password. But if everything happens on my side, then the password entered when creating a purse in some directory is stored on my computer and theoretically I can change it. It is inextricably linked with the file (which can not be changed, as I understand it) and if it is possible to change the password, scammers will not be able to enter. And I can with a secret key. Can there be some kind of robot program that can transfer tokens to another address as soon as they are thawed? Maybe all the same there are at least some options, because I understood everything in time and so far nothing happened ??? !!!
Once again I very much ask for help!
Sincerely, Nikolay Makarov (Russia, Nizhny Novgorod) -- [email protected]

#140 (comment)

Made this amendment to allow the user to know which explorers will allow them the ability view ENS addresses. We can in future add new functionality to lookup the underlying Ethereum address then link to this on the user's chosen explorer.

Dependent on #137

With reference to issue #144 Applying tests to https://github.com/409H/EtherAddressLookup/blob/master/js/DomManipulator.js

Particularly the changes that will be merged in with pull request #140

Perhaps we can add a milestone to keep track of all the unit testing have done and need to do.

See the idea here: https://twitter.com/adm_chch/status/903216394644340736

Could the browser generate one of those identicon graphics off the hash of the domain and show next to the URL...

Add logic that can be toggled so the user can see quick stats on the Ethereum address (ie: available balance, number of transactions).

Modify the view to have trusted bookmarks to various sites (myetherwallet, etherscan, ethplorer, etherchain, r/ethereum, r/ethtrader). These should be icons that you can click on.

I discovered loads of people on reddit and twitter were using links or manually typing (and if there was a link, they'd click it) to go to MyEtherWallet, which caused the phishing campaigns to be really effective. If the extension has an icon straight to MyEtherWallet, hopefully it helps them use that instead of relying on a link from someone.

The circles being the sites favicon

Please vote in the below poll by clicking the option (POLL ENDED):

I'll aggregate the poll results on July 14, 2017. Depending on the result, it will be implemented or not. If the results favour "impartial", then I'll leave the feature out but keep an open discussion on GitHub.

Hopefully this will help users by using bookmarks instead of links.

The Problem

There seems to be a new way of phishing on the Ethereum network. After reading this article there may be a need to address the issue of scammers stealing ether by giving fake .eth addresses.

https://medium.com/@enslisting.com/dealing-with-ens-names-beware-of-this-phishing-attack-6936f6b8b9e4

Proposed Solution

Add a new function for detecting .eth ENS addresses, and another for detecting zero width character in the eth ENS address. Something like :

//Finds ENS addresses
getENSAddresses()
{
	var arrWhitelistedTags = new Array("code", "span", "p", "td", "li", "em", "i", "b", "strong", "small");
	var strRegex = /(^|\s|:|-)(\S+(?:\.eth))(?:\s|$)/gi;
	var output = [];

	//Get the whitelisted nodes
	for(var i=0; i<arrWhitelistedTags.length; i++) {
		var objNodes = document.getElementsByTagName(arrWhitelistedTags[i]);
		//Loop through the whitelisted content
		for(var x=0; x<objNodes.length; x++) {
			var strContent = objNodes[x].innerHTML;
			
			//Look for ENS address patterns
			if( strRegex.exec(strContent) !== null) {
				
				var ENSAddresses = getMatches(strContent, strRegex);
				//Check is any of the ENS matches have ZWCs
				for(var y=0; y<ENSAddresses.length; y++){
					if(hasZeroWidthCharacters(ENSAddresses[y])){
						// Code to warn the user that they may be getting phished
					}
					else{
						// Code to replace ENS address with a link
					}
				}

			}
		}
	}
}

//Detect Zero Width Characters
hasZeroWidthCharacters(input)
{
	var startLength = input.length;
	var zeroWidthChars = "\u200B|\u200C|\u200D|\uFEFF|\u2028|\u2029";
	var re = new RegExp(zeroWidthChars);

	var result = input.replace(re, '');

	return (startLength > result.length);
}

//Get RegEx matches
function getMatches(string, regex, index) {
	index || (index = 0); // default to the 0th capturing group
	var matches = [];
	var match;
	while (match = regex.exec(string)) {
		matches.push(match[index]);
	}
	return matches;
}

This change should probably be made to the https://github.com/409H/EtherAddressLookup/blob/master/js/DomManipulator.js JS.

I think the important thing to do is to warn the user that the address is potentially dodgy, it may not be, but using ZWCs in your .eth address is a good sign you are trying to pretend to be someone you are not. Perhaps ENS will address this with the next version release, but until then the vulnerability will be there.

Do you agree with this approach? If so I'll code the rest of the functionality and open a pull request.

Hi - I had to disable this extension! It was clobbering the Accounts page in hitBTC. Any zeros in the Trading and On Ordes columns were converted to '-', and the Fund/Withdraw buttons wouldn't respond at all - all kind of important stuff given the site! - source

Webtask.io is not malicious and is not listed in the blacklist.

myzenwallet is a wallet for different cryptocurrency ZenCash. It's a totally legit online wallet very much alike to myetherwallet (well essentially it IS myetherwallet for ZenCash) and a very real cryptocurrency. It should be whitelisted.

Metamask is preventing me from entering my miner pool stats at:
https://ethermine.org/miners/

MetaMask has detected this domain to have malicious intent and has prevented you from interacting with it.

This is because the site was listed on the EtherAddressLookup malicious site blacklist.

You can turn MetaMask off to interact with this site, but it's advised not to. We blacklisted it for a reason.

Is this site harmfull?

I've tried 10 malicious urls listed in the blacklist database and often had the 'warning screen' not trigger and was able to navigate the fake website freely. As I'm not technical, not sure what could cause this, however you may want to look into it.

I am owner of m.famtalk.net domain.
I'm software developer and have been providing the Famtalk service (another name is MoMo).
The Famtalk service is a SNS service for users to generate meetings, share it via another SNS and check attendants.

Why is this domain added to blacklist ???

Possibly using Mocha and Chai. This is a big issue I know, but if we maybe take one js file at a time it'll break up the work load into manageable chunks.

When "Highlight Matches" is enabled and "Preferred Blockchain Explorer" is set to "Etherscan.io" Ethereum addresses on Etherscan itself are highlighted, and clicking opens the link in a new tab/window. It would make more sense that when on Etherscan itself the addresses should not be highlighted but instead use Etherscans own linking (which doesn't open a new tab/window).

I have only tested this for Etherscan.io but suspect it may be similar for the other options in "Preferred Blockchain Explorer" as well.

It blocks twitter O_o

www.twitter.com/omise__go
twitter.com/omise__go

Now that url (which is now dead but still in your list) may well not have had savoury content, but I doubt there is actual phishing going on twitters own webspace. So why is it there?

Implement a Levenshtein distance algorithm to detect similar hostnames to that of myetherwallet.com.

https://en.wikipedia.org/wiki/Levenshtein_distance

This should help detect against myet.herwallet.com and myeth.erwallet.com type of impersonations.

To discuss

• An acceptable edit distance
• If there is >= x edit distance, should we disable interaction with the domain or just show a warning?

cc: @tayvano

Add myetherwallel.com to blacklist, a most recent link being distributed.

It's unclear to me how I can report a link. Now, I know I could technically do a pull request and all that, but I would have to figure out how to do that first -- let alone other beginners/non-devs.

Is it possible to add a report feature to the tool for malicious URLs? I'd be happy to function as reviewer.

With EAL active a user is not able to select from the existing contract list.

With EAL deactivated MEW works as expected.

@409H Are you able to replicate this?

I've ordered on that website for decades and it's 100% legit (has always fulfil my orders, dozen over time).

Add logic that allows the user to add a label to an address - this can either be shown next to the address or on hover of the address.

etherdelta.gitlhub.io

Hi, my domain www.myethershop.co is blacklisted for an unknown reason. Please, whitelist the domain. We are on online shop that let you shop from Amazon with ETH. Please, at least do a Google search before blacklisting a domain.

https://themerkle.com/what-is-myethershop/

no existe ningun dominio malicioso por favor mis disculpas

Are we to believe this large pool is malicious? PLEASE tell me this is an error and they will be whitelisted from now on. Ready to switch pools ASAP if sufficient evidence is produced that I should not be mining with them.

Thank you
Robert

https://www.xn--mytherwallet-fvb.com/

Why is this website blacklisted ? thx

Hey Guys,

I wanted to make pull request but didn't find any everex mention there. Therefore metamask shows website https://everex.cash as blacklisted.
It's wrong it's our wallet website (not token sale but remittance application).

The main website https://everex.io has a link to the wallet. There is a pic: http://take.ms/StLWv

P.s. Thank you for blacklisted everex.online - its real scammers.

Modify the logic to use https://github.com/MyEtherWallet/ethereum-lists and https://github.com/MetaMask/eth-phishing-detect so updates are in parallel with MetaMask and less files to maintain.

Port EAL to support Firefox to be loaded as an extension.

I was browsing this repo and noticed it's not matching the ethereum address in the list item (<li>) element.

Following on from discussions in #137 and #136, as a transitional set of functionalities we need to add a method for highlighting ENS addresses and linking to a pre-existing block explorer.

https://raiden.online
https://stormtoken.cc
Add to blacklist