Regarding ethereum-gift.website,
https://twitter.com/TheRealLeo/status/1015177418791968768
https://urlscan.io/result/9d31eca7-235a-45ee-9189-af140c8fc5c9
https://etherscan.io/address/0x52b949fb4678c20873135ce6b3727949432af1d7
https://www.phishtank.com/phish_detail.php?phish_id=5716610
https://www.virustotal.com/url/154381ea773053e97339a034b1bbf87a90c9d8a9940695cdd350d8c6597425ef/analysis/1530922094/
https://www.virustotal.com/url/7ecb632ceac25bc9d75b28d3de6b656bea5e0474a4b13b93bf3339e9b7edc952/analysis/1530922098/
Here's all what I do for a fresh scam, other than reporting google safe browser and reporting it to twitter
By chance, Let's talk about some tool. Seki

There is no reason to really contact a third-party host to send the report off to where it needs to go, especially as it just entails a cURL request to the endpoint (where we handle the reports).

Plan of action

Create a new config item for the slack webhook token and redo the report to send the report directly to a Slack channel.

Duplicated redundant entries are shown at Related addresses section.

Search tab is mistaking neutral ETH addresses as domains, leading it to link to the /domain/<domain> endpoint.

On Scam pages, add a "security suggestion" notification that is generated based off the category and subcategory of the scam. If one isn't already created, link to the mycrypto "securing your ethereum" KB article here: https://support.mycrypto.com/security/securing-your-ethereum.html

Better to show some background status if it's by maintenance reason.

Recent scams e.g. tron-online.org https://etherscamdb.info/scam/2949 are not showing correct MetaMask status on the website.

Scams are included in eth-phishing-detect e.g. tron-online.org is in https://github.com/MetaMask/eth-phishing-detect/blob/master/src/config.json

I assume that EtherScamDB is using the npm released version. Last npm release of eth-phishing-detect was 1.1.12, 5 months ago. https://www.npmjs.com/package/eth-phishing-detect

Logos are currently messed up on social media sharing:

ABUSEIPID seems to be well accepted malicious IP repository widely utilized at internet security community.
Showing Either or both by a summary and/or link to its IP page as a cross reference will be efficient.

https://www.abuseipdb.com/check/162.144.51.201
https://etherscamdb.info/ip/142.4.26.221

Edit Search tab to allow for 0x Address searching

https://etherscamdb.info/scam/77/ - Fake mew
has
https://etherscan.io/token/0x5af2be193a6abca9c8817001f45744777db30756
which not likely be connected with a particular scamming of this fake site, but ETHOS token contract.

ETH Scam

• On report page, change the red "no" button to read "No - I want to report an address / website"

• On layer two of "i'm not sure":

  • Add other useful links (don't necessarily need to use all of them)
    - "create a new wallet" => https://myetherwallet.groovehq.com/knowledge_base/topics/how-do-i-create-a-new-wallet
    - https://myetherwallet.groovehq.com/knowledge_base/topics/protecting-yourself-and-your-funds
    - https://myetherwallet.groovehq.com/knowledge_base/topics/pro-tips-how-not-to-get-scammed-during-a-token-sale
    - https://myetherwallet.groovehq.com/knowledge_base/topics/call-to-action-help-us-phuck-these-phishers-up-please (edited)

• On forms that are more than one step, add back button (if possible)

• Update any buttons that don't give the user a more clear idea of what clicking the button will do

• On finishing pages (Thanks for your Report) add a third line of copy educating users about security:

  • Learn more about best practices and how to secure yourself: https://myetherwallet.groovehq.com/knowledge_base/topics/protecting-yourself-and-your-funds
  • or
  • Get a Ledger or TREZOR Hardware wallet. Add affiliate links here. You can create links @ https://www.ledgerwallet.com/affiliates & https://shop.trezor.io/user/profile/affiliate/
  • or
  • You can also help make sure people aren't able to reach this site in the future. Please take a moment to report to the browsers:
    - https://safebrowsing.google.com/safebrowsing/report_phish/
    - https://safebrowsing.google.com/safebrowsing/report_badware/
    - If have IE / Edge, report there: https://support.microsoft.com/en-us/help/930167/how-to-report-a-phishing-web-site
    - Report Google ad: https://support.google.com/adwords/troubleshooter/4578507?visit_id=1-636363900698406880-2129187164&rd=1
    - Notify host regarding malicious website / DMCA / copyright violation / trademark violation
    - Notify registrar regarding malicious website / DMCA / copyright violation / trademark violation
    - Notify SSL Cert Issuer of misuse of cert / malicious / phishing website

• Add these HW wallet affiliate links to the footer as well.

• Add buttons or make the entire square on homepage a link to Github, Report, Etc.

• Add square for hardware wallet stuff w/ affiliate links

• Under knowledge, link to simple links page that just has valuable resources for people. Things like the links I provided above, any reddit threads you find in the future that are useful, etc. You can find some good resources here: https://myetherwallet.groovehq.com/knowledge_base/topics/resources-for-diving-deeper

Scams not updated on the website. Scams.yaml 2841 and above don't appear to be shown on the website, so the website is over a week behind the blacklist.

Reported on twitter, logging as an issue. https://twitter.com/sniko_/status/968650715957735424

Search should be case insensitive for domain names, e.g. MyEnthereumWallet.com should return the same result as myenthereumwallet.com

We need to include the ability for people to mass report phishing domains and scams through EtherScamDB.

Proposed solutions

Parse a .csv file of reports

Get the user to select a .csv file that is parsed client side and sent to the backend in a unified format.

Big textbox

Give a textbox to allow the user to dump the report (in no real uniform order/format). Kind of a free-for-all and won't make it easy for any future bots to parse and act on the data automagically.

Add another report button

With some UX magicy, allow the user to add more inputs to unifrm the order/format (1 input per domain/scam with a separated input with a reason)

I'm not a spam account, I promise! My official twiter acount is @juansgalt, and you can find all my social accounts and work at juansgalt.com.

Much thankful for this most excellent fraud prevention app. Good work.

Web server appears down

• - Individual pages to finish
• - Sorting to finish
• - Pagination to finish
• - Add the redirect page
• - Update the data file
• - IP pages
• - Address pages
• - Update README
• - Take screenshots of flagged sites.

Bugs:

• - Slackbot needs to be fixed
• - getCache().scams is full of duplicates, not sure why

Just an incident report, on both chrome and firefox.
https://etherscamdb.info/address/0x5208d7f63A089906889A5A9CAed81E9C889E64F8

As of Mar 3, 2018
ttps://telegram.tokyo is shown as no generic blocker

But Cloudflare blocks it as a phishing site, and we may list blocking status of it also.
Not sure exact behavior of them though.

A recommendation if not there already.
To pursue moving behavior of phishers, and keep the public records of them within URLscan as open repository, scan the site to take the snapshot when adding new id if it's not already in the pipeline.
i was not able to find phishing evidence of 4014: idex24.io within all the record about it including www.idex24.io

We need an endpoint to get all scams where "status":"Inactive" or "status":"Offline" or "status":"Suspended".

Scams list will be much attractive to be sorted by lines with status category, active lines group on top as default.
Optionally, having sorted and unsorted switch by clicking the column title, and other titles also.

Both ico-ton.org and refereum-token.com are assigned on id #2805, which is the only exception of a unique id on URL to date shown through GET "https://etherscamdb.info/api/scams/"

Virustotal is an open service that aggregates scanning upon signature in files, addresses, and names by independent providers, both in private and open environment. Its open URL/domain scanning shows good cross-reference between legacy security community and Ethereum, as well as pushing awareness about Ethereum blockchain space for private users of it mostly in the legacy security community.

Current ESD SCAM domains are mostly scanned there publicly already on both http and https, and scanning result records are kept there with "positives" number, showing the number of services detected SCAM among sixty or so. Newly added ESD records are done in a day.

Scanning newly added ESD domain are mostly first-time public scan there but in case it was active at phishing, already scanned with positives. So scanning ESD SCAM domain makes an extension of it at Virustotal in some sense.

Assuming above sniff benchmarking, following changes are recommended

1. Adding Virustotal positives at etherscamdb.info/scam/nnnn
2. Scan the SCAM domain upon new ESD record addition
3. Provide ESD URL scan within Virustotal

These might be an affordable subset of ESD expansion.
I've using spreadsheets now as workbench and trying to move into Jupyter or some other for prototyping.

Hello there, could you please add a license. Prefer not to assume it's MIT

In my opinion it should be case insensitive.

Example:

https://etherscamdb.info/api/check/0x92d43d2f55e077d1bebc6e348a9f4ff64fd4f21a/
returns
{"success":true,"result":"neutral","type":"address","entries":{}}

https://etherscamdb.info/api/check/0x92d43D2f55E077D1beBC6e348a9F4FF64fD4F21A
returns
{"success":true,"result":"blocked","type":"address","entries":[{"id":4056,"name":"blttrex.us","url":"https://blttrex.us","category":"Trust-Trading","description":"Trust-Trading site","addresses":["0x92d43D2f55E077D1beBC6e348a9F4FF64fD4F21A"],"ip":"198.252.108.77","nameservers":["ns10.hawkhost.com","ns9.hawkhost.com"],"status":"Active"}]}

The website reports the address as a scam, regardless what case is used:
https://etherscamdb.info/address/0x92d43d2f55e077d1bebc6e348a9f4ff64fd4f21a/

https://twitter.com/amadeobrands

We need to enable CORS so that people can consume the JSON files with Javascript (specifically EtherGraphs.com is having an issue with pulling in the data with AJAX)

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

We need to set a header Access-Control-Allow-Origin: *.

Assigning to you Luit because it might be easier to enable it in the server config.

Since the release of #21 the style for the icons wasn't overwritten from the cached copy on the browser.

Looked kind of like this;

POA: Put a query string of the date/version on the JS and CSS. Ie: <link rel="stylesheet" href="/css/general.css?version=1504005602">

At https://etherscamdb.info/report a styling error occurs where there is overlapping texts. This does not occur in Chrome or IE.

For the URL myetherwalletverify.info,
the summary page indicates no Google protection as shown below,
but it's practically protected.
It should have different notation / logic / scope hopefully, to focus on high-risk address.

But by chrome, it is captured as below (no metamask nor etheraddresslookup)

Firefox

Safari

Onion + metamask

Onion

Search "ETHPAYS.ME" and "ethpays.me" did show a different result.
Further more, input character case handling and others have to be carefully examined in the process pipeline upon variation of search string such like with or without "http://", trailing slach char etc. , in order to avoid false negative/positive result for users manually accessing it.

It's not an issue, but I want the address pages showing the total transfer-in Ether amount instead of USD (not required, out of the scope of your site)
By the total-in and balance, we can better understand the behavior.
Etherplorer has an API returning it. They gave me an api key for me referring some analysis around ESDB.

www.blocklist.de is doing that well.
https://www.abuseipdb.com/check/125.109.194.241

Hi @MrLuit I am a graphics designer and open source enthusiast. I want to contribute to your good project by proposing a logo design for the project for added visibility.I have noticed it doesn't have one yet. I will be doing it as a gift for free. I need your permission before i start my design. Thanks and best regards

• tobaloidee

Below three fake mew domains are blocked now but ESDB is showing them as "not blocked"
I guess Google hesitate to show the real status online by several reasons,
or they kindly showing the real site status to infosec services.

https://etherscamdb.info/scam/4635
https://etherscamdb.info/scam/4636
https://etherscamdb.info/scam/4638

The PHP script for Slack needs upgrading. Lots of reports are hard to read.

_data/scams.yaml Is getting too large. Make them easier to handle by splitting them into smaller files.

• Break up scams.yaml into smaller _data/scam files (a good way to do this would be to parse through each scam and create individual files for each category). Test to see if it makes more sense to do this by category or subcategory.

• Create a method that concatenates them on run and update. Verify that this does not conflict with existing functionality

https://www.phishtank.com/user_submissions.php?username=seki

Added about 250 and the first half is well accepted and marked as phishes.
Here's some suggestion -

1. Within my pilot, I saw Google safe browsing flagged some of the site. It worth than seemed to be.
2. risk.iq and xforce have linkage to it.
3. Phishtank accepts only URL as input and no additional info like Etherscan of shown Ethereum address that may prove the fake behavior of the site. Link to Phishtank from ESDB may help.
4. Don't know what incentives drive the Mturk like operation.

ReCaptcha is not displaying on the Report screen, or is failing, after trying to report a domain:

Further info: Win 10 + Chrome Version 65.0.3325.181 (Official Build) (64-bit)

Note: This issue does not occur in IE, Edge, or Firefox.

To reproduce:

1. Navigate to https://etherscamdb.info/report
2. Click the button: "No I want to report an address/website"
3. On the next selection asking if you want to report a domain or address, click the "A domain" button.
4. Enter the domain: "ethereumwalletgenerator.com" and click "Continue"
5. Add a reason why you're reporting then continue.
6. ReCaptcha will not appear.

I want to be verified as i am contributing to Cryptocurrency valid airdrop. Always do makesure to verify website and etheraddress via Etheraddresslookup.

Something is off with lines https://github.com/MrLuit/EtherScamDB/blob/master/run.js#L443 and https://github.com/MrLuit/EtherScamDB/blob/master/_layouts/address.html#L8 as the {{ address.address }} doesn't replace.

Example: https://etherscamdb.info/address/0xe4fa5149306b12d51dc0d04e5e95bc9704ccaad7/

<div class="ui body container">
<link rel="stylesheet" href="/css/address.css">
<h1>0xe4fa5149306b12d51dc0d04e5e95bc9704ccaad7</h1>
<div class="ui mini red message"><i class="warning sign icon"></i> Warning: Do not send money to this address</div>
<b>Balance</b>: <span id="balance">0 ETH</span><br>
<b>USD Value</b>: <span id="value">0$ (745.14 USD/ETH)</span><br>
<b>Related to the following scams</b>: <div class="ui bulleted list"><div class="item"><a href="/scam/2135/">OmiseGO.com</a></div></div><a href="/scam/2135/">
<div class="ui divider"></div>
</a><a target="_blank" href="https://etherscan.io/address/{{ address.address }}"><i class="external icon"></i> View address on etherscan</a><br>

Phishtank can be used to verify the current status of a scam site with a chance to vote, while URLscan is much tend to record keeping/verifying and analysis purpose.
We may consider using both in the right place within the lifecycle and UX suitable for community ecosystem purpose.

Sample
(I put some of recent active sites there but not getting attentions. Some of exchanges and myetherwallet are listed as targeting brands of phishing scams)

Now I understand Phishtank is a legacy public and crowdsourced phishing mail collection and validation platform, similar to Amazon Mturk is for catalog data correction and general questioner but looks like old and global rank 200K in Alexa

Please whitelist our Twitter account @Locanza_org

Thanks a lot!

Copy of MetaMask/eth-phishing-detect#794

Hi, please add to black list this address:
0x9eb041AF96d44583110565ABeC79aedf22Eb60b5

It's using in fake AirDrop of Nucleus Vision (proof https://docs.google.com/forms/d/e/1FAIpQLSeRw1qALR7-rbvOKRM-Wgs1TxmAN5BC7_XzATFiHIVRuRlegQ/viewform). There was no official anouncments nor at the website https://nucleus.vision or twitter https://twitter.com/NucleusVision

Currently there is no indication of a new search being conducted on the ui.

One way to do this is to add the searched name to the existing notification that pops up.
Another way to do this is to add a new section that displays when the search button is clicked below the search input field containing the name being searched.