Looking for BIP39 tools? Beware of phishing!

I just found an advertisement on Google advertising a fake BIP39 tool and reported it to Google.

It's trying to mimic the well known "iancoleman.io" domain name (the first letter of the phishing domain name is "l", also one more letter is wrong).


Always download BIP39 tools from reputable sources and use them offline (or at least not in the browser).

The original BIP39 Mnemonic Code Converter is: https://iancoleman.io/bip39/

The phising website is hosted at Alibaba (IP address 161.117.255.5), the domain name is registered with epag.de.

$ whois lancolaman.io
Domain Name: LANCOLAMAN.IO
Registry Domain ID: D503300001188207674-LRMS
Registrar WHOIS Server:
Registrar URL: http://www.epag.de
Updated Date:
Creation Date: 2020-10-26T09:42:08Z
Registry Expiry Date: 2021-10-26T09:42:08Z
Registrar Registration Expiration Date:
Registrar: EPAG Domainservices GmbH
Registrar IANA ID: 85
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registrant Organization:
Registrant State/Province:
Registrant Country: CA
Name Server: A.DNSPOD.COM
Name Server: C.DNSPOD.COM
DNSSEC: unsigned

>>> Last update of WHOIS database: 2020-10-28T23:57:52Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

Access to WHOIS information provided by Internet Computer Bureau Ltd. ICB is provided to assist persons in determining the contents of a domain name registration record in the ICB registry database. The data in this record is provided by ICB for informational purposes only, and ICB does not guarantee its accuracy. This service is intended only for query-based access. You agree that you will use this data only for lawful purposes and that, under no circumstances will you use this data to(i) allow, enable, or otherwise support the transmission by e-mail, telephone, facsimile or other electronic means of mass, unsolicited, commercial advertising or solicitations to entities other than the data recipient's own existing customers; or (ii) enable high volume, automated, electronic processes that send queries or data to the systems of Registry Operator, a Registrar, or ICB or its services providers except as reasonably necessary to register domain names or modify existing registrations. UK privacy laws limit the scope of information permitted for certain public access.  Therefore, concerns regarding abusive use of domain registrations in the ICB registry should be directed to either (a) the Registrar of Record as indicated in the WHOIS output, or (b) the ICB anti-abuse department at abuse@icbregistry.info.

All rights reserved. ICB reserves the right to modify these terms at any time. By submitting this query, you agree to abide by these policies
$ dig LANCOLAMAN.IO 

; <<>> DiG 9.11.3-1ubuntu1.13-Ubuntu <<>> LANCOLAMAN.IO
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6948
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;LANCOLAMAN.IO.			IN	A

;; ANSWER SECTION:
LANCOLAMAN.IO.		415	IN	A	161.117.255.5

;; Query time: 55 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Oct 29 02:02:28 EET 2020
;; MSG SIZE  rcvd: 58

My BIP39 generators (written in Python): https://github.com/vstoykovbg/doublerandom. The simplest of them (make-seed-simple.py) can be read easily to make sure it does what it should (and do not steal your keys).

Comments