Issue ID 68469656666f (PHISHING URL)

https://tonkeeper.ee/

Generated at 2025-02-06 20:35:58 GMT+2:00

Report About Glossary
EN flag EN
EN flag EN
RU flag RU
ZH flag ZH
DE flag DE
ES flag ES
JA flag JA
IS flag IS
This incident is currently under investigation.

APVA found evidence that URL is currently hosting a phishing attack against Tonkeeper Wallet.

URL Details

IP address 104.21.48.1, 104.21.96.1, 104.21.112.1, 104.21.64.1, 104.21.80.1, 104.21.16.1, 104.21.32.1, 2606:4700:3030::6815:3001, 2606:4700:3030::6815:2001, 2606:4700:3030::6815:5001, 2606:4700:3030::6815:4001, 2606:4700:3030::6815:7001, 2606:4700:3030::6815:6001, 2606:4700:3030::6815:1001
Country United States flag United States
RegistrarWeb Commerce Communications Ltd
RegistryEesti Interneti Sihtasutus (EIS)
Netblock ownerAS13335 Cloudflare, Inc.

WHOIS Information

Search results may not be used for commercial, advertising, recompilation,
repackaging, redistribution, reuse, obscuring or other similar activities.

Estonia .ee Top Level Domain WHOIS server

Domain:
name:       tonkeeper.ee
status:     ok (paid and in zone)
registered: 2025-01-23 10:58:16 +02:00
changed:    2025-01-23 10:59:09 +02:00
expire:     2026-01-24
outzone:
delete:

Registrant:
name:       Private Person
email:      Not Disclosed - Visit www.internet.ee for webbased WHOIS
phone:      Not Disclosed - Visit www.internet.ee for webbased WHOIS
changed:    Not Disclosed

Administrative contact:
name:       Not Disclosed
email:      Not Disclosed - Visit www.internet.ee for webbased WHOIS
changed:    Not Disclosed

Technical contact:
name:       Not Disclosed
email:      Not Disclosed - Visit www.internet.ee for webbased WHOIS
changed:    Not Disclosed

Registrar:
name:       Web Commerce Communications Ltd
url:        https://www.webnic.cc
phone:      +603 8996 6799
changed:    2021-05-07 11:47:24 +03:00

Name servers:
nserver:   ruben.ns.cloudflare.com
nserver:   lana.ns.cloudflare.com
changed:   2025-01-23 10:59:09 +02:00


Estonia .ee Top Level Domain WHOIS server
More information at http://internet.ee

Domain Scan Results

Security Vendor Result
VirusTotal icon VirusTotal 18/94
IBM X-Force icon IBM X-Force Malware
Spamhaus icon Spamhaus Listed
Cisco Talos icon Cisco Talos Malware
Norton icon Norton Warning
Palo Alto icon Palo Alto Phishing
Maltiverse icon Maltiverse Malicious
Quad9 icon Quad9 Listed
Cloudflare Radar icon Cloudflare Radar Malware
Microsoft Defender SmartScreen icon Microsoft Defender SmartScreen Unsafe

Screenshots

Incident Screenshot 1

Was this report sent incorrectly?

Please report the error to us at [email protected].