Forensic safety
Mixer scam checklist: spot a fake route before you send
Most losses at a mixer are not surveillance — they are scams: clone domains and a fake “AML hold” after you deposit. Work through this before you trust any route.
Last reviewed 2026-07-09 · We store nothing you type or paste here.
Read the address bar
The one thing a clone cannot copy
A clone can copy every pixel of an interface. It cannot copy the exact, correct domain. Learn to read a hostname like a forensic artefact and most scams fall apart.
The checklist
Four checks, in order
Run these top to bottom. If any one fails, stop.
Domain and URL anatomy
Most mixer scams are look-alike domains. Read the address bar like a forensic artefact before you trust anything on the page.
- Read the hostname right-to-left: the true site is the label immediately left of the final .tld (e.g. example.com in a.example.com).
- Watch for swapped or doubled characters, added hyphens, and alternate TLDs (.net / .io / .app) imitating a known .com.
- Be suspicious of look-alike Unicode characters that render like Latin letters.
- A padlock only means the connection is encrypted — it says nothing about who owns the site.
Clone and impersonation checks
Clones copy the entire interface. The one thing they cannot copy is the exact, correct domain.
- Compare the hostname against a source you already trust — do not rely on a link from a message, ad, or search result.
- Distrust unsolicited links in DMs, comments, and paid ads claiming to be the 'official' mixer.
- If a page shows fake live 'payout' tickers or countdowns to pressure you, treat it as manipulation.
- Verify the destination hostname is displayed before any redirect, not hidden behind a timer.
Surprise AML-fee pattern
The most common exit scam: your funds are 'held for AML review' after deposit and released only if you pay more.
- Any fee that appears only after you deposit is a scam signature — legitimate terms are fixed up front.
- There is no such thing as a 'compliance fee to release your own funds' from an anonymous route.
- A shifting fee between quote and settlement is a red flag; the quote should hold.
- Walk away from any 'pay X to unlock Y' demand after a deposit — paying more never ends it.
Support and status verification
Check whether the operator behaves like something you can hold accountable, before you rely on it.
- Confirm a real support channel exists and answers a basic question before you transact.
- Check whether terms, fees, and network support are documented up front rather than improvised.
- Prefer routes that state their limits honestly over ones that promise anonymity or guaranteed acceptance.
- If anything about identity, fees, or timing is evasive, stop — evasiveness is the finding.
Walk away if you see
- Guarantees of anonymity, untraceability, or '100% clean' output.
- A fee or 'AML hold' that appears only after you deposit.
- The destination hostname is hidden behind a countdown or auto-redirect.
- Promises that any exchange will accept the funds with no questions.
- Pressure tactics: countdowns, fake live payouts, 'act now' scarcity.
- Look-alike domain, alternate TLD, or a link pushed via DM or ad.
Reassuring signals
- Fees and terms are stated clearly before you commit.
- The interface asks only for a destination address.
- The destination hostname is shown to you before any handoff.
- Limits are stated honestly — no absolute-anonymity claims.
- Asset and network are labelled explicitly to prevent a mismatch.
- Nothing changes between the quote and the settlement.