Come on Bitcointalk, where's your research face?
https://i.imgur.com/tMWpm9p.pngWe go to "deposit" a "bank draft", and are told we should make it out to payee 1009926 B.C. LTD. Stupidly with all these "methods" we are told to blindly send them money, but give them no way of identifying that the money they receive is owned by a particular account.
https://i.imgur.com/2tWjPNx.pngThe company we are interested in was registered in August 2014, so it's either completely fake or for some reason hasn't been used before (I had a look around, there's no results for this particular canadian buisness number to be found anywhere).
https://i.imgur.com/LBffYol.pngThe company number does exist in the database of the Candian government, but it appears to be a reassignment, this result is from 1986. It turns out for some reason financial services are exempt from being listed in public record. Might be worth while if someone in the US or Canada can contact a government office and see if there's a way to get information about them this way?
https://i.imgur.com/ffPfNKi.pngThis address in particular is fairly useless, it's a remailer/virtual office located in Canada, this is fairly interesting because it's pretty off the beaten track and nowhere like the UK based address they claim on their website.
https://i.imgur.com/MkEdlTK.pngThe website doesn't have a shitty CloudFlare configuration so they don't leak their host, however, the nameserver pair they use might expose something interesting.
https://i.imgur.com/Ab5nQkn.pngThe pairs of names CloudFlare assigns is unique to the user account that adds the domain, so either coinwallet.eu is related to ibookair.net and lauincherfenix.com.ar, or someone just got unlucky and has the same pairing as them. Useless information now but might be interesting in the future.
https://i.imgur.com/VnxSdye.pngTheir email sending configuration is a bit weird, it uses mandrill as a proxy to avoid exposing their server behind cloudflare. Mandrill leaks the user ID of the person who made the account in the headers, which might be useful to compare with other dodgy services to see if there's any matches that might expose more about them. Specifically if you search "X-Mandrill-User: md_30632414" on your raw mailbox files we might get somewhere interesting, there's currently no results for that sadly.
https://i.imgur.com/rUkmXFP.pngThe wallet they use can be found on walletexplorer as
https://www.walletexplorer.com/wallet/000babbf8d1cc6e6 . Doesnt look like they have a particularly huge business but you can see some of their spam going in and out in the older sections of the page.
http://regex.info/exif.cgi?url=https%3A%2F%2Fwww.coinwallet.eu%2Fassets%2Fimg%2Flogo.pngWe bust out the EXIF viewer, and find that their logo was created 3 months 17 days ago, using Adobe Photoshop CC on Windows. Most importantly, we now know the creators timezone is GMT+1. This timezone appears to suggest the person who created the logo was located in Algeria, Angola, Benin, Cameroon, Central African Republic, Chad, Democratic Republic of Congo, Republic of Congo, Equatorial Guinea, Gabon, Guinea, Niger or Nigeria.
I've also requested for the WHOIS information on the domain coinwallet.eu to be unmasked by the registry.
