Pages:
Author

Topic: [List] Phishing Cryptocurrency Site - page 11. (Read 11572 times)

legendary
Activity: 2576
Merit: 1655
July 21, 2020, 04:39:52 PM
Fake ETH Airdrop:



ETH address
Code:
0xCE07e6D4aDCb3924011fc247C42eB51084207acA

Quote
Whois Record for VitalIk.top
 Domain Profile
Registrant   REDACTED FOR PRIVACY
Registrant Org   Tye Dye Eye
Registrant Country   us
Registrar   Eranet International Limited
IANA ID: 1868
URL: http://www.eranet.com
Whois Server: whois.eranet.com

(p)
Registrar Status   clientTransferProhibited
Dates   5 days old
Created on 2020-07-16
Expires on 2021-07-16
Updated on 2020-07-16   

https://whois.domaintools.com/vitalik.top
legendary
Activity: 2366
Merit: 2054
July 19, 2020, 10:03:07 PM
Fake giveaway cardano and gemini

Code:
https://www.cardano-event.com/



Quote
IP Address: 104.27.128.135
Domain Name: CARDANO-EVENT.COM
Registry Domain ID: 2545876763_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-07-15T23:05:43Z
Creation Date: 2020-07-13T21:13:24Z

Code:
https://geminibtc.net/



Quote
IP Address: 190.115.30.224
Domain Name: GEMINIBTC.NET
Registry Domain ID: 2541998136_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.PublicDomainRegistry.com
Registrar URL: http://www.publicdomainregistry.com
Updated Date: 2020-06-27T00:27:59Z
Creation Date: 2020-06-27T00:27:33Z
legendary
Activity: 2576
Merit: 1655
July 18, 2020, 10:37:52 AM
Another one of Fake Elon Musk giveaway:

Code:
https://muskpromotion.com/

Bitcoin address:
Code:
1MuskJozYFQ56EVxHzg2rcZjPV91QNBH3H

And has scammed a total of 0.00453667 BTC already.



Quote

Registrant   Protection of Private Person
Registrant Country   ru
Registrar   Registrar of domain names REG.RU LLC REGISTRAR OF DOMAIN NAMES REG.RU LLC
IANA ID: 1606
URL: https://www.reg.com,https://www.reg.ru,http://www.reg.ru
Whois Server: whois.reg.com

(p)
Registrar Status   clientTransferProhibited
Dates   57 days old
Created on 2020-05-22
Expires on 2021-05-22
Updated on 2020-05-22
legendary
Activity: 2366
Merit: 2054
July 13, 2020, 07:13:47 PM
Fake ADA Cordano giveaway

Code:
https://event-ada.info
http://ada-cardano.info/



Domain:
Quote
IP Address: 172.67.131.47

Geolocation: US (United States), CA, California, 94107 San Francisco - Google Maps

Reverse DNS entry: not found

Domain Check

Domain Name: event-ada.info

Top Level Domain: INFO (Information)

Domain Name: EVENT-ADA.INFO
Registry Domain ID: D503300001185956611-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2020-07-13T00:45:31Z
Creation Date: 2020-07-13T00:41:40Z
Registry Expiry Date: 2021-07-13T00:41:40Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc



Fake Kanyewest US President Giveaway


Code:
http://kanyebtc.org/



Quote
IP Address: 195.24.68.4

Geolocation: RU (Russian Federation), 48, Moscow City, 101752 Moscow - Google Maps

Reverse DNS: wcarp.hosting.nic.ru

Domain Check

Domain Name: kanyebtc.org

Top Level Domain: ORG (Organization)

Domain Name: KANYEBTC.ORG
Registry Domain ID: D402200000014076562-LROR
Registrar WHOIS Server: https://www.nic.ru/whois
Registrar URL: https://www.nic.ru/whois
Updated Date: 2020-07-09T22:50:25Z
Creation Date: 2020-07-09T22:50:25Z
Registry Expiry Date: 2021-07-09T22:50:25Z
Registrar Registration Expiration Date:
Registrar: Regional Network Information Center, JSC dba RU-CENTER
Registrar IANA ID: 463

Be Aware!
legendary
Activity: 2576
Merit: 1655
July 07, 2020, 01:08:29 PM
Bitcoin doubler:

Please stay away from this site, and don't deposit anything.

Code:
https://bit-airdrop.club/

legendary
Activity: 2366
Merit: 2054
July 06, 2020, 11:29:22 PM
Code:
PHISHING SITE: https://guadra.com/app/create

I found new one, checked using https://dnstwister.report/search?ed=6775617264612e636f

Code:
http://wwwguarda.co/



the relationship of https://www.virustotal.com/gui/ip-address/104.203.20.6/relations



Code:
wwwthetatoken.org



and more...

IP Information

Code:
NetRange: 104.202.0.0 - 104.203.255.255
CIDR: 104.202.0.0/15
NetName: ENZUINC-US-BLK16
NetHandle: NET-104-202-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS18978
Organization: Enzu Inc (ENZUI)
RegDate: 2014-09-09
Updated: 2016-05-24
Comment: --------------------------------
Comment: Enzu Inc.
Comment: 10120 S Eastern Ave
Comment: Suite #248
Comment: Henderson, NV 89052
Comment: https://www.enzu.com
Comment: --------------------------------
Comment: Please send all Abuse, Trademark,
Comment: Legal Compliance, and Law Enforcement
Comment: requests to [email protected]
Ref: https://rdap.arin.net/registry/ip/104.202.0.0
legendary
Activity: 2576
Merit: 1655
July 01, 2020, 11:23:47 AM
Fake https://guarda.co/app/. Look at the spelling and the closeness of the website interface.

Code:
PHISHING SITE: https://guadra.com/app/create



This is the original: https://guarda.co/app/

Fake site domain info:

Quote
Whois Record for GuaDra.com
 Domain Profile
Registrant   WhoisGuard Protected
Registrant Org   WhoisGuard, Inc.
Registrant Country   pa
Registrar   NAMECHEAP INC NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status   addPeriod, clientTransferProhibited
Dates   41 days old
Created on 2020-05-21
Expires on 2021-05-21
Updated on 0000-12-31    
Name Servers   DNS1.NAMECHEAPHOSTING.COM (has 870,791 domains)
DNS2.NAMECHEAPHOSTING.COM (has 870,791 domains)
 
Tech Contact   WhoisGuard Protected
WhoisGuard, Inc.
P.O. Box 0823-03411,
Panama, Panama, pa

(p) (f)
IP Address   198.187.29.150 - 635 other sites hosted on this server
 
IP Location   United States Of America - Georgia - Atlanta - Namecheap Inc.
ASN   United States Of America AS22612 NAMECHEAP-NET, US (registered Jun 21, 2011)
Domain Status   Registered And Active Website

https://whois.domaintools.com/guadra.com
legendary
Activity: 2366
Merit: 2054
June 30, 2020, 08:41:57 PM
Fake or clone Callisto wallet:

Code:
https://clowallet.network/


Same like before, usually scammer using same IP address to make new phishing and scam domain,

https://www.virustotal.com/gui/ip-address/5.45.114.95/relations



see

Code:
etzwallet.net
www.oldetherwallet.com
legendary
Activity: 2576
Merit: 1655
June 27, 2020, 06:51:53 PM
Bitcoin doubler/Ponzi scheme spotted:

Just look at those profits you are going to make in 24-48 hours, Lol. For those newbies, doubler is a scam don't deposit or try it for yourself, not even a small amount.

Code:
https://growbitcoin.co.uk/

legendary
Activity: 2576
Merit: 1655
June 26, 2020, 06:53:33 AM
#99
Fake or clone Callisto wallet:

Code:
https://clowallet.network/



This is the original: https://wallet.callisto.network/

But as you can see, very very similar in terms of look and feel of the original site.
legendary
Activity: 2576
Merit: 1655
June 23, 2020, 06:59:09 PM
#98
New Paxful phishing site:

And there's no such thing as paxful offers, do not enter your credentials here.

Code:
http://paxfuloffers.com/



Original Site: https://paxful.com/
legendary
Activity: 2366
Merit: 2054
June 22, 2020, 11:22:47 PM
#97
^^ And it really reinforced what we have believed in the past, those scammers are really connected to each other and probably colluding with other criminals as well. Cheap domain hosting + parking it for sometime before making their move and then recycle.

Easy way to scammer use cheap provider VPS and make new domain.

like today I found new "Elon musk" again with one IP.

Code:
https://musk-live.com/



https://www.virustotal.com/gui/ip-address/68.183.101.122/relations

Code:
2020-06-21 www.musk-live.com
2020-06-21 www.musk-events.com
2020-06-21 www.elon-live.com
2020-06-20 www.officialelon.com
2020-06-19 www.elonofficial.com
2020-06-15 www.elonmk.com

Scammer made all those phishing only 1 week.
legendary
Activity: 2576
Merit: 1655
June 21, 2020, 06:30:30 PM
#96
^^ And it really reinforced what we have believed in the past, those scammers are really connected to each other and probably colluding with other criminals as well. Cheap domain hosting + parking it for sometime before making their move and then recycle.
legendary
Activity: 2366
Merit: 2054
June 20, 2020, 07:00:51 PM
#95
Be careful with this fake Fusion wallet, don't create or accessed any using this website, they will steal your keys and your crypto.

Code:
https://myfusionwallet.net/


Nice catch, seems That's IP's has another fake/phishing link:

https://www.virustotal.com/gui/ip-address/198.54.120.244/relations



Original Link: https://www.myfusionwallet.com
legendary
Activity: 2576
Merit: 1655
June 20, 2020, 06:14:56 PM
#94
Be careful with this fake Fusion wallet, don't create or accessed any using this website, they will steal your keys and your crypto.

Code:
https://myfusionwallet.net/



Quote
Whois Record for MyFusionWallet.net
How does this work?
 Domain Profile
Registrant   Whois Privacy
Registrant Org   Private by Design, LLC
Registrant Country   us
Registrar   Porkbun LLC
IANA ID: 1861
URL: http://www.porkbun.com,http://porkbun.com
Whois Server: whois.porkbun.com

(p)
Registrar Status   clientDeleteProhibited, clientTransferProhibited
Dates   13 days old
Created on 2020-06-07
Expires on 2021-06-07
Updated on 2020-06-07

https://whois.domaintools.com/myfusionwallet.net
legendary
Activity: 2576
Merit: 1655
June 19, 2020, 05:16:00 PM
#93
Be careful with the following trading platforms, similar themes and UI.

Code:
https://fixxcoin.com/
https://hubcoi.com/
https://hurtrade.com/





legendary
Activity: 2576
Merit: 1655
June 16, 2020, 06:39:33 PM
#92
Fake Jaxx.io website, if you type an extra "x" on it, you might get trap, so just be careful and bookmark as scammers are mostly using this kind of typo squatting attacks.

Code:
http://jaxxx.io/

legendary
Activity: 2576
Merit: 1655
June 07, 2020, 05:44:55 AM
#91
Fake Exodus website, as usual the feel and looks are the same here, you can easily get trick by it if you are not that very careful and it is obvious a phish site, just two days old.

Real website: https://www.exodus.io/

Code:
PHISHING SITE - https://exodus.vc/



Quote
Whois Record for Exodus.vc
How does this work?
 Domain Profile
Registrant Country   br
Registrar   Gandi SAS
IANA ID: 81
URL: http://www.gandi.net
Whois Server: whois.gandi.net

(p)
Registrar Status   addPeriod, clientTransferProhibited, serverTransferProhibited
Dates   2 days old
Created on 2020-06-05
Expires on 2021-06-05
Updated on 2020-06-05

https://whois.domaintools.com/exodus.vc
sr. member
Activity: 616
Merit: 279
June 04, 2020, 03:59:44 AM
#90
It seems the scammers went even further. They created a youtube channel called 'SpaceX Live' where they promote these scams.

There's a live video with SpaceX people talking about the launch: https://www.youtube.com/watch?v=a07f5F-Mcqg
I have reported the video for scams but it seems like it wasn't taken down yet.

Websites:
Code:
https://elonmuskdrop.com/
https://muskbtc.us/

Do NOT send your BTC to these addresses!

https://bitref.com/16V9ozW6499fJWmYebPcpNpq8P1BBbmjdV
https://bitref.com/1SpaceMrzPknno6Bpf3NnvARiRnDrK7Ln
They managed to get some BTC out of idiots after all Grin

Later EDIT: The video was taken down now Smiley
legendary
Activity: 2576
Merit: 1655
June 03, 2020, 06:24:05 AM
#89
Bitcoin double here. Do not send any Bitcoin or Ethereum on this site.

Code:
http://getbtcx.com/btc.html
http://getbtcx.com/eth.html



Pages:
Jump to: