[List] Phishing Cryptocurrency Site - page 11.

Baofeng

legendary

Activity: 2576

Merit: 1655

Fake ETH Airdrop:

ETH address

Code:

0xCE07e6D4aDCb3924011fc247C42eB51084207acA

Quote

Whois Record for VitalIk.top
Domain Profile
Registrant   REDACTED FOR PRIVACY
Registrant Org   Tye Dye Eye
Registrant Country   us
Registrar   Eranet International Limited
IANA ID: 1868
URL: http://www.eranet.com
Whois Server: whois.eranet.com

(p)
Registrar Status   clientTransferProhibited
Dates   5 days old
Created on 2020-07-16
Expires on 2021-07-16
Updated on 2020-07-16

https://whois.domaintools.com/vitalik.top

Chikito

legendary

Activity: 2366

Merit: 2054

Fake giveaway cardano and gemini

Code:

https://www.cardano-event.com/

Quote

IP Address: 104.27.128.135
Domain Name: CARDANO-EVENT.COM
Registry Domain ID: 2545876763_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2020-07-15T23:05:43Z
Creation Date: 2020-07-13T21:13:24Z

Code:

https://geminibtc.net/

Quote

IP Address: 190.115.30.224
Domain Name: GEMINIBTC.NET
Registry Domain ID: 2541998136_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.PublicDomainRegistry.com
Registrar URL: http://www.publicdomainregistry.com
Updated Date: 2020-06-27T00:27:59Z
Creation Date: 2020-06-27T00:27:33Z

Baofeng

legendary

Activity: 2576

Merit: 1655

Another one of Fake Elon Musk giveaway:

Code:

https://muskpromotion.com/

Bitcoin address:

Code:

1MuskJozYFQ56EVxHzg2rcZjPV91QNBH3H

And has scammed a total of 0.00453667 BTC already.

Quote

Registrant   Protection of Private Person
Registrant Country   ru
Registrar   Registrar of domain names REG.RU LLC REGISTRAR OF DOMAIN NAMES REG.RU LLC
IANA ID: 1606
URL: https://www.reg.com,https://www.reg.ru,http://www.reg.ru
Whois Server: whois.reg.com

(p)
Registrar Status   clientTransferProhibited
Dates   57 days old
Created on 2020-05-22
Expires on 2021-05-22
Updated on 2020-05-22

Chikito

legendary

Activity: 2366

Merit: 2054

Fake ADA Cordano giveaway

Code:

https://event-ada.info
http://ada-cardano.info/

Domain:

Quote

IP Address: 172.67.131.47

Geolocation: US (United States), CA, California, 94107 San Francisco - Google Maps

Reverse DNS entry: not found

Domain Check

Domain Name: event-ada.info

Top Level Domain: INFO (Information)

Domain Name: EVENT-ADA.INFO
Registry Domain ID: D503300001185956611-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2020-07-13T00:45:31Z
Creation Date: 2020-07-13T00:41:40Z
Registry Expiry Date: 2021-07-13T00:41:40Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc

Fake Kanyewest US President Giveaway

Code:

http://kanyebtc.org/

Quote

IP Address: 195.24.68.4

Geolocation: RU (Russian Federation), 48, Moscow City, 101752 Moscow - Google Maps

Reverse DNS: wcarp.hosting.nic.ru

Domain Check

Domain Name: kanyebtc.org

Top Level Domain: ORG (Organization)

Domain Name: KANYEBTC.ORG
Registry Domain ID: D402200000014076562-LROR
Registrar WHOIS Server: https://www.nic.ru/whois
Registrar URL: https://www.nic.ru/whois
Updated Date: 2020-07-09T22:50:25Z
Creation Date: 2020-07-09T22:50:25Z
Registry Expiry Date: 2021-07-09T22:50:25Z
Registrar Registration Expiration Date:
Registrar: Regional Network Information Center, JSC dba RU-CENTER
Registrar IANA ID: 463

Be Aware!

Baofeng

legendary

Activity: 2576

Merit: 1655

Bitcoin doubler:

Please stay away from this site, and don't deposit anything.

Code:

https://bit-airdrop.club/

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: Baofeng on July 01, 2020, 11:23:47 AM

Code:

PHISHING SITE: https://guadra.com/app/create

I found new one, checked using https://dnstwister.report/search?ed=6775617264612e636f

Code:

http://wwwguarda.co/

the relationship of https://www.virustotal.com/gui/ip-address/104.203.20.6/relations

Code:

wwwthetatoken.org

and more...

IP Information

Code:

NetRange: 104.202.0.0 - 104.203.255.255
CIDR: 104.202.0.0/15
NetName: ENZUINC-US-BLK16
NetHandle: NET-104-202-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS18978
Organization: Enzu Inc (ENZUI)
RegDate: 2014-09-09
Updated: 2016-05-24
Comment: --------------------------------
Comment: Enzu Inc.
Comment: 10120 S Eastern Ave
Comment: Suite #248
Comment: Henderson, NV 89052
Comment: https://www.enzu.com
Comment: --------------------------------
Comment: Please send all Abuse, Trademark,
Comment: Legal Compliance, and Law Enforcement
Comment: requests to [email protected]
Ref: https://rdap.arin.net/registry/ip/104.202.0.0

Baofeng

legendary

Activity: 2576

Merit: 1655

Fake https://guarda.co/app/. Look at the spelling and the closeness of the website interface.

Code:

PHISHING SITE: https://guadra.com/app/create

This is the original: https://guarda.co/app/

Fake site domain info:

Quote

Whois Record for GuaDra.com
Domain Profile
Registrant   WhoisGuard Protected
Registrant Org   WhoisGuard, Inc.
Registrant Country   pa
Registrar   NAMECHEAP INC NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status   addPeriod, clientTransferProhibited
Dates   41 days old
Created on 2020-05-21
Expires on 2021-05-21
Updated on 0000-12-31
Name Servers   DNS1.NAMECHEAPHOSTING.COM (has 870,791 domains)
DNS2.NAMECHEAPHOSTING.COM (has 870,791 domains)

Tech Contact   WhoisGuard Protected
WhoisGuard, Inc.
P.O. Box 0823-03411,
Panama, Panama, pa

(p) (f)
IP Address   198.187.29.150 - 635 other sites hosted on this server

IP Location   United States Of America - Georgia - Atlanta - Namecheap Inc.
ASN   United States Of America AS22612 NAMECHEAP-NET, US (registered Jun 21, 2011)
Domain Status   Registered And Active Website

https://whois.domaintools.com/guadra.com

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: Baofeng on June 26, 2020, 06:53:33 AM

Fake or clone Callisto wallet:

Code:

https://clowallet.network/

Same like before, usually scammer using same IP address to make new phishing and scam domain,

https://www.virustotal.com/gui/ip-address/5.45.114.95/relations

see

Code:

etzwallet.net
www.oldetherwallet.com

Baofeng

legendary

Activity: 2576

Merit: 1655

Bitcoin doubler/Ponzi scheme spotted:

Just look at those profits you are going to make in 24-48 hours, Lol. For those newbies, doubler is a scam don't deposit or try it for yourself, not even a small amount.

Code:

https://growbitcoin.co.uk/

Baofeng

legendary

Activity: 2576

Merit: 1655

Fake or clone Callisto wallet:

Code:

https://clowallet.network/

This is the original: https://wallet.callisto.network/

But as you can see, very very similar in terms of look and feel of the original site.

Baofeng

legendary

Activity: 2576

Merit: 1655

New Paxful phishing site:

And there's no such thing as paxful offers, do not enter your credentials here.

Code:

http://paxfuloffers.com/

Original Site: https://paxful.com/

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: Baofeng on June 21, 2020, 06:30:30 PM

^^ And it really reinforced what we have believed in the past, those scammers are really connected to each other and probably colluding with other criminals as well. Cheap domain hosting + parking it for sometime before making their move and then recycle.

Easy way to scammer use cheap provider VPS and make new domain.

like today I found new "Elon musk" again with one IP.

Code:

https://musk-live.com/

https://www.virustotal.com/gui/ip-address/68.183.101.122/relations

Code:

2020-06-21 www.musk-live.com
2020-06-21 www.musk-events.com
2020-06-21 www.elon-live.com
2020-06-20 www.officialelon.com
2020-06-19 www.elonofficial.com
2020-06-15 www.elonmk.com

Scammer made all those phishing only 1 week.

Baofeng

legendary

Activity: 2576

Merit: 1655

^^ And it really reinforced what we have believed in the past, those scammers are really connected to each other and probably colluding with other criminals as well. Cheap domain hosting + parking it for sometime before making their move and then recycle.

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: Baofeng on June 20, 2020, 06:14:56 PM

Be careful with this fake Fusion wallet, don't create or accessed any using this website, they will steal your keys and your crypto.

Code:

https://myfusionwallet.net/

Nice catch, seems That's IP's has another fake/phishing link:

https://www.virustotal.com/gui/ip-address/198.54.120.244/relations

Original Link: https://www.myfusionwallet.com

Baofeng

legendary

Activity: 2576

Merit: 1655

Be careful with this fake Fusion wallet, don't create or accessed any using this website, they will steal your keys and your crypto.

Code:

https://myfusionwallet.net/

Quote

Whois Record for MyFusionWallet.net
How does this work?
Domain Profile
Registrant   Whois Privacy
Registrant Org   Private by Design, LLC
Registrant Country   us
Registrar   Porkbun LLC
IANA ID: 1861
URL: http://www.porkbun.com,http://porkbun.com
Whois Server: whois.porkbun.com

(p)
Registrar Status   clientDeleteProhibited, clientTransferProhibited
Dates   13 days old
Created on 2020-06-07
Expires on 2021-06-07
Updated on 2020-06-07

https://whois.domaintools.com/myfusionwallet.net

Baofeng

legendary

Activity: 2576

Merit: 1655

Be careful with the following trading platforms, similar themes and UI.

Code:

https://fixxcoin.com/
https://hubcoi.com/
https://hurtrade.com/

Baofeng

legendary

Activity: 2576

Merit: 1655

Fake Jaxx.io website, if you type an extra "x" on it, you might get trap, so just be careful and bookmark as scammers are mostly using this kind of typo squatting attacks.

Code:

http://jaxxx.io/

Baofeng

legendary

Activity: 2576

Merit: 1655

Fake Exodus website, as usual the feel and looks are the same here, you can easily get trick by it if you are not that very careful and it is obvious a phish site, just two days old.

Real website: https://www.exodus.io/

Code:

PHISHING SITE - https://exodus.vc/

Quote

Whois Record for Exodus.vc
How does this work?
Domain Profile
Registrant Country   br
Registrar   Gandi SAS
IANA ID: 81
URL: http://www.gandi.net
Whois Server: whois.gandi.net

(p)
Registrar Status   addPeriod, clientTransferProhibited, serverTransferProhibited
Dates   2 days old
Created on 2020-06-05
Expires on 2021-06-05
Updated on 2020-06-05

https://whois.domaintools.com/exodus.vc

vlad230

sr. member

Activity: 616

Merit: 279

It seems the scammers went even further. They created a youtube channel called 'SpaceX Live' where they promote these scams.

There's a live video with SpaceX people talking about the launch: https://www.youtube.com/watch?v=a07f5F-Mcqg
I have reported the video for scams but it seems like it wasn't taken down yet.

Websites:

Code:

https://elonmuskdrop.com/
https://muskbtc.us/

Do NOT send your BTC to these addresses!

https://bitref.com/16V9ozW6499fJWmYebPcpNpq8P1BBbmjdV
https://bitref.com/1SpaceMrzPknno6Bpf3NnvARiRnDrK7Ln
They managed to get some BTC out of idiots after all Grin

Later EDIT: The video was taken down now

Baofeng

legendary

Activity: 2576

Merit: 1655

Bitcoin double here. Do not send any Bitcoin or Ethereum on this site.

Code:

http://getbtcx.com/btc.html
http://getbtcx.com/eth.html

Topic: [List] Phishing Cryptocurrency Site - page 11. (Read 11573 times)