Pages:
Author

Topic: [List] Phishing Cryptocurrency Site - page 12. (Read 11586 times)

legendary
Activity: 2576
Merit: 1655
May 30, 2020, 05:33:36 PM
#88
Another fake XRP giveaway:

Code:
https://www.ripple.re/



And this scam cloud mining site, claiming to give exorbitant returns.

Code:
https://miningbase.cloud/

legendary
Activity: 2366
Merit: 2054
May 26, 2020, 06:21:08 AM
#87
Seems, exodus wallet favorite name purpose phishing, be careful always double check before entering.

Code:
http://exodus.com.swtest.ru/bitcoin-wallet.html

Domain information

Code:
IP-Address from DNS Host Lookup: 77.222.40.109

Domain Name: exodus.com.swtest.ru

Top Level Domain: RU (Russian Federation)

Geolocation: RU (Russian Federation), N/A, N/A, N/A N/A - Google Maps

Reverse DNS: vh286.sweb.ru



domain has injected virus

https://www.virustotal.com/gui/ip-address/77.222.40.109/relations


legendary
Activity: 2366
Merit: 2054
May 19, 2020, 07:37:35 AM
#86
This IP address has Alot of fake and Phishing Giveaway

https://www.virustotal.com/gui/ip-address/77.83.173.172/relations
https://www.virustotal.com/gui/ip-address/178.159.42.11/relations

Website:
Code:
www.chambtc.us
www.chambtc.org
www.shrembtc.com
www.steveb.group
www.stevebtc.org
www.brinbtc.net
www.brinbtc.org
www.winkbtc.com
www.robertki.org
www.jackmabtc.com
www.gates.promo
www.xrp.claims
www.xrp.work
www.xrp.group
www.20xrp.tech
www.xrptake.live
www.takexrp.live
www.geteth.live
www.xrpdrop.me
www.xrp20.com
www.20xrp.org
20xrp.org
xrp20.com
xrptop.com
www.20xrp.com
www.topxrp.com
xrpx10.org
xrpreceive.net
awayxrp.net
www.2020xrp.net
www.getxrp.org
2020-01-28
www.claimxrp.net
www.2020xrp.com
claimxrp.net
xrpclaim.org
www.xrpclaim.org
www.receivexrp.com
2020-01-28
receivexrp.com
www.claimxrp.org
www.2020xrp.org
www.ripple.re
www.xrp2020.net
www.myxrp.org
www.xrp2020.org
xrpaway.org
www.xrpaway.org
www.giveawayseptember.com
giveawayseptember.com

Example picture


legendary
Activity: 2366
Merit: 2054
May 17, 2020, 07:00:51 PM
#85
First time that the scammers are using Xiaomi name to create a fake bitcoin giveaway.
Website:
Code:
https://xiaomibtc.com

- Adding more popular name -

Fake popular name Bitcoin give away


IP Address: 77.83.173.172 >> https://www.virustotal.com/gui/ip-address/77.83.173.172/relations

Code:
www.chambtc.org
www.shrembtc.com
www.steveb.group
www.stevebtc.org
www.brinbtc.net





Code:
https://chamath-btc.com

https://www.virustotal.com/gui/ip-address/104.24.108.170/relations





Code:
https://alanbtc.com/

https://www.virustotal.com/gui/ip-address/104.27.183.23/relations





Code:
https://josephbtc.com

https://www.virustotal.com/gui/ip-address/104.18.36.48/relations





Code:
https://fordbtc.org/

https://www.virustotal.com/gui/ip-address/195.24.68.16/relations





Code:
https://telegra.ph/Dave-Ramsey-5000-BTC-Giveaway-05-17





Code:
https://telegra.ph/5000-Bitcoin-Giveaway-05-12





Code:
https://telegra.ph/Tony-Robbins-5000-Bitcoin-Giveaway-Airdrop-05-14





Code:
https://telegra.ph/Steve-Wozniak-Foundation-5000-Bitcoin-Giveaway-Airdrop-05-14-3





Code:
https://bransonbtc.com/





Code:
http://bloombergbtc.net/





...

and many more...

I am just say, Be careful!.

don't send anything!

They don't giveaway Bitcoin.

legendary
Activity: 2576
Merit: 1655
May 17, 2020, 05:09:12 PM
#84
First time that the scammers are using Xiaomi name to create a fake bitcoin giveaway.

Website:
Code:
https://xiaomibtc.com

Bitcoin address of the scammers:
Code:
37KPhFEL1uZqoJBpYq22ZGahaBc23ActpF


legendary
Activity: 2576
Merit: 1655
May 16, 2020, 08:18:14 PM
#83
It's already been blocked by EAL.

And this is the official link: https://www.exodus.io

Code:
exodusupdate.com

legendary
Activity: 2366
Merit: 2054
May 16, 2020, 08:11:08 PM
#82
exodusupdate.com (Found by UnDerDoG81).
Thanks for Information. Look like that site has linking to some other. when I try searching the relationship, I find fake Bitcoin giveaway site.

https://www.virustotal.com/gui/ip-address/199.188.200.50/relations



Another relationship, Maybe Ponzi scheme

Code:
https://crypto-hub.net/
https://www.trade-coins.co/





All related to exodusupdate.com with a same IP address.
staff
Activity: 3500
Merit: 6152
May 16, 2020, 10:18:49 AM
#81
exodusupdate.com (Found by UnDerDoG81).

Domain information:

Code:
Registrar NAMECHEAP INC NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

Registrar Status addPeriod, clientTransferProhibited
Dates 44 days old
Created on 2020-04-02
Expires on 2021-04-02
Updated on 0000-12-31

In addition to reaching out to Exodus support (as mentioned in the ilnk above)... I scanned the .exe and no malware were found, but once I ran the .exe (using Sandboxie), it started downloading other files .vbs and .bat files (which most likely contain malicious code).
legendary
Activity: 2366
Merit: 2054
May 13, 2020, 07:09:59 AM
#80
Be aware fake Steve Wozniak Bitcoin Giveaway

Code:
https://telegra.ph/Steve-Wozniak-Foundation-15000-Bitcoin-Giveaway-Airdrop-05-10
http://wozniakbit.com



scammer wallet https://www.blockchain.com/btc/address/1EQaEux5fu7uTGkrDBR2RRARwbqDFMALPw still empty, no transaction.

Scammer IP relationship https://www.virustotal.com/gui/ip-address/107.150.102.158/relations



Code:
elonhelper.io

Domain/IP Information:

Code:
IP Address: 107.150.102.158
Domain Name: wozniakbit.com
Registry Domain ID: 2524219619_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.eranet.com
Registrar URL: http://www.eranet.com
Updated Date: 2020-05-11T05:58:48Z
Creation Date: 2020-05-10T08:14:42Z
Registry Expiry Date: 2021-05-10T08:14:42Z
Registrar: Eranet International Limited

Always be careful.
legendary
Activity: 2576
Merit: 1655
May 06, 2020, 06:08:10 PM
#79
Here is another bitcoin generator, be careful we are approaching halving, maybe newbies think that they can simply earn free bitcoin.

Code:
http://bitgen.pro/

legendary
Activity: 2366
Merit: 2054
May 05, 2020, 11:03:15 PM
#78
Another Fake ETH giveaway:
Archived: http://web.archive.org/save/https://giveaway.revproject.site/
Code:
IP Address 87.236.16.14

https://www.virustotal.com/gui/ip-address/87.236.16.14/relations



Seem that IP's has relationship with another fake/phising electrum wallet

Code:
http://www.electrumwallet.buzz/#home
http://www.walletelectrum.com/#home

archived1 and archived2



Be careful



Real Electrum is https://electrum.org
legendary
Activity: 2576
Merit: 1655
May 05, 2020, 06:05:01 PM
#77
Another Fake ETH giveaway:



Archived: http://web.archive.org/save/https://giveaway.revproject.site/

Code:
Whois Record for RevProject.site
 Domain Profile
Registrant Org Privacy Protect, LLC (PrivacyProtect.org)
Registrant Country us
Registrar Beget LLC
IANA ID: 3806
URL: https://beget.com
Whois Server: whois.beget.com

(p)
Registrar Status clientTransferProhibited, serverTransferProhibited
Dates 11 days old
Created on 2020-04-24
Expires on 2021-04-24
Updated on 2020-04-29  
Name Servers NS1.BEGET.COM (has 487,825 domains)
NS1.BEGET.PRO (has 91,047 domains)
NS2.BEGET.COM (has 487,825 domains)
NS2.BEGET.PRO (has 91,047 domains)
 
Tech Contact
IP Address 87.236.16.14 - 1,595 other sites hosted on this server[/quote]

http://whois.domaintools.com/revproject.site
legendary
Activity: 2576
Merit: 1655
April 24, 2020, 05:41:42 PM
#76
Obvious fake XRP give-away, using Tumblr as the medium.

Code:
https://aprilcontest.tumblr.com/

legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
April 21, 2020, 07:09:40 PM
#75
Ethereum and Bitcoin generator scammer website. And obviously, the same people are behind.

You know, I almost fell for one of these when I was a newbie. These kind of sites sucker in a lot of unsuspecting people.

I'm busy compiling the scam links in this thread into an adblocker filter.
legendary
Activity: 2366
Merit: 2054
April 21, 2020, 06:50:12 AM
#74
Again, Fake give away by fake Elon musk

Code:
https://promomusk.me/



A hundred transactions appear on the website using this address 1DZrNJ3V38x2VSHVk3yPT5gnyQRVZTujcC are fake, we can see address only have 2 real transactions.
legendary
Activity: 2576
Merit: 1655
April 18, 2020, 09:20:45 AM
#73
Ethereum and Bitcoin generator scammer website. And obviously, the same people are behind.

(1)
Code:
http://ethereum.cryptogenerator.live/



(2)
Code:
http://bitcoin.cryptogenerator.live/



Code:
Domain Profile
Registrant REDACTED FOR PRIVACY
Registrant Org Domain Protection Services, Inc.
Registrant Country us
Registrar Name.com, Inc.
IANA ID: 625
URL: http://www.name.com
Whois Server: whois.name.com

(p)
Registrar Status autoRenewPeriod, clientTransferProhibited
Dates 383 days old
Created on 2019-04-01
Expires on 2021-04-01
Updated on 2020-04-09  
Name Servers NS8255.HOSTGATOR.COM (has 1,843,663 domains)
NS8256.HOSTGATOR.COM (has 1,843,663 domains)
 
Tech Contact REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
(p) (f)
IP Address 91.195.240.94 - 305,971 other sites hosted on this server

http://whois.domaintools.com/cryptogenerator.live
legendary
Activity: 2366
Merit: 2054
April 12, 2020, 07:00:26 PM
#72
Another list of fake giveaways:
Code:
http://ethventure.com/
I found any related fake/phishing same IP : https://www.virustotal.com/gui/ip-address/31.31.196.105/relations
Code:
https://eth-ethereum.ltd/
www.bitkoinproject.ru





Code:
https://ethdrop.me/
related IP > https://www.virustotal.com/gui/ip-address/104.28.29.108/relations
Code:
http://wordcoin.online


We should ve careful and please report it > https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
legendary
Activity: 2576
Merit: 1655
April 12, 2020, 05:28:17 AM
#71
Another list of fake giveaways:

Code:
http://ethventure.com/



Code:
Whois Record for EthVenture.com
 Domain Profile
IP Address 31.31.196.105 - 528 other sites hosted on this server
 
IP Location Russian Federation - Moskva - Moscow - Domain Names Registrar Reg.ru Ltd
ASN Russian Federation AS197695 (registered Mar 28, 2011)
Domain Status Registered And Active Website
IP History 9 changes on 9 unique IP addresses over 2 years  
Registrar History 2 registrars with 1 drop  
Hosting History 7 changes on 7 unique name servers over 3 years Hosting History

http://whois.domaintools.com/ethventure.com



Code:
https://ethdrop.me/



Code:
Whois Record for EthDrop.me
 Domain Profile
Registrant Org WhoisGuard, Inc.
Registrant Country pa
Registrar NameCheap, Inc.
IANA ID: 1068
URL: www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status clientTransferProhibited, serverTransferProhibited
Dates 8 days old
Created on 2020-04-04
Expires on 2021-04-04
Updated on 2020-04-09  
Name Servers IGNAT.NS.CLOUDFLARE.COM (has 22,166,372 domains)
KINSLEY.NS.CLOUDFLARE.COM (has 22,166,372 domains)

http://whois.domaintools.com/ethdrop.me
legendary
Activity: 2366
Merit: 2054
April 03, 2020, 01:55:08 AM
#70
Fake/Phishing Binance Promo Give away

Code:
http://binancepromo.com/



IP Address: 108.168.157.70
Detected as Malicious > https://www.virustotal.com/gui/ip-address/108.168.157.70/detection



Be careful..
legendary
Activity: 2366
Merit: 2054
April 01, 2020, 07:07:16 AM
#69
I also try to find the registered company, but so far I didn't get a hit so obviously, they wanted to look legit by having a company number but its all fake.
Code:
https://crypto-crown.ltd/
https://www.virustotal.com/gui/ip-address/193.233.15.195/relations
IP address 193.233.15.0
using Smart Telecom S.A.R.L office at Beirut > https://www.ripe.net/membership/indices/data/lb.smarttelecom.html

I am try to look up that's IP > https://ipinfo.io/AS51558, Still not find company name. just country, i am not sure about it.
https://ipinfo.io/193.233.15.195
Code:
City Cascade
Region Cascade
Coordinates -4.6667,55.5000
Timezone Indian/Mahe
Local Time April 01, 2020 | 04:02 PM
Country Seychelles
Pages:
Jump to: