Pages:
Author

Topic: [List] Phishing Cryptocurrency Site - page 14. (Read 11586 times)

legendary
Activity: 2366
Merit: 2054
February 09, 2020, 10:52:31 PM
#48
Code:
 https://earn2xethnow.com/ 

Seems that's IP have flagged, all domain as fake ethereum giveaway

https://www.virustotal.com/gui/ip-address/81.16.29.111/relations

Code:
real2xeth.com
www.real2xeth.com
earn2xethnow.com
www.earn2xethnow.com
earn2xeth.com
www.earn2xeth.com
www.get2xeth.com
get2xeth.com
www.2xeth.com
2xeth.com
www.tokenieonow.com
tokenieonow.com
ethdoublerplus.com
my2xcrypto.com
www.freexrpnow.com
freexrpnow.com
instant2xeth.com
www.instant2xeth.com
eth2x.me
www.eth2x.me
ethdoublernow.com
www.2xeth.me
2xeth.me
www.ethdoublernow.com
ethdoublernow.me
www.ethdoublerplus.com
www.ethdoublernow.me
ethdoubler.me
www.ethdoubler.me
programaemnuvem.com

Domain and IP's Information

Code:
IP Address: 81.16.29.111
Domain Name: EARN2XETHNOW.COM
Registry Domain ID: 2484433653_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.hostinger.com
Registrar URL: http://www.hostinger.com
Updated Date: 2020-01-25T12:14:45Z
Creation Date: 2020-01-25T12:14:44Z
Registry Expiry Date: 2021-01-25T12:14:44Z
legendary
Activity: 2576
Merit: 1655
February 09, 2020, 06:49:26 PM
#47
Kindly add:

Code:
 https://earn2xethnow.com/ 

legendary
Activity: 2576
Merit: 1655
February 02, 2020, 05:17:59 AM
#46
Eventhough Elon Musk has shown his true colors about bitcoin, cyber criminals are still using his name:

Code:
https://musk.bet/





Code:
https://teslagive.vip/



Edit: Another LBC Phished site:

Code:
https://localbitcoins.name/



Quote
Registrant    REDACTED FOR PRIVACY
Registrant Org    REDACTED FOR PRIVACY
Registrant Country    ru
Registrar    1API GmbH
IANA ID: 1387
URL: http://www.1api.net
Whois Server: whois.1api.net

(p)
Registrar Status    clientTransferProhibited
Dates    7 days old
Created on 2020-01-26
Expires on 2021-01-26
Updated on 2020-01-26
Name Servers    NS3.CNMSN.COM (has 7,009 domains)
NS4.CNMSN.COM (has 7,009 domains)
   
Reverse NS   
Tech Contact    REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
IP Address    185.178.208.178 - 20 other sites hosted on this server     

http://whois.domaintools.com/localbitcoins.name
legendary
Activity: 2366
Merit: 2054
January 29, 2020, 06:17:38 PM
#45
Warning phishing mixing service

Fake:
Code:
smatmixer.io
Code:
https://smatmixer.io/en/start-mixing.html

Picture



Domain Information:
Code:
IP Address: 104.27.149.87
Domain Name: SMATMIXER.IO
Registry Domain ID: D503300001182847933-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2020-01-16T14:38:51Z
Creation Date: 2020-01-15T02:06:07Z
Registry Expiry Date: 2021-01-15T02:06:07Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068

We should careful, double-check your written before action.

Real Website: https://smartmixer.io
legendary
Activity: 2366
Merit: 2054
January 21, 2020, 05:45:30 AM
#44
Code:
 FAKE PHISHING SITE: https://lrezor.io/ 
Thanks for added.
look like this domain has connected malicius keylogger too.
https://www.virustotal.com/gui/ip-address/104.31.68.49/relations



We should be careful that's Ip address and domain to not download file from untrusted source.



Also, Official trezor has an announcement about "the fake Trezor Wallet beta-testing application form circulating in Telegram being spread by accounts pretending to be Trezor team members."
https://twitter.com/Trezor/status/1218179757847797760
legendary
Activity: 2576
Merit: 1655
January 21, 2020, 12:19:08 AM
#43
Very clever,  Cheesy

Code:
 FAKE PHISHING SITE: https://lrezor.io/ 

If you mistype or didn't see the mis spelling, I'm sure you will fall for the trap.



Archive: http://web.archive.org/save/https://lrezor.io/
legendary
Activity: 2576
Merit: 1655
January 19, 2020, 01:35:29 AM
#42
Criminals are not resting, and so are we:



Code:
 https://muskgiveaway.com/ 



Code:
 https://elongive.live/ 

Kindly help me report this sites, thanks again.
legendary
Activity: 2366
Merit: 2054
January 11, 2020, 06:38:38 AM
#41
Find more Phishing like this

be carefull do not click this link

Code:
http://newcryptogift.com/
http://finalgiveaway.com



Don't deposit anything. this is 100% scam, will steal your money.

and same like this

Code:
https://elongive.net
http://musk.blog
http://musk.group/



Elon musk never gives away cryptocurrency.

When you find like those phishing, please report into: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
sr. member
Activity: 826
Merit: 250
CryptoTalk.Org - Get Paid for every Post!
January 01, 2020, 12:33:28 PM
#40
Beginners and newbie on the cryptocurrency world should be careful about the phishing website. A lot of Scammers out there used a fake website to steal your Bitcoin.

Read 5 Ways to Identify a Phishing Website and Read [GUIDE] Use this for identifying Scam/Phishing Websites & Exchanges in Crypto

On this thread, I want to share what I found out there.

1. Phishing exodus website: //exodlus.io
original: https://exodus.io/

Look screenshot here ;


Code:
Network
185.212.130.0/24 (AS200313 INTERNET-IT, NL)
Whois
Domain Name: EXODLUS.IO
Registry Domain ID: D503300001182128865-LRMS
Registrar WHOIS Server:
Registrar URL: http://www.epag.de
Updated Date:
Creation Date: 2019-10-29T20:14:17Z
Registry Expiry Date: 2020-10-29T20:14:17Z

When scanning virus total has warned:
https://www.virustotal.com/gui/url/8bb6a4ef386b9c29d2cc00509aa3a44ec7d7dbf792f057074ad0ec471d8611e9/detection
BitDefender-Phishing

Flagged Ip address 185.212.130.65

Related IP

Look This fake  site using same IP address :
Quote
electum.org
litecoln.org
bitcolncore.org
guimlner.org
minergate.ru.com
nvldia.ru
monnero.org

2. Fake electrum site : electum.org



3. Fake litecoin site : litecoln.org



4. Fake Bitcoincore site: bitcolncore.org


5. Phising Localbitcoins

6. Phishing Blockchain.info

I will update this thread when I found another phishing.

so usefull thread, phising web very harmful. such you said above many phising website and on of them is myetherwallet
honestly, i have experienced phising in myetherwallet. i am forgot how i can go to for phising web then suddenly i lose all my token in myetherwallet
so sad about that. so from that case i always to bookmark all important address



hero member
Activity: 2632
Merit: 833
December 31, 2019, 11:39:07 PM
#39
I found this fake ETH giveaway:

Code:
https://eth-giveout.com/



Scammers ETH:
Code:
0xB5c06ce49d0C63211E5d335Cf42ecdA5C3f30D8a

Code:
IP Address: 162.241.217.210 - 1,641 other sites hosted on this server
IP Location: United States - Utah - Provo - Unified Layer
ASN:          United States AS46606 UNIFIEDLAYER-AS-1 - Unified Layer, US (registered Oct 24, 2008)
Domain Status: Registered And Active Website
IP History: 2 changes on 2 unique IP addresses over 0 years

https://www.virustotal.com/gui/ip-address/162.241.217.210/relations

legendary
Activity: 2366
Merit: 2054
December 29, 2019, 07:03:12 PM
#38
Warning BTC and eth give away, sending your fund first for receipt 100x BTC and eth.

Code:
http://btcandeth.com/
http://btcethgift.com/




Domain information
Code:
IP Address: 185.174.174.220
Geolocation: UA (Ukraine)
Domain Name: BTCETHGIFT.COM
Registry Domain ID: 2429780829_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2019-09-04T00:45:50Z
Creation Date: 2019-09-04T00:45:50Z
Registry Expiry Date: 2020-09-04T00:45:50Z

It's really fake, don't send your Bitcoin. They will be scamming you.
legendary
Activity: 2366
Merit: 2054
December 14, 2019, 09:30:01 PM
#37
Fake Give away Bitcoin and Ethereum

Code:
http://elonmuskgo.com/

Be aware scammer use fake medium Elon musk to give away Bitcoin and ethereum



The link will direct you to send BTC and ETH to get 10X, this is fake and potential scam.





https://www.virustotal.com/gui/url/4539c3892433c86efa77b48f6ad88f48c696ee970983aa14ad6439328d7a09ba/detection

Code:
IP Address: 195.24.68.21
Domain Name: ELONMUSKGO.COM
Registry Domain ID: 2467017887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.nic.ru
Registrar URL: http://nic.ru
Updated Date: 2019-12-14T11:35:06Z
Creation Date: 2019-12-14T11:35:04Z
Registry Expiry Date: 2020-12-14T11:35:04Z
Registrar: Regional Network Information Center, JSC dba RU-CENTER

Let's see related IP
https://www.virustotal.com/gui/ip-address/195.24.68.21/relations



Be careful Elon musk never give away cryptocurrency
legendary
Activity: 2366
Merit: 2054
November 26, 2019, 06:39:00 AM
#36
Phishing Blockchain.com

Code:
https://login-blockchajn.com



Domain Information:
Code:
IP Address: 103.16.228.163
Geolocation: HK (Hong Kong)
Domain Name: LOGIN-BLOCKCHAJN.COM
Registry Domain ID: 2443618596_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.registrar.eu
Registrar URL: http://www.openprovider.com
Updated Date: 2019-10-14T18:32:52Z
Creation Date: 2019-10-14T18:32:46Z
Registry Expiry Date: 2020-10-14T18:32:46Z
Registrar: Hosting Concepts B.V. d/b/a Openprovider
Registrar IANA ID: 1647

https://www.virustotal.com/gui/url/06326ba8493ba4efae4856518c627a5128642773dde28b14ede3b3f78603a17c/detection

BitDefender-Phishing
CLEAN MX-Phishing

Be Careful
legendary
Activity: 2366
Merit: 2054
November 22, 2019, 01:54:10 AM
#35
This IP 149.129.176.152 have Multi Phising site cryptocurrency : Trezor, ledger, etc

https://www.virustotal.com/gui/ip-address/149.129.176.152/relations

Code:
www.treezor.io
www.trezor.promo
leedger.info
www.tlezor.io
www.trrezor.io
www.exodus.ws
www.exodus.bet

Example :
Code:
treezor.io

https://www.virustotal.com/gui/url/8739ebbfb4442de492fa5b0328f179a81dde142609eef9e8ecd1028f4b3116d0/detection

BitDefender
Phishing
ESET
Phishing
Fortinet
Phishing
G-Data
Phishing
Sophos AV
Malicious

I thing the scammer Will continue to make phishing site using that IP, be carefull nobsss..
legendary
Activity: 2366
Merit: 2054
November 16, 2019, 08:11:18 AM
#34
Let's see how Scammer manipulated MyEtherWallet
Code:
http://muetherewallet.com/
http://myeiherwollet.com/
http://myentervallet.com/
http://myelhereswallet.com/
http://myeitnerwaliet.com/
http://myethereswallets.com/
http://myehtervallet.com/
http://myelherewallets.com/
http://rnyethereswallet.com/
http://myelherewallut.com/

https://www.virustotal.com/gui/url/37c0a2a5637bb8281cc9380521a05a71e8df0fc8145369a90abd4fb76a1605af/detection
https://www.virustotal.com/gui/url/a33df647cffe55ad19f68768b5b7b405dc1b1dd0c49304e2d341ff364970e3e2/detection
https://www.virustotal.com/gui/url/af3748494186d8324bbb2e27efddc7d6f88f31b3bc5a464f8592b2e594721745/detection
https://www.virustotal.com/gui/url/3f29d61018c75517c59473a1d2542b699ee68a19f612c28a965032b5566eba03/detection
https://www.virustotal.com/gui/url/3fe9099a684ef833a09fc72dfe23ba2ce7ae7770f58c97301a373816497418b9/detection
https://www.virustotal.com/gui/url/637b8188d639b613d3c553413e7f62ed8cec8e689d4cfefcd7527007292eb93b/detection
https://www.virustotal.com/gui/url/3fd3fc809e360bec502f6fbfe08d6a1e837357cffd2d5f0706a167df966c8d53/detection
https://www.virustotal.com/gui/url/64bef2b379158dd717f86ce9f2bff6ba473c16dada47819290a076b9931407d2/detection
https://www.virustotal.com/gui/url/dd1b7ce1a738d1b96859bdcf6c5dd692db5387c0c43ccabcf705050307e009d7/detection
https://www.virustotal.com/gui/url/191abfdf5f38b48af58b30f0d7547d7205f8c896b0881d661fdf90a4ce919518/detection

One of them still make the offering



Newbie and beginner must far away from those sites, they will be stolen your money
legendary
Activity: 2366
Merit: 2054
November 14, 2019, 09:52:03 PM
#33
Real Website: https://exmo.com/

Phishing website
Code:
https://exmo.me/



Real Website: https://exmo.com/

Code:
Domain Name: EXMO.COM
Registry Domain ID: 92842160_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.internet.bs
Registrar URL: http://www.internet.bs
Updated Date: 2017-11-14T10:53:38Z
Creation Date: 2002-12-05T06:16:28Z
Registry Expiry Date: 2021-12-05T06:16:28Z
Registrar: Internet Domain Service BS Corp
Registrar IANA ID: 2487

Phishing website

Code:
Domain Name: EXMO.ME
Registry Domain ID: D108500000015705565-AGRS
Registrar WHOIS Server:
Registrar URL: www.tldregistrarsolutions.com
Updated Date: 2017-09-18T14:32:13Z
Creation Date: 2015-04-05T10:07:04Z
Registry Expiry Date: 2020-04-05T10:07:04Z
Registrar Registration Expiration Date:
Registrar: TLD Registrar Solutions Ltd.
Registrar IANA ID: 1564

https://www.virustotal.com/gui/url/a7c9f98d3cf4a248bdaf05a6d0461f5ef85bdd2d33d89a47f134c602a13d105b/detection



Be Careful Noobs
legendary
Activity: 2366
Merit: 2054
November 08, 2019, 01:01:23 AM
#32
Found this
Original site : https://bittab.io/
Fake  webite : //bittab.org/

Code:
Domain Name: BITTAB.IO
Registry Domain ID: D503300000064550605-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2019-01-11T12:36:34Z
Creation Date: 2018-02-10T16:02:51Z
Registry Expiry Date: 2020-02-10T16:02:51Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068

Code:
Domain Name: BITTAB.ORG
Registry Domain ID: D402200000011818438-LROR
Registrar WHOIS Server: whois.reg.com
Registrar URL: http://www.reg.com
Updated Date: 2019-11-05T15:07:04Z
Creation Date: 2019-11-05T15:07:01Z
Registry Expiry Date: 2020-11-05T15:07:01Z
Registrar Registration Expiration Date:
Registrar: Registrar of Domain Names REG.RU LLC
Registrar IANA ID: 1606



Be careful No different with original website
hero member
Activity: 1132
Merit: 536
November 07, 2019, 05:56:51 AM
#31
>>> Help me to report IP address: 185.212.130.65 because always make the phishing site

https://www.virustotal.com/gui/ip-address/185.212.130.65/relations

....

Scammer every day makes phishing like atomicwalet.com, locaibitcolns.com, litecoln.org, exodlus.io, etc.

I did report and need more people here to report those IP.

Thanks.
 


Netherlands DCs won't care much about content on their servers, they are famous in this field since the beginning,
I had build a case against someone using their servers to make DDoS attacks in very big scales but they didn't even replied emails and court simply closed the case  Cheesy Cheesy

reporting those IPs might help other services take action in sending warning messages to their users, but if you are trying to report them to bring those IPs or servers down, you won't face any success easily
legendary
Activity: 2366
Merit: 2054
November 05, 2019, 11:39:01 PM
#30
>>> Help me to report IP address: 185.212.130.65 because always make the phishing site

https://www.virustotal.com/gui/ip-address/185.212.130.65/relations

Code:
2019-11-06-exodlus.io
2019-11-06-iocabitcoins.net
2019-11-06-iliocalbitcoins.net
2019-11-05-locabicoins.net
2019-11-05-localbiicoins.net
2019-11-05-litecoln.org
2019-11-05-localibitcoins.ru.com
2019-11-05-localbitcolins.net
2019-11-04-atomicwalet.com
2019-11-04-www.exodlus.com
2019-11-04-exodlus.com
2019-11-04-llocalbitcoins.net
2019-11-04-liocalbitcoins.net
2019-11-04-localbitcoinis.net
2019-11-04-loca1bitcoins.net
2019-11-04-ilocalbitcoins.net
2019-11-04-locaibitcolns.com
2019-11-04-iocalbitcoins.net
2019-11-04-loca1bitcoins.com
2019-11-04-iocalblitcoins.net
2019-11-04-iocalbicoins.net
2019-11-04-www.monnero.org
2019-11-04-www.electum.org
2019-10-27-localbitcolns.org
2019-10-27-localbitcoln.ru
2019-10-27-nicelhash.com



Scammer every day makes phishing like atomicwalet.com, locaibitcolns.com, litecoln.org, exodlus.io, etc.

I did report and need more people here to report those IP.

Thanks.
 
legendary
Activity: 2366
Merit: 2054
November 03, 2019, 11:13:00 PM
#29
Phishing exodus wallet site:
Code:
//exodlus.io
Found another fake exodus :
Code:
//exodlus.com


https://www.virustotal.com/gui/url/0b7e767c5b2ee3a3a69e4c84711609fef7d842fc2da926a3e63e4081f9ff02d3/detection

Scanned and nothing virus on site

What the different?

Let's check domain information

Fake - Domain EXODLUS.COM info

Code:
Domain name: EXODLUS.COM
Registry Domain ID: 2450282733_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2019-11-01T01:06:17Z
Creation Date: 2019-11-01T01:06:16Z
Registrar Registration Expiration Date: 2020-11-01T01:06:16Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +7.4955801111
Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registrant ID:
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: [email protected]
Admin ID:
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: [email protected]
Tech ID:
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: [email protected]
Name Server: ns1.reg.ru
Name Server: ns2.reg.ru
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2019.11.03T15:05:23Z <<<

Fake - Domain EXODLUS.IO info

Code:
Domain Name: EXODLUS.IO
Registry Domain ID: D503300001182128865-LRMS
Registrar WHOIS Server:
Registrar URL: http://www.epag.de
Updated Date:
Creation Date: 2019-10-29T20:14:17Z
Registry Expiry Date: 2020-10-29T20:14:17Z
Registrar Registration Expiration Date:
Registrar: EPAG Domainservices GmbH
Registrar IANA ID: 85
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registrant Organization:
Registrant State/Province:
Registrant Country: CA
Name Server: NS1.REG.RU
Name Server: NS2.REG.RU
DNSSEC: unsigned

Real Exodus.io Info

Code:
Domain Name: EXODUS.IO
Registry Domain ID: D503300000040368494-LRMS
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2019-09-30T21:21:05Z
Creation Date: 2015-04-06T04:48:53Z
Registry Expiry Date: 2024-04-06T04:48:53Z
Registrar Registration Expiration Date:
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Registrant Organization: WhoisGuard, Inc.
Registrant State/Province: Panama
Registrant Country: PA
Name Server: JESSICA.NS.CLOUDFLARE.COM
Name Server: FRANK.NS.CLOUDFLARE.COM
DNSSEC: unsigned



The newbie must be careful about giveaway like this site:

Code:
//freebtceth.com
//btcandeth.com
//bakkt-gift.info

Those aren't given away BTC and ETH, you will get the virus and scammed.

https://www.virustotal.com/gui/url/ad081ab0ad668b09021d22fbc91ce363c57b924bb1f25ea9ceacd59c83762030/detection
https://www.virustotal.com/gui/url/eb5e8d1cd0d0e6b364a80f08a9cae10b4bfe012de46425b7e740bff2cc75fb9d/detection
https://www.virustotal.com/gui/url/eed4f52ce1ad8da6f40e6f2cd34f49bc0e3728403112c38645da87682dbe2ae2/detection
Pages:
Jump to: