[List] Phishing Cryptocurrency Site - page 14.

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: Baofeng on February 09, 2020, 07:49:26 PM

Code:

https://earn2xethnow.com/

Seems that's IP have flagged, all domain as fake ethereum giveaway

https://www.virustotal.com/gui/ip-address/81.16.29.111/relations

Code:

real2xeth.com
www.real2xeth.com
earn2xethnow.com
www.earn2xethnow.com
earn2xeth.com
www.earn2xeth.com
www.get2xeth.com
get2xeth.com
www.2xeth.com
2xeth.com
www.tokenieonow.com
tokenieonow.com
ethdoublerplus.com
my2xcrypto.com
www.freexrpnow.com
freexrpnow.com
instant2xeth.com
www.instant2xeth.com
eth2x.me
www.eth2x.me
ethdoublernow.com
www.2xeth.me
2xeth.me
www.ethdoublernow.com
ethdoublernow.me
www.ethdoublerplus.com
www.ethdoublernow.me
ethdoubler.me
www.ethdoubler.me
programaemnuvem.com

Domain and IP's Information

Code:

IP Address: 81.16.29.111
Domain Name: EARN2XETHNOW.COM
Registry Domain ID: 2484433653_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.hostinger.com
Registrar URL: http://www.hostinger.com
Updated Date: 2020-01-25T12:14:45Z
Creation Date: 2020-01-25T12:14:44Z
Registry Expiry Date: 2021-01-25T12:14:44Z

Baofeng

legendary

Activity: 2576

Merit: 1655

Kindly add:

Code:

https://earn2xethnow.com/

Baofeng

legendary

Activity: 2576

Merit: 1655

Eventhough Elon Musk has shown his true colors about bitcoin, cyber criminals are still using his name:

Code:

https://musk.bet/

Code:

https://teslagive.vip/

Edit: Another LBC Phished site:

Code:

https://localbitcoins.name/

Quote

Registrant    REDACTED FOR PRIVACY
Registrant Org    REDACTED FOR PRIVACY
Registrant Country    ru
Registrar    1API GmbH
IANA ID: 1387
URL: http://www.1api.net
Whois Server: whois.1api.net

(p)
Registrar Status    clientTransferProhibited
Dates    7 days old
Created on 2020-01-26
Expires on 2021-01-26
Updated on 2020-01-26
Name Servers    NS3.CNMSN.COM (has 7,009 domains)
NS4.CNMSN.COM (has 7,009 domains)

Reverse NS
Tech Contact    REDACTED FOR PRIVACY
REDACTED FOR PRIVACY,
REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY, REDACTED FOR PRIVACY
IP Address    185.178.208.178 - 20 other sites hosted on this server

http://whois.domaintools.com/localbitcoins.name

Chikito

legendary

Activity: 2366

Merit: 2054

Warning phishing mixing service

Fake:

Code:

smatmixer.io

Code:

https://smatmixer.io/en/start-mixing.html

Picture

Domain Information:

Code:

IP Address: 104.27.149.87
Domain Name: SMATMIXER.IO
Registry Domain ID: D503300001182847933-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2020-01-16T14:38:51Z
Creation Date: 2020-01-15T02:06:07Z
Registry Expiry Date: 2021-01-15T02:06:07Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068

We should careful, double-check your written before action.

Real Website: https://smartmixer.io

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: Baofeng on January 21, 2020, 01:19:08 AM

Code:

FAKE PHISHING SITE: https://lrezor.io/

Thanks for added.
look like this domain has connected malicius keylogger too.
https://www.virustotal.com/gui/ip-address/104.31.68.49/relations

We should be careful that's Ip address and domain to not download file from untrusted source.

Also, Official trezor has an announcement about "the fake Trezor Wallet beta-testing application form circulating in Telegram being spread by accounts pretending to be Trezor team members."
https://twitter.com/Trezor/status/1218179757847797760

Baofeng

legendary

Activity: 2576

Merit: 1655

Very clever, Cheesy

Code:

FAKE PHISHING SITE: https://lrezor.io/

If you mistype or didn't see the mis spelling, I'm sure you will fall for the trap.

Archive: http://web.archive.org/save/https://lrezor.io/

Baofeng

legendary

Activity: 2576

Merit: 1655

Criminals are not resting, and so are we:

Code:

https://muskgiveaway.com/

Code:

https://elongive.live/

Kindly help me report this sites, thanks again.

Chikito

legendary

Activity: 2366

Merit: 2054

Find more Phishing like this

be carefull do not click this link

Code:

http://newcryptogift.com/
http://finalgiveaway.com

Don't deposit anything. this is 100% scam, will steal your money.

and same like this

Code:

https://elongive.net
http://musk.blog
http://musk.group/

Elon musk never gives away cryptocurrency.

When you find like those phishing, please report into: https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

Jiyens3

sr. member

Activity: 826

Merit: 250

CryptoTalk.Org - Get Paid for every Post!

Quote from: Chikito on October 29, 2019, 09:50:14 PM

Beginners and newbie on the cryptocurrency world should be careful about the phishing website. A lot of Scammers out there used a fake website to steal your Bitcoin.

Read 5 Ways to Identify a Phishing Website and Read [GUIDE] Use this for identifying Scam/Phishing Websites & Exchanges in Crypto

On this thread, I want to share what I found out there.

1. Phishing exodus website: //exodlus.io
original: https://exodus.io/

Look screenshot here ;

Code:

Network
185.212.130.0/24 (AS200313 INTERNET-IT, NL)
Whois
Domain Name: EXODLUS.IO
Registry Domain ID: D503300001182128865-LRMS
Registrar WHOIS Server:
Registrar URL: http://www.epag.de
Updated Date:
Creation Date: 2019-10-29T20:14:17Z
Registry Expiry Date: 2020-10-29T20:14:17Z

When scanning virus total has warned:
https://www.virustotal.com/gui/url/8bb6a4ef386b9c29d2cc00509aa3a44ec7d7dbf792f057074ad0ec471d8611e9/detection
BitDefender-Phishing

Flagged Ip address 185.212.130.65

Related IP

Look This fake site using same IP address :

Quote

electum.org
litecoln.org
bitcolncore.org
guimlner.org
minergate.ru.com
nvldia.ru
monnero.org

2. Fake electrum site : electum.org

3. Fake litecoin site : litecoln.org

4. Fake Bitcoincore site: bitcolncore.org

5. Phising Localbitcoins

6. Phishing Blockchain.info

I will update this thread when I found another phishing.

so usefull thread, phising web very harmful. such you said above many phising website and on of them is myetherwallet
honestly, i have experienced phising in myetherwallet. i am forgot how i can go to for phising web then suddenly i lose all my token in myetherwallet
so sad about that. so from that case i always to bookmark all important address

TravelMug

hero member

Activity: 2632

Merit: 833

I found this fake ETH giveaway:

Code:

https://eth-giveout.com/

Scammers ETH:

Code:

0xB5c06ce49d0C63211E5d335Cf42ecdA5C3f30D8a

Code:

IP Address: 162.241.217.210 - 1,641 other sites hosted on this server
IP Location: United States - Utah - Provo - Unified Layer
ASN: United States AS46606 UNIFIEDLAYER-AS-1 - Unified Layer, US (registered Oct 24, 2008)
Domain Status: Registered And Active Website
IP History: 2 changes on 2 unique IP addresses over 0 years

https://www.virustotal.com/gui/ip-address/162.241.217.210/relations

Chikito

legendary

Activity: 2366

Merit: 2054

Warning BTC and eth give away, sending your fund first for receipt 100x BTC and eth.

Code:

http://btcandeth.com/
http://btcethgift.com/

Domain information

Code:

IP Address: 185.174.174.220
Geolocation: UA (Ukraine)
Domain Name: BTCETHGIFT.COM
Registry Domain ID: 2429780829_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2019-09-04T00:45:50Z
Creation Date: 2019-09-04T00:45:50Z
Registry Expiry Date: 2020-09-04T00:45:50Z

It's really fake, don't send your Bitcoin. They will be scamming you.

Chikito

legendary

Activity: 2366

Merit: 2054

Fake Give away Bitcoin and Ethereum

Code:

http://elonmuskgo.com/

Be aware scammer use fake medium Elon musk to give away Bitcoin and ethereum

The link will direct you to send BTC and ETH to get 10X, this is fake and potential scam.

https://www.virustotal.com/gui/url/4539c3892433c86efa77b48f6ad88f48c696ee970983aa14ad6439328d7a09ba/detection

Code:

IP Address: 195.24.68.21
Domain Name: ELONMUSKGO.COM
Registry Domain ID: 2467017887_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.nic.ru
Registrar URL: http://nic.ru
Updated Date: 2019-12-14T11:35:06Z
Creation Date: 2019-12-14T11:35:04Z
Registry Expiry Date: 2020-12-14T11:35:04Z
Registrar: Regional Network Information Center, JSC dba RU-CENTER

Be careful Elon musk never give away cryptocurrency

Chikito

legendary

Activity: 2366

Merit: 2054

Phishing Blockchain.com

Code:

https://login-blockchajn.com

Domain Information:

Code:

IP Address: 103.16.228.163
Geolocation: HK (Hong Kong)
Domain Name: LOGIN-BLOCKCHAJN.COM
Registry Domain ID: 2443618596_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.registrar.eu
Registrar URL: http://www.openprovider.com
Updated Date: 2019-10-14T18:32:52Z
Creation Date: 2019-10-14T18:32:46Z
Registry Expiry Date: 2020-10-14T18:32:46Z
Registrar: Hosting Concepts B.V. d/b/a Openprovider
Registrar IANA ID: 1647

https://www.virustotal.com/gui/url/06326ba8493ba4efae4856518c627a5128642773dde28b14ede3b3f78603a17c/detection

BitDefender-Phishing
CLEAN MX-Phishing

Be Careful

Chikito

legendary

Activity: 2366

Merit: 2054

This IP 149.129.176.152 have Multi Phising site cryptocurrency : Trezor, ledger, etc

https://www.virustotal.com/gui/ip-address/149.129.176.152/relations

Code:

www.treezor.io
www.trezor.promo
leedger.info
www.tlezor.io
www.trrezor.io
www.exodus.ws
www.exodus.bet

Example :

Code:

treezor.io

https://www.virustotal.com/gui/url/8739ebbfb4442de492fa5b0328f179a81dde142609eef9e8ecd1028f4b3116d0/detection

BitDefender
Phishing
ESET
Phishing
Fortinet
Phishing
G-Data
Phishing
Sophos AV
Malicious

I thing the scammer Will continue to make phishing site using that IP, be carefull nobsss..

Chikito

legendary

Activity: 2366

Merit: 2054

Let's see how Scammer manipulated MyEtherWallet

Code:

http://muetherewallet.com/
http://myeiherwollet.com/
http://myentervallet.com/
http://myelhereswallet.com/
http://myeitnerwaliet.com/
http://myethereswallets.com/
http://myehtervallet.com/
http://myelherewallets.com/
http://rnyethereswallet.com/
http://myelherewallut.com/

Newbie and beginner must far away from those sites, they will be stolen your money

Chikito

legendary

Activity: 2366

Merit: 2054

Real Website: https://exmo.com/

Phishing website

Code:

https://exmo.me/

Real Website: https://exmo.com/

Code:

Domain Name: EXMO.COM
Registry Domain ID: 92842160_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.internet.bs
Registrar URL: http://www.internet.bs
Updated Date: 2017-11-14T10:53:38Z
Creation Date: 2002-12-05T06:16:28Z
Registry Expiry Date: 2021-12-05T06:16:28Z
Registrar: Internet Domain Service BS Corp
Registrar IANA ID: 2487

Phishing website

Code:

Domain Name: EXMO.ME
Registry Domain ID: D108500000015705565-AGRS
Registrar WHOIS Server:
Registrar URL: www.tldregistrarsolutions.com
Updated Date: 2017-09-18T14:32:13Z
Creation Date: 2015-04-05T10:07:04Z
Registry Expiry Date: 2020-04-05T10:07:04Z
Registrar Registration Expiration Date:
Registrar: TLD Registrar Solutions Ltd.
Registrar IANA ID: 1564

https://www.virustotal.com/gui/url/a7c9f98d3cf4a248bdaf05a6d0461f5ef85bdd2d33d89a47f134c602a13d105b/detection

Be Careful Noobs

Chikito

legendary

Activity: 2366

Merit: 2054

Found this
Original site : https://bittab.io/
Fake webite : //bittab.org/

Code:

Domain Name: BITTAB.IO
Registry Domain ID: D503300000064550605-LRMS
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: www.namecheap.com
Updated Date: 2019-01-11T12:36:34Z
Creation Date: 2018-02-10T16:02:51Z
Registry Expiry Date: 2020-02-10T16:02:51Z
Registrar Registration Expiration Date:
Registrar: NameCheap, Inc
Registrar IANA ID: 1068

Code:

Domain Name: BITTAB.ORG
Registry Domain ID: D402200000011818438-LROR
Registrar WHOIS Server: whois.reg.com
Registrar URL: http://www.reg.com
Updated Date: 2019-11-05T15:07:04Z
Creation Date: 2019-11-05T15:07:01Z
Registry Expiry Date: 2020-11-05T15:07:01Z
Registrar Registration Expiration Date:
Registrar: Registrar of Domain Names REG.RU LLC
Registrar IANA ID: 1606

Be careful No different with original website

~Money~

hero member

Activity: 1132

Merit: 536

Quote from: Chikito on November 06, 2019, 12:39:01 AM

>>> Help me to report IP address: 185.212.130.65 because always make the phishing site

https://www.virustotal.com/gui/ip-address/185.212.130.65/relations

....

Scammer every day makes phishing like atomicwalet.com, locaibitcolns.com, litecoln.org, exodlus.io, etc.

I did report and need more people here to report those IP.

Thanks.

Netherlands DCs won't care much about content on their servers, they are famous in this field since the beginning,
I had build a case against someone using their servers to make DDoS attacks in very big scales but they didn't even replied emails and court simply closed the case Cheesy

reporting those IPs might help other services take action in sending warning messages to their users, but if you are trying to report them to bring those IPs or servers down, you won't face any success easily

Chikito

legendary

Activity: 2366

Merit: 2054

>>> Help me to report IP address: 185.212.130.65 because always make the phishing site

https://www.virustotal.com/gui/ip-address/185.212.130.65/relations

Code:

2019-11-06-exodlus.io
2019-11-06-iocabitcoins.net
2019-11-06-iliocalbitcoins.net
2019-11-05-locabicoins.net
2019-11-05-localbiicoins.net
2019-11-05-litecoln.org
2019-11-05-localibitcoins.ru.com
2019-11-05-localbitcolins.net
2019-11-04-atomicwalet.com
2019-11-04-www.exodlus.com
2019-11-04-exodlus.com
2019-11-04-llocalbitcoins.net
2019-11-04-liocalbitcoins.net
2019-11-04-localbitcoinis.net
2019-11-04-loca1bitcoins.net
2019-11-04-ilocalbitcoins.net
2019-11-04-locaibitcolns.com
2019-11-04-iocalbitcoins.net
2019-11-04-loca1bitcoins.com
2019-11-04-iocalblitcoins.net
2019-11-04-iocalbicoins.net
2019-11-04-www.monnero.org
2019-11-04-www.electum.org
2019-10-27-localbitcolns.org
2019-10-27-localbitcoln.ru
2019-10-27-nicelhash.com

Scammer every day makes phishing like atomicwalet.com, locaibitcolns.com, litecoln.org, exodlus.io, etc.

I did report and need more people here to report those IP.

Thanks.

Chikito

legendary

Activity: 2366

Merit: 2054

Quote from: Chikito on October 29, 2019, 09:50:14 PM

Phishing exodus wallet site:

Code:

//exodlus.io

Found another fake exodus :

Code:

//exodlus.com

https://www.virustotal.com/gui/url/0b7e767c5b2ee3a3a69e4c84711609fef7d842fc2da926a3e63e4081f9ff02d3/detection

Scanned and nothing virus on site

What the different?

Let's check domain information

Fake - Domain EXODLUS.COM info

Code:

Domain name: EXODLUS.COM
Registry Domain ID: 2450282733_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.reg.com
Registrar URL: https://www.reg.com
Registrar URL: https://www.reg.ru
Updated Date: 2019-11-01T01:06:17Z
Creation Date: 2019-11-01T01:06:16Z
Registrar Registration Expiration Date: 2020-11-01T01:06:16Z
Registrar: Registrar of domain names REG.RU LLC
Registrar IANA ID: 1606
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +7.4955801111
Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registrant ID:
Registrant Name: Protection of Private Person
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant State/Province:
Registrant Postal Code: 123007
Registrant Country: RU
Registrant Phone: +7.4955801111
Registrant Phone Ext:
Registrant Fax: +7.4955801111
Registrant Fax Ext:
Registrant Email: [email protected]
Admin ID:
Admin Name: Protection of Private Person
Admin Street: PO box 87, REG.RU Protection Service
Admin City: Moscow
Admin State/Province:
Admin Postal Code: 123007
Admin Country: RU
Admin Phone: +7.4955801111
Admin Phone Ext:
Admin Fax: +7.4955801111
Admin Fax Ext:
Admin Email: [email protected]
Tech ID:
Tech Name: Protection of Private Person
Tech Street: PO box 87, REG.RU Protection Service
Tech City: Moscow
Tech State/Province:
Tech Postal Code: 123007
Tech Country: RU
Tech Phone: +7.4955801111
Tech Phone Ext:
Tech Fax: +7.4955801111
Tech Fax Ext:
Tech Email: [email protected]
Name Server: ns1.reg.ru
Name Server: ns2.reg.ru
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2019.11.03T15:05:23Z <<<

Fake - Domain EXODLUS.IO info

Code:

Domain Name: EXODLUS.IO
Registry Domain ID: D503300001182128865-LRMS
Registrar WHOIS Server:
Registrar URL: http://www.epag.de
Updated Date:
Creation Date: 2019-10-29T20:14:17Z
Registry Expiry Date: 2020-10-29T20:14:17Z
Registrar Registration Expiration Date:
Registrar: EPAG Domainservices GmbH
Registrar IANA ID: 85
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod
Registrant Organization:
Registrant State/Province:
Registrant Country: CA
Name Server: NS1.REG.RU
Name Server: NS2.REG.RU
DNSSEC: unsigned

Real Exodus.io Info

Code:

Domain Name: EXODUS.IO
Registry Domain ID: D503300000040368494-LRMS
Registrar WHOIS Server:
Registrar URL:
Updated Date: 2019-09-30T21:21:05Z
Creation Date: 2015-04-06T04:48:53Z
Registry Expiry Date: 2024-04-06T04:48:53Z
Registrar Registration Expiration Date:
Registrar: CloudFlare, Inc.
Registrar IANA ID: 1910
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited https://icann.org/epp#clientUpdateProhibited
Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
Registrant Organization: WhoisGuard, Inc.
Registrant State/Province: Panama
Registrant Country: PA
Name Server: JESSICA.NS.CLOUDFLARE.COM
Name Server: FRANK.NS.CLOUDFLARE.COM
DNSSEC: unsigned

The newbie must be careful about giveaway like this site:

Code:

//freebtceth.com
//btcandeth.com
//bakkt-gift.info

Those aren't given away BTC and ETH, you will get the virus and scammed.

https://www.virustotal.com/gui/url/ad081ab0ad668b09021d22fbc91ce363c57b924bb1f25ea9ceacd59c83762030/detection
https://www.virustotal.com/gui/url/eb5e8d1cd0d0e6b364a80f08a9cae10b4bfe012de46425b7e740bff2cc75fb9d/detection
https://www.virustotal.com/gui/url/eed4f52ce1ad8da6f40e6f2cd34f49bc0e3728403112c38645da87682dbe2ae2/detection

Topic: [List] Phishing Cryptocurrency Site - page 14. (Read 11494 times)