SCAM Websites (Fork chains) Fake Electrum - Reddit Users / bitcointalk users

[Michail1]

SCAM WEBSITES
(Edit:  Scammer now using SSL as well.)

ELECTRUMSBTC.ORG - IP 111.90.149.131 - 928KB -   950,272 bytes - Electrum-SBTC-2.9.3.exe
ELECTROCASH.ORG   - IP 111.90.149.147 - 945KB -   968,192 bytes - Electron-Cash-3.0.exe
ELECTRONBCH.ORG   - IP 111.90.149.128 - 954KB -   978,194 bytes - Electron-BCH-3.1.5.exe
ELECTRUMGOLD.ORG - IP 111.90.149.128- 1.3MB - 1,380,864 bytes - Electrum-Gold-2.9.3.exe
ELECTRUMB2X.ORG   - IP 111.90.149.131- 1.2MB - 1,273,856 bytes - Electrum-B2X-2.9.3.exe
ELECTRUM-LLC.ORG - IP 198.105.244.114- 1.2MB - 1,211,904 bytes - electrum-lcc-3.0.6.2.exe
- Most funny is that the File Hash doesn't even match their scam software or the signature.
ELECTRUMBTCP.COM - IP 217.70.184.38 - Taken Down

They are all copies by design of:  https://electroncash.org/

All websites that are broken and not linked to original project or supported by the projects.
Also with fake links / unclickable.  But, all have fake clients at only 1MB executable files.

Note:  The image shows the same text for each wallet info.  Sites are IDENTICAL except for the coin name.

All registered to various name/addresses via ilovewww.com; however, all using China DNS
Name Server: NS1.IPCHINA163.COM
Name Server: NS2.IPCHINA163.COM


reddit users shilling the scam (malware - website)

https://www.reddit.com/user/ceesvegmond
https://www.reddit.com/user/chris12209
https://www.reddit.com/user/cssc1978
https://www.reddit.com/user/dubbl_bubble
https://www.reddit.com/user/elite5s
https://www.reddit.com/user/jhkansen1
https://www.reddit.com/user/manonbroumels
https://www.reddit.com/user/marjoalbert    - 404
https://www.reddit.com/user/marko1mako  -- Posts deleted.
https://www.reddit.com/user/mosloeffen
https://www.reddit.com/user/schnieder16  - 404
https://www.reddit.com/user/snffelhoeve   - Self deleted.
https://www.reddit.com/user/svogelaar01  - 404
https://www.reddit.com/user/wielheussen  - 404

Added (3/9/2018)
https://www.reddit.com/user/albertmrtl
https://www.reddit.com/user/alexnmhs
https://www.reddit.com/user/bmsbw
https://www.reddit.com/user/brandongdu
https://www.reddit.com/user/captainc12c
https://www.reddit.com/user/dc_brankin
https://www.reddit.com/user/ericvbgt
https://www.reddit.com/user/ethermanng
https://www.reddit.com/user/karenmatro
https://www.reddit.com/user/kipp1vel     - 404
https://www.reddit.com/user/louisprs      -- Posts deleted.
https://www.reddit.com/user/nor1el
https://www.reddit.com/user/reinholsch
https://www.reddit.com/user/sidvicman
https://www.reddit.com/user/srizzo81

[Michail1]

This list was originally posted:
https://bitcointalk.org/index.php?topic=2320371.msg30304233#msg30304233

I was asked to copy here so more people are able to find it instead of specifically in a BTG thread.

Several of the reddit accounts were deleted as I was updated the list, so those were not posted here.

[Cryptocables]

what he said ^
good detective work capt'n.

[Anduck]

Nice work.

[Lucius]

I check every posted link for websites and it seems that all of them are now down.For most of them I only get blank page with any info,some give info that server is down.There is also many fake Electrum sites in the past months,all are used Google adds to show at the top of search results.Some news say that the damage is around 50$ million,but it is probably even bigger.

It is easy to trick users these days,newbies are fall into traps in an incredible numbers,but even more experienced users make beginners mistakes.

[Michail1]

I check every posted link for websites and it seems that all of them are now down.For most of them I only get blank page with any info,some give info that server is down.There is also many fake Electrum sites in the past months,all are used Google adds to show at the top of search results.Some news say that the damage is around 50$ million,but it is probably even bigger.

It is easy to trick users these days,newbies are fall into traps in an incredible numbers,but even more experienced users make beginners mistakes.

Thanks for the info.  Although all the websites were running from the same DNS, and likely all on the same server, I don't think they were taking down.  It's more likely the scammer temporarily turned them off.

I do know that many of the reddit accounts were banned, but it now appears many of the new ones simply deleted or had the posts deleted.
Example:
https://www.reddit.com/user/louisprs - no posts.
https://www.reddit.com/user/kipp1vel - banned or deleted.
https://www.reddit.com/user/karenmatro - still has a post for the scam.

[justfed]

Thank you for this work Michail1 !!