Bitcoin Forum
November 09, 2024, 12:59:13 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: DELTA MONEY - PHISHING - BEWARE  (Read 335 times)
witcher_sense (OP)
Legendary
*
Offline Offline

Activity: 2450
Merit: 4415


🔐BitcoinMessage.Tools🔑


View Profile WWW
March 20, 2019, 04:14:16 PM
Merited by tvplus006 (1), JeromeTash (1), lovesmayfamilis (1), Juliya_D (1)
 #1

What happened: Malicious site

Scammers Profile ANN: https://bitcointalk.org/index.php?topic=5122795.0
https://web.archive.org/web/20190320161035/https://bitcointalk.org/index.php?topic=5122795.0


Scammers Website:[/color]
Code:
https://delta.money/


Code:
https://web.archive.org/web/20190320161118/https://delta.money/

Quote
Domain Name: delta.money
Registry Domain ID: 4f044a3148be4319ae54d36368effd4f-DONUTS
Registrar WHOIS Server: who.godaddy.com/
Registrar URL: http://www.godaddy.com/domains/search.aspx?ci=8990
Updated Date: 2019-03-02T05:20:33Z
Creation Date: 2018-02-27T04:08:21Z
Registry Expiry Date: 2020-02-27T04:08:21Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146


https://www.virustotal.com/ru/url/afd31d1a5ebb9d3bf96c52bd4131a3b2cdbf051d9d374390f8368ba0647facd2/analysis/1553098051/

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
JeromeTash
Legendary
*
Offline Offline

Activity: 2324
Merit: 1260


Heisenberg


View Profile
March 20, 2019, 04:56:00 PM
Last edit: May 14, 2023, 05:11:19 PM by JeromeTash
 #2

MetaMask and Ether Address Lookup couldn't agree more.

They are asking for people's private keys to open up an account and also telling people to send 1 Ether to some address to receive delta coins


According to https://urlscan.io/result/1af732a7-5848-4d8b-95f3-0c206f980dab

This website contacted 4 IPs in 3 countries across 4 domains to perform 18 HTTP transactions.
The main IP is 78.47.153.144, located in Germany and belongs to HETZNER-AS, DE. The main domain is delta.money.
The TLS certificate was issued by Let's Encrypt Authority X3 on February 20th 2019 with a validity of 3 months.


█████████████████████████
██
█████▀▀███████▀▀███████
█████▀░░▄███████▄░░▀█████
██▀░░██████▀░▀████░░▀██
██▀░░▀▀▀████████████░░▀██
██░░█▄████▀▀███▀█████░░██
██░░███▄▄███████▀▀███░░██
██░░█████████████████░░██
██▄░░████▄▄██████▄▄█░░▄██
██▄░░██████▄░░████░░▄██
█████▄░░▀███▌░░▐▀░░▄█████
███████▄▄███████▄▄███████
█████████████████████████
.
.ROOBET 2.0..██████.IIIIIFASTER & SLEEKER.██████.
|

█▄█
▀█▀
████▄▄██████▄▄████
█▄███▀█░░█████░░█▀███▄█
▀█▄▄░▐█████████▌▄▄█▀
██▄▄█████████▄▄████▌
██████▄▄████████
█▀▀████████████████
██████
█████████████
██
█▀▀██████████████
▀▀▀███████████▀▀▀▀
|.
    PLAY NOW    
magneto
Hero Member
*****
Offline Offline

Activity: 1666
Merit: 753


View Profile
March 20, 2019, 08:47:25 PM
 #3

Seems like an obvious one. They didn't even put the tiniest effort in designing their site, or spelling words correctly.

If anyone asks you for your private key you should be alarmed, whether or not the entity asking you for it seems to be an established project or not. The reason why it's called a private key in the first place is that you're not supposed to share it with anyone, and if you do, then the trustless nature of most cryptos will just not apply anymore.

Also, don't just blindly trust someone just because they have a site. There is no evidence that there are any legitimate development activity happening at all, and they're asking for investments.

Though, I'm not sure whether this is just a blatant scam, or an actual phishing site, because I'm not sure whose site they're trying to impersonate exactly.
JeromeTash
Legendary
*
Offline Offline

Activity: 2324
Merit: 1260


Heisenberg


View Profile
March 20, 2019, 09:24:51 PM
 #4

Though, I'm not sure whether this is just a blatant scam, or an actual phishing site, because I'm not sure whose site they're trying to impersonate exactly.
AFAIK, Phishing generally means an attempt to trick someone to provide their private or sensitive information which could give the attacker access to the victim's electronic accounts.
Website impersonation just happens to be one of the techniques.

█████████████████████████
██
█████▀▀███████▀▀███████
█████▀░░▄███████▄░░▀█████
██▀░░██████▀░▀████░░▀██
██▀░░▀▀▀████████████░░▀██
██░░█▄████▀▀███▀█████░░██
██░░███▄▄███████▀▀███░░██
██░░█████████████████░░██
██▄░░████▄▄██████▄▄█░░▄██
██▄░░██████▄░░████░░▄██
█████▄░░▀███▌░░▐▀░░▄█████
███████▄▄███████▄▄███████
█████████████████████████
.
.ROOBET 2.0..██████.IIIIIFASTER & SLEEKER.██████.
|

█▄█
▀█▀
████▄▄██████▄▄████
█▄███▀█░░█████░░█▀███▄█
▀█▄▄░▐█████████▌▄▄█▀
██▄▄█████████▄▄████▌
██████▄▄████████
█▀▀████████████████
██████
█████████████
██
█▀▀██████████████
▀▀▀███████████▀▀▀▀
|.
    PLAY NOW    
magneto
Hero Member
*****
Offline Offline

Activity: 1666
Merit: 753


View Profile
March 22, 2019, 11:53:01 PM
 #5

Though, I'm not sure whether this is just a blatant scam, or an actual phishing site, because I'm not sure whose site they're trying to impersonate exactly.
AFAIK, Phishing generally means an attempt to trick someone to provide their private or sensitive information which could give the attacker access to the victim's electronic accounts.
Website impersonation just happens to be one of the techniques.

I guess. If we were going off your definition, then the site could certainly be classified as a phishing site given that it's obviously trying to maliciously obtain the private keys of the users.

But they might not actually trying to impersonate anyone's site in particular as you say, since the closest thing I saw to their project is probably Agrello, which was rebranded from delta, and this site currently looks absolutely nothing like what Agrello's site looks like or even the service that they provide.

At the end of the day though, this barely matters. They are a noob-targeting scam, no matter the classification.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!