Bitcoin Forum
November 29, 2020, 03:11:28 AM *
News: Bitcointalk Community Awards
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: DELTA MONEY - PHISHING - BEWARE  (Read 261 times)
witcher_sense
Legendary
*
Offline Offline

Activity: 1078
Merit: 1587



View Profile WWW
March 20, 2019, 04:14:16 PM
Merited by tvplus006 (1), Juliya_D (1), JeromeTash (1), lovesmayfamilis (1)
 #1

What happened: Malicious site

Scammers Profile ANN: https://bitcointalk.org/index.php?topic=5122795.0
https://web.archive.org/web/20190320161035/https://bitcointalk.org/index.php?topic=5122795.0


Scammers Website:[/color]
Code:
https://delta.money/


Code:
https://web.archive.org/web/20190320161118/https://delta.money/

Quote
Domain Name: delta.money
Registry Domain ID: 4f044a3148be4319ae54d36368effd4f-DONUTS
Registrar WHOIS Server: who.godaddy.com/
Registrar URL: http://www.godaddy.com/domains/search.aspx?ci=8990
Updated Date: 2019-03-02T05:20:33Z
Creation Date: 2018-02-27T04:08:21Z
Registry Expiry Date: 2020-02-27T04:08:21Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146


https://www.virustotal.com/ru/url/afd31d1a5ebb9d3bf96c52bd4131a3b2cdbf051d9d374390f8368ba0647facd2/analysis/1553098051/

███████████████████████████
█████████▀▄▄▄▄▄██▀▀████████
█████▀▄█▀▀▄▄▄▄▄▄▄▀▀▄▄▀█████
████ █▀▄███████████▄▀██████
███▄█ ███████▀ ██████ █ ███
██▀█ ███  ▀▀█  ▀██████ █ ██
██ █ ████▄▄      ▀▀▀██ █ ██
██ █ █████▌        ▄██ ████
███▄█ █████▄▄   ▄▄███ █▀███
████▀█▄▀█████▌  ▀██▀▄█ ████
█████▄▀▀▄▄▀▀▀▀   ▄▄█▀▄█████
████████▄██▀▀▀▀▀▀██████████
███████████████████████████

        ▄     ▀
         █ ▄▀
   ▄▀     █    ▄▀
  ▄   ▄▄  ██▄▄▀
 ▀      ▀▄▄██   ▄ ▄▄▀▀

          ▀██ ▄▀▀▀▄ ▀▄
           ███▀
 ▀▄
  ▄  ▀▄ ██▌  ▀▄
    ▀  ▄  ▐██
    ▄
   ▐██      ▄
     ▀
   ▄███▌ ▄▄   ▀
  ▄▄
▄▄ ▄█████▄ ▄▄ ▄▄
★ ‎‎
‎ ★
UP
TO
15%...CASH BACK
EVERY SPIN

‎ ★
       ▄▄██████▄▄▄
      ██▄▄▀▀█▀▀
     ████▄▀▀▄██▀
     ▄▀▀▄▄▄██▀
    ▀  ▀▀▀▀▀
             ▄▄▄▄▄▄▄
          ▄███▄▄▄████▄  ▄▄▀
        ▄████████▀▀▀█▄▀▀
     ▄███▀▀▄▄██▄▄▀▀█████
 ▄▄████▄▄▄▄▄▄▀▀████████
▀▀██▀▀▀▄▀███████▄▀████
   ▀▀██████████████▀
       ▀▀▀███████▀▀
.
..PLAY NOW..
1606619488
Hero Member
*
Offline Offline

Posts: 1606619488

View Profile Personal Message (Offline)

Ignore
1606619488
Reply with quote  #2

1606619488
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1606619488
Hero Member
*
Offline Offline

Posts: 1606619488

View Profile Personal Message (Offline)

Ignore
1606619488
Reply with quote  #2

1606619488
Report to moderator
1606619488
Hero Member
*
Offline Offline

Posts: 1606619488

View Profile Personal Message (Offline)

Ignore
1606619488
Reply with quote  #2

1606619488
Report to moderator
1606619488
Hero Member
*
Offline Offline

Posts: 1606619488

View Profile Personal Message (Offline)

Ignore
1606619488
Reply with quote  #2

1606619488
Report to moderator
JeromeTash
Sr. Member
****
Offline Offline

Activity: 882
Merit: 466


Heisenberg


View Profile
March 20, 2019, 04:56:00 PM
 #2

MetaMask and Ether Address Lookup couldn't agree more.

They are asking for people's private keys to open up an account and also telling people to send 1 Ether to some address to receive delta coins


According to https://urlscan.io/result/1af732a7-5848-4d8b-95f3-0c206f980dab

This website contacted 4 IPs in 3 countries across 4 domains to perform 18 HTTP transactions.
The main IP is 78.47.153.144, located in Germany and belongs to HETZNER-AS, DE. The main domain is delta.money.
The TLS certificate was issued by Let's Encrypt Authority X3 on February 20th 2019 with a validity of 3 months.


        ▄▀▀▀▀▀▀   ▄▄
    ▄  ▄▄▀▀▀▀▀▀▀▀▀▄▄▀▀▄
  ▄▀▄▀▀             ▀▀▄▀
 ▄▀▄▀         ▄       ▀▄
  ▄▀         ███       ▀▄▀▄
▄ █   ▀████▄▄███▄       █ █
█ █     ▀▀▀███████▄▄▄▄  █ █
█ █       ██████████▀   █ ▀
▀▄▀▄       ▀▀█████▀    ▄▀
   ▀▄        ▐██▄     ▄▀▄▀
  ▀▄▀▄▄       ███▄  ▄▄▀▄▀
    ▀▄▄▀▀▄▄▄▄▄████▀▀ ▄▀
       ▀   ▄▄▄▄▄▄▄

        ▄     ▀
         █ ▄▀
   ▄▀     █    ▄▀
  ▄   ▄▄  ██▄▄▀
 ▀      ▀▄▄██   ▄ ▄▄▀▀

          ▀██ ▄▀▀▀▄ ▀▄
           ███▀
 ▀▄
  ▄  ▀▄ ██▌  ▀▄
    ▀  ▄  ▐██
    ▄
   ▐██      ▄
     ▀
   ▄███▌ ▄▄   ▀
  ▄▄
▄▄ ▄█████▄ ▄▄ ▄▄
P L A Y   S L O T S   o n     
CRYPTO'S FASTEST
GROWING CASINO
★ ‎‎
‎ ★
UP
TO
15%CASH BACK
EVERY SPIN

‎ ★
       ▄▄██████▄▄▄
      ██▄▄▀▀█▀▀
     ████▄▀▀▄██▀
     ▄▀▀▄▄▄██▀
    ▀  ▀▀▀▀▀
             ▄▄▄▄▄▄▄
          ▄███▄▄▄████▄  ▄▄▀
        ▄████████▀▀▀█▄▀▀
     ▄███▀▀▄▄██▄▄▀▀█████
 ▄▄████▄▄▄▄▄▄▀▀████████
▀▀██▀▀▀▄▀███████▄▀████
   ▀▀██████████████▀
       ▀▀▀███████▀▀
█▀▀▀▀▀▀▀











█▄▄▄▄▄▄▄
.
PLAY NOW
▀▀▀▀▀▀▀█











▄▄▄▄▄▄▄█
magneto
Hero Member
*****
Offline Offline

Activity: 1260
Merit: 641



View Profile
March 20, 2019, 08:47:25 PM
 #3

Seems like an obvious one. They didn't even put the tiniest effort in designing their site, or spelling words correctly.

If anyone asks you for your private key you should be alarmed, whether or not the entity asking you for it seems to be an established project or not. The reason why it's called a private key in the first place is that you're not supposed to share it with anyone, and if you do, then the trustless nature of most cryptos will just not apply anymore.

Also, don't just blindly trust someone just because they have a site. There is no evidence that there are any legitimate development activity happening at all, and they're asking for investments.

Though, I'm not sure whether this is just a blatant scam, or an actual phishing site, because I'm not sure whose site they're trying to impersonate exactly.

JeromeTash
Sr. Member
****
Offline Offline

Activity: 882
Merit: 466


Heisenberg


View Profile
March 20, 2019, 09:24:51 PM
 #4

Though, I'm not sure whether this is just a blatant scam, or an actual phishing site, because I'm not sure whose site they're trying to impersonate exactly.
AFAIK, Phishing generally means an attempt to trick someone to provide their private or sensitive information which could give the attacker access to the victim's electronic accounts.
Website impersonation just happens to be one of the techniques.

        ▄▀▀▀▀▀▀   ▄▄
    ▄  ▄▄▀▀▀▀▀▀▀▀▀▄▄▀▀▄
  ▄▀▄▀▀             ▀▀▄▀
 ▄▀▄▀         ▄       ▀▄
  ▄▀         ███       ▀▄▀▄
▄ █   ▀████▄▄███▄       █ █
█ █     ▀▀▀███████▄▄▄▄  █ █
█ █       ██████████▀   █ ▀
▀▄▀▄       ▀▀█████▀    ▄▀
   ▀▄        ▐██▄     ▄▀▄▀
  ▀▄▀▄▄       ███▄  ▄▄▀▄▀
    ▀▄▄▀▀▄▄▄▄▄████▀▀ ▄▀
       ▀   ▄▄▄▄▄▄▄

        ▄     ▀
         █ ▄▀
   ▄▀     █    ▄▀
  ▄   ▄▄  ██▄▄▀
 ▀      ▀▄▄██   ▄ ▄▄▀▀

          ▀██ ▄▀▀▀▄ ▀▄
           ███▀
 ▀▄
  ▄  ▀▄ ██▌  ▀▄
    ▀  ▄  ▐██
    ▄
   ▐██      ▄
     ▀
   ▄███▌ ▄▄   ▀
  ▄▄
▄▄ ▄█████▄ ▄▄ ▄▄
P L A Y   S L O T S   o n     
CRYPTO'S FASTEST
GROWING CASINO
★ ‎‎
‎ ★
UP
TO
15%CASH BACK
EVERY SPIN

‎ ★
       ▄▄██████▄▄▄
      ██▄▄▀▀█▀▀
     ████▄▀▀▄██▀
     ▄▀▀▄▄▄██▀
    ▀  ▀▀▀▀▀
             ▄▄▄▄▄▄▄
          ▄███▄▄▄████▄  ▄▄▀
        ▄████████▀▀▀█▄▀▀
     ▄███▀▀▄▄██▄▄▀▀█████
 ▄▄████▄▄▄▄▄▄▀▀████████
▀▀██▀▀▀▄▀███████▄▀████
   ▀▀██████████████▀
       ▀▀▀███████▀▀
█▀▀▀▀▀▀▀











█▄▄▄▄▄▄▄
.
PLAY NOW
▀▀▀▀▀▀▀█











▄▄▄▄▄▄▄█
magneto
Hero Member
*****
Offline Offline

Activity: 1260
Merit: 641



View Profile
March 22, 2019, 11:53:01 PM
 #5

Though, I'm not sure whether this is just a blatant scam, or an actual phishing site, because I'm not sure whose site they're trying to impersonate exactly.
AFAIK, Phishing generally means an attempt to trick someone to provide their private or sensitive information which could give the attacker access to the victim's electronic accounts.
Website impersonation just happens to be one of the techniques.

I guess. If we were going off your definition, then the site could certainly be classified as a phishing site given that it's obviously trying to maliciously obtain the private keys of the users.

But they might not actually trying to impersonate anyone's site in particular as you say, since the closest thing I saw to their project is probably Agrello, which was rebranded from delta, and this site currently looks absolutely nothing like what Agrello's site looks like or even the service that they provide.

At the end of the day though, this barely matters. They are a noob-targeting scam, no matter the classification.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!