Ambatman
Legendary
 Online
Activity: 966
Merit: 1266
Don't tell anyone
|
 |
February 03, 2025, 07:53:09 AM |
|
|
|
|
|
Ambatman
Legendary
Online
Activity: 966
Merit: 1266
Don't tell anyone
|
|
February 04, 2025, 06:37:03 AM |
|
|
|
|
|
Ambatman
Legendary
Online
Activity: 966
Merit: 1266
Don't tell anyone
|
|
February 09, 2025, 10:07:17 PM Merited by Mitchell (1), Lafu (1) |
|
https://bitcointalk.org/index.php?topic=5529655.msg65045232#msg65045232 They are now using double spending help? The thread is titled Double spending help Though the Moderators have done a great job eliminating them More are still coming with same title and strategy of locking the thread. Since it's not the Amazons malware, I think Mitchell could still find this here
|
|
|
|
MiningCoinsPool
Member
 Offline
Activity: 565
Merit: 27
|
|
February 10, 2025, 02:19:11 PM |
|
|
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 3542
Merit: 4501
|
|
February 10, 2025, 04:40:28 PM |
|
Yeb , thanks for the Virustotal file , and basicly answer my thoughts that i have got already about it. For some reason it wasnt possible to download the file from the Webpage and check the Wallet File. I was to 90% sure that it is the same sheme aat we got in the past with all that Malware Shit Links. Its the same Malware and trojan shit. The Githug Account is also Fake here and was just created 2 days ago ! Fake Github : github.com/CoolDinooZenbox flags this file as: MALWARE TROJAN EVADER RAT Drops script at startup location
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Dot net compiler compiles file from suspicious location
Suspicious DNS Query for IP Lookup Service API
PowerShell Script Run in AppData
Startup Folder File Write
ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
ET MALWARE Generic AsyncRAT/zgRAT Style SSL Cert
SSLBL: Malicious SSL certificate detected (QuasarRAT C&C)
ET INFO External IP Lookup Domain in DNS Lookup (ipwho .is)
Source : https://www.virustotal.com/gui/file/68cf6f31e2d3f23948d71df9dba8697654965fdfca07ca42f6595cb81f1c9a92/behaviorPlease Report the Fake Github Account and also the User CoolDino here |
|
|
|
|
Ambatman
Legendary
Online
Activity: 966
Merit: 1266
Don't tell anyone
|
|
February 15, 2025, 06:44:55 PM |
|
 https://bitcointalk.org/index.php?topic=5531138.msg65066573#msg65066573New Title: One confirmation Spending They are now targeting the gambling board, though Mods have dealt with it promptly There's a likelihood more would sprang up with the same name. I'm going to tag @Mitchell to add the title to his Bot. |
|
|
|
Ambatman
Legendary
Online
Activity: 966
Merit: 1266
Don't tell anyone
|
|
February 16, 2025, 06:38:48 AM
Last edit: February 16, 2025, 04:22:40 PM by Ambatman Merited by Mitchell (1), Lafu (1) |
|
 New Title: G2A METHODhttps://bitcointalk.org/index.php?topic=5531211.msg65068116#msg65068116If I'm not mistaken, by their history the subsequent posts would have G2A in it with continuous changes to try and bypass the spam Bot. I'm quite surprised they have left Bitcoin discussion and beginners and help board I guess it wasn't working out well for them. 
Edit :
New Title : Get anything from G2A for FREE |
|
|
|
MiningCoinsPool
Member
Offline
Activity: 565
Merit: 27
|
|
February 18, 2025, 03:22:17 PM |
|
|
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 3542
Merit: 4501
|
|
February 18, 2025, 04:52:32 PM |
|
Yeb now thanks to you as i got the evidence now with the Virustotal Link ! I was earlier on it and also on the Webpage and tried a few times to download the Wallet file from there , but i dont know why i cant download that Wallet.7z ! I also was sure that it is a Fake Ann to 80% as all the patterns are the same as from the other Fake Anns. The sandbox Zenbox flags this file as: MALWARE TROJAN EVADER RAT Source : https://www.virustotal.com/gui/file/f0fbc56a389469681d98400a84ca0895dc4b332fd3242ebcc11bd0a996765f8e/behaviorThe Fake Github was just created 5 days ago. Hacker Account : DrakoMoon <--- Please ban or Lock that Account and delete the ThreadAccount was just registered today. |
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 3542
Merit: 4501
|
|
February 22, 2025, 03:59:56 AM |
|
And we have again some Fake Ann with an Fake Webpage , Fake Github and an Malware download Wallet from the Webpage this time for Omnixium !The Fake Github was created just 2 days ago. Fake Github : github.com/omnixium-networkFake Website: When you download the Wallet File from the Webpage its the same as we got for all the other Fake Anns in the last weeks. The sandbox Zenbox flags this file as: MALWARE TROJAN EVADER RAT Win64:Evo-gen [Trj]
Drops script at startup location
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Dot net compiler compiles file from suspicious location
Suspicious DNS Query for IP Lookup Service APIs
PowerShell Script Run in AppData
Startup Folder File Write
ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
ET MALWARE Generic AsyncRAT/zgRAT Style SSL Cert
ET INFO External IP Lookup Domain in DNS Lookup (ipwho .is)
SSLBL: Malicious SSL certificate detected (QuasarRAT C&C)
Source : https://www.virustotal.com/gui/file/a7d398f4fd29d64bd163555ea1186e63d8bf5acf866a2c11ebbcc7c9ac3af1b2/behaviorAccount : omnixium <--- Please ban or Lock that Account and delete the ThreadJust a new registered Account a few days ago , maybe the Account hacked in the last days. Fake Ann Thread : 🚀 [ANN] Omnixium - Hybrid PoW/PoS | Secure, Scalable & Community-DrivenOmnixium (OMNX) https://omnixium.org
https://www.omnixium.org/#wallet
This post is also a reference for the Github Report !
|
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 3542
Merit: 4501
|
And we have the next Fake Ann with an Fake Webpage and Fake Github Account with Malware download Link , this time for Frimo !The Fake Github was only created 6 Hours ago. Fake Github : github.com/FrimoooFake Webpage and Wallet download: https://frimooo.org/
https://slategray-bison-852952.hostingersite.com/wp-content/uploads/2025/02/frimo-qt-windows.7z
And its the same here as all the other Fake Anns got with the Fake Wallet File: Win64:Evo-gen [Trj]
Drops script at startup location
Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Dot net compiler compiles file from suspicious location
Suspicious DNS Query for IP Lookup Service APIs
PowerShell Script Run in AppData
Startup Folder File Write
ET MALWARE Observed Malicious SSL Cert (Quasar CnC)
ET MALWARE Generic AsyncRAT/zgRAT Style SSL Cert
ET INFO External IP Lookup Domain in DNS Lookup (ipwho .is)
SLBL: Malicious SSL certificate detected (QuasarRAT C&C)
Source : https://www.virustotal.com/gui/file/01851e9d270383ddb8a9994269f7168bb057612707ddbc607462356136085ae3/behaviorAccount : FRIMOOO <--- Please ban or Lock that Account and delete the ThreadThat Account just joined the Forum yesterday and is new. Fake Ann Thread : [ANN] 🌿 Frimo: Redefining Social Networking with Blockchain Privacy 🌿Frimo https://frimooo.org
https://github.com/Frimooo
This post is also a reference for the Github Report !
|
|
|
|
|
$crypto$
Legendary
Offline
Activity: 3052
Merit: 1233
Smart is not enough, there must be skills
|
|
March 06, 2025, 08:04:39 AM
Last edit: March 06, 2025, 10:06:05 AM by $crypto$ |
|
I also found a fake Ann and a fake webpage as well as a possibly fake Github account. Account: J-1Fake ANN: Re: VEC0 Crypto Currency: A New Chapter For Our Community BY The CommunityArchived Post: https://ninjastic.space/post/65135322Find the updated GUI easy to use Miner at GitHub = [url=https://github.com/vecocoin/GUI-miner/releases/tag/v1.1.0]https://github.com/vecocoin/GUI-miner/releases/tag/v1.1.0[/url] Test results from virustotal: https://www.virustotal.com/gui/file/7992bea3ddda240c28a2a06a11fec726f5e379edb3c9e4141af4aab6cbb433e1/detection |
|
|
|
|
|
| R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀ | █████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀ |
| | | | | | .
| | | ▄▄████▄▄
▀█▀▄▀▀▄▀█▀
▄▄░░▄█░██░█▄░░▄▄
▄▄█░▄▀█░▀█▄▄█▀░█▀▄░█▄▄
▀▄█░███▄█▄▄█▄███░█▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
█░░██████░░█
█░░░░▀▀░░░░█
█▀▄▀▄▀▄▀▄▀▄█
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀ | .
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
████████████░███████▀▄▀
████████████░██▀▄▄▄▄▀
████████████░▀▄▀
████████████▄▀
███████████▀ | ▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀ | | OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI |
|
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 3542
Merit: 4501
|
|
March 06, 2025, 05:15:33 PM |
|
Nice catch and find and for sure a very shady Link with all that detections. Really appreciate that and that you reported it. I also found a fake Ann and a fake webpage as well as a possibly fake Github account.
I dont know or can say that its to 100% a Fake Ann or an Fake Webpage. About the Github Account also as there are many other things that looks legit. About the Virustotal detections there are many false positiv detections as it is an Miner Software. But there are for sure some Trojan and Malwareshit in it so i guess its good when it gets deleted and the User banned. Trojan.Malware.121218.susgen
Trojan.Agent
Trojan.Win32.Save.a
Adware.GenericKD.61026810
Trojan.Disco.Win32.12840
Static AI - Malicious Archive
Generic.Malware.AI.DDS
Malicious (high Confidence)
|
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 3542
Merit: 4501
|
|
March 07, 2025, 05:38:51 PM |
|
And we got another new Fake Ann with an Fake Webpage and Fake Github Account with Malware this time for BRIMSTONE (BRM) !The Fake Github Account is already deleted. Fake Github : github.com/brimstonecoreAlso its the same sheme as for the other last Fake Anns and Webpages with there Wallet download there. Mostly the Wallet download Files are a Wallet.7z file . Fake Webpage and Wallet download File:https://brimstonecoin.com
https://download.brimstonecoin.com/files/brimstone-qt-windows.7z
Virustotal Flaggs the Wallet File as an Malware even there are no detecions. CAPE Sandbox flags this file as: MALWARE If you look closer in it there are a lot of changes going on in the Windows and User Folders when you install it. You can read and look all here : https://www.virustotal.com/gui/file/6dab46cb3812dac186c194aa9dedb10e59dcb195011721c13b274a8a7cb49d4c/behaviorOn top of that the User MiningCoinsPool that runs an Mining Pool als found some Trojan in the Windows binaries. https://ninjastic.space/post/65142123Hacker Account : _BRIMSTONE_ <--- Please ban or Lock that Account and delete the ThreadThe Account was just created today. Fake Ann Thread : 🔥[ANN] BRIMSTONE (BRM) | Hybrid PoW+PoS Scrypt | Mine, Stake & Earn Rewards!🔥 https://brimstonecoin.com
https://github.com/brimstonecore/brimstonecoin
https://brimstonecoin.com/#downloads
|
|
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 3542
Merit: 4501
|
|
March 12, 2025, 04:18:07 PM |
|
This post is for now only for Information and the records as in my opions it is an Fake Ann as it is flagged as Malware on Virustotal !This time its about DynastyCoin. The Github is only an week old and created. Github Account : github.com/Dynasty-ChainThere was already an Coin back in the days that was called DynastyCoin from 2018 [ANN]DINASTYCOIN✅ENJOY ITALY✅MANDATORY UPDATE⚡NEW THREAD⚡SINCE 2015⚡The sheme of the Wepage and the download of the Wallet is nearly the same as we got in the past from other Fake Anns. Also the Wallet download File from the Webpage is flagged as an Malware from Virustotal. The sandbox CAPE Sandbox flags this file as: MALWARE Source : https://www.virustotal.com/gui/file/f6f01a7511eb47cb9b64fd9d9865cc7cea9d8d347e610541981ca78f9417b37c/behaviorIt has the same sheme as the last Fake Ann. Also when i download the File from the Webpage Microsoft Defender gives me a warning that this File is Malware. Account : Dynasty_Chain <--- Please ban or Lock that Account and delete the ThreadThe Account was just created on March 05, 2025 and the last Fake Anns was also created from Accounts that got a Copper Member. There is not much proof about it but i know from my experience that its an Fake Ann. Fake Ann Thread : [ANN] DynastyCoin | Build Your Crypto Dynasty | Scrypt PoW |https://github.com/Dynasty-Chain]
https://dynastychain.org/ I am 100% sure that it is an Fake Ann and the sheme is mostly the same as we got in the past. This post is also a reference for the Github Report !
|
|
|
|
|
$crypto$
Legendary
Offline
Activity: 3052
Merit: 1233
Smart is not enough, there must be skills
|
|
March 14, 2025, 09:43:16 AM
Last edit: March 14, 2025, 12:35:01 PM by $crypto$ |
|
Reporting fake threads from farcaster Mining.Account: Dogecaucus Please banFAKE Ann: [ANN] farcaster MiningFor detailed instructions and mining setup, visit our official https://github.com/farcaster-development Virus Total: https://www.virustotal.com/gui/file/3c709c7187db368f630d979b52e737cbb39dd7d8ab648ac56ef291a736f048a1/detectionFarcaster official Github = https://github.com/farcasterxyz
|
|
|
|
|
|
| R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀ | █████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀ |
| | | | | | .
| | | ▄▄████▄▄
▀█▀▄▀▀▄▀█▀
▄▄░░▄█░██░█▄░░▄▄
▄▄█░▄▀█░▀█▄▄█▀░█▀▄░█▄▄
▀▄█░███▄█▄▄█▄███░█▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
█░░██████░░█
█░░░░▀▀░░░░█
█▀▄▀▄▀▄▀▄▀▄█
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀ | .
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
████████████░███████▀▄▀
████████████░██▀▄▄▄▄▀
████████████░▀▄▀
████████████▄▀
███████████▀ | ▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀ | | OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI |
|
|
|
|
|
|
N.O
|
|
March 18, 2025, 02:35:53 AM |
|
Another fake phoenix miner topic was posted by newbie with Torjan Virus Account link: OggyDev <<<< Please Ban this account Fake Topic Link: PhoenixMiner 6.3c: fastest Ethereum/Ethash miner with lowest devfee (Win/Linux) please delete this topic https://store4.gofile.io/download/web/85b1f041-911e-4e40-9b55-49d172b50982/PhoenixMiner_6.3c_Windows.rar This post is used as reference to report GitHub Account |
|
██
██
██████ | R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | ██████
██
██ | ██████
██
██
██
██
██
██
██
██
██
██
██
██████ | ██████████████
THE #1 SOLANA CASINO
██████████████ | ██████
██
██
██
██
██
██
██
██
██
██
██
██████ | ████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄█████
█████████████
█████████████
███▀█████████
▀▄▄██████████
█████████████
█████████████
█████████████
█████████████
█████████████
████████████▀ | ████████████▄
▀▀▀▀▀▀▀██████
█████████████
▄████████████
██▄██████████
████▄████████
█████████████
█░▀▀█████████
▀▀███████████
█████▄███████
████▀▄▀██████
▄▄▄▄▄▄▄██████
████████████▀ | [
[ | 5,000+
GAMES
INSTANT
WITHDRAWALS | ][
][ | HUGE
REWARDS
VIP
PROGRAM | ]
] | ████
██
██
██
██
██
██
██
██
██
██
██
████ | ████████████████████████████████████████████████
PLAY NOW
████████████████████████████████████████████████ | ████
██
██
██
██
██
██
██
██
██
██
██
████ |
|
|
|
Lafu (OP)
Legendary
Offline
Activity: 3542
Merit: 4501
|
|
March 19, 2025, 04:51:02 PM |
|
You should be careful when you reporting and accusing other Accounts for posting Fake Malware things and maybe pay attention to the details. I also checked that Ann that you mentioned in your post , when it was created as i was not sure about it. From all the Links you posted the results from Virustotal and about the detections most of them are flagged as Coinminer software integrated in the wallet. Even there are more detections as other Wallets have you should be looking more into the behavior on Virustotal. Here you can see whats going on with all the Files and what they are doing. I respect a lot that you reporting things and write here and its worth a lot of getting possible things deleted that looks like some Fake things. But from what i can see is that the User is not banned and have already done another Ann here : 🌌 DARK: Mining, Gaming, Profit! Build Your Cosmic Empire in DARK Galaxy Wars! So i guess the Moderators have been coming to the same conclusion as i. But i will be watching that Topic for sure. |
|
|
|
|
|
