Bitcoin Forum
November 06, 2024, 10:45:45 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 »  All
  Print  
Author Topic: [List] Phishing Cryptocurrency Site  (Read 11572 times)
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 3654
Merit: 6425



View Profile
May 16, 2020, 03:18:49 PM
 #81

exodusupdate.com (Found by UnDerDoG81).

Domain information:

Code:
Registrar	NAMECHEAP INC NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

Registrar Status addPeriod, clientTransferProhibited
Dates 44 days old
Created on 2020-04-02
Expires on 2021-04-02
Updated on 0000-12-31

In addition to reaching out to Exodus support (as mentioned in the ilnk above)... I scanned the .exe and no malware were found, but once I ran the .exe (using Sandboxie), it started downloading other files .vbs and .bat files (which most likely contain malicious code).

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Chikito (OP)
Legendary
*
Offline Offline

Activity: 2562
Merit: 2076


View Profile WWW
May 17, 2020, 01:11:08 AM
 #82

exodusupdate.com (Found by UnDerDoG81).
Thanks for Information. Look like that site has linking to some other. when I try searching the relationship, I find fake Bitcoin giveaway site.

https://www.virustotal.com/gui/ip-address/199.188.200.50/relations



Another relationship, Maybe Ponzi scheme

Code:
https://crypto-hub.net/
https://www.trade-coins.co/





All related to exodusupdate.com with a same IP address.
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
May 17, 2020, 01:18:14 AM
 #83

It's already been blocked by EAL.

And this is the official link: https://www.exodus.io

Code:
 exodusupdate.com 


 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
May 17, 2020, 10:09:12 PM
 #84

First time that the scammers are using Xiaomi name to create a fake bitcoin giveaway.

Website:
Code:
https://xiaomibtc.com

Bitcoin address of the scammers:
Code:
37KPhFEL1uZqoJBpYq22ZGahaBc23ActpF



 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Chikito (OP)
Legendary
*
Offline Offline

Activity: 2562
Merit: 2076


View Profile WWW
May 18, 2020, 12:00:51 AM
 #85

First time that the scammers are using Xiaomi name to create a fake bitcoin giveaway.
Website:
Code:
https://xiaomibtc.com

- Adding more popular name -

Fake popular name Bitcoin give away


IP Address: 77.83.173.172 >> https://www.virustotal.com/gui/ip-address/77.83.173.172/relations

Code:
www.chambtc.org
www.shrembtc.com
www.steveb.group
www.stevebtc.org
www.brinbtc.net





Code:
https://chamath-btc.com

https://www.virustotal.com/gui/ip-address/104.24.108.170/relations





Code:
https://alanbtc.com/

https://www.virustotal.com/gui/ip-address/104.27.183.23/relations





Code:
https://josephbtc.com

https://www.virustotal.com/gui/ip-address/104.18.36.48/relations





Code:
https://fordbtc.org/

https://www.virustotal.com/gui/ip-address/195.24.68.16/relations





Code:
https://telegra.ph/Dave-Ramsey-5000-BTC-Giveaway-05-17





Code:
https://telegra.ph/5000-Bitcoin-Giveaway-05-12





Code:
https://telegra.ph/Tony-Robbins-5000-Bitcoin-Giveaway-Airdrop-05-14





Code:
https://telegra.ph/Steve-Wozniak-Foundation-5000-Bitcoin-Giveaway-Airdrop-05-14-3





Code:
https://bransonbtc.com/





Code:
http://bloombergbtc.net/





...

and many more...

I am just say, Be careful!.

don't send anything!

They don't giveaway Bitcoin.

Chikito (OP)
Legendary
*
Offline Offline

Activity: 2562
Merit: 2076


View Profile WWW
May 19, 2020, 12:37:35 PM
 #86

This IP address has Alot of fake and Phishing Giveaway

https://www.virustotal.com/gui/ip-address/77.83.173.172/relations
https://www.virustotal.com/gui/ip-address/178.159.42.11/relations

Website:
Code:
www.chambtc.us
www.chambtc.org
www.shrembtc.com
www.steveb.group
www.stevebtc.org
www.brinbtc.net
www.brinbtc.org
www.winkbtc.com
www.robertki.org
www.jackmabtc.com
www.gates.promo
www.xrp.claims
www.xrp.work
www.xrp.group
www.20xrp.tech
www.xrptake.live
www.takexrp.live
www.geteth.live
www.xrpdrop.me
www.xrp20.com
www.20xrp.org
20xrp.org
xrp20.com
xrptop.com
www.20xrp.com
www.topxrp.com
xrpx10.org
xrpreceive.net
awayxrp.net
www.2020xrp.net
www.getxrp.org
2020-01-28
www.claimxrp.net
www.2020xrp.com
claimxrp.net
xrpclaim.org
www.xrpclaim.org
www.receivexrp.com
2020-01-28
receivexrp.com
www.claimxrp.org
www.2020xrp.org
www.ripple.re
www.xrp2020.net
www.myxrp.org
www.xrp2020.org
xrpaway.org
www.xrpaway.org
www.giveawayseptember.com
giveawayseptember.com

Example picture


Chikito (OP)
Legendary
*
Offline Offline

Activity: 2562
Merit: 2076


View Profile WWW
May 26, 2020, 11:21:08 AM
 #87

Seems, exodus wallet favorite name purpose phishing, be careful always double check before entering.

Code:
http://exodus.com.swtest.ru/bitcoin-wallet.html

Domain information

Code:
IP-Address from DNS Host Lookup: 77.222.40.109

Domain Name: exodus.com.swtest.ru

Top Level Domain: RU (Russian Federation)

Geolocation: RU (Russian Federation), N/A, N/A, N/A N/A - Google Maps

Reverse DNS: vh286.sweb.ru



domain has injected virus

https://www.virustotal.com/gui/ip-address/77.222.40.109/relations


Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
May 30, 2020, 10:33:36 PM
 #88

Another fake XRP giveaway:

Code:
https://www.ripple.re/ 



And this scam cloud mining site, claiming to give exorbitant returns.

Code:
https://miningbase.cloud/


 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
June 03, 2020, 11:24:05 AM
 #89

Bitcoin double here. Do not send any Bitcoin or Ethereum on this site.

Code:
http://getbtcx.com/btc.html
http://getbtcx.com/eth.html




 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
vlad230
Sr. Member
****
Offline Offline

Activity: 616
Merit: 279



View Profile
June 04, 2020, 08:59:44 AM
 #90

It seems the scammers went even further. They created a youtube channel called 'SpaceX Live' where they promote these scams.

There's a live video with SpaceX people talking about the launch: https://www.youtube.com/watch?v=a07f5F-Mcqg
I have reported the video for scams but it seems like it wasn't taken down yet.

Websites:
Code:
https://elonmuskdrop.com/
https://muskbtc.us/

Do NOT send your BTC to these addresses!

https://bitref.com/16V9ozW6499fJWmYebPcpNpq8P1BBbmjdV
https://bitref.com/1SpaceMrzPknno6Bpf3NnvARiRnDrK7Ln
They managed to get some BTC out of idiots after all Grin

Later EDIT: The video was taken down now Smiley
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
June 07, 2020, 10:44:55 AM
 #91

Fake Exodus website, as usual the feel and looks are the same here, you can easily get trick by it if you are not that very careful and it is obvious a phish site, just two days old.

Real website: https://www.exodus.io/

Code:
 PHISHING SITE - https://exodus.vc/



Quote
Whois Record for Exodus.vc
How does this work?
 Domain Profile
Registrant Country   br
Registrar   Gandi SAS
IANA ID: 81
URL: http://www.gandi.net
Whois Server: whois.gandi.net

(p)
Registrar Status   addPeriod, clientTransferProhibited, serverTransferProhibited
Dates   2 days old
Created on 2020-06-05
Expires on 2021-06-05
Updated on 2020-06-05

https://whois.domaintools.com/exodus.vc

 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
June 16, 2020, 11:39:33 PM
Merited by Chikito (1)
 #92

Fake Jaxx.io website, if you type an extra "x" on it, you might get trap, so just be careful and bookmark as scammers are mostly using this kind of typo squatting attacks.

Code:
http://jaxxx.io/


 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
June 19, 2020, 10:16:00 PM
 #93

Be careful with the following trading platforms, similar themes and UI.

Code:
https://fixxcoin.com/
https://hubcoi.com/
https://hurtrade.com/






 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
June 20, 2020, 11:14:56 PM
 #94

Be careful with this fake Fusion wallet, don't create or accessed any using this website, they will steal your keys and your crypto.

Code:
https://myfusionwallet.net/



Quote
Whois Record for MyFusionWallet.net
How does this work?
 Domain Profile
Registrant   Whois Privacy
Registrant Org   Private by Design, LLC
Registrant Country   us
Registrar   Porkbun LLC
IANA ID: 1861
URL: http://www.porkbun.com,http://porkbun.com
Whois Server: whois.porkbun.com

(p)
Registrar Status   clientDeleteProhibited, clientTransferProhibited
Dates   13 days old
Created on 2020-06-07
Expires on 2021-06-07
Updated on 2020-06-07

https://whois.domaintools.com/myfusionwallet.net

 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Chikito (OP)
Legendary
*
Offline Offline

Activity: 2562
Merit: 2076


View Profile WWW
June 21, 2020, 12:00:51 AM
 #95

Be careful with this fake Fusion wallet, don't create or accessed any using this website, they will steal your keys and your crypto.

Code:
https://myfusionwallet.net/


Nice catch, seems That's IP's has another fake/phishing link:

https://www.virustotal.com/gui/ip-address/198.54.120.244/relations



Original Link: https://www.myfusionwallet.com
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
June 21, 2020, 11:30:30 PM
 #96

^^ And it really reinforced what we have believed in the past, those scammers are really connected to each other and probably colluding with other criminals as well. Cheap domain hosting + parking it for sometime before making their move and then recycle.

 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Chikito (OP)
Legendary
*
Offline Offline

Activity: 2562
Merit: 2076


View Profile WWW
June 23, 2020, 04:22:47 AM
 #97

^^ And it really reinforced what we have believed in the past, those scammers are really connected to each other and probably colluding with other criminals as well. Cheap domain hosting + parking it for sometime before making their move and then recycle.

Easy way to scammer use cheap provider VPS and make new domain.

like today I found new "Elon musk" again with one IP.

Code:
https://musk-live.com/



https://www.virustotal.com/gui/ip-address/68.183.101.122/relations

Code:
2020-06-21 www.musk-live.com
2020-06-21 www.musk-events.com
2020-06-21 www.elon-live.com
2020-06-20 www.officialelon.com
2020-06-19 www.elonofficial.com
2020-06-15 www.elonmk.com

Scammer made all those phishing only 1 week.
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
June 23, 2020, 11:59:09 PM
 #98

New Paxful phishing site:

And there's no such thing as paxful offers, do not enter your credentials here.

Code:
http://paxfuloffers.com/



Original Site: https://paxful.com/

 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
June 26, 2020, 11:53:33 AM
Merited by Chikito (1)
 #99

Fake or clone Callisto wallet:

Code:
https://clowallet.network/



This is the original: https://wallet.callisto.network/

But as you can see, very very similar in terms of look and feel of the original site.

 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Baofeng
Legendary
*
Offline Offline

Activity: 2772
Merit: 1679



View Profile
June 27, 2020, 11:51:53 PM
 #100

Bitcoin doubler/Ponzi scheme spotted:

Just look at those profits you are going to make in 24-48 hours, Lol. For those newbies, doubler is a scam don't deposit or try it for yourself, not even a small amount.

Code:
https://growbitcoin.co.uk/


 
 RAZED  
███████▄▄▄████▄▄▄▄
████▄███████████████
██▄██████▀▀████▀▀█████▄
████
██████████████
▄████████▄████████████▄
████████▀███████████▄
██████████████▐█▄█▀████████
▀████████████▌▐█▀██████████
▀███████████▌▀████████████
█████████▄▄▄
█████▄▄██████
████████████████████████
█████▀█████████████████▀
██████████████
▄▄███████▄▄
▄███████████████
▄███████████████████▄
█████████████████████▄
▄███████████████████████▄
████████████████████████
█████████████████████████
██████████████████████
▀█████
█████████████████▀
▀█
████████████████████▀
▀█████
█████████████
▀███████████████▀
█████████
 
RAZED ORIGINALS
SLOTS & LIVE CASINO
SPORTSBOOK
|
 NO 
KYC
 
 RAZE THE LIMITS   PLAY NOW 
Pages: « 1 2 3 4 [5] 6 7 8 9 10 11 12 13 14 15 16 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!