FAKE Bitcoin Giveaway

[AhmadM]

What happened:: Today I have found a bitcoin giveaway site where people can get huge amount of bitcoin by sending some hundreds dollar in bitcoin. They also providing fake transaction history for their address.

Bitcointalk ANN: No
Site Link:

Code:

http://giveaway-bit.xyz/

Site link archive: http://archive.is/958Xm
BTC Address: https://www.blockchain.com/btc/address/19nnafLmQTCt7zVn5j6qiukgVVdpXwwYpM
Domain Information: https://whois.domaintools.com/giveaway-bit.xyz

Code:

Registrant Org   WhoisGuard, Inc.
Registrant Country   pa
Registrar   Namecheap
IANA ID: 1068
URL: https://namecheap.com
Whois Server: whois.namecheap.com

Registrar Status   clientTransferProhibited, serverTransferProhibited
Dates   13 days old
Created on 2020-06-12
Expires on 2021-06-12
Updated on 2020-06-12    
Name Servers   DNS1.NAMECHEAPHOSTING.COM (has 865,379 domains)
DNS2.NAMECHEAPHOSTING.COM (has 865,379 domains)
 
Tech Contact   —
IP Address   198.54.114.224 - 233 other sites hosted on this server
 
IP Location   United States Of America - Georgia - Atlanta - Namecheap Inc.
ASN   United States Of America AS22612 NAMECHEAP-NET, US (registered Jun 21, 2011)
Hosting History   1 change on 2 unique name servers over 0 year

Screenshoots:

[TravelMug]

Here is the whois data:

Just created a couple of days ago, the extension though is already a giveaway that this is a scam. I already reported the website and hope that it will be taken offline ASAP.

Whois Record for Giveaway-Bit.xyz
How does this work?
 Domain Profile
Registrant Org   WhoisGuard, Inc.
Registrant Country   pa
Registrar   Namecheap
IANA ID: 1068
URL: https://namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status   clientTransferProhibited, serverTransferProhibited
Dates   13 days old
Created on 2020-06-12
Expires on 2021-06-12
Updated on 2020-06-12    
Name Servers   DNS1.NAMECHEAPHOSTING.COM (has 865,379 domains)
DNS2.NAMECHEAPHOSTING.COM (has 865,379 domains)
 
Tech Contact   —
IP Address   198.54.114.224 - 233 other sites hosted on this server
 
IP Location   United States Of America - Georgia - Atlanta - Namecheap Inc.
ASN   United States Of America AS22612 NAMECHEAP-NET, US (registered Jun 21, 2011)
Hosting History   1 change on 2 unique name servers over 0 year

https://whois.domaintools.com/giveaway-bit.xyz

And you can see the IP relations:



https://www.virustotal.com/gui/ip-address/198.54.114.224/relations

[AhmadM]

Thanks for your helps, I will update it to the thread

Edit:
On another page, they are also doing a fake airdrop on behalf of blockchain.com with a video tutorial to claim it.

Site Link:

Code:

http://giveaway-bit.xyz/airdrop/

Archive link: http://archive.is/xvOeO

[AhmadM]

Looks like they already moved the new site with the same display and bitcoin address as before.

Site link:

Code:

http://bit-airdrop.club/
http://bit-airdrop.club/airdrop

Archive link:
1. http://archive.is/fusCC
2. http://archive.is/2a3BL

Domain Information:

Registrant Org   WhoisGuard, Inc.
Registrant Country   pa
Registrar   NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status   addPeriod, ok
Dates   2 days old
Created on 2020-07-01
Expires on 2021-07-01
Updated on 2020-07-01    
Name Servers   DNS1.NAMECHEAPHOSTING.COM (has 872,719 domains)
DNS2.NAMECHEAPHOSTING.COM (has 872,719 domains)
 
Tech Contact   —
IP Address   104.219.248.45 - 1,136 other sites hosted on this server
 
IP Location   United States Of America - Georgia - Atlanta - Namecheap Inc.
ASN   United States Of America AS22612 NAMECHEAP-NET, US (registered Jun 21, 2011)
Hosting History   1 change on 2 unique name servers over 0 year

Here is IP relations: https://www.virustotal.com/gui/ip-address/104.219.248.45/relations

[Kemarit]

^^ Thank you for the update, as we all know, those criminals are just recycling every bit of way to scam people. And they are really ready, all those scripts, images are in one folder and will be uploaded once they got their domain name, easy as 1-2-3 for this bad actors.

But we will remain vigilant and will fight it back by exposing them.

[Coin_trader]

^^ Thank you for the update, as we all know, those criminals are just recycling every bit of way to scam people. And they are really ready, all those scripts, images are in one folder and will be uploaded once they got their domain name, easy as 1-2-3 for this bad actors.

But we will remain vigilant and will fight it back by exposing them.

Exposing them one by one is a pain in the ass and not the efficient way. They can buy a dozen of domain for only 1$ or less then they are ready to go and also it's impossible to spot them all so they can actually caught some victim. The best way to beat them is to educate people to avoid this kind of scam scheme because of the victim of this kind scheme has no idea what is the risk on participating with this kind of giveaways or ponzi.

I'm not telling that this kind of thread is useless but rather a commendable act and I really appreciate OP's work. I'm just telling a more efficient way to fight this kind of scam attempt.

[AhmadM]

^^ Thank you for the update, as we all know, those criminals are just recycling every bit of way to scam people. And they are really ready, all those scripts, images are in one folder and will be uploaded once they got their domain name, easy as 1-2-3 for this bad actors.

Yeah, they have well planed to keeps scamming people with their scenario. If the previous website was taken down they will get the new one and continue the journey.

snip

I'm not against your opinion, indeed exposing them one by one is not an effective way. At least we gave people caution to avoid this kind of scam program.
The problem is most of the people didn't do proper research before joining any program even though there are a lot of resources that can be learned on the internet or this forum to spot and avoid it.

[Chikito]

you can find the same link like your proof; https://www.phishtank.com/user_submissions.php?username=seki
usually, scammer use One IP's to make a new one, we should go to IP abuse report https://www.abuseipdb.com/
If you have enough time you must check the BTC address they provide will land to same scammer address.

[TalkStar]

I'm not against your opinion, indeed exposing them one by one is not an effective way. At least we gave people caution to avoid this kind of scam program.
The problem is most of the people didn't do proper research before joining any program even though there are a lot of resources that can be learned on the internet or this forum to spot and avoid it.

Fighting against scammers and keeping investors far from them is not so easy where their only target is to make some easy money. Scammers are launching new projects everyday because still people exists who haven't got minimum knowledge about crypto investment. Due to lack of knowledge about crypto related scams and money stealing projects they are getting scammed in a regular basis. You can't stop them from getting scammed if they don't feel it necessary to make a research before investment. Basically its totally up to them.  

By the way, our little try can save many newbies from this kinda fake giveways and increasing awareness is the only option for us. Keep continuing your impressive work against scammers.            

[Kemarit]

^^ Thank you for the update, as we all know, those criminals are just recycling every bit of way to scam people. And they are really ready, all those scripts, images are in one folder and will be uploaded once they got their domain name, easy as 1-2-3 for this bad actors.

But we will remain vigilant and will fight it back by exposing them.

Exposing them one by one is a pain in the ass and not the efficient way. They can buy a dozen of domain for only 1$ or less then they are ready to go and also it's impossible to spot them all so they can actually caught some victim. The best way to beat them is to educate people to avoid this kind of scam scheme because of the victim of this kind scheme has no idea what is the risk on participating with this kind of giveaways or ponzi.

I do agree that education is the best weapon that we can have against this scammers or criminals. But we need to let other members know how this kind of schemes works so that they can fully understand and not to fall for the trap. So before we can learn and educate, we need to understand first everything before we can teach others.

I'm not telling that this kind of thread is useless but rather a commendable act and I really appreciate OP's work. I'm just telling a more efficient way to fight this kind of scam attempt.

Yes, and we can better fight them if we work as community, giving red flags and warnings for others and then we report those malicious websites.

[AhmadM]

you can find the same link like your proof; https://www.phishtank.com/user_submissions.php?username=seki
usually, scammer use One IP's to make a new one, we should go to IP abuse report https://www.abuseipdb.com/
If you have enough time you must check the BTC address they provide will land to same scammer address.

Thanks for your suggestion I will bookmark it as my reference to report scammer's IP.
Well, I am not really good at tracking a lot of transactions (my brain seemed to explode when I did it), I only track the 1st to 5th output was made by that address and the outputs ended in these addresses below

- https://www.blockchain.com/btc/address/bc1q45rrcv82ktg57299zh8fagh97qa88v7lcv94sy
- https://www.blockchain.com/btc/address/bc1qdcrjmh4q4uhwxh2egm9zxl4w5secwlsthwpe98
- https://www.blockchain.com/btc/address/bc1qrd7zy9xtfzuf5hk8n9semy3yc0ew4z6rxrg5sg