|
cryptomaniac_xxx (OP)
|
 |
January 06, 2021, 09:21:54 AM |
|
What happened: Stellar phishing site Website: http://stellàr.com/
xn--stellr-mta.com
 Whois Record for Stellàr.com How does this work? Domain Profile Registrant WhoisGuard Protected Registrant Org WhoisGuard, Inc. Registrant Country pa Registrar NAMECHEAP INC NameCheap, Inc. IANA ID: 1068 URL: http://www.namecheap.comWhois Server: whois.namecheap.com (p) Registrar Status clientTransferProhibited Dates 8 days old Created on 2020-12-29 Expires on 2021-12-29 Updated on 0000-12-31 Name Servers BRYNNE.NS.CLOUDFLARE.COM (has 17,950,804 domains) NED.NS.CLOUDFLARE.COM (has 17,950,804 domains) Tech Contact WhoisGuard Protected WhoisGuard, Inc. P.O. Box 0823-03411, Panama, Panama, pa (p) (f) IP Address 193.169.253.189 is hosted on a dedicated server Since Stellar is also making a good spike in this latest altcoin bull run, criminals wanted to take advantage by creating this very similar Stellar phishing site.
|
|
|
|
|
|
|
|
|
|
|
|
|
You can see the statistics of your reports to moderators on the "Report to moderator" pages.
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
Kemarit
Legendary
 Offline
Activity: 3080
Merit: 1353
|
|
January 07, 2021, 01:52:57 AM |
|
The website has been taken down already, I'm glad that the domain registrar took it very quickly because obviously this is a very dangerous site. But we might see another attack in the future, altcoin has been rallying as well together with Bitcoin.
So I will not be surprised if there will be MEW, ADA, XLM phishing sites so be very on the alert and report it here so that together we can report the sites to Google or the domain registrar themselves.
|
|
|
|
|
cryptomaniac_xxx (OP)
|
|
January 12, 2021, 08:15:35 AM |
|
Another Stellar phishing site found Website: Archived: https://archive.is/TTp0V
Whois Record for Stellar.org.mu
How does this work?
Domain Profile
Registrar FranceDNS
IANA ID: —
URL: —
Whois Server: —
Registrar Status clientTransferProhibited
Dates 89 days old
Created on 2020-10-14
Expires on 2021-10-14
Updated on 2020-10-14
Name Servers NS1.NETIM.NET (has 61,764 domains)
NS2.NETIM.NET (has 61,764 domains)
NS3.NETIM.NET (has 61,764 domains)
Tech Contact —
IP Address 139.28.37.153 - -1 other site is hosted on this server
IP Location Ukraine - Kyiv - Kiev - Deltahost
ASN Ukraine AS42159 DELTAHOST-AS, UA (registered Aug 17, 2009)
IP History 1 change on 1 unique IP addresses over 1 years
Hosting History 1 change on 2 unique name servers over 1 year
So don't be fooled by this and kindly please report to Google's https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en |
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1512
Merit: 7342
Farewell, Leo
|
|
January 12, 2021, 08:28:55 AM |
|
Once you click Get Started it downloads you this:  I have no idea what it is, but it's mostly a malware/virus. So, be aware! I hope I caught it up, when I clicked "close". |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
wildan88
Legendary
Offline
Activity: 1862
Merit: 1046
|
|
January 12, 2021, 03:26:24 PM |
|
Things downloaded from such sites are usually also full of viruses. Or a horse. It is quite easy that it is then installed on your PC and registers everything with a keylogger, for example.
Then you don't realize anything, but behind the scenes most of it takes place and then they can access all coins and other passwords of accounts.
|
|
|
|
|
|
.
..1xBit.com Super Six.. | ▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████ ▀██
██████████▌ ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████ | ███████████████
█████████████▀
█████▀▀
███▀ ▄███ ▄
██▄▄████▌ ▄█
████████
████████▌
█████████ ▐█
██████████ ▐█
███████▀▀ ▄██
███▀ ▄▄▄█████
███ ▄██████████
███████████████ | ███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████ | ▄█████
▄██████
▄███████
▄████████
▄█████████
▄██████████
▄███████████
▄████████████
▄█████████████
▄██████████████
▀▀███████████
▀▀███████
▀▀██▀ | ▄▄██▌
▄▄███████
█████████▀
▄██▄▄▀▀██▀▀
▄██████ ▄▄▄
███████ ▄█▄ ▄
▀██████ █ ▀█
▀▀▀ ▄ ▀▄▄█▀
▄▄█████▄ ▀▀▀
▀████████
▀█████▀ ████
▀▀▀ █████
█████ | ▄ █▄▄ █ ▄
▀▄██▀▀▀▀▀▀▀▀
▀ ▄▄█████▄█▄▄
▄ ▄███▀ ▀▀ ▀▀▄
▄██▄███▄ ▀▀▀▀▄ ▄▄
▄████████▄▄▄▄▄█▄▄▄██
████████████▀▀ █ ▐█
██████████████▄ ▄▄▀██▄██
▐██████████████ ▄███
████▀████████████▄███▀
▀█▀ ▐█████████████▀
▐████████████▀
▀█████▀▀▀ █▀ | .
Premier League
LaLiga
Serie A | .
Bundesliga
Ligue 1
Primeira Liga | | .
..TAKE PART.. |
|
|
|
$crypto$
Legendary
Offline
Activity: 2366
Merit: 1041
Smart is not enough, there must be skills
|
|
January 12, 2021, 03:55:31 PM |
|
Again, I found a fake giveaway site from stellar, after I did a search, it turned out that this domain was not yet publicized here. Website: https://stellar-term.com/Archived: https://archive.is/Wr7oTDomain Name: stellar-term.com Registry Domain ID: 2582364778_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.registrar.eu Registrar URL: http://www.registrar.euUpdated Date: 2021-01-03T18:58:58Z Creation Date: 2021-01-03T17:54:19Z Registrar Registration Expiration Date: 2022-01-03T17:54:19Z Registrar: Hosting Concepts B.V. d/b/a Openprovider Registrar IANA ID: 1647  Don't download anything from this site because a virus has been planted in it, this site was only created 9 days ago. |
|
|
|
|
|
| R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | | | 4,000+ GAMES███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | █████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀ | █████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀ |
| | | ██░░░░░░░░░░░░░░░░░░░░░░██
▀█▄░▄▄░░░░░░░░░░░░▄▄░▄█▀
▄▄███░░░░░░░░░░░░░░███▄▄
▀░▀▄▀▄░░░░░▄▄░░░░░▄▀▄▀░▀
▄▄▄▄▄▀▀▄▄▀▀▄▄▄▄▄
█░▄▄▄██████▄▄▄░█
█░▀▀████████▀▀░█
█░█▀▄▄▄▄▄▄▄▄██░█
█░█▀████████░█
█░█░██████░█
▀▄▀▄███▀▄▀
▄▀▄▀▄▄▄▄▀▄▀▄
██▀░░░░░░░░▀██ | | | | | | | .
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
████████████░███████▀▄▀
████████████░██▀▄▄▄▄▀
████████████░▀▄▀
████████████▄▀
███████████▀ | ▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄██████▀████░███▄▀██▄
███░█████████▀██░████░███
███░████░█▄████▀░████░███
███░████░███▄████████░███
▀██▄▀███░█████▄█████▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀ | | OFFICIAL PARTNERSHIP
FAZE CLAN
SSC NAPOLI | | |
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1512
Merit: 7342
Farewell, Leo
|
|
January 12, 2021, 04:03:14 PM |
|
Don't download anything from this site because a virus has been planted in it, this site was only created 9 days ago. Did I cut it up? I hit cancel, I hope I'm clean. |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
|
cryptomaniac_xxx (OP)
|
|
January 16, 2021, 05:30:40 AM |
|
The second site is still up and running, and yes it contained a malware/trojan:  So don't click "Get Started" as it will download the malware to your PC. |
|
|
|
zanezane
Full Member
Offline
Activity: 868
Merit: 150
★Bitvest.io★ Play Plinko or Invest!
|
|
January 16, 2021, 05:46:03 AM |
|
Once you click Get Started it downloads you this: I have no idea what it is, but it's mostly a malware/virus. So, be aware! I hope I caught it up, when I clicked "close". Get your anti virus ready and scan your computer because malwares are one tricky program that can hide itself. If you can, reset your computer to default, the problem with these one is the files on your computer will be deleted too. Advice for you, if you were to do this again in the future, fire up some Virtual Machine so you can be at ease when you are opening one, make it two layered VM to be extra safe. |
|
|
|
BlackHatCoiner
Legendary
Offline
Activity: 1512
Merit: 7342
Farewell, Leo
|
|
January 26, 2021, 08:22:58 AM |
|
Get your anti virus ready and scan your computer because malwares are one tricky program that can hide itself. If you can, reset your computer to default, the problem with these one is the files on your computer will be deleted too. Advice for you, if you were to do this again in the future, fire up some Virtual Machine so you can be at ease when you are opening one, make it two layered VM to be extra safe. How can this happen? I mean, what can a file with no extension do? Especially if I hit closed early. I ran the Anti virus and it found nothing suspicious. Do I still have to be afraid of anything? |
.
.HUGE. | | | | | | █▀▀▀▀
█
█
█
█
█
█
█
█
█
█
█
█▄▄▄▄ | ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
.
CASINO & SPORTSBOOK
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ | ▀▀▀▀█
█
█
█
█
█
█
█
█
█
█
█
▄▄▄▄█ | | |
|
|
|
zanezane
Full Member
Offline
Activity: 868
Merit: 150
★Bitvest.io★ Play Plinko or Invest!
|
|
January 26, 2021, 08:42:03 AM |
|
snip How can this happen? I mean, what can a file with no extension do? Especially if I hit closed early. I ran the Anti virus and it found nothing suspicious. Do I still have to be afraid of anything? I do not have that much experience with cybersecurity so most of the replies there are just a paranoid precaution because I do not know a lot about malwares and stuff like that but I know enough to know that they pose a real threat. Hopefully, you did not get the malware as you have mentioned that you have closed the download early and a good thing that you did scan your computer, but beware because all malwares are not created equal, some pretend to be a good file or worse an armored virus. Heed my advice about using VMs for this kind of things because I know that you are a curious one. And yeah, don't be afraid of anything, you did what you can to prevent the entry of the malware right? Don't second guess yourself. |
|
|
|
|
cryptomaniac_xxx (OP)
|
|
February 25, 2021, 07:37:19 AM |
|
What happened: Another Stellar phishing site Website:  Archived: https://archive.is/4Tr4hRegistrar NETIM
IANA ID: —
URL: —
Whois Server: —
(p)
Registrar Status clientTransferProhibited
Dates 17 days old
Created on 2021-02-07
Expires on 2022-02-07
Updated on 2021-02-08
Name Servers NS1.NETIM.NET (has 62,469 domains)
NS2.NETIM.NET (has 62,469 domains)
NS3.NETIM.NET (has 62,469 domains)
Tech Contact —
IP Address 139.28.37.66 - 2 other sites hosted on this server
|
|
|
|
Kittygalore
Member
Offline
Activity: 868
Merit: 63
|
|
February 25, 2021, 08:08:47 AM |
|
What happened: Another Stellar phishing site Website: Archived: https://archive.is/4Tr4hRegistrar NETIM
IANA ID: —
URL: —
Whois Server: —
(p)
Registrar Status clientTransferProhibited
Dates 17 days old
Created on 2021-02-07
Expires on 2022-02-07
Updated on 2021-02-08
Name Servers NS1.NETIM.NET (has 62,469 domains)
NS2.NETIM.NET (has 62,469 domains)
NS3.NETIM.NET (has 62,469 domains)
Tech Contact —
IP Address 139.28.37.66 - 2 other sites hosted on this server They really are a persistent bunch, having create another website after having their 2 previous website taken down means that they won't be going down without a fight. I can interpret this as a sign that they are trying to fight the scam busters through attrition. The one who lasts will be the one that will be declared victorious. Hopefully they lose a lot of money from hosting this websites because afaik hosting costs a lot of money. |
|
|
|
|
|
CryptoYar
|
|
February 25, 2021, 12:43:23 PM |
|
There are some more Stellar phishing websites that need to be reported. https://accountviewer.stellar.org.ht/
https://accountviewer.stellar.org.il/
https://accountviewer.stellar.org.lc/
https://stellar.org.ht/
https://stellar.org.il/
https://stellar.org.lc/
https://www.stellar.org.ht/
https://www.stellar.org.il/
https://www.stellar.org.lc/
Please report here : https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en |
|
|
|
|
jerryroy1
Newbie
Offline
Activity: 2
Merit: 0
|
|
March 09, 2021, 07:15:10 PM |
|
I was Scammed by these a$$holes. I receive lots of email from Stellar and I don't know how I let this one slip thru and didn't pay attention.  The link on the email takes you to this PAGE. https://stellar.org.lc/blog/introducing-the-stellar-community-staking-competition/Why in the hell do these exchanges take your entire life's documents such as Drivers License, Passport and pictures and then not tie it to send and receive addresses of the person who created the account so they can be tracked? If this were done, we could track the perpetrator of such scams. Oh, wait, it is because it can be forged and fake accounts can be created! I get it! So now we know why the following is going to come true. Satan hates when anyone steals from him, so he is going to make sure you can't. "Then I saw another beast come up out of the earth. He had two horns like those of a lamb, but he spoke with the voice of a dragon. He exercised all the authority of the first beast. And he required all the earth and its people to worship the first beast, whose fatal wound had been healed. He did astounding miracles, even making fire flash down to earth from the sky while everyone was watching. And with all the miracles he was allowed to perform on behalf of the first beast, he deceived all the people who belong to this world. He ordered the people to make a great statue of the first beast, who was fatally wounded and then came back to life. He was then permitted to give life to this statue so that it could speak. Then the statue of the beast commanded that anyone refusing to worship it must die." "He required everyone—small and great, rich and poor, free and slave—to be given a mark on the right hand or on the forehead. And no one could buy or sell anything without that mark, which was either the name of the beast or the number representing his name. Wisdom is needed here. Let the one with understanding solve the meaning of the number of the beast, for it is the number of a man. His number is 666." Revelation 13:11-18 "So the first angel left the Temple and poured out his bowl on the earth, and horrible, malignant sores broke out on everyone who had the mark of the beast and who worshiped his statue." Revelation 16:2 "Then I saw thrones, and the people sitting on them had been given the authority to judge. And I saw the souls of those who had been beheaded for their testimony about Jesus and for proclaiming the word of God. They had not worshiped the beast or his statue, nor accepted his mark on their foreheads or their hands. They all came to life again, and they reigned with Christ for a thousand years." Revelation 20 |
|
|
|
|
|
