Bitcoin Forum
November 01, 2024, 10:36:27 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: [Scam]: Stellar phishing site  (Read 157 times)
cryptomaniac_xxx (OP)
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 601


DGbet.fun - Crypto Sportsbook


View Profile
January 06, 2021, 09:21:54 AM
Merited by Dave1 (1)
 #1

What happened: Stellar phishing site

Website:
Code:
http://stellàr.com/
xn--stellr-mta.com

Archived: https://archive.is/P2r4K



Quote

Whois Record for Stellàr.com
How does this work?
Domain Profile
Registrant    WhoisGuard Protected
Registrant Org    WhoisGuard, Inc.
Registrant Country    pa
Registrar    NAMECHEAP INC NameCheap, Inc.
IANA ID: 1068
URL: http://www.namecheap.com
Whois Server: whois.namecheap.com

(p)
Registrar Status    clientTransferProhibited
Dates    8 days old
Created on 2020-12-29
Expires on 2021-12-29
Updated on 0000-12-31    
  
Name Servers    BRYNNE.NS.CLOUDFLARE.COM (has 17,950,804 domains)
NED.NS.CLOUDFLARE.COM (has 17,950,804 domains)
   
  
Tech Contact    WhoisGuard Protected
WhoisGuard, Inc.
P.O. Box 0823-03411,
Panama, Panama, pa

(p) (f)
IP Address    193.169.253.189 is hosted on a dedicated server

Since Stellar is also making a good spike in this latest altcoin bull run, criminals wanted to take advantage by creating this very similar Stellar phishing site.

Kemarit
Legendary
*
Offline Offline

Activity: 3262
Merit: 1386


View Profile
January 07, 2021, 01:52:57 AM
Merited by cryptomaniac_xxx (1)
 #2

The website has been taken down already, I'm glad that the domain registrar took it very quickly because obviously this is a very dangerous site. But we might see another attack in the future, altcoin has been rallying as well together with Bitcoin.

So I will not be surprised if there will be MEW, ADA, XLM phishing sites so be very on the alert and report it here so that together we can report the sites to Google or the domain registrar themselves.
cryptomaniac_xxx (OP)
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 601


DGbet.fun - Crypto Sportsbook


View Profile
January 12, 2021, 08:15:35 AM
 #3

Another Stellar phishing site found

Website:
Code:
https://stellar.org.mu/

Archived: https://archive.is/TTp0V



Quote

Whois Record for Stellar.org.mu
How does this work?
Domain Profile
Registrar    FranceDNS
IANA ID: —
URL: —
Whois Server: —
Registrar Status    clientTransferProhibited
Dates    89 days old
Created on 2020-10-14
Expires on 2021-10-14
Updated on 2020-10-14    
  
Name Servers    NS1.NETIM.NET (has 61,764 domains)
NS2.NETIM.NET (has 61,764 domains)
NS3.NETIM.NET (has 61,764 domains)
   
  
Tech Contact    —
IP Address    139.28.37.153 - -1 other site is hosted on this server
   
  
IP Location    Ukraine - Kyiv - Kiev - Deltahost
ASN    Ukraine AS42159 DELTAHOST-AS, UA (registered Aug 17, 2009)
IP History    1 change on 1 unique IP addresses over 1 years    
  
Hosting History    1 change on 2 unique name servers over 1 year

So don't be fooled by this and kindly please report to Google's https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en

BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1694
Merit: 8318


Bitcoin is a royal fork


View Profile WWW
January 12, 2021, 08:28:55 AM
 #4

Once you click Get Started it downloads you this:



I have no idea what it is, but it's mostly a malware/virus. So, be aware! I hope I caught it up, when I clicked "close".

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
wildan88
Legendary
*
Offline Offline

Activity: 1862
Merit: 1046



View Profile
January 12, 2021, 03:26:24 PM
 #5

Things downloaded from such sites are usually also full of viruses. Or a horse. It is quite easy that it is then installed on your PC and registers everything with a keylogger, for example.
Then you don't realize anything, but behind the scenes most of it takes place and then they can access all coins and other passwords of accounts.

.
..1xBit.com   Super Six..
▄█████████████▄
████████████▀▀▀
█████████████▄
█████████▌▀████
██████████  ▀██
██████████▌   ▀
████████████▄▄
███████████████
███████████████
███████████████
███████████████
███████████████
▀██████████████
███████████████
█████████████▀
█████▀▀       
███▀ ▄███     ▄
██▄▄████▌    ▄█
████████       
████████▌     
█████████    ▐█
██████████   ▐█
███████▀▀   ▄██
███▀   ▄▄▄█████
███ ▄██████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████████
███████████▀▀▀█
██████████     
███████████▄▄▄█
███████████████
███████████████
███████████████
███████████████
███████████████
         ▄█████
        ▄██████
       ▄███████
      ▄████████
     ▄█████████
    ▄███████
   ▄███████████
  ▄████████████
 ▄█████████████
▄██████████████
  ▀▀███████████
      ▀▀███
████
          ▀▀
          ▄▄██▌
      ▄▄███████
     █████████▀

 ▄██▄▄▀▀██▀▀
▄██████     ▄▄▄
███████   ▄█▄ ▄
▀██████   █  ▀█
 ▀▀▀
    ▀▄▄█▀
▄▄█████▄    ▀▀▀
 ▀████████
   ▀█████▀ ████
      ▀▀▀ █████
          █████
       ▄  █▄▄ █ ▄
     ▀▄██▀▀▀▀▀▀▀▀
      ▀ ▄▄█████▄█▄▄
    ▄ ▄███▀    ▀▀ ▀▀▄
  ▄██▄███▄ ▀▀▀▀▄  ▄▄
  ▄████████▄▄▄▄▄█▄▄▄██
 ████████████▀▀    █ ▐█
██████████████▄ ▄▄▀██▄██
 ▐██████████████    ▄███
  ████▀████████████▄███▀
  ▀█▀  ▐█████████████▀
       ▐████████████▀
       ▀█████▀▀▀ █▀
.
Premier League
LaLiga
Serie A
.
Bundesliga
Ligue 1
Primeira Liga
.
..TAKE PART..
$crypto$
Legendary
*
Offline Offline

Activity: 2548
Merit: 1071


Smart is not enough, there must be skills


View Profile WWW
January 12, 2021, 03:55:31 PM
 #6

Again, I found a fake giveaway site from stellar, after I did a search, it turned out that this domain was not yet publicized here.

Website: https://stellar-term.com/
Archived: https://archive.is/Wr7oT

Quote
Domain Name: stellar-term.com
Registry Domain ID: 2582364778_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.registrar.eu
Registrar URL: http://www.registrar.eu
Updated Date: 2021-01-03T18:58:58Z
Creation Date: 2021-01-03T17:54:19Z
Registrar Registration Expiration Date: 2022-01-03T17:54:19Z
Registrar: Hosting Concepts B.V. d/b/a Openprovider
Registrar IANA ID: 1647



Don't download anything from this site because a virus has been planted in it, this site was only created 9 days ago.

R


▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀
LLBIT|
4,000+ GAMES
███████████████████
██████████▀▄▀▀▀████
████████▀▄▀██░░░███
██████▀▄███▄▀█▄▄▄██
███▀▀▀▀▀▀█▀▀▀▀▀▀███
██░░░░░░░░█░░░░░░██
██▄░░░░░░░█░░░░░▄██
███▄░░░░▄█▄▄▄▄▄████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█████████
▀████████
░░▀██████
░░░░▀████
░░░░░░███
▄░░░░░███
▀█▄▄▄████
░░▀▀█████
▀▀▀▀▀▀▀▀▀
█████████
░░░▀▀████
██▄▄▀░███
█░░█▄░░██
░████▀▀██
█░░█▀░░██
██▀▀▄░███
░░░▄▄████
▀▀▀▀▀▀▀▀▀
||.
|
▄▄████▄▄
▀█▀
▄▀▀▄▀█▀
▄░░▄█░██░█▄░░▄
█░▄█░▀█▄▄█▀░█▄░█
▀▄░███▄▄▄▄███░▄▀
▀▀█░░░▄▄▄▄░░░█▀▀
░░██████░░█
█░░░░▀▀░░░░█
▀▄▀▄▀▄▀▄▀▄
▄░█████▀▀█████░▄
▄███████░██░███████▄
▀▀██████▄▄██████▀▀
▀▀████████▀▀
.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
░▀▄░▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄░▄▀
███▀▄▀█████████████████▀▄▀
█████▀▄░▄▄▄▄▄███░▄▄▄▄▄▄▀
███████▀▄▀██████░█▄▄▄▄▄▄▄▄
█████████▀▄▄░███▄▄▄▄▄▄░▄▀
███████████░███████▀▄▀
███████████░██▀▄▄▄▄▀
███████████░▀▄▀
████████████▄▀
███████████
▄▄███████▄▄
▄████▀▀▀▀▀▀▀████▄
▄███▀▄▄███████▄▄▀███▄
▄██▀▄█▀▀▀█████▀▀▀█▄▀██▄
▄██▀▄███░░░▀████░███▄▀██▄
███░████░░░░░▀██░████░███
███░████░█▄░░░░▀░████░███
███░████░███▄░░░░████░███
▀██▄▀███░█████▄░░███▀▄██▀
▀██▄▀█▄▄▄██████▄██▀▄██▀
▀███▄▀▀███████▀▀▄███▀
▀████▄▄▄▄▄▄▄████▀
▀▀███████▀▀
OFFICIAL PARTNERSHIP
SOUTHAMPTON FC
FAZE CLAN
SSC NAPOLI
BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1694
Merit: 8318


Bitcoin is a royal fork


View Profile WWW
January 12, 2021, 04:03:14 PM
 #7

Don't download anything from this site because a virus has been planted in it, this site was only created 9 days ago.
Did I cut it up? I hit cancel, I hope I'm clean.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
cryptomaniac_xxx (OP)
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 601


DGbet.fun - Crypto Sportsbook


View Profile
January 16, 2021, 05:30:40 AM
 #8

The second site is still up and running, and yes it contained a malware/trojan:



So don't click "Get Started" as it will download the malware to your PC.

zanezane
Full Member
***
Offline Offline

Activity: 868
Merit: 150


★Bitvest.io★ Play Plinko or Invest!


View Profile
January 16, 2021, 05:46:03 AM
 #9

Once you click Get Started it downloads you this:



I have no idea what it is, but it's mostly a malware/virus. So, be aware! I hope I caught it up, when I clicked "close".
Get your anti virus ready and scan your computer because malwares are one tricky program that can hide itself. If you can, reset your computer to default, the problem with these one is the files on your computer will be deleted too. Advice for you, if you were to do this again in the future, fire up some Virtual Machine so you can be at ease when you are opening one, make it two layered VM to be extra safe.

BlackHatCoiner
Legendary
*
Offline Offline

Activity: 1694
Merit: 8318


Bitcoin is a royal fork


View Profile WWW
January 26, 2021, 08:22:58 AM
 #10

Get your anti virus ready and scan your computer because malwares are one tricky program that can hide itself. If you can, reset your computer to default, the problem with these one is the files on your computer will be deleted too. Advice for you, if you were to do this again in the future, fire up some Virtual Machine so you can be at ease when you are opening one, make it two layered VM to be extra safe.
How can this happen? I mean, what can a file with no extension do? Especially if I hit closed early. I ran the Anti virus and it found nothing suspicious. Do I still have to be afraid of anything?

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
zanezane
Full Member
***
Offline Offline

Activity: 868
Merit: 150


★Bitvest.io★ Play Plinko or Invest!


View Profile
January 26, 2021, 08:42:03 AM
 #11

snip
How can this happen? I mean, what can a file with no extension do? Especially if I hit closed early. I ran the Anti virus and it found nothing suspicious. Do I still have to be afraid of anything?
I do not have that much experience with cybersecurity so most of the replies there are just a paranoid precaution because I do not know a lot about malwares and stuff like that but I know enough to know that they pose a real threat. Hopefully, you did not get the malware as you have mentioned that you have closed the download early and a good thing that you did scan your computer, but beware because all malwares are not created equal, some pretend to be a good file or worse an armored virus. Heed my advice about using VMs for this kind of things because I know that you are a curious one. And yeah, don't be afraid of anything, you did what you can to prevent the entry of the malware right? Don't second guess yourself.

cryptomaniac_xxx (OP)
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 601


DGbet.fun - Crypto Sportsbook


View Profile
February 25, 2021, 07:37:19 AM
 #12

What happened: Another Stellar phishing site

Website:
Code:
https://stellar.org.ht/



Archived: https://archive.is/4Tr4h

Quote
Registrar    NETIM
IANA ID: —
URL: —
Whois Server: —

(p)
Registrar Status    clientTransferProhibited
Dates    17 days old
Created on 2021-02-07
Expires on 2022-02-07
Updated on 2021-02-08    
 
Name Servers    NS1.NETIM.NET (has 62,469 domains)
NS2.NETIM.NET (has 62,469 domains)
NS3.NETIM.NET (has 62,469 domains)
   
 
Tech Contact    —
IP Address    139.28.37.66 - 2 other sites hosted on this server

Kittygalore
Member
**
Offline Offline

Activity: 868
Merit: 63


View Profile
February 25, 2021, 08:08:47 AM
 #13

What happened: Another Stellar phishing site

Website:
Code:
https://stellar.org.ht/

Archived: https://archive.is/4Tr4h

Quote
Registrar    NETIM
IANA ID: —
URL: —
Whois Server: —

(p)
Registrar Status    clientTransferProhibited
Dates    17 days old
Created on 2021-02-07
Expires on 2022-02-07
Updated on 2021-02-08    
 
Name Servers    NS1.NETIM.NET (has 62,469 domains)
NS2.NETIM.NET (has 62,469 domains)
NS3.NETIM.NET (has 62,469 domains)
   
 
Tech Contact    —
IP Address    139.28.37.66 - 2 other sites hosted on this server
They really are a persistent bunch, having create another website after having their 2 previous website taken down means that they won't be going down without a fight. I can interpret this as a sign that they are trying to fight the scam busters through attrition. The one who lasts will be the one that will be declared victorious. Hopefully they lose a lot of money from hosting this websites because afaik hosting costs a lot of money.
CryptoYar
Hero Member
*****
Offline Offline

Activity: 1064
Merit: 639



View Profile
February 25, 2021, 12:43:23 PM
 #14

There are some more Stellar phishing websites that need to be reported.
Code:
https://accountviewer.stellar.org.ht/
https://accountviewer.stellar.org.il/
https://accountviewer.stellar.org.lc/
https://stellar.org.ht/
https://stellar.org.il/
https://stellar.org.lc/
https://www.stellar.org.ht/
https://www.stellar.org.il/
https://www.stellar.org.lc/

Please report here : https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
jerryroy1
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
March 09, 2021, 07:15:10 PM
 #15

I was Scammed by these a$$holes. I receive lots of email from Stellar and I don't know how I let this one slip thru and didn't pay attention. Sad

The link on the email takes you to this PAGE. https://stellar.org.lc/blog/introducing-the-stellar-community-staking-competition/

Why in the hell do these exchanges take your entire life's documents such as Drivers License, Passport and pictures and then not tie it to send and receive addresses of the person who created the account so they can be tracked? If this were done, we could track the perpetrator of such scams. Oh, wait, it is because it can be forged and fake accounts can be created! I get it! So now we know why the following is going to come true. Satan hates when anyone steals from him, so he is going to make sure you can't.

"Then I saw another beast come up out of the earth. He had two horns like those of a lamb, but he spoke with the voice of a dragon. He exercised all the authority of the first beast. And he required all the earth and its people to worship the first beast, whose fatal wound had been healed. He did astounding miracles, even making fire flash down to earth from the sky while everyone was watching. And with all the miracles he was allowed to perform on behalf of the first beast, he deceived all the people who belong to this world. He ordered the people to make a great statue of the first beast, who was fatally wounded and then came back to life. He was then permitted to give life to this statue so that it could speak. Then the statue of the beast commanded that anyone refusing to worship it must die."

"He required everyone—small and great, rich and poor, free and slave—to be given a mark on the right hand or on the forehead. And no one could buy or sell anything without that mark, which was either the name of the beast or the number representing his name. Wisdom is needed here. Let the one with understanding solve the meaning of the number of the beast, for it is the number of a man. His number is 666." Revelation 13:11-18

"So the first angel left the Temple and poured out his bowl on the earth, and horrible, malignant sores broke out on everyone who had the mark of the beast and who worshiped his statue." Revelation 16:2

"Then I saw thrones, and the people sitting on them had been given the authority to judge. And I saw the souls of those who had been beheaded for their testimony about Jesus and for proclaiming the word of God. They had not worshiped the beast or his statue, nor accepted his mark on their foreheads or their hands. They all came to life again, and they reigned with Christ for a thousand years." Revelation 20



Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!