Breadcrumbs to a server full of scam websites...

Do repost and rate:

So I was hanging around in my usual telegram groups the other day (shout out to the boys at Bad Crypto Podcast telegram page) when someone posted a link that they had been invited to a telegram group randomly and they were being told to visit a website and sign up, when they visited the website it seemed like a scam. I thought I would take a look at it and see what information I could find out. 

Now a couple of things to know before we get started - I am not a super intelligent computer security person, in fact I know sweet fuck all about this sort of stuff - I'm just some guys who's like a dog with a bone, sometimes I find it hard to let go.. so keep that in mind when reading the article. 

Either way I found it fun trying to find out as much information as possible and if I can work this out with a bit of time and persistence (and googling a lot) pretty much anybody can. It all comes down to DYOR when investing in Crypto.

If you enjoy the article, please follow me or make a comment below, that would be appreciated.

So lets do it...

The scam website posted was Crypto-Global.ltd at https://crypto-global.ltd/?a=home 

So why was the person originally alerted to it being a scam website? Probably something to do with the picture of one of the "Experience Advisor" they had on their website. I mean who wouldn't trust the sexy face of "Johnatan Doe" cough cough I mean Nathan Fillion? I would certainly hand my money over to the Captain of the Firefly, that's for sure. breadcrumbs.. breadcrumbs..

So when taking a look over the website its actually hard to determine what they actually do, I mean there are a lot of fancy words and stuff but most of it doesn't actually make any sense. This should be the first indication that it is a scam website.

We really utilize their epic experience and learning and direct them to utilize the working capital of the organization.

Our aggregate encapsulated solidarity and unanimity from one viewpoint, and also entire innovative freedom on the other.

I mean what does that even mean? And you know what it doesn't matter what it means, all you need to know is if it doesn't make sense to you then they are probably talking shit. breadcrumbs.. breadcrumbs..

According to the website they have 6,472,914 investors, so that's 6 million investors, much WOW that's amazing! They are also stating they have been online for 889 days, I mean it all seems to good to be true right? Well yes it is. Lets take a quick look at the domain name and when the domain was registered.

So a quick whois look up on the domain name tells us its 73 days old and registered on namecheap - all contact details have been redacted for privacy reasons. (no shit right) We also know the site is being hosted on namecheap, possibly in Georgia Atlanta. So while we cant get any contact details of the people running the website we can get an idea of the age of the domain and where it is being hosted - that's another clue to if the site is legit or not.

In an attempt to make the website look more legit they supposedly have a copy of the Certificate of Incorporation for the business, again if you look at the date it was made on the 30th November. If we look into more details on this certificate it is actually a real certificate and registered, but we need to  keep in mind that doesn't meant its actually related to the website in question. It is highly possible the scammers running the website have just searched for new companies that have recently been registered that look "crypto or money related" then they can use those certificates on their website. Now further to this at the end of this article I will be listed a whole heap of websites, all with these so called certificates from legit companies that are most likely stolen - its possible these are actually legit registered to then use in this scam but I just doubt the scammers would be that stupid considering they have taken other lengths to hide their identities.

Anyway from the certificate we can verify the address on the website is the same as the address that the company certificate is registered to, again this is trying to give legitimacy to the website, but it actually means nothing.

You can see below the business is registered, but I have a feeling its not related to the website.. who knows, maybe, maybe not.

 

The website also uses lots of fancy graphs and numbers and updates with widgets to try and add legitimacy, but again these are just free widgets you can get from any websites like: https://www.cryptocompare.com/ we can find where these come from by looking at the source code of the website (onto that in more detail later)

 

As we scroll down further we can see a video that tells us about the company, now if you actually watch the video you can see the poorly edited signage on the video and also the voice over is computer generated - again to keep things anonymous. Also if you grab the address from the business registration you can compare the business in the video to the actual house at the same address.

These are not the same location... breadcrumbs.. breadcrumbs..

Now lets have a look at the plans being offered, all you need to remember is that if its too good to be true it probably is. I mean you would think that I wouldn't have to point this out, that its just obviously fake, but clearly people are falling for it. I guess people probably say, meh why not just give it a go, who knows maybe Ill make some big cash returns. DO NOT FUCKING DO THIS CLOWN

You have to love the testimonials, I mean is that literally the same guy with a mustache and hair paint shopped on? At this point you would have to wonder if the scammers have just given up and don't give a fuck anymore. I mean have some pride for fucks sake.

 

So lets have a little more of a look around at the page source and see what we can find.. I managed to find some directories with incorrect permissions which lead me to a template website among other things (shhh), from there I could determine what template the scammers are using and where they got it from - clearly if this was a legit site they wouldn't be using some cheap ass template. Oh and this is the template: Looks pretty familiar doesn't it. breadcrumbs.. breadcrumbs..

So might as well register and get some of those amazing returns I guess, so I registered. Not much going on here, I cant deposit anything as the links don't seem to be working properly, also I tried to contact support but they never got back to me even though they claim to get back to you immediately. (more on this later) On sign up they ask for your wallet address I assume this is so they can check if you have currency and what possibly they can scam you for, smart move really. They obviously also take your IP address, email address, password - and no doubt try these on other websites. Your data would 100% be sold to other websites and hacking groups.

Lets fast forward a little bit >>  otherwise we will never get to the end, a bit more snooping around and we have a whatsapp number, we also find other companies related to this one and various other things probably not so important. 

 

 

Some further digging and we decide to have a look at what server the website is on and what we can find out from that... breadcrumbs.. breadcrumbs..

So they are hosted on namecheap, or http://web-hosting.com/ who is owned by namecheap I think.

These are the other websites that are hosted on the same server... notice anything? Yup they are all basically the same, all seem to be scam websites. I haven't had a detailed look at everyone, but what I can say is that its highly likely the same scammers run all of them. Actually going into more detail I did contact support for these websites when I was bored to stir shit and I did notice a couple of things, most had really good english and it did seem that the person I was talking to was not the same person. I still thing its highly likely these are all owned by the same scammers, however they might be using a Call Center type set up to run the chat rooms and are probably doing it for hundreds of sites.

Here is the list of some other sites I found on the same server that could possibly be (are) scam sites, this was much hours to look through..

https://24tradeprofitoption.com/home.php

https://bitstilcrypto.ltd/

https://capital-trust.us/

https://coinarc.ltd/

https://coin-orbit.com/

https://cryptocloudmine.ltd/

https://crypto-global.ltd/

https://fxcryptomass.com/

https://globalinvesttrade.ltd/

https://standardinvestfx.com/

The next 2 were on the list as well, but look to be different, not 100% sure if they are scam sites so please let me know in the comments, I did notice on this website they do ask for you personal keys, which to me is a sign they are scamming you. NEVER GIVE ANYONE YOUR PERSONAL KEYS for fucks sake.

https://atomic-wallet-reward.com/

https://atomic-walletrewards.com/

Its a mirrored site, I have no idea what that means so let me know.. fuck im getting sidetracked again...

Anyway back to the drama I guess, breadcrumbs... breadcrumbs...

Its funny and I must be stupid, because I was really really trying to deposit lots of BTC into my account to get those massive gains but it just wouldn't work. I guess its time to contact support and get some help. Oh this should be fun..

*Ive done my best to cut and paste an image here.. apologies if hard to read.

 

 

 

That's where it ended, then they must have banned my IP or something because the chat closed and disappeared from the website. We managed to find another BTC address but it seemed like a new one, but the original BTC address he gave me was an existing address that has actually been used, so lets take a look at that.

Looking up the address at https://bitcoinwhoswho.com we can see it has a balance of 0.19140250 BTC, at this time approx value of $11k USD, 

And looking at the transaction history it show the below, now since I am no guru it would be good if someone below in comments can actually tell me what this means (I bet nobody has read this far - comment if you have) The links take us to https://bitcointalk.org and for some reason that topic.

Going to https://blockchair.com/ we can clearly see the transactions coming in, and it looks like two people have been scammed out of about $5k of BTC over the past week or so. Yeah that isn't good at all. Checking the wallets they have come from it looks like exchanges, but I'm not too sure and didn't look into too much. (I'm running out of steam, the breadcrumbs are starting to disappear now)

Going back into the website to have another look around to see if I could find anything else I started attempting to "deposit" BTC into the account, and using a confirmation transaction # hash as "FUCK YOU CUNTS SCAMMERS" or similar, after doing this a few times my account was suspended and I was unable to log in. There wasn't really any other info I could gather anyway.

Here's the ETH address the scammer was using: https://etherscan.io/address but nothing of interest there really, no doubt they spin up a new address each time they scam someone.

Also its worth keeping in mind, even though some of these addresses already have crypto in them it is possible that the have transferred their own crypto in to make the account look legit or its just some poor sod they have scammed that has sent them crypto, we don't actually really know but it would be interesting to do some decent chain analysis on the addresses to work out.

I'm knackered  must be lunch time and time to wrap this shit up. That's pretty much what a plebe like me can do with a few spare hours, I would encourage everyone to do some research and report these scammers, make them public so other people don't get ripped off. Oh and someone was asking what I looked like so here is a photo of me, honest. 

Cheers bruh.

 

Websites and good shit that I follow because they have decent content

Youtube:

  • Nuggets News
  • Benjamin Cowen 
  • Coin Bureau 
  • Spencer Tarring 
  • DirkCryptoDiggy 
  • DataDash

New projects: 

  • Redfox Labs

Podcasts:

  • The Bad Crypto Podcast
  • Unchained - Laura Shin
  • Crypto 101
  • Nuggets News

Publish0x: 

  • @AlucardLife
 https://www.publish0x.com

Regulation and Society adoption

Ждем новостей

Нет новых страниц

Следующая новость

All content provided by the site, hyperlinks, related applications, forums, blogs, social networks and other information is taken from third-party sources and is intended for reference only. We make no warranties with respect to our content, including but not limited to accuracy and timeliness. No part of the content we provide is financial advice, legal advice or any other form of advice intended for any of your personal purpose. Any use of our content is entirely at your own risk. You should conduct your own research, review, analysis and verification of our content before relying on them. Trading is a very risky activity that can lead to large losses, so consult your financial Advisor before making any decision. No content on our site is a public offer or invitation to action.

This resource may contain 18+materials

© 2016-2024