Active_BTC_Balance_0.7495_Bitcoin (Crypto Scam with a side of Copyright Infringement)

Scammer’s Website or Email: bit (dot) ly/3Y79hse
Additional information about this scam:

Email text:
19.516$ will be cancelled in 24 hours

his face in his hands.

PDF attachment screenshots:

This is full info on the scammers websites

WEBSITE: **
** Given Website is : bit.ly/3Y79hse

** Website is reditected to :https://crypto022.online/#G21a74kbff**
HINFO
| Date: Sun, 11 Dec 2022 15:23:04 GMT
| Content-Type: text/html
| Transfer-Encoding: chunked
| Connection: keep-alive
| Strict-Transport-Security: max-age=31536000;

	 **WHOIS** 
	| Domain Name: CRYPTO022.ONLINE
	| Registry Domain ID: D334380708-CNIC
	| Registrar WHOIS Server: whois.reg.ru
	| Registrar URL: https://www.reg.ru/
	| Updated Date: 2022-11-25T12:16:32.0Z
	| Creation Date: 2022-11-20T12:06:24.0Z
	| Registry Expiry Date: 2023-11-20T23:59:59.0Z
	| Registrar: Registrar of Domain Names REG.RU, LLC
	| Registrar IANA ID: 1606
	Domain Status: serverTransferProhibited https://icann.org/epp#serverTransferProhibited
	Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
	| Registrant Organization: Privacy Protection
	| Registrant State/Province:
	| Registrant Country: RU
	| Name Server: NS1.CRYPTO022.ONLINE
	| Name Server: NS2.CRYPTO022.ONLINE
	| DNSSEC: unsigned
	| Registrar Abuse Contact Email: [email protected]
	| Registrar Abuse Contact Phone: +7.4955801111
	| URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/

Gobuster scan
/CA (Status: 301) [Size: 235] [–> http://crypto022.online/CA/]
/NL (Status: 301) [Size: 235] [–> http://crypto022.online/NL/]
/AU (Status: 301) [Size: 235] [–> http://crypto022.online/AU/]
/CH (Status: 301) [Size: 235] [–> http://crypto022.online/CH/]
/DK (Status: 301) [Size: 235] [–> http://crypto022.online/DK/]
(NOT THE FULL SCAN BTW) Shows us that it host news as well. VERY weird

[This site probly not scam page but it an redirect page and propyl getting payed to promote ]
When you at https://crypto022.online/ Home page you see fake CAPTA and when press on a box you will redirected to : https://btbonus.gives/offbitbonus_1120/
Its say this
"Dear user-id81214293, welcome back
Urgent notice!

364 days ago, you registered on our platform for automatic cloud Bitcoin mining (collecting) by linking your devices to our platform by IP address.

You were not active in your personal account, but the collection of cryptocurrency occurred automatically from your device.

Your balance
$22,365.67
"
Showing us it is an scam

After hitting the NEXT for 3x you see this

"Dear user-id81214293, welcome back
How to prevent account deletion and get paid?

To receive the earned funds, follow three simple steps:

  1. Log in to your account by clicking the button below.
  If you do not remember your old password, then use the password that the system will automatically give you.
  2. In your personal account, contact your personal manager, they will prepare a payment for you.
  3. Request a withdrawal

Then when press next it puts you on a login page with the details all ready filled it and you cant change it.

Then after you login it starts a fake mining and says your winning bitoin (this is running with javascript)

Then it probly will want you to add your card details

INFO ON https://btbonus.gives
Through a Gobuster scan
We can see that : /phpmyadmin (Status: 301) [Size: 169] [–> https://btbonus.gives/phpmyadmin/]
Which means that you can do dictionary attack to take control.

I will be reporting this to the websites to stop the scam



hi,so scam or not???

It’s absolutely a scam.