Coinbase Phish

Screenshot_881

From Coiпb͏͏͏a͏͏se [email protected]

Link redirects to https://login.colnbase.help/signin
Whois is redacted for privacy

Just found 2 of them in my email.
from: [email protected]
Header info:

Received: from instance-15 (91.203.223.35.bc.googleusercontent.com. [35.223.203.91]) by smtp-relay.gmail.com with ESMTPS id ba26-20020a056870c59a00b000e26df363efsm604326oab.19.2022.04.18.10.22.45
X-Relaying-Domain: rendangrajameksiko.wjcnzrfxmq.site

link: https://prestige-tools.co.uk/accesskey/r/kTlXimw?elocated=interlgentoigksuasg&management=272619trackingsid--------

from: [email protected]
Header info:

Received: from instance-20 (125.89.229.35.bc.googleusercontent.com. [35.229.89.125]) by smtp-relay.gmail.com with ESMTPS id n8-20020ac5c248000000b00344260cdb04sm1025655vkk.10.2022.04.18.20.23.36
X-Relaying-Domain: rendangrajameksiko.wjcnzrfxmq.site

link: https://cyber-concepts.ca/accesskey/r/kTlXimw?elocated=interlgentoigksuasg&management=319038trackingsid--------

Redirects to that same fake login site.

This folder /accesskey/ is KillBot .

1 Like

Screenshot_904
Since this post I have received two more from this same email, this one came in this morning

1 Like

I just checked my email and it seems I too got the same one about an hour ago.

[email protected]
Received: from mail-io1-f101.google.com ([209.85.166.101])
bounce-md_30030145.7c596575.v1-cba593cb878fd3fdee4fb40ee6afa7cb@uskhghjmbdrxkok.rendangrajameksiko.wjcnzrfxmq.site

Links to:
https://ralphjbatchelor.co.uk/lipErLF?interel0ksgtesd=interlgentoig5dksuasg&management=999123trackingsid--------

1 Like

just got ANOTHER email from this same address. I’ve already reported it to the email provided by the FTC, so when the hell is this going to stop?

Me too, got one earlier about locking the account and needing to click to reset it. I have been forwarding them to anti-phishing organizations, so hopefully they will do something soon. They used to get them suspended and removed within a few days before, so maybe they are a bit busy, I don’t know.

https://www.cisa.gov/uscert/report-phishing
CISA - [email protected]
Anti-Phishing Working Group - [email protected] or [email protected]

1 Like

All of the websites I reported seem to have been taken down, including the fake login page. Hopefully they got the email account(s) down as well and this will be the end of them. :slight_smile: :crossed_fingers:

1 Like

@MKHNT seems like they are back, did you get this one too?

[email protected]
A͏͏͏l͏͏͏e͏͏͏r͏͏͏t͏͏͏: Em͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏a͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏͏il Sta͏͏͏͏͏͏͏͏͏͏͏͏͏t͏͏͏͏͏͏͏͏͏͏͏͏͏us Overview - Wit͏͏͏͏͏͏͏͏͏͏h͏͏͏͏͏͏͏͏͏͏d͏͏͏͏͏͏͏͏͏͏r͏͏͏͏͏͏͏͏͏͏awal Confi͏͏͏͏͏͏͏͏r͏͏͏͏͏͏͏͏m͏͏͏͏͏͏͏͏a͏͏͏͏͏͏͏͏tion - Tue 17 May 2022
Screenshot_954

Yep, just added it to a thread I made a week ago.

They keep changing just a letter or 2 in the email address, but this one was a repeat and got sent to my spam folder.
nnumbcorpsscasess.com