Everyone! Please do note the following Russian carriers:
MTS (Mobile TeleSystems) MegaFon, Beeline Mobile, and Tele2 are all mobile carriers in Russia.
1 Like
The latest big YouTuber to get their account hacked was AbdallahSmash026, who largely does Nintendo gaming videos. It now impersonates Tesla.
Popup - Reported Unsafe Site: Navigation Blocked (tslabtc.org)
Registered in Charlestown, St. Kitts and Nevis via Tucows Domains, Inc. on November 30, 2022 - Whois tslabtc.org
Popup 2 - Musk Live Event (musk-promo.org)
Registered in Vladimirskaia oblast, Russia via RU-Center on November 26, 2022 - Whois musk-promo.org
Popup 3 - Reported Unsafe Site: Navigation Blocked (teslaprofit.io)
Registered by Zakhar Nesterov in Volgograd, Russia via Nicenic International on November 26, 2022 - Whois teslaprofit.io
Checking your browser before accessing (teslawell.io)
Registered in Altaiskii krai, Russia via RU-Center on November 28, 2022 - Whois teslawell.io
Registered by CryptDesignBot in 袪芯褋褋懈褟, Russia via NiceNic International on November 26, 2022 - Whois prizetesla.org
Registered in Charlestown, St. Kitts and Nevis via Tucows Domains, Inc. on November 2, 2022 - Whois bigdoge1.com
TESLA - Special Event by Elon Musk (give-elon.com)
Registered by Victor Uvarov of Wild Boar Shelter in Chelyabinsk, Russia via Reg.Ru on November 20, 2022 Whois give-elon.com
Associated Phone Numbers:
+7 (999) 304-00-33
+7 (999) 419-71-66
Associated Email Address - [email protected]
Associated Physical Addresses:
Abo Tbileli Street, house 32, sq. 119, Chelyabinsk, 454000, Russia.
Vakhtang Beridze Street, house 30, sq. 47, Novosibirsk, 63007, Russia.
Associated IP Address - 193.233.234.20
OTHER DOMAINS HOSTED ON THE IP ADDRESS:
- xrp-ceo.org
- binance-now.org
- rippleusd.org
- tesla-usd.us
- elon-give.us
- btc-give.com (Gleb Agafonov)
- ark-inv.us
UPDATE: The scammers have just HACKED the UFC YouTube Channel!
Popup - SpaceX - Special Event by Elon Musk (space2tesla.com)
Registered in Moscow, Russia via Nicenic on January 18, 2022 - Whois space2tesla.com
Associated IP Address - 186.2.171.28
OTHER DOMAINS HOSTED ON THE IP ADDRESS:
UPDATE: The scammers have hacked the official YouTube channel for Linus Tech Tips!
Popup - Reported Unsafe Site: Navigation Blocked (tesla-online.net)
Registered by CryptDesignBot in D?D???D???, Russia via Nicenic International on March 18, 2023 - Whois tesla-online.net
UPDATE: Linus has regained access to his account, alongside the channels for TechQuickie & TechLinked.
Comes to remind us that even the big guys have security vulnerabilities also.
UPDATE: The scammers have hacked the YouTube channel for DidYouKnowGaming, now impersonating Ripple and Brad Garlinghouse
The scammers have also hacked Super Beard Bros, a let’s play channel by Jirard “The Completionist” Khalil, Alex Faciane, and Brett Bayonne
UPDATE: The scammers have hacked the YouTube channel for Skitzy_VA, best known for portraying MrBeast in Squid Game vs. MrBeast
NEW POPUP - Hurry up and take part in the giveaway of 10,000 BTC & 50,000 ETH (join2saylor.com)
Registered by Wells Victoria in Moscow, Russia via Reg.Ru on May 11, 2023 - Whois join2saylor.com
Associated Phone Number - +7 (951) 423-12-42
Associated Email Address - [email protected]
UPDATE: While Skitzy has regained access to his YouTube channel, his Twitter account has now been hacked to promote a fraudulent PepeCoin giveaway registered by Blaci Mahdi Kirik in Ladil, Brazil via OnlineNIC Inc on May 10, 2023 - Whois pepememe.org
Associated IP Address - 77.91.78.212
OTHER DOMAINS HOSTED ON THE SAME IP ADDRESS:
- Pepelaunch.org
- Pepetokens.net
- Pepeswaps.com
- v2.chekavakgsm.xyz
UPDATE: The scammers have now hacked five channels associated with The Pals, a group of family-friendly Roblox YouTubers, and turned them into fake SpaceX accounts.
The channels impacted include:
- The Pals
- Sub & Fletch
- Sk3tch
- Corl (BANNED)
- Sub (BANNED)
NEW POPUP - Official event from SpaceX Company (starlink23.net)
Registered via RU-Center on May 18, 2023 - Whois starlink23.net
Associated Phone Number - +7 (795) 233-42-01
Associated Email Address - [email protected]
UPDATE: The scammers have now hacked the YouTube channel of Sonny “YungLimaBean” Otieno, who is known for his “in Ohio” TikTok videos.
NEW POPUP - https://mshalving.com/
Registered in Moscow, Russia via RU-Center on April 18, 2024 - Whois mshalving.com
Associated Phone Number - +7 901-834-0259
Associatred Email Address - [email protected]
1 Like
MAJOR UPDATE: The scammers, posing as Ripple, have hacked the YouTube Channel for the Thailand Super Series.
NEW POPUP - https://ripple-gives.com/
Registered in Russia via Ru-Center on July 6, 2024 - Whois ripple-gives.com
Associated Phone Number - +7 912-736-854
Associated Email Address - [email protected]
1 Like
MAJOR UPDATE: The scammers have now created a deepfaked version of Trump’s recent speech at Bitcoin 2024, thereby violating 18 U.S. Code § 912.
NEW POPUP - https://btc2024.io/
Registered in the Kurganskaya Oblast of the Russian Federation via Ru-Center on July 27, 2024 - Whois btc2024.io
I did try sending a Grabify link through the live chat, but they swiftly blocked me.
1 Like
MAJOR UPDATE: The scammers have nearly hijacked the YouTube channel TheTekkitRealm, who have since given us new information as to how their scam works in the following video:
In this instance, the scammers fraudulently posed as the CEO of Skillshare, using the domain skillshare.promo and offering to pay $6,000 with a 50% down payment. All the information TheTekkitRealm needed was found on their “Media Kit for Windows,” a compressed folder downloaded from kalyanimunicipality.org.
The folder contains an “advertising agreement” document, which is actually a screensaver that gives the scammers remote access to their victims’ computer, allowing them to blackmail their victims into providing their username, password and authentication codes.
While information on this malware is limited, it has the description of being an “iTop Public Program,” which indicates a connection to Orange View Limited, who own the trademark rights to the iTop name and operates under the business identity of iTop, Inc. The company is located at Suite 603, 6/F, Laws Commerical Plaza, 788 Cheung Sha Wan Road, Kowloon, Hong Kong, People’s Republic of China.
User complaints on their TrustPilot listing indicate patterns of fraudulent activity, such as:
- Forced promotion of their other products with free trials.
- Forcing the installation of iTop Screen Recorder and iTop Data Recovery without the consent of the end user.
- Forcing the installation of iTop Screen Recorder when a user uninstalls their applications.
- Displaying unsolicited “OS Warning” popups onto their victims’ computers.
- Changes all product delivery countries to the Russian Federation.
Associated Facebook Account - iTop VPN
Associated Mobile Apps:
- iTop VPN:Free VPN & Best Proxy on the App Store
- https://play.google.com/store/apps/details?id=com.itopvpn.itop.vpn&hl=en_US
Associated Email Address - [email protected]
Associated IP Address - 52.20.84.130 
1 Like
UPDATE: The scammers have hijacked the Thailand Super Series channel once more, now impersonating Michael Saylor and Microstrategy.
1 Like
similar incident, this time with a cookie snatcher pdf (not sure if this is related to the original post but I thought I’d share it here) after hijacking they promoted some crypto crap via his account (he got it back).
1 Like