Tracking bank/crypto phishing gang(s) using Google Sites, Tawk.to, MS Azure sites, Wordpress, etc

Scams
, , ,
81

New sites. https://sites.google.com/wallet-extension.com/phantomwallet/home

links to https://phountom.xyz/onboarding/ (no intermediate redirector site this time).

error page https://phountom.xyz/err/

The domain is registered to a “Mark Jackson” of Delhi, India.

Tawk.to web chat: https://tawk.to/chat/63fa3e854247f20fefe29f7f/1gq4o8fd4

this is the same tawk.to account that was used before here:

1 Like
82

New sites: https://sites.google.com/coinbselogs.com/coinbasepro/home

links to https://cloyerssyment.com/7e64e35b-3949-4471-9411-0929c35b7628

which redirects to https://coinnbselog.azurewebsites.net/ ,

with the error page https://coinnbselog.azurewebsites.net/error.html .

Tawk.to web chat account https://tawk.to/chat/65ce2bd39131ed19d96d22a9/1hmmlmcl5 , the same as here:

Emily is online right now for your supports.

1 Like
83

New tawk.to web chat account found at https://metaska.online/err/

https://tawk.to/chat/65da625c8d261e1b5f6504c5/1hneh0eu8

84

New sites:

links to

https://charlesschwab_us.godaddysites.com/

which links to http://logg.liveonsite.xyz/charldffeschwabf/

tawk.to web chat account https://tawk.to/chat/658565a607843602b804b8d5/1hi8ha51l

Other phishing pages:

85

Error page https://antivirus.mcakey.com/error-installation/ , featuring tawk.to web chat account https://tawk.to/chat/65fdb11b1ec1082f04da33f3/1hpjfnlne .

Screenshot from 2024-03-31 19-50-01
Screenshot from 2024-03-31 19-50-01882×351 25.7 KB

“Fetal Error” sounds serious! Call the OB/GYN stat.

86

IP - 2a02:4780:b:1400:0:3688:c81c:10 :us: (Hostinger, Cyprus), also hosts

1 Like
87

Albert Smith is active now, I am chatting with him.

Update: Call 801-753-9252 for Very Genuine McAfee Support. Agent Paul’s favorite color is black.

88

New sites:

https://sites.google.com/abcrypt.com/capitalone-login/home

links to the intermediate redirector https://gtly.to/PCyNI2qxC

which redirects to

https://capton.shop/logg

error page

https://capton.shop/err

tawk.to web chat

https://tawk.to/chat/660da4fea0c6737bd1280f3d/1hqikp0u8

https://sites.google.com/1metamask-login.com/metamask-extension/home

links to https://gtly.to/TyyIvS365 , which redirects to

https://metss.shop/log/

error page

https://metss.shop/err/

tawk.to web chat

https://tawk.to/chat/65da625c8d261e1b5f6504c5/1hneh0eu8

(same as used here: Tracking bank/crypto phishing gang(s) using Google Sites, Tawk.to, MS Azure sites, Wordpress, etc - #83 by ElmerFudde2020 )

1 Like
89

806-482-2621 Fake Capital One Bank etc.

90

New urls:

https://vwv.peoypal.com/error/

with Tawk.To web chat

https://tawk.to/chat/61a4c0959099530957f71fce/1fllp0ieg

“Albert Smith” at your service for all the accountings and the supports.

1 Like
91

https://sites.google.com/codeacti.com/amazoncomcode/ has a new target page: it links to the intermediate referrer https://rebrand.ly/68c847 , which redirects to

https://amsz.life/log/

with the error page

https://amsz.life/err/

and the tawk.to chat account

https://tawk.to/chat/65a98d048d261e1b5f550a14/1hkf4tn5t

Jack is working late to service your needs, give him a chat!

Screenshot from 2024-04-25 19-40-52
Screenshot from 2024-04-25 19-40-52478×607 38.3 KB

Update: 315-754-4988 is still their number:

Screenshot from 2024-04-25 19-49-02
Screenshot from 2024-04-25 19-49-02478×1072 56.6 KB

1 Like
92

And another one:

https://rabbywallet.net/ uses Rabby wallet to redirect to Rabby wallet , with the error page Error! and the tawk.to chat account https://tawk.to/chat/65fff05aa0c6737bd12418c3/1hpns5p8a .

93

Another interesting website on the same IP address as many of these phishing sites:

https://bgp.he.net/ip/162.241.85.150#_dnsrecords

https://www.customershelponline.com/ which claims to be YouTube support and has a toll-free number (I get a busy signal so it may be obsolete or out of service).

This website was cited here years ago:

1 Like
94

Page and web chat agent “Paul” still active as of 7 May 2024.

1 Like
95

This sad abandoned web guestbook has almost daily spam postings from this phishing campaign, still ongoing.

1 Like
96

Another website impersonating Coinbase:

Chat with Paul if you want to get scammed:

https://tawk.to/chat/65da5e078d261e1b5f65032a/1hnefujn6

(same tawk.to account as before, I have reported it many times but tawk.to does nothing.)

1 Like
97

Same phishing page, new tawk.to account. Nobody’s biting for me right now, but it is Saturday.

https://tawk.to/chat/6648b2859a809f19fb3296c5/1hu5vin25

1 Like
98

Another website: https://veno.cosquare.xyz/logi/

Error page: Venom Wallet Error

Tawk.to chat widget: https://tawk.to/chat/63fa3e854247f20fefe29f7f/1gq4o8fd4

same tawk.to account as before:

and on the same IP address,

https://btdmarket.magik-jack.com/?s=e

with the same tawk.to account.

99

More new sites:

https://sites.google.com/metamaksio.com/metamaskwallet-extension/home and https://sites.google.com/metamaksio.com/metamaskwalletextension/home both link to the redirecting site Page not found - My Blog , which redirects to

https://metadownload.app/log/

This one collects the private key-phrase here MetaMask Wallet , then redirects to the legitimate website.

1 Like
100

Another new phishing site:

links to

https://phantom-wallet.us.com/err/

2 Likes