Tracking bank/crypto phishing gang(s) using Google Sites, Tawk.to, MS Azure sites, Wordpress, etc

crypologs.com
Registrant Name: Nitin Kumar
Registrant Organization: Nitin Kumar
Registrant Street: J-234 Saket  
Registrant City: New Delhi
Registrant State/Province: Uttar Pradesh
Registrant Postal Code: 110053
Registrant Country: IN
Registrant Phone: +91.9384758493

error page:

https://crypologs.com/err/

tawk.to web chat:

https://tawk.to/chat/666e09569a809f19fb3e3f10/1i0et8um9

ElmerFudde2020 · 2 August 2024 23:18

Another one I found today:

links to https://rebrand.ly/ebd380

which redirects to

https://metamsik.com/logoc/

Error page:

https://metamsik.com/err/

On the same IP 162.241.85.150 as many other scams recorded in this thread.

ElmerFudde2020 · 3 August 2024 01:52

Another one: AtomicDEX Wallet - Non-custodial Wallet Official Website

links to Atomic Wallet

which redirects to Atomic Wallet ,

with private-key phishing form Atomic Wallet .

ElmerFudde2020 · 7 August 2024 02:00

New tawk.to chat account for this one: https://tawk.to/chat/65c0c2600ff6374032c9773a/1hlsfeite

ElmerFudde2020 · 10 August 2024 01:01

A few more I found today:

https://phantomapk.com/enter/

https://venomapp.info/ent/

ElmerFudde2020 · 1 September 2024 18:18

This PayPal phishing site is still active, linked to by Google Sites at PayPal Login : My PayPal Account Login | Official Website , with redirector https://rebrand.ly/7acacb and tawk.to chat account https://tawk.to/chat/66d0db81ea492f34bc0b8744/1i6ftisno .

ElmerFudde2020 · 1 September 2024 20:14

I got rebrand.ly to block that link (they are quick to address complaints via email at support at rebrandly dot com, especially considering it’s a U.S. holiday weekend) and it seems like the scammers already made another one! https://rebrand.ly/fd503b .

ElmerFudde2020 · 8 September 2024 00:57

New PayPal phishing site:

PayPal Login : My PayPal Account Login | Official Website links to

https://rebrand.ly/f0jmze3 which redirects to

https://paolos.online/log/ , with error page

https://paolos.online/err/ and tawk.to chat account (“Jack” is active now!)

https://tawk.to/chat/66ca29a350c10f7a00a00ebd/1i62r5a2m

ElmerFudde2020 · 27 September 2024 16:38

Same redirect goes to a new site: https://payplll.info/log/

error page https://payplll.info/err/

Tawk.to account https://tawk.to/chat/66ca29a350c10f7a00a00ebd/1i62r5a2m .

ElmerFudde2020 · 28 September 2024 16:55

Here’s another PayPal phishing site that popped up today:

PayPal Login : My PayPal Account Login | Official Website now points to

https://rebrand.ly/641fbe , which redirects to

https://paypaloficial.com/log/ , which we know is official because it has a misspelled “oficial” in the domain name.

Someone forgot to obfuscate the WHOIS info for this domain:

Domain Name: PAYPALOFICIAL.COM
Registry Domain ID: 2919920815_DOMAIN_COM-VRSN
Registrar WHOIS Server: Whois.bigrock.com
Registrar URL: www.bigrock.com
Updated Date: 2024-09-25T16:32:20Z
Creation Date: 2024-09-25T16:27:50Z
Registrar Registration Expiration Date: 2025-09-25T16:27:50Z
Registrar: BigRock Solutions Ltd.
Registrar IANA ID: 1495
Domain Status: clientTransferProhibited EPP Status Codes | What Do They Mean, and Why Should I Know? - ICANN
Registry Registrant ID: Not Available From Registry
Registrant Name: Nitin
Registrant Organization: Nitin
Registrant Street: J-232 DES
Registrant City: Delhi
Registrant State/Province: Delhi
Registrant Postal Code: 110023
Registrant Country: IN
Registrant Phone: +91.2334323454
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: [email protected]