Tracking bank/crypto phishing gang(s) using Google Sites, Tawk.to, MS Azure sites, Wordpress, etc

Another Metamask phishing site from this campaign:

https://betaomask.xyz/error/

1 Like

https://paylogss.com/errs/
The number on the website, goes to voicemail. But then I got a call back from Adam Parker of PayPal at 747-800-6962 who says his favorite color is “your mother’s vagina.”

1 Like

Here’s another one:

RDAP info for the domain:

Jack Morris
New Jersey
08854
US

[email protected]

251-292-4943

1 Like

Another PayPal registered to the “Jack Morris” of “New Jersey”:

Associated Tawk.to chat account:

https://tawk.to/chat/670803dbaf33b684b75058bc/1i9rku4mm – “Jack” is active and wants my Date of Birth for Verification.

1 Like

Another couple:

and

Both domains are registered to a “Manoj Jangid” of “Rajsthan.”

Another one, this domain registered to a “Victor Martynow” of Mississippi:

Here’s an interesting website that links to and from a bunch of the fake Google Sites PayPal phishing pages:

Here’s a new PayPal phishing page:

PayPal Login : My PayPal Account Login | Official Website links to https://rebrand.ly/paypllog , which redirects to Log In , with the error page Error! .

This error page has a toll-free number, 844-533-4797. Google search seems to think that the number used to be advertised on some defunct streaming-tv-activation scam sites. When I call, I get a one-ring hangup.

Update: the error page has a tawk.to chat widget, https://tawk.to/chat/670803dbaf33b684b75058bc/1i9rku4mm . I got rebrand.ly to deactivate the URL shortener.

Update 2: New toll-free number on the error page, 844-365-0151. I am unable to reach anyone at the number.

Another one: Netcoins Login Error

tawk.to account: https://tawk.to/chat/63fa3e854247f20fefe29f7f/1gq4o8fd4 .

The same tawk.to account has been active since at least February:

The same Tawk.to chat account is now attached to a new phishing page Error! on the same old IP address 162.241.85.93.

Here’s another one: Ledger.com/start - Download Ledger Live | Official Site® links to https://leidgeierwalitese.azurewebsites.net/ , with phishing pages

https://leidgeierwalitese.azurewebsites.net/verify.php

and

https://leidgeierwalitese.azurewebsites.net/phoneVerify.php

and Tawk.to account https://tawk.to/chat/675489894304e3196aee6aea/1ieh3iha3