Crypto refund scams

November 8, 2024

More and more sites popping up. Some results from urlscan.io as of today (8. nov. 2024): advokatiks.info advokats.blog advokats.info canada-pol.best canada-pol.biz canada-pol.site cyber-payback.pro cyber-police.site cyberfundreturn.pics cyberfundreturn.pro cyberreturnfund.digital cyberpl.info digital-recover.cyou digital-recovery.autos digital-recover.best digital-recovery.best digital-recovery.blog digital-recovery.bond digital-recovery.site digital-recovery.xyz digitalrecovery.autos digitalrecovery.cam digitalrecovery.site digitalrefund.apicil.group euro-pol.art euro-polc.blog euro-polc.site europol-eu.com europol-police.pro europol-refund.info europolonline.net germam-pol.xyz german-police.blog germanic-pol.auction gretcomp-invest.com gretcomp-invest.com interfundreturned.digital internet-cyberpolice.network queenscreekcapital.com refunds-money.site secureinvestments.cfd uk-advokats.site uk-pol.site Some of those are probably gone when you read this.

If you are registered at urlscan.io, here is a list with “dynamic” results based on one common file : https://urlscan.io/search/#filename:%22bg-important2.png%22 There are some duplicates and maybe a few not related. And there is probably better ways to find more related domains.

One example of whois info. Somehow I mistrust the registrant info, one may wonder about globaldomaingroup.com and its resellers. They seem to be involved in several of these domains. This domain was registered on Sept. 24 this year and is still alive as of Nov. 8 (2024): whois advokatiks.info (some info skipped for readability) organisation: Identity Digital Limited (included in administrative contact info) contact: administrative name: Vice President, Engineering organisation: Identity Digital Limited address: 10500 NE 8th Street, Suite 750 address: Bellevue WA 98004 address: United States of America (the) phone: +1.425.298.2200 fax-no: +1.425.671.0020 e-mail: tldadmin@identity.digital contact: technical (included in administrative contact info) nserver: A0.INFO.AFILIAS-NST.INFO 199.254.31.1 2001:500:19:0:0:0:0:1 nserver: A2.INFO.AFILIAS-NST.INFO 199.249.113.1 2001:500:41:0:0:0:0:1 nserver: B0.INFO.AFILIAS-NST.ORG 199.254.48.1 2001:500:1a:0:0:0:0:1 nserver: B2.INFO.AFILIAS-NST.ORG 199.249.121.1 2001:500:49:0:0:0:0:1 nserver: C0.INFO.AFILIAS-NST.INFO 199.254.49.1 2001:500:1b:0:0:0:0:1 nserver: D0.INFO.AFILIAS-NST.ORG 199.254.50.1 2001:500:1c:0:0:0:0:1 ds-rdata: 5104 8 2 1af7548a8d3e2950c20303757df9390c26cfa39e26c8b6a8f6c8b1e72dd8f744 whois: whois.nic.info whois.globaldomaingroup.com Domain Name: ADVOKATIKS.INFO Registry Domain ID: 977211288a584007a5ea216ae869c497-DONUTS Registrar WHOIS Server: whois.globaldomaingroup.com Registrar URL: http://www.globaldomaingroup.com Updated Date: 2024-09-25T09:24:07.0Z Creation Date: 2024-09-24T15:36:20.0Z Registrar Registration Expiration Date: 2025-09-24T15:36:20.0Z Registrar: Global Domain Group LLC Registrar IANA ID: 3956 Registrar Abuse Contact Email: abuse@globaldomaingroup.com Registrar Abuse Contact Phone: +1.8053943992 Reseller: Andro Givan Registry Registrant ID: C-1408273 Registrant Name: Anya Cruk Registrant Street: Сумы Registrant City: Суми Registrant State/Province: Сумська область Registrant Postal Code: 01001 Registrant Country: UA Registrant Phone: +380.508445774 Registrant Email: hasladus@gmail.com Registry Admin ID: C-1408275

(admin/tech info same as Registrant info)

Name Server: daniella.ns.cloudflare.com Name Server: milan.ns.cloudflare.com DNSSEC: unsigned >>> Last update of WHOIS database: 2024-09-25 02:24:07 -0700 <<<

And one may also wonder a bit about Cloudflare: ~ % dig advokatiks.info ;; ANSWER SECTION: advokatiks.info. 300 IN A 172.67.170.22 advokatiks.info. 300 IN A 104.21.39.85 ;; WHEN: Fri Nov 08 2024