🤖 Cryptocurrency Auto Trading Robot Beta made Scage rich! SPAM!!!!

by sircles on May 29, 2018 in Fraud, Bitcoin Fraud, Spam List Building
🤖 Cryptocurrency Auto Trading Robot Beta made Scage rich! SPAM!!!   Beware of the latest brand

🤖 Cryptocurrency Auto Trading Robot Beta made Scage rich! SPAM!!!

 

Beware of the latest brand of spammers who bring together two elements of the modern financial world - Cryptocurrency and Artificial Intelligence.

They claim to have AI computers that deal in cryptocurrency on your behalf and so make you huge sums of money.

These supposed companies - invariably they are registered on an island in the Caribbean - offer to get these computers to deal on your behalf day and night in order to increase your capital.

Before you invest with anyone, get opinions from a finance professional so that you can be sure that you are not about to be ripped-off.

If we take a look at this con, we can see a few elements that are typical in their setup.

First they use email to entrap - 

 

 

As you can see the email arrives from: 

Cryptocurrency Robot Augustine <[email protected]>

And the email reads:

  

* Beta Test Invitation *

 Your invitation code: DFlgiYtv4216

 This amazing Cryptocurrency AUTO TRADING robot can make you rich!

 Do you know Bitcoin? Ethereum? Ever heard about Ripple? Cryptocurrencies is the future! While the market is growing fast, this is the best opportunity to take advantage and earn a million or two this year!

http://www.cryptotraderuk.cf/invite/[string]

Auto Trading software utilizes special alghoritms and artificial intelligence to trade cryptocurrencies while you sleep!

Just imagine waking up every day and see 2-3k GBP on your account!

 First results are amazing - join us while registration is still open!

http://www.cryptotraderuk.cf/invite/[string]

 Auto Trading is a way to get rich in 2018!

 Use the invitation code above to receive an extra 1,000 GBP after registration!

Click this link to start trading:

http://www.cryptotraderuk.cf/invite/[string]

 

Don't wait before it's too late!

You will thank me later!

 

Cheers,

Augustine

 

---------------------------------------------------------------------------

--

This message has been sent automatically because [email protected] has requested us to send you this invitation.

Sender IP address: 51.185.158.173

 

The country code CF is for the Central African Republic and is not a likely source for someone recommending crypto-currency trading in the UK.

Now let's have a look at the site itself from http://www.cryptotraderuk.cf/invite/[string] 

We appear to have been forwarded to https://cryptocode.online/ which is obviously a way of making you think you are still looking at a company in your own country.

If we run a Who.is to lookup who owns this site we see:

Domain Profile
Registrant Country CN
Registrar ERANET INTERNATIONAL LIMITED 
IANA ID: 1868 
URL: http://www.now.cn/ 
Whois Server: whois.todaynic.com 
 
(p) 
Registrar Status serverTransferProhibited, clientTransferProhibited
Dates 29 days old
Created on 2018-04-30
Expires on 2019-04-30
Updated on 2018-05-05
  
Name Servers ANDY.NS.CLOUDFLARE.COM (has 7,758,752 domains)
ZITA.NS.CLOUDFLARE.COM (has 7,758,752 domains)
  
Tech Contact
IP Address 77.87.77.124 - 4 other sites hosted on this server
  
IP Location Poland - Lodzkie - Radomsko - Euronet S.c. Jacek Majak Aleksandra Kuc
ASN Poland AS197226 SPRINT-SDC, PL (registered Aug 17, 2010)
 Website
Website Title None given.
  
Server Type nginx
Whois Record ( last updated on 2018-05-29 )
 
Cloudflare do not officially host anything - they are an intermediary for data flow.
 
So here is the site:
 
 
 

 

 

So immediately we notice that this site has been thrown together using a simple template and they haven't even bothered changing most of the icons and photo before publishing. Whoever Derrick Simmons CEO is, his photo and name are undoubtedly a fake.

If we look further down the page:

 

 

This site is not affiliated in any way with Time Magazine, Forbes or CNN - be extremely careful of any site that you arrive at from email.

No one has just 'won' $4576 USD - this site is not even offering a lottery.

Notice it is a secured version of the site at: http://smartcryptocode.com 

Cryptocode.online is a secure site, so it is obviously an improvement of the above site...

If we enter our details in one of the endless pop-up requests for our email and name, we are taken to: https://www.365markets.com/ 

Now this is a website requesting money to be deposited which means that it is extremely dangerous and you should not enter any personal or banking details at any time. 

The company is registered in Bulgaria, at R.A. Hadzhi Dimitar bl., 113., en A., fl. 4, app 8, Sofia 1510, Bulgaria but their live chat is not functioning now - 5pm their time - in the working week.

There is a phone number in Bulgaria which I will not call but these are required to keep the website open under EU and Bulgarian law.

If we look at the security of this secured site - It is a Cloudflare SSL certificate with sni65230.cloudflaressl.com as it's actual name. Then the following sites are added as an alternative name:

 
*.365markets.com
*.4copas.com
*.aeoslibrary.tk
*.britishlibrary.cf
*.bulgarianbooks.ml
*.bulgarianbooks.tk
*.crazytech.eu.org
*.crypto-robot.com
*.crypto1.io
*.dutchbooks.ml
*.entireperformance.com
*.firststrategyltd.co
*.futurebpo.com
*.garycarmell.com
*.genhd.be
*.infinitrade.com
*.luckybooks.ml
*.maxcfd.com
*.mediatechland.com
*.naughty.eu.org
*.obelisklibrary.cf
*.oneplacetemplates.eu.org
*.oraclelibrary.ml
*.oriontraffic.com
*.pixicontech.com
*.primelibrary.cf		 *.probelibrary.gq
*.probelibrary.tk
*.quantomcode-vip.com
*.rallyslot.es
*.randomtechco.com
*.rioabturbio.com
*.serbskiy.com
*.shewolfphotography.com
*.uniquebooks.cf
*.utorontolibrary.cf
*.valleylibrary.tk
*.vaticanlibrary.gq
*.vipgirl.club
*.viplounge.top
*.xenmarltd.com
365markets.com
4copas.com
aeoslibrary.tk
britishlibrary.cf
bulgarianbooks.ml
bulgarianbooks.tk
crazytech.eu.org
crypto-robot.com
crypto1.io
dutchbooks.ml
entireperformance.com
firststrategyltd.co
futurebpo.com		 garycarmell.com
genhd.be
infinitrade.com
luckybooks.ml
maxcfd.com
mediatechland.com
naughty.eu.org
obelisklibrary.cf
oneplacetemplates.eu.org
oraclelibrary.ml
oriontraffic.com
pixicontech.com
primelibrary.cf
probelibrary.gq
probelibrary.tk
quantomcode-vip.com
rallyslot.es
randomtechco.com
rioabturbio.com
serbskiy.com
shewolfphotography.com
uniquebooks.cf
utorontolibrary.cf
valleylibrary.tk
vaticanlibrary.gq
vipgirl.club
viplounge.top
xenmarltd.com

All of these sites will reside on the same server in order to use the same certificate for security.
 
 
,

Comments (3) -

  • sircles support
    I have emailed 365markets.com today with the following:
    Hello,

    I have been looking at your site and would like some clarification before signing up:

    How does crypto trading work in your case – what would the input from myself be? Do I actually decide how the trading is performed or is it completely automated? Will I be able to see how I gained or lost money, or it is all automated and undisclosed?

    Many thanks,

    30 May 2018 - Reply
  • sircles Support
    We have emailed the hosts - Google apparently - with the following:

    Please can someone have a look into 365markets.com

    This service is asking for card numbers in English worldwide but is stationed in Bulgaria with no mention of how fund transfers are made, no mention of how trading is accomplished and no record of how trades are made to the website users. Money is taken, the website feeds them nonsense for a few weeks and then they shut down and disappear before reappearing with the same service under a different name and start spamming everyone all over again.

    30 May 2018 - Reply
  • sircles
    Really - why would they sell it on if it works?
    11 July 2019 - Reply

Add comment