Pulse Detail — Threat Intelligence

PULSE NAME

Crypto Phishing Sites

WHITE ajmeese7 2023-12-30 Modified: 2025-02-03

248

IOCs

HIGH VOLUME

These sites impersonate cryptocurrency exchanges like OpenSea, Etherscan, and Bittrex, and attempt to trick users into giving access to their cryptocurrency wallets. Findings are primarily my own, but the collection includes IOCs identified by other researchers.

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1566

Indicators of Compromise (248)

All URL FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname email

TYPE	INDICATOR	DESCRIPTION	CREATED
URL	https://giveaway-news.com/NFT-Prize/	—	2023-12-30
FileHash-MD5	ca1104de538caea2d54265fbe90916b4	MD5 of 10d78c0a5e8664889dc8eb47c72bfa46ad0ed02c70a234be9acdefa27dbb24b0	2023-12-30
FileHash-SHA1	d6c416e5d153f500f7ac66d25a2b73db45867ad4	SHA1 of 10d78c0a5e8664889dc8eb47c72bfa46ad0ed02c70a234be9acdefa27dbb24b0	2023-12-30
FileHash-SHA256	0188ef2c432479b2f0112d81bfb173b7d3956af581f1ec64ce355f622596082a	—	2023-12-30
FileHash-SHA256	10d78c0a5e8664889dc8eb47c72bfa46ad0ed02c70a234be9acdefa27dbb24b0	—	2023-12-30
FileHash-SHA256	324967ab0642b90c52e9aa8b3650961f15deca3a70bc87e55912148740bceef3	—	2023-12-30
FileHash-SHA256	36661ca09e806ab56191ae8d4c0491f44eb1e0d767b13ce07822f63f2d60f0c1	—	2023-12-30
FileHash-SHA256	3c141574427ff088849cebd2fde1bde711158020be7edb496bcf41b8c10d5231	—	2023-12-30
FileHash-SHA256	61dbb1870319e259cf1cdee69fad1141eff28d169fbe6cc004f65dbf1c72c578	—	2023-12-30
FileHash-SHA256	7940b0c27d49f92d39d143a9f13fff1973331bb27cd56dde233f4c3bf3d6139a	—	2023-12-30
FileHash-SHA256	9d1d141431c804f0cfd7ef326b63fc0fd5f45dada9876e77d951323406a6542d	—	2023-12-30
FileHash-SHA256	db9d1b84012136eb3de353f36391065e01c9aee0466825aa77e9eb2008cf7358	—	2023-12-30
FileHash-SHA256	de37dc6fd3cc22afce4846979284b0f1d9cac0601dc751cbd081fc4eeb0c58c5	—	2023-12-30
URL	http://rewardsblur.com/	—	2023-12-30
URL	https://2me.space/eth	—	2023-12-30
URL	https://bittrex.omni-agentsolutions.com/customer-portal/?claim/=ajmeese7@gmail.com	—	2023-12-30
URL	https://bittrex.omni-agentsolutions.com/customer-portal/?customerwithdraw=ajmeese7@gmail.com	—	2023-12-30
URL	https://bittrex.omni-agentsolutions.com/customer-portal/?withdraw/BTC/ETH/USDT/USDC/ERC20=	—	2023-12-30
URL	https://bkc.or.id/	—	2023-12-30
URL	https://bkc.or.id/assets/NFT-Offers/	—	2023-12-30
URL	https://blur-benefits.com/	—	2023-12-30
URL	https://briocomercial.com.mx/open/index.html	—	2023-12-30
URL	https://distribuidorsaraiva.com.br/cart/index.html	—	2023-12-30
URL	https://distribuidorsaraiva.com.br/cart/index.html?ITEM=3D689854	—	2023-12-30
URL	https://fjfeggb.r.af.d.sendibt2.com/tr/cl/rTGXFKwGN5YI5fOLS4_oNt86DXLd-gkIjTIzOT50jxRA8BIZl1BhUnyztigX84CAXWe-hm_NW_QVxPcfC767_3wwLChJcIL2OYhNbZ6Vy6rhbAp78BPCR0B5efrRc2GdrNtoqaTaBILm2TNAUXFzI52lLxEukC2Vuolf3jaOSNzHPHW56Wctdtbmr2HIWdaJvH-kqsU8F5EVYa1ngkyIedbDixTnN48l9bm9h7gAvm1glj-Y1e8ANK9WQ-4nAu7ROw	—	2023-12-30
URL	https://giveaway-news.com/	—	2023-12-30
URL	https://masocialbooster.store/	—	2023-12-30
URL	https://masocialbooster.store/open/index.html	—	2023-12-30
URL	https://mstretto.com/cases/celsius/	—	2023-12-30
URL	https://mstretto.com/cases/celsius/main.html	—	2023-12-30
URL	https://ojeffdesigner.com/	—	2023-12-30
URL	https://ojeffdesigner.com/readme.html	—	2023-12-30
URL	https://openseredirect.com/	—	2023-12-30
URL	https://revokecash.ai/	—	2023-12-30
URL	https://rewardsblur.com/	—	2023-12-30
URL	https://sakesly.business/.nft/client-offers	—	2023-12-30
URL	https://sakesly.business/.nft/client-offers/index.html?offer	—	2023-12-30
URL	https://sistemarastreador.com/routes/blacklist/index.html	—	2023-12-30
URL	https://sistemarastreador.com/routes/blacklist/index.html?ID=	—	2023-12-30
URL	https://storage.mlcdn.com/account_image/29440/jky5UYY3tUVWijZnBD6tSOfOGgD7mdfM67yuCxG4.png	—	2023-12-30
URL	https://storage.mlcdn.com/account_image/373381/bKzokfssnLFki3O0ymlgAk5GOje9ifG79O8pnivF.png	—	2023-12-30
URL	https://storage.mlcdn.com/account_image/373381/cqW3Rp1mboAXCViSRwiJWiIdP0ECx33vldklhEE6.png	—	2023-12-30
URL	https://storage.mlcdn.com/account_image/373381/kgCNw6byY1JaW45DAX41IIIY0O7wNInBIsEe7zIL.png	—	2023-12-30
URL	https://techwizz.co.za/ETH/index.html	—	2023-12-30
URL	https://techwizz.co.za/ETH/index.html?eml=3D[%25=FEmail%25%25]&ID=3D79580	—	2023-12-30
URL	https://tuvturkistasyonlari.com/eth/index.html	—	2023-12-30
URL	https://tuvturkistasyonlari.com/eth/index.html?eml=3D[%25=FEmail%25%25]=	—	2023-12-30
URL	https://whiteleaf.store/nft/offer/	—	2023-12-30
URL	https://www.inyectosalud.com/	—	2023-12-30
URL	https://www.inyectosalud.com/open/index.html	—	2023-12-30
URL	https://www.inyectosalud.com/open/index.html?id	—	2023-12-30
URL	https://www.synergya.tech/tech/email-offer/	—	2023-12-30
URL	https://zk.maxdrop.top/	—	2023-12-30
domain	blur-benefits.com	—	2023-12-30
domain	bmsend.com	—	2023-12-30
domain	briocomercial.com.mx	—	2023-12-30
domain	creatensend.com	—	2023-12-30
domain	distribuidorsaraiva.com.br	—	2023-12-30
domain	giveaway-news.com	—	2023-12-30
domain	inyectosalud.com	—	2023-12-30
domain	masocialbooster.store	—	2023-12-30
domain	maxdrop.top	—	2023-12-30
domain	mstretto.com	—	2023-12-30
domain	nyjelelavaughan.com	—	2023-12-30
domain	ojeffdesigner.com	—	2023-12-30
domain	omni-agentsolutions.com	—	2023-12-30
domain	openseredirect.com	—	2023-12-30
domain	revokecash.ai	—	2023-12-30
domain	rewardsblur.com	—	2023-12-30
domain	sakesly.business	—	2023-12-30
domain	sistemarastreador.com	—	2023-12-30
domain	synergya.tech	—	2023-12-30
domain	techwizz.co.za	—	2023-12-30
domain	tuvturkistasyonlari.com	—	2023-12-30
domain	whiteleaf.store	—	2023-12-30
hostname	bittrex.omni-agentsolutions.com	—	2023-12-30
hostname	clients.bmsend.com	—	2023-12-30
hostname	fjfeggb.r.af.d.sendibt2.com	—	2023-12-30
hostname	outbyoip15.pod13.usw2.zdsys.com	—	2023-12-30
hostname	storage.mlcdn.com	—	2023-12-30
hostname	www.inyectosalud.com	—	2023-12-30
hostname	www.synergya.tech	—	2023-12-30
hostname	zk.maxdrop.top	—	2023-12-30
domain	omniagent-portal.com	—	2024-01-20
hostname	bittrex.omniagent-portal.com	—	2024-01-20
URL	https://bittrex.omniagent-portal.com/	—	2024-01-20
hostname	kcrealty.lt.acemlnb.com	—	2024-01-20
URL	https://mega.nz/file/lStw1ZZD#fCJnF-8cz-tvrhsXYVGdHr-UtCixPdNcv3WGIBz7vdc	Fake crypto wallet emailed from info@amg1.online.	2024-01-22
FileHash-SHA256	986efd723526d9d5239d2290329d87af5a6d8ceef6021ad48aa0c80bb07bcef7	Fake crypto wallet.	2024-01-22
FileHash-SHA256	4029b7967eac8e5c7e441915fbe24552b56bb52b044ccd447a1ade6db574d7c2	Fake crypto wallet executable.	2024-01-22
domain	phemex.bond	—	2024-01-24
URL	https://redirosakal.com/rear/	—	2024-01-26
URL	https://verif-meta.com/	—	2024-01-26
domain	redirosakal.com	—	2024-01-26
domain	verif-meta.com	—	2024-01-26
URL	https://redirosakal.com/fiji/	—	2024-01-26
URL	https://redirosakal.com/filio/	—	2024-01-26
email	all_about_you@birdeye.com	—	2024-01-26
URL	https://newsoutlets.net/mega1	—	2024-01-28
URL	https://openslisting.com/offer.php	—	2024-01-28
domain	newsoutlets.net	—	2024-01-28
domain	openslisting.com	—	2024-01-28
domain	surveymonkeyuser.com	—	2024-01-28
email	member@surveymonkeyuser.com	—	2024-01-28
hostname	seadevellopement.com.marketing.gpa.lu	—	2024-01-28
URL	https://www.surveymonkey.com/tr/v1/te/z6gnapgBfukrwb5W4iv_2BXxvpgUR_2Fks0_2FcfE1ox3crJ_2Fp2UAglsGP5NN3GJqGyizvH91glQTezJXrbzycZ4bpRDVbdt3gdX5T9aTDrko3cnhIOOltE141phSc_2BC1xEJRq1jSDh_2BNZs4oWd6rMApFmFg_3D_3D	—	2024-01-28
hostname	sea-web3.io.fragment.gpa.lu	—	2024-01-28
URL	https://www.research.net/tr/v1/te/my7KoCLdgpxje6Ya92ylNlc_2Fqh_2FpFEKqf0KwQGYbv1aFu2hT_2BHQo373sZqAYQ_2FfPuEICKz4js43fqxdkFQhNjs6IkH4rfhdJQsS7arHq6asrH10Yqag_2FcBcH7ZKhakgibSbjtmcQZ2tdRiS_2BCIPVNQ_3D_3D	—	2024-02-05
URL	http://electric.ohiboagency.com/	—	2024-02-05
hostname	electric.ohiboagency.com	—	2024-02-05
domain	ohiboagency.com	—	2024-02-05
domain	sendbox-game.cc	—	2024-02-05
URL	https://gm8f1s9v.r.us-east-1.awstrack.me/L0/https:%2F%2Feventspancakeswap.finance%2F/1/0100018d5cc8cf78-92d98408-1ef4-47b3-8118-97bbc2a94090-000000/GdONDaWWdzERDycKIOLiqeB8anw=359	—	2024-02-05
domain	eventspancakeswap.finance	—	2024-02-05
domain	ethereumx.cc	—	2024-02-08
domain	jup-eth1.com	—	2024-02-08
hostname	phantuumwaleet.godaddysites.com	—	2024-02-08
domain	metadrop.fi	—	2024-02-08
domain	azukielementals.online	—	2024-02-08
domain	trestleprotocol.net	—	2024-02-08
hostname	opensea2claims.vercel.app	—	2024-02-08
domain	app-renzoprotocol.com	—	2024-02-08
domain	appfrax.finance	—	2024-02-08
domain	build-pandora.info	—	2024-02-08
domain	durecido.com	—	2024-02-08
domain	kelpda0.xyz	—	2024-02-08
domain	ledger-scan.com	—	2024-02-08
domain	poloniex-assets.com	—	2024-02-08
domain	solana.finance	—	2024-02-08
hostname	www.airdropzeroland.xyz	—	2024-02-08
hostname	item--opensea.blogspot.com	—	2024-02-08
domain	bonus-kelpdao.com	—	2024-02-09
domain	claimtoken.network	—	2024-02-09
domain	drift.trade	—	2024-02-09
domain	gasethrefund.com	—	2024-02-09
domain	gitos.org	—	2024-02-09
domain	pandora-drop.com	—	2024-02-09
URL	https://speedtestairnet.alajalintl.com/ap/Open/	—	2024-02-10
domain	alajalintl.com	—	2024-02-10
hostname	speedtestairnet.alajalintl.com	—	2024-02-10
URL	https://arybsports.com/db/Open/?NFT_Drop&for_user#894732999545?	—	2024-02-10
URL	https://libelyo.net/cologne?unsuscribe	—	2024-02-10
URL	https://pizmuz.store/hardly?preferences	—	2024-02-10
domain	arybsports.com	—	2024-02-10
domain	libelyo.net	—	2024-02-10
domain	pizmuz.store	—	2024-02-10
URL	https://pizmuz.store/sideswipe	—	2024-02-10
domain	bpearlegy.com	—	2024-02-13
URL	https://graficavcv.cl/pony	—	2024-02-13
URL	https://refconegypt.net/Open/index.html	—	2024-02-13
domain	graficavcv.cl	—	2024-02-13
domain	refconegypt.net	—	2024-02-13
URL	https://infissieserramentionline.it/stylolite	—	2024-02-13
domain	infissieserramentionline.it	—	2024-02-13
URL	https://www.calvware.com/benzine	—	2024-02-13
domain	list-item.io	—	2024-02-20
domain	memecoinairdrop.site	—	2024-02-20
hostname	metammasklogin.gitbook.io	—	2024-02-20
domain	erc404lab.com	—	2024-02-20
domain	events-optimism.com	—	2024-02-20
hostname	op.x500-drop.top	—	2024-02-20
hostname	www.ator.claimfree.xyz	—	2024-02-20
domain	0n1ordinal.xyz	—	2024-02-27
domain	mainnetecosystem.net	—	2024-02-27
domain	angledao.app	—	2024-02-27
domain	noox.cx	—	2024-02-27
domain	smartlayer-drop.net	—	2024-02-28
domain	onno-vaultdapp.click	—	2024-02-28
domain	ai-fit.online	—	2024-02-28
domain	aviaha.ru	—	2024-02-28
domain	get-mog.xyz	—	2024-03-04
FileHash-MD5	db6fe56a3663801f32364a5f9072fe87	—	2024-07-15
URL	https://extensionconnectapp.cyou/	—	2024-07-15
domain	extensionconnectapp.cyou	—	2024-07-15
URL	https://ci3.googleusercontent.com/meips/ADKq_NbkTu9d6lxw3z5JZuuAhKLflhKxMLgW99j7t5X0ZfxWAx_fh9P6KleAckXWVafC8Dsm7Ex2SK95sN3f4iPANzoU2nvGiUlgL5TIigDV9RCsR5xaBsAojpqmWfq-ErjsxMhZkH4=s0-d-e1-ft#https://storage.googleapis.com/wiremoprod/db6fe56a3663801f32364a5f9072fe87.png	—	2024-07-15
URL	https://em.yotpo.com/ss/c/u001.pTgbjaJ74O4xK78fCL_ouiMgDAk-6Wov8KCf6UbtTpomd1FBwbrPQzHKhAFIcMfh/47x/-TMyyLEST323sPFz98BfjQ/h0/h001.Okqmq_Virg8OIrN4lmXOWezqGIOIyrQtooL25Kieh0U	—	2024-07-15
URL	https://storage.googleapis.com/wiremoprod/db6fe56a3663801f32364a5f9072fe87.png	—	2024-07-15
email	early-unstoppable@mail.beehiiv.com	—	2024-08-13
URL	https://unstoppabledomains-early.com/	—	2024-08-13
URL	https://unstoppabledomains-early.com/drop/connect.php	—	2024-08-13
domain	unstoppabledomains-early.com	—	2024-08-13
domain	coinbureau-link.com	—	2024-08-13
domain	connect-debank.com	—	2024-08-13
domain	dao-unstoppabledomains.com	—	2024-08-13
domain	forward-grass.com	—	2024-08-13
domain	goto-ud.com	—	2024-08-13
domain	hub-unstoppabledomains.com	—	2024-08-13
domain	links-unstoppable.com	—	2024-08-13
domain	loop-higher.com	—	2024-08-13
domain	move-unstoppable.com	—	2024-08-13
domain	navigate-ud.com	—	2024-08-13
domain	navigate-unstoppable.com	—	2024-08-13
domain	page-unstoppable.com	—	2024-08-13
domain	redeem-grass.com	—	2024-08-13
domain	redeem-grass.io	—	2024-08-13
domain	thecoinbureau.com	—	2024-08-13
domain	ud-gateway.com	—	2024-08-13
domain	ud-invitation.com	—	2024-08-13
domain	ud-redi.com	—	2024-08-13
domain	ud-redirector.com	—	2024-08-13
domain	unstoppable-domains.io	—	2024-08-13
domain	unstoppable-invite.com	—	2024-08-13
domain	unstoppable-link.com	—	2024-08-13
domain	unstoppabledomains-bonus.com	—	2024-08-13
domain	unstoppabledomains-chain.com	—	2024-08-13
domain	unstoppabledomains-coin.com	—	2024-08-13
domain	unstoppabledomains-dao.com	—	2024-08-13
domain	unstoppabledomains-earn.com	—	2024-08-13
domain	unstoppabledomains-hub.com	—	2024-08-13
domain	unstoppabledomains-ico.com	—	2024-08-13
domain	unstoppabledomains-launch.com	—	2024-08-13
domain	unstoppabledomains-perks.com	—	2024-08-13
domain	unstoppabledomains-raffle.com	—	2024-08-13
domain	unstoppabledomains-social.com	—	2024-08-13
domain	unstoppabledomains-udom.com	—	2024-08-13
domain	web-unstoppabledomains.com	—	2024-08-13
domain	earn-unstoppabledomains.app	—	2024-08-13
domain	hub-unstoppabledomains.app	—	2024-08-13
hostname	176-113-115-201.plesk.page	—	2024-08-13
hostname	upbeat-benz.176-113-115-201.plesk.page	—	2024-08-13
URL	http://url6133.firsthive.com/ls/click?upn=u001.YbCYf-2FgtzuwtPIOJl3XPkZmTXojzKb8ybOSfYqAEuaFI97TnC3GG-2Fx-2Bhlvfb-2FvAfvZhn96QtHky9oWeUDlBrqjD4ae3lL4LJNpzbczEGC5Nmsx7MsRa02HsTUnFx8UMArENK_uWU6jA4cg4rrhoULumFgxLSe9Sx6FADLFnhjrH2SA7z86FHdhtcrqTTNCYz0ZzkPb2DIef0EqUNYHdJbYEKTSbaoIxhHHc3YD9N4wBUy8-2BS3wKw8dNOpWmN1DhgISWowroZEE0O1hqgmSlLDOVpwhzVRggJoRBb0nlRsroZXw-2B8-2BK9IP2cjeh9WHRquyQcxTRAqrOguDfFtgpSjqA1PIQQ-3D-3D	—	2024-10-12
URL	https://openmarketbids.io/	—	2024-10-12
URL	https://tx.jrwlkj.com/os	—	2024-10-12
URL	https://tx.jrwlkj.com/os/	—	2024-10-12
domain	openmarketbids.io	—	2024-10-12
hostname	tx.jrwlkj.com	—	2024-10-12
hostname	url6133.firsthive.com	—	2024-10-12
URL	http://url6133.firsthive.com/ls/click?upn=u001.YbCYf-2FgtzuwtPIOJl3XPkZmTXojzKb8ybOSfYqAEuaFI97TnC3GG-2Fx-2Bhlvfb-2FvAfvZhn96QtHky9oWeUDlBrqjD4ae3lL4LJNpzbczEGC5Nmsx7MsRa02HsTUnFx8UMArENK_uWU6jA4cg4rrhoULumFgxLSe9Sx6FADLFnhjrH2SA7z86FHdhtcrqTTNCYz0ZzkPb2DIef0EqUNYHdJbYEKTSbaoIxhHHc3YD9N4wBUy8-2BS3wKw8dNOpWmN1DhgISWowroZEE0O1hqgmSlLDOVpwhzVRggJoRBb0nlRsroZXw-2B8-2BK9IP2cjeh9WHRquyQcxTRAqrOguDfFtgpSjqA1PIQQ-3D-3D	—	2024-10-12
URL	https://openmarketbids.io/	—	2024-10-12
URL	https://tx.jrwlkj.com/os	—	2024-10-12
URL	https://tx.jrwlkj.com/os/	—	2024-10-12
domain	openmarketbids.io	—	2024-10-12
hostname	tx.jrwlkj.com	—	2024-10-12
hostname	url6133.firsthive.com	—	2024-10-12
URL	https://amacharamos.info/m/index.php?id=-8573853521890218639-8530	—	2024-11-20
URL	https://robotsdetection.live/	—	2024-11-20
URL	https://robotsdetection.live/import/home	—	2024-11-20
URL	https://robotsdetection.live/import/import-with-recovery-phrase	—	2024-11-20
domain	amacharamos.info	—	2024-11-20
domain	robotsdetection.live	—	2024-11-20
email	oiw64gs1@account-protection-updates.net	—	2024-11-20
FileHash-SHA256	c0ad75801eca4c4a305cefc0b9844bc3d06bde9ac23231cb34383da134c21e4e	—	2025-01-16
URL	https://www.boowaga.com/wp-content/plugins/woocommerce-multilingual/classes/StandAlone/Container/mig/dollar/#?en=g7zuzeg9pxv7vo&laxfordayz21@gmail.com	—	2025-02-03
domain	boowaga.com	—	2025-02-03
hostname	www.boowaga.com	—	2025-02-03
email	laxfordayz21@gmail.com	—	2025-02-03
URL	http://easycarbooking.com/specific_images/1/logo_low_res_black.gif?update=20140326161100	—	2025-02-03
domain	easycarbooking.com	—	2025-02-03

References (1)

↗ https://www.virustotal.com/gui/collection/ae8247821d12c4b8653c15034eeb3f0bf04e4e5104055fb2756fe32804fa2b3a