Share this page!

Phantom X Security Profile picture
Twitter logo
Jun 26 8 tweets 9 min read
Possible nexus noted between an actor conducting Naver phishing and now Crypto.

Email gameproducters@outlook[.]com reported by @prevailion has also registered boredsnakesclub[.]com a typo squat of the legitimate BoredSnakesClub website. 1/

prevailion.com/what-wicked-we…

#Phishing
Previous reporting on gameproducters@outlook[.]com listed them as registering dozens of Naver-themed phishing domains, examples below. 2/

navercomf[.]link
navercnid[.]link
naverdcom[.]click
navercomd[.]link
navernidc[.]link
naveracom[.]link
naverecom[.]click

#Phishing #Naver
The phishing domain boredsnakesclub[.]com was registered on 4/24/2022.

It was directly cloned from the legitimate website the same day using HTTrack Website Copier/3.x.

3/
#Phishing #NFTs ImageImage
At the bottom of the HTML there are references to JavaScripts located on themta[.]site and thedoodles[.]site.

A Google cache result for themta[.]site is below, but it was pretending to be the 'Metaverse Travel Agency'.

4/
#Phishing #NFTs ImageImage
The thedoodles[.]site is active but is a shell of a site with minimal functionality.

It's HTML shows references to the same JavaScript file on themta[.]site.

It was registered by tree99111@hotmail[.]com, also in the @prevailion report. 5/

#Phishing #NFTs ImageImageImage
Both boredsnakesclub[.]com and thedoodles[.]site are hosted on @OVHcloud IP 158.69.133[.]72.

A cursory check on the IP shows a large number of crypto-currency phishing sites co-located there.

#Phishing #NFTs Image
When themta[.]site was active, it was hosted on @OVHcloud IP 51.222.199[.]226.

Quick look at the IP shows a number of crypto-currency phishing sites being hosted there, including sites targeting @squiggles @ARKANGELSNFT @cartoonsnft.

#Phishing #NFTs
@OVHcloud The @OVHcloud IP 158.69.133[.]72 is actually hosting 65 phishing sites targeting crypto-currency users.

Targets include @the_x2y2 @polarbearsnft

#Phishing #NFT #Crypto

Full List:
pastebin.com/7a2Vz49Y

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Phantom X Security

Phantom X Security Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(