- This topic has 0 replies, 1 voice, and was last updated 1 week, 1 day ago by .
-
Topic
-
Receiving Address: 3GxuxT458p97FTpy13jT5Ed7QZwWGaL3R
Blockchain: Bitcoin
Type of Scam: Investment
Cryptocurrency: BTC
Amount Lost: $100,934.00I’m sharing the findings of an OSINT investigation into a suspicious cryptocurrency platform, ex.stxcoinep.com. This warning is for anyone affected by this scam or investigating it further. Here’s what we know so far:
The domain ex.stxcoinep.com was registered through GMO Internet Group, Inc. d/b/a Onamae.com, a reputable registrar that has unfortunately been used to facilitate this fraudulent activity. Hosting services for this domain were provided by Cloudflare, Inc., with nameservers pointing to kristina.ns.cloudflare.com and mitch.ns.cloudflare.com. These details suggest the scammers were using Cloudflare’s services to obscure their real hosting infrastructure, a common tactic among cybercriminals to avoid detection.
Technical checks conducted on September 30, 2024, confirmed that the domain is currently non-resolving. This means the website is no longer accessible, either because the operators have taken it down or because it was disabled following reports of fraudulent activity. However, the disappearance of the website does not mean the scheme is inactive. Scammers often abandon compromised domains and move their operations to new ones.
No MX (mail exchange) records were found for the domain, which could mean that email communication wasn’t a key part of the scam. Alternatively, the operators may have used third-party email services or other domains to conduct correspondence, further obscuring their identity.
The ISP managing the domain’s IP address was also identified as Cloudflare, which shields backend server locations from public view. This layer of obfuscation makes it challenging to pinpoint the scam’s origins but provides a clear lead for subpoena recommendations if legal action is pursued.
If you’ve been a victim of this scam, you might have critical details like payment information, email communication, or screenshots of interactions. Sharing this information can help build a more comprehensive picture of the operation, identify related domains, or track the scammers’ movements.
Please share anything you know in the comments below. Together, we can uncover the full extent of this fraud and prevent others from falling victim.