- This topic has 0 replies, 1 voice, and was last updated 2 weeks, 4 days ago by .
-
Topic
-
Cryptocurrency Scam Linked to mexc.win/trade/personal.html
Scam URL: https://mexc.win/trade/personal.html
Lost Amount: $15,621.00
Type of Scam: Fraudulent cryptocurrency transaction scheme
Receiving Addresses:
19wbBoKAQXbqGfYRJfzfkHP9C9h4U4VJ1k
3LiXNhwpg94AZirWGanVRccFGi98tJquaw
0x3aad0a4ae217024eC053B841800dD8d709F0bf41
0x3512A9c573be3294Ee27D8f059E4a95f2eabAABE
3G6x9mQsFn3FPwF82XWLQcH5JHQwjanHY7
0x0F5C3C7220E252F548FF442f288bF2F2EE6e5423If you’ve come across suspicious activity linked to the website mexc.win, this report details findings that point to a potentially fraudulent operation. This investigation leverages open-source intelligence (OSINT) to identify the infrastructure and tactics used, providing insights that can assist in exposing and dismantling these schemes. Your contributions can make a significant difference, so if you have additional information, please share it.
The domain mexc.win is registered through ALIBABA.COM SINGAPORE E-COMMERCE PRIVATE LIMITED and is hosted on servers operated by Tencent Cloud Computing. These hosting and DNS services are tied to AliDNS name servers, which are common among entities seeking a cost-effective and widely available setup but also appear in contexts where anonymity and limited jurisdictional oversight are critical to operations. The website implements an nginx server and enforces SSL encryption through LetsEncrypt, reflecting efforts to maintain a secure yet deceptively professional appearance.
Despite the technical sophistication, several red flags point to fraudulent intent. The website’s server returned a 403 error during multiple checks, suggesting attempts to limit access or visibility to certain geographic regions or users. The lack of mail exchange (MX) records further implies the absence of legitimate communication infrastructure, a known tactic to avoid traceability in scams.
This domain supports transactions in Japanese Yen, which may signal a regional focus or a broader strategy to attract international victims. Analysis also revealed the use of various JavaScript libraries, including jQuery (version 2.1.1) and Vue, indicating the use of standard frameworks to create a functional and mobile-compatible interface. Such tactics are often employed to gain credibility while enabling seamless victim engagement.
The listed contact number, (470) 454-1552, is registered with POWERTEL ATLANTA LICENSES, INC. and does not appear to be a VoIP number, but further verification is needed to assess its authenticity. Combined with the operational timeline of key components, which began in early 2024, the evidence points to a well-structured and deliberate effort to conduct illicit activities.
If you have interacted with this website or have further intelligence, including associated wallet addresses, IP logs, or connected domains, your input could help expose the individuals behind this operation. Together, we can uncover the truth and hold these entities accountable for their actions.