Type of Scam: Online Scam

URL of Scam: ethc.ai/#/home

Description
The victim engaged in cryptocurrency trading through a platform managed by a group. Two payments were sent, one for $8,000 and another for approximately $25,000. Although initial withdrawals were possible, the victim was eventually blocked from accessing funds. An alleged fee must be paid to regain access, per a letter from the victim’s bank.

Calculated Amount Loss: $55,695.00

Receiving Addresses:

0x14e0f8f5c8cbdea763c5b2c2025b2bfe36efd8cd
0x91e57cc930ddd3002621ea7860dbd9be047b10db

Open-Source Intelligence Analysis: 

Current Website
The investigation targets the website ethc.ai, with technical findings reviewed as of August 1, 2024. The website uses professional web design to appear credible while facilitating fraudulent activities.

Domain and Hosting Information

Registrar: Gname.com Pte. Ltd.
Nameservers: share-dns.com, share-dns.net, hosted by Gname.com Pte. Ltd.
MX Records: mx1.hostinger.com, mx2.hostinger.com
ISP: Amazon.com

Technical Analysis
The domain utilizes several modern technologies and frameworks:

Frameworks: Likely built on ASP.NET or other enterprise-level web technologies to simulate a legitimate cryptocurrency trading platform.
Mobile Optimization: Responsive design elements, including viewport meta tags, Apple web clips, and scalable graphics, indicate mobile compatibility.
Web Standards: Utilization of HTML5 and UTF-8 encoding, ensuring accessibility across devices and browsers.

Key Observations

Sophisticated Infrastructure: The use of Amazon.com’s hosting services adds a layer of legitimacy while masking the operation’s physical origins.
Evasive Tactics: Hosting via Gname.com Pte. Ltd. and the use of shared DNS services make the operators challenging to track.

Involvement of Email Services: MX records from Hostinger suggest additional communication methods could be used for phishing or scam-related follow-ups.

Recommendations
Subpoenas Recommended for:

Registrar: Gname.com Pte. Ltd. to access ownership and registration data.
Host: Amazon.com for hosting and server information to identify the origin of IP traffic.
Email Provider: Hostinger to investigate any correspondence sent through associated MX records.

MX records from Hostinger suggest additional communication methods could be used for phishing or scam-related follow-ups.

Recommendations
Subpoenas Recommended for:

Registrar: Gname.com Pte. Ltd. to access ownership and registration data.
Host: Amazon.com for hosting and server information to identify the origin of IP traffic.
Email Provider: Hostinger to investigate any correspondence sent through associated MX records.