Scam URL: webull3.vip
Receiving Address: 0x8bB71062d2F2dc13E3b8b2A7221Bf386dc65e45D
Blockchain: Ethereum (ETH)
Cryptocurrency Used: USDC (USD Coin)
Loss Amount: $20,770.00
Type of Scam: Cryptocurrency fraud involving multiple transactions to a fraudulent wallet over a period of 1.5 months.

Title: Investigating webull3.vip: Scam Alert and Key Findings from OSINT Analysis

We’ve dug deep into the suspicious domain webull3.vip, and the findings strongly suggest fraudulent activity. If you’ve encountered this site or similar schemes, here’s everything we’ve uncovered to assist you in understanding their methods and to help investigations move forward.

The domain is registered through Gname.com Pte. Ltd., with nameservers share-dns.com and share-dns.net, also hosted by the same registrar. The domain has no associated MX (mail exchange) records, which means email correspondence tied to the domain may not exist. This is a hallmark of scams that focus solely on web-based interactions, avoiding traceable email communications.

The IP address hosting the site is linked to Cnservers LLC, a U.S.-based service often used by bad actors due to its lenient policies and robust infrastructure. While the geolocation resolves to the USA, our investigation detected that a VPN or proxy was likely used, making the actual location of the operators unclear.

The site leverages nginx web server software and a combination of content delivery networks (CDNs), including jsDelivr and Staticfile CDN, to serve its content quickly. It also uses outdated jQuery libraries, which may include vulnerabilities exploitable for malicious purposes. Although the SSL certificates are issued by Let’s Encrypt, the presence of HTTP Strict Transport Security (HSTS) might suggest an attempt to appear secure, but this is likely deceptive.

A notable red flag is its integration with Simplex, a payment processor supporting Bitcoin transactions. Bitcoin’s anonymity makes it a favorite among scammers, as transactions are nearly impossible to reverse or trace effectively without detailed cooperation from financial entities.

The site appears to target Chinese-speaking audiences, as the primary language detected in the content is Chinese. However, this doesn’t limit its reach; many fraudulent sites use multilingual interfaces to maximize their victim pool.

If you have dealt with webull3.vip, whether through transactions, communications, or phishing attempts, please share your experiences. Detailed accounts can help us uncover links to other fraudulent websites and provide evidence for legal and investigative actions. Stay vigilant and reach out if you have questions or information to contribute.