Scam URL: h5.globalmalcoin.net
Receiving Address: 0x121D6f8Fd20D6b5F08D96C1a5c58369884Be2944
Blockchain: Ethereum (ETH)
Cryptocurrency Used: USDC (USD Coin)
Loss Amount: $280,000.00
Type of Scam: Investment scam

Title: Uncovering the Scam Behind h5.globalmalcoin.net: OSINT Investigation Insights

The domain h5.globalmalcoin.net has raised significant red flags, and our investigation reveals critical details pointing toward fraudulent activity. Here’s what we know so far, and if you’ve interacted with this site or have related information, your input could prove invaluable.

The domain is registered through Gname.com Pte. Ltd., with nameservers share-dns.com and share-dns.net, hosted by the same registrar. No MX (mail exchange) records were detected, indicating a lack of email infrastructure. This aligns with scams that rely solely on web interfaces, avoiding traceable email communication.

Hosting services for this domain involve a complex network of providers, including Cnservers, Peg Technic, Sharktech, and RakSmart, all based in the U.S. The domain also employs the nginx web server and utilizes the QUIC protocol, a method known for enhancing speed and security in web communications. While these features might appear legitimate, they could be employed strategically to support malicious activities and evade detection.

A notable technical feature of the website is its integration with the Google Font API for typography and the Laravel PHP framework, which is often used for developing dynamic web applications. The site also links to a GitHub repository, which could be a valuable lead for tracing development activities or associated actors.

The domain is configured to optimize for mobile use, with features such as Viewport Meta and compatibility with iPhone and other devices. This suggests the site is tailored for accessibility, potentially to attract a broader audience and deceive victims effectively.

SSL checks confirm the presence of HSTS (HTTP Strict Transport Security), which forces secure communication over HTTPS. While this adds a veneer of legitimacy, it can also mask fraudulent activities by creating a false sense of security for users.

If you’ve been scammed or encountered this domain in any way, please share what you know. Evidence such as transaction details, communication records, or other connections could help uncover the individuals behind this scheme. Together, we can deepen our understanding and provide investigators with the tools to take action. Stay cautious, and reach out if you need guidance or want to contribute further.