Receiving Address: 0xfc7b4c96cb24f3580c5bd463ad5c4b0d0fdb2de5
Blockchain: Ethereum
Type of Scam: Investment
Cryptocurrency: ETH
Amount Lost: $38,000.00

I want to share the findings from an OSINT investigation into the fraudulent website theta-web3.cc. This alert is especially for those who have interacted with this domain or are currently investigating it. Here’s everything we’ve uncovered so far:

The domain theta-web3.cc is registered through NameSilo, LLC, a registrar that has been linked to several scams in the past. The site’s hosting is provided by Cloudflare, Inc., with the nameservers chelsea.ns.cloudflare.com and eric.ns.cloudflare.com. This association with Cloudflare is a common tactic used by scammers to obscure their actual hosting location, making it harder to trace the fraud to its origins.

No MX (Mail Exchange) records were found for the domain, suggesting that email communication might not be a major part of this scam or may have been conducted through third-party email services.

Technical checks performed on July 24, 2024, confirmed that theta-web3.cc was heavily relying on various JavaScript libraries, including React, Lodash, and Moment JS, among others. These libraries are typically used to build complex web interfaces, which could be an attempt to make the scam appear more legitimate and functional.

An important detail is the use of Cloudflare for both content delivery and network error logging. This points to a sophisticated setup, where Cloudflare helps to manage traffic and mask the real origin of the site. It also relies on AWS CloudFront, which is an Amazon content delivery network (CDN), further obscuring the site’s true server locations. The investigation revealed various edge locations such as Dallas, Chicago, Hong Kong, Frankfurt, and Los Angeles, which may indicate that the fraudsters are using a distributed network to avoid detection.

This site also has SSL certificates enabled by default, which may give an impression of security, but don’t be misled—SSL encryption does not guarantee the legitimacy of a site. The LetsEncrypt certificate authority is being used, which is a free SSL provider and commonly seen on both legitimate and fraudulent sites alike.

If you’ve been a victim of this scam, or if you have additional details such as transactions, interactions, or any other data related to theta-web3.cc, please share them. Your information could help uncover further aspects of this operation and assist in identifying related domains.

Let’s work together to stop this fraud from harming others. Stay cautious and report any suspicious activity you’ve encountered!