-
Notifications
You must be signed in to change notification settings - Fork 16
/
Copy path2024-10-30-IOCs-for-xAI-crypto-scam.txt
71 lines (54 loc) · 2.5 KB
/
2024-10-30-IOCs-for-xAI-crypto-scam.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
2024-10-30 (WEDNESDAY): XAI CRYPTO TOKEN PRESALE SCAM
AUTHORS:
- Keerthiraj Nagaraj, Nabeel Mohamed, Shehroze Farooqi, Lucas Hu, Alex Starov
REFERENCES:
- https://www.linkedin.com/posts/unit42_crypto-scam-cryptoscams-activity-7257775874274406401--LCy/
- https://x.com/Unit42_Intel/status/1852010236090921419
NOTES:
- We've identified 25 malicious domains hosted on suspicious infrastructure impersonating xAI.
- These sites offer to swap BTC, ETH, DOGE and other cryptocurrencies for xAI tokens.
- This scam entices victims with additional discounts and bonuses for early investors.
- Our investigation uncovered a shared infrastructure among the 25 malicious domains.
MALICIOUS DOMAINS FOR THE INITIAL SCAM PAGES:
- xai12j[.]com - registered 2024-10-28
- xai14w[.]com - registered 2024-10-24
- xai24k[.]com - registered 2024-10-28
- xai27n[.]com - registered 2024-10-25
- xai34k[.]com - registered 2024-10-25
- xai35p[.]com - registered 2024-10-25
- xai36l[.]com - registered 2024-10-28
- xai40d[.]com - registered 2024-10-25
- xai41v[.]com - registered 2024-10-25
- xai45l[.]com - registered 2024-10-25
- xai49p[.]com - registered 2024-10-25
- xai50q[.]com - registered 2024-10-25
- xai52e[.]com - registered 2024-10-25
- xai58s[.]com - registered 2024-10-25
- xai61r[.]com - registered 2024-10-25
- xai72s[.]com - registered 2024-10-25
- xai75n[.]com - registered 2024-10-24
- xai84m[.]com - registered 2024-10-24
- xai90i[.]com - registered 2024-10-25
- xai93j[.]com - registered 2024-10-25
- xai94u[.]com - registered 2024-10-25
INDEX PAGES FROM ALL OF THE ABOVE SITES HAVE A LINK TO:
- xaiofficial[.]com - registered 2024-10-03
DOMAINS HOSTING PRESALE AND CRYPTO SWAP SCAM PAGES:
- xaicryptosale[.]com - registered 2024-10-20
- xaipresale[.]net - registered 2024-10-20
- xaitoken-sale[.]org - registered 2024-10-20
URLS FOR THE PRESALE AND CRYTPO SWAP SCAM PAGES:
- hxxp[:]//xaicryptosale[.]com/presale/
- hxxp[:]//xaipresale[.]net/presale/
- hxxp[:]//xaitoken-sale[.]org/presale/
- hxxp[:]//xaicryptosale[.]com/swap/
- hxxp[:]//xaipresale[.]net/swap/
- hxxp[:]//xaitoken-sale[.]org/swap/
CRYPTOCURRENCY WALLET ADDRESSES USED FOR THIS SCAM:
- ADA: addr1q9dqkaydgyaltjujm3wa00nc5k8dsnfgxhed7h08l6qzz5uqtdq4t7xz3cjnusc6l22m4ch9pcuwhl7x4ge5385gwa7sddudsz
- BNB: 0xc54e1f4E1aD38D892b28Acfb56e83951b61671D9
- BTC: bc1q4qhczl32av4sldml26ry5zv6zywr4meqxf53sy
- DOGE: DGcvTB4e2jdHZCeybysPULmLcN9gXWMZ84
- ETH: 0xc54e1f4E1aD38D892b28Acfb56e83951b61671D9
- USDT: 0xc54e1f4E1aD38D892b28Acfb56e83951b61671D9
- XRP: rVX5nzmkJRxZxf7hmhNGshAdXJHhzs6Jq