Intel Name: Crypto investment scam/phishing campaign
Date of Scan: February 7, 2025
Impact: High
Summary: We’ve uncovered 42 malicious domains impersonating cryptocurrency-related entities like Independent Reserve, Coinbase, Coinhako, Enkrypt, and HiBT. These domains are grouped into seven clusters hosted on four IP address groups, sharing infrastructure and reusing web content. Most were registered between October and November 2024, with some dating back to March-May 2024. All domains feature a fake “Lead Market Analyst” whose identity is stolen from a real individual, Chris Weston. The campaign uses “noindex” directives to avoid search engine indexing, likely relying on targeted URLs to lure victims and evade accidental discovery.
