Total BreakDown of a Scam: Action Needed for Your Domain : This is your Final Notification of Website Listing

BEWARE! of this old scam that is popping up again these days where a phishing email is being circulated to all the people who are registering for their new domain. If you are on this post this means you might have got an email similar to the below one telling you that it would be about time to complete your search engine registration. I would recommend you not to click on the link provided by the scammer unless you are in a Virtual Environment and you know what you are dealing with. Its no surprise, that all these scam websites linked in the different emails host the same HTML.

THE PHISHING EMAIL (The exact contents are as following (just the name, date, scam url and domain have been replaced):

Attention: Important Notification , DOMAIN SERVICE NOTICE
Domain Name: <your.domain.com>


ATT: Domain Admin
REGISTRANT CONTACT: <your@email.com>
<your.domain.com>
Response Required By:
Today, XX/XX/202X


PART I: REVIEW NOTICE

Attn: Domain Admin
As a courtesy to domain name holders, we are sending you this
notification for your business domain name search engine
registration. This letter is to let you know that it's time to
take action on your search registration.

Failure to complete your domain name search engine listing
by the expiration date may result in termination of this offer
making it difficult for your customers to search for you online.

Privatization allows the consumer a choice when listing.
Search engine registration includes domain name search engine
submission. Do not disregard, this notification is not an invoice it is
a courtesy reminder to register your domain name search engine
listing so your customers can search for your website.

This notification for: <your.domain.com> will expire Today at 11:59PM EST,
XX/XX/202X Act now!


Choose Term and Option Here: http://<scam_url>.com/<directory_info>


Payment by BTC or XMR
Choose the package option using the linked page above by today, XX/XX/202X

<your.domain.com>



-----------------------------------------------------------------

The contents of this notification contains confidential and/or
legally privileged information from the notification processing
department of EngineRegistration Los Omeyas, 5 local. suite #1006788,
Cordoba 14005, Spain. This information is delivered only for the use of the
person(s) named above. If you do not want to receive further
updates from EngineRegistration simply reply "no thanks" to this email.
If you are not the intended recipient, you are hereby informed
that disclosure, copying, distribution or the taking of any
action in reliance on the contents of this message is strictly
prohibited.

Brief Breakdown of working of this scam

I will not go to each and every detail because that way the scammer will know how to improve this email. But I will walkthrough the working of this scam.

Firstly, whenever a person registers for a new domain, your personal information is published to the public Whois Directory. This is required by the Internet Corporation for Assigned Names and Numbers (ICANN) as part of the domain name registration process. This public directory exists for every top level domain. And anyone can check who is the owner of a domain or website. So the exploitation begins here and the scammers scrape this info and store it in an EXCEL sheet or a CSV file and run an automation script(most probably in python) which will create thousands of specific target emails targeting the domain owner and their domain and then this SCAM email is sent to the people with open registrations on their domain names.

I am again WARNING you to not reply to such emails and do not click on the link in the email!

What happens when you click the link?

For educating you guys, I went through the process of multifurcating this scam.

So, when you click the link you are redirected to a very basic and minimal design page something like this:

And do you guys know what the SAD part about all this process is? These scammers exploit opensource softwares and tools to make this type of phishing possible.

For Instance for this particular scam they use BTCPay Server which is a self-hosted, open-source cryptocurrency payment processor and It’s secure, private, censorship-resistant and free. Here you can launch a server in a cloud, your own hardware device or use an existing host.

Here is the image of it:

And once you pay then you are greeted with this simple Thank you page which looks pretty legit to be honest.

Some info of this Scam URL

First and foremost thing I discovered was that these scammers are having hundreds or not thousands of Wallet Addresses which they use to scam out the people. There is no particular place for them to stay. Below is the WHOIS details of the scam url (I am surprised that the scammers are intelligent enough to use PrivacyGuardian):

Domain Name: <SCAM_URL>
Registry Domain ID: 2745674289_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com/
Updated Date: 2023-04-12T07:00:00Z
Creation Date: 2022-12-18T07:00:00Z
Registrar Registration Expiration Date: 2023-12-18T07:00:00Z
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Registrar Abuse Contact Email: abuse@namesilo.com
Registrar Abuse Contact Phone: +1.4805240066
Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: 
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: PrivacyGuardian.org llc
Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Registrant City: Phoenix
Registrant State/Province: AZ
Registrant Postal Code: 85016
Registrant Country: US
Registrant Phone: +1.3478717726
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: pw-bf58136be044c8bf507db62dbf3f1bef@privacyguardian.org
Registry Admin ID: 
Admin Name: Domain Administrator
Admin Organization: PrivacyGuardian.org llc
Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Admin City: Phoenix
Admin State/Province: AZ
Admin Postal Code: 85016
Admin Country: US
Admin Phone: +1.3478717726
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: pw-bf58136be044c8bf507db62dbf3f1bef@privacyguardian.org
Registry Tech ID: 
Tech Name: Domain Administrator
Tech Organization: PrivacyGuardian.org llc
Tech Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Tech City: Phoenix
Tech State/Province: AZ
Tech Postal Code: 85016
Tech Country: US
Tech Phone: +1.3478717726
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: pw-bf58136be044c8bf507db62dbf3f1bef@privacyguardian.org
Name Server: NS1.DNSOWL.COM
Name Server: NS2.DNSOWL.COM
Name Server: NS3.DNSOWL.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2023-04-18T07:00:00Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS
database through the use of high-volume, automated, electronic processes. The
Data in our WHOIS database is provided for information purposes only, and to
assist persons in obtaining information about or related to a domain name
registration record. We do not guarantee its accuracy. By submitting a WHOIS
query, you agree to abide by the following terms of use: You agree that you may
use this Data only for lawful purposes and that under no circumstances will you
use this Data to: (1) allow, enable, or otherwise support the transmission of
mass unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes that
apply to us (or our computer systems). The compilation, repackaging,
dissemination or other use of this Data is expressly prohibited without our
prior written consent. We reserve the right to terminate your access to the
WHOIS database at our sole discretion, including without limitation, for
excessive querying of the WHOIS database or for failure to otherwise abide by
this policy. We reserve the right to modify these terms at any time.

One Good Information

It is quite good that at the time of writing this post, no one sent money to this particular scammer address. But I have seen many scammers having BTC 80 or so in their balance but later they withdrew it into safety.

But still one should be very much aware of this SCAM and should not be Phished by the Scammers.

But how to really register your website on Google Search Engine? (Legitimate Way)

When you create a new website with a new domain you should make sure that search engines know about your newly created website. Although its optional but if you want to show content on the web so that people can read your content then follow the below steps:

1. Login to your google account on your desired browser.
2. Register your site by going to Google Search Console

And that’s all.

I hope through this Post you would refrain your temptation of being frightened and doing something in hurry that you are not supposed to do.

So, STAY SAFE! HELP OTHERS BEING SAFE!