Scam www.emexchange.xyz with fake ios and android apps

and the links to mobile apps links to fake ios store page

as you can see they are trying to fake apple store page but it is fake and it is badly fake developer leads to non existing website fuyoudll.com

From the begining

Domain name only:

Domain Name: emexchange.xyz
Registry Domain ID: D213212463-CNIC
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2020-12-31T21:06:54Z
Creation Date: 2020-12-08T09:59:42Z
Registrar Registration Expiration Date: 2021-12-08T23:59:59Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146

Red flag only tree month old

one webste there is no cantacts

no information who is regulating this “finance institution”

the only email on website leads to university, i think this is one of the studens project

Social links: none of them works


Social links

one good thing that this domain is registered godaddy, i reported this website. i hope to get it blocked as fast.

WordPress redirect malware ataking stm Motors theme

one day i sow that my testing site is redirecting with enabled plugin stm_vehicles_listing is redirecting to something like this


several diferent domains like

a.robotcaptcha6.info fox.trackstatisticsss.com joinsilverclubbb.com

Like always to track adn remove malware from wordpress i update wordpress to the latestes version ( or just press reinstall if you are one the latestet allready)

Second step update theme files

and finaly update all plugins,

AND…. all thees steps did not solved my problem the web page was still redirecting

i checked .htaccess ir was clean

wp-confing.php – clean

i was seaching and i found nothing in files, JavaScrip files and so on

so it must be not in files but it have to be in database, i searched for TRACKSTATISTICSSS in all datebase an i get only one row… that was so pleasent, finale i got it

it was in wp_option table

28 628 length..

Solution

  • connect to phpmyadmin
  • in sql enter script below

that is my search script you can use it

 SELECT * FROM `c1aps4`.`wp_options` WHERE (CONVERT(`option_id` USING utf8) LIKE '%<SCRIPT%' OR CONVERT(`option_name` USING utf8) LIKE '%<SCRIPT%' OR CONVERT(`option_value` USING utf8) LIKE '%<SCRIPT%' OR CONVERT(`autoload` USING utf8) LIKE '%<SCRIPT%') OR (CONVERT(`option_id` USING utf8) LIKE '%TYPE=TEXT/JAVASCRIPT%' OR CONVERT(`option_name` USING utf8) LIKE '%TYPE=TEXT/JAVASCRIPT%' OR CONVERT(`option_value` USING utf8) LIKE '%TYPE=TEXT/JAVASCRIPT%' OR CONVERT(`autoload` USING utf8) LIKE '%TYPE=TEXT/JAVASCRIPT%') OR (CONVERT(`option_id` USING utf8) LIKE '%SRC=\'HTTPS://COUNT.TRACKSTATISTICSSS.COM/STM?V=L&V=4\'>%' OR CONVERT(`option_name` USING utf8) LIKE '%SRC=\'HTTPS://COUNT.TRACKSTATISTICSSS.COM/STM?V=L&V=4\'>%' OR CONVERT(`option_value` USING utf8) LIKE '%SRC=\'HTTPS://COUNT.TRACKSTATISTICSSS.COM/STM?V=L&V=4\'>%' OR CONVERT(`autoload` USING utf8) LIKE '%SRC=\'HTTPS://COUNT.TRACKSTATISTICSSS.COM/STM?V=L&V=4\'>%') 

I saw this for the first time

SCAM on youtube with live stream lots of channels crreated with one video

its scammed or hacked accounts with deleted all vodes streaming one video scam that bill gates is asking for bicoins

this is bad news for those whome accounts been scammed or hacked.

i would like to have possibility to report videos or live stream videos

web site states that just give us money and bill gates will double, they trying to play then virus is out there

SCAM SITE https://billgatesdev.tech/

At this moment is all in youtube hands

i hope that google will try to stop this stream as fast as posible

i chatted with one owener of the scammed channel, he meneged to get back his acount and report issue with with that scam but google did nothing about that

i reported that site to microsft becouse its it using microsft name and logo. hope they will down that site

we need tool to stop that activity

How facebook and shopify tolerating this? or How to lose our facebook and maybe your paypal or nettler password

SCAM ads

This just for redirecting site

You will be redirected to this site

in this site they asking yoo to enter you facebook details and your paypal, nettler password or IBAN number

the main goal i thinks is to get your paypal or nettler password, they hope that you are using the same email adress and the same password for all accounts,

the main problem that facebook and shopify doing nothing to protect theyr customers. so sad