FRAUDULENT PERFORMANCE IN PLANTSVSUNDEAD
Analysis of a hacker who has executed a scam against users taking advantage of administrators:
The page is as follows, with an address ending in .com
Within an official post we find the following:
Where we find “support” announcements, repeated many times:
With these two links:
Marketplace.plantsvsundead.net (.net??) https://marketplace.plantsvsundead.net/claim-your-pvp-seed?ref=os0ef303
pvu-event.com (totally different from the plantsvsundead server address) https://pvu-event.com/
I do a tracert for the DNS resolution of conversion of domain name to ip with the two links
Marketplace.plantsvsundead.net 172.67.211.239 (use two ip’s, this is one)
arnold.ns.cloudflare.com [108.162.193.69]
daniella.ns.cloudflare.com [108.162.194.228]
pvu-event.com 42.112.30.39
ns1.dns-parking.com [162.159.24.201]
ns2.dns-parking.com [162.159.25.42]
Where he falsifies absolutely everything
But then at the same time it does not exist
I observe the contracts of the transactions
It is observed that everything is income except for two, a possible test and another that is a transfer of the total token that has already accumulated to the following address:
0x8094c59bed7044e78394ee50e08a3da342214441
With a value of $ 9,800 already
Where everything is token income
New scammer wallet: 0x6a3157f63538C201e6c7da6aA22ba09135Aa07AB
