OneCoin struggling to keep websites behind reverse-proxy
After using CloudFlare for years, the reverse-proxy provider started showing phishing scam warnings for OneCoin back in January.
As reported by BehindMLM readers, affected websites include OneCoin’s own, OneLife and DealShaker.
Not all jurisdictions were affected, but it was widespread enough to hinder recruitment efforts.
OneCoin attempted to fix the phishing scam warning by changing website hosts to Hong Kong based HGC Global Communications in February.
That didn’t work and the phishing scam warning to OneCoin website visitors persisted.
Less than a week ago OneCoin ditched CloudFlare for Sucuri.
This got rid of the phishing warning but, presumably after being informed of the switch and conducting their own internal investigation, Sucuri booted OneCoin from their service within a few days.
Within the last 24 hours OneCoin has now hitched its websites to DOSarrest. Whether they permit OneCoin’s websites to stay behind their service remains to be seen.
OneCoin’s jumping from one reverse-proxy service to another is reminiscent of their banking woes in 2016.
After months of signing up with various banks in different countries and getting booted over fraud concerns, OneCoin lost its last bank account in November 2016.
The company simply gave up and stopped accepting bank wires.
Part of the reason OneCoin’s bank account musical chairs went on for so long was the use of shell companies.
With reverse-proxy services it’s impossible to mask who the service is for. As soon you put a website behind their service they can see it on their end.
The last confirmed names of the vultures feeding at the carrion on “Captain’s Corner” with the latest working numbers.
Former Sofia insiders, get your own back by letting loose what data you know and letting your downlines contact those that stole from them.
Cordel King Jayms & Patrice James – (removed)
Muhammad Adeel – (removed)
Sayid Abdi – (removed)
Jose Sugawara – (removed)
Henrique Machado – (removed)
Marco Vassanelli – (removed)
Thanh Duong – (removed)
Fred Fok & Sherry Gong – (removed)
Julien Zerbini – (removed)
Barbara Chukwurah – (removed)
What Clown-King might also like to know: Rob & Pat in Ireland went to Duncan, Tommi to Simon, Hannah to Simon, Jamil to Simon, Andy to Habib, Roshun to Simon, half of Latam to Duncan, all of Africa who speak English to Duncan, US and Canada split between Duncan and Simon. Put that in your newsletter.
Keep up the good work Captains. More will follow next week.
Hello dear sir/Madam, Perticulerly madam Ruja,
Wherever you are hope so fine in good health. You was called Queen in world of crypto, till today there is no person call king in same.
We have blindly trust you, just imagine there is lots of people who invested in one coin and those are very normal people and invest his life earned hard money.
I don’t understand why you are doing this all, what you do with this money in hiding, you never be in peace like this.
Instead of doing this if you choose right way then I think you today you may call real Queen and have 5 times more money capital.
There is chance even at present, to arrange situation, I know you are able to do.
Thanks and regards,
One coin investor and wisher
Sucuri has now removed Oneacademy.eu from its services!
twitter.com/sucurisecurity/status/1253404007768317955
Good job Sucuri!
Now waiting for DOSarrest to react. You can email abuse reports to DOSarrest email: abuse(at)dosarrest.com
DOSarrest is providing its services for w.w.w.onelife.eu
securitytrails.com/list/apex_domain/onelife.eu
Scammers seem to be now moving oneacademy.eu for DOSarrest service which still provides services for OneCoin.
OneCoin scammers have now made the move to use DOSarrest’s service for OneAcademy.eu which now works again.
https://securitytrails.com/domain/oneacademy.eu/dns
Now both OneLife.eu and OneAcademy use DOSarrest service, and got rid of the Phishing alert.
Soon they probably do the same for DealShaker.
Lets try to get DOSarrest’s attention for this issue.
Ok, Tim called them, and got confirmation DOSarrest is at least aware of the issue and going to look into it.
No matter how many useless people you have, there is no point in just following onecoin.
It is Sucuri not Securi
Thanks for catching that. My mind went to security.
DOSarrest is still investigating.. Have to start seriously question their competence. It shouldn’t take much time to figure out OneCoin is a scam. There’s so many court documents and even more than clear US DOJ news available.
For Sucuri it took about 4 days to investigate and kick out the scammers.
Onecoin scammers got the Phishing alert removed from Dealshaker.
They also still seem to use Cloudflare, but I suspect the removal of Phishing aleart is thanks to Nexusguard?
securitytrails.com/list/apex_domain/dealshaker.com
Also, DOSarrest went totally silent about hosting OneLife and OneAcademy.
Yep, Dealshaker now using Nexusguard.com services.
i.imgur.com/1LozIm6.png
i.imgur.com/OUi2JsF.png
Yah, changing DNS might have (temporarily?) removed the CF phishing warning.
How long before Nexusguard dumps them too?
@Oz I don’t know how long. But DOSarrest which is hosting onelife.eu and oneacademy, at least has appeared to be very stubborn, and stopped responding altogether to all inquiries about OneCoin, and they didn’t explain anything.
But DOSarrest and its CEO will be definitely getting more heat, especially after Konstantin’s sentencing…
Let’s see what happens with Nexusguard.
I just contacted nexusguard.com/contact-us and spoke with a real person who said she took down the complaint and would have someone contact me.
It seems Nexusguard kicked Dealshaker out, as Dealshaker has been moved to use DOSarrest.
DOSarrest is now providing reverse proxy services for all of the main sites for running the OneCoin fraud scheme:
onelife.eu , oneacademy.eu and dealshaker.com
See here the domain info:
securitytrails.com/list/apex_domain/onelife.eu
securitytrails.com/list/apex_domain/oneacademy.eu
securitytrails.com/list/apex_domain/dealshaker.com
Despite repeatetly noticing DOSarrest what they are doing, they haven’t so far reacted, and actually stopped responding to the inquiries regarding this issue. We need more pressure towards DOSarrest from several different fronts.
All main onelife.eu subdomains show now hosting by Microsoft Corporation.
securitytrails.com/list/apex_domain/onelife.eu
What would be the proper contact info in Microsoft regarding this?
OneLife.eu site is running on Microsoft Azure.
twitter.com/CryptoXpose/status/1299274291989622784
Abuse contact:
portal.msrc.microsoft.com/en-us/engage/cars
abuse(at)microsoft.com
Who is administering the website one life, can this be ascertained ?
Then contact can be made with the individual.
Officially a shell a company. In reality persons unknown in Bulgaria/Russia.