#scam

Fraud and scam infrastructure (fake stores, crypto scams, romance scams, fake giveaways) extracted from public researchers


#scam

Fraud and scam infrastructure (fake stores, crypto, romance, giveaways)

IOCs by window

Today

0

IOCs tagged #scam

Week

0

IOCs tagged #scam

Month

34

IOCs tagged #scam

Year

7,382

IOCs tagged #scam

Counts as of 2026-04-29. Regenerated daily.

About #scam

  • Definition: fraud infrastructure that does not necessarily steal credentials. Common types: fake e-commerce stores, fraudulent crypto-investment platforms, romance scams, fake giveaways, fake support hotlines, fake tech-support pop-ups.
  • Common variants: fake Trezor / Ledger reset pages, fake X/Twitter promotion bots, fake DEX phishing dApps, AI-generated celebrity-deepfake giveaways, fake government/tax-refund sites.
  • Detection: domain age + WHOIS lexical analysis, certificate transparency for impersonation, image-similarity matching against legitimate brand assets, and reverse-image search on profile pictures.
  • References: MITRE ATT&CK T1656 (Impersonation) · FTC scam advisories.

Recent IOCs tagged #scam

Latest 10 IOCs from the past 30 days. Live JSON: api.tweetfeed.live/v1/month/scam.

Date Type Value Source
Apr 17, 12:33 domain hyndoffr.pages.dev @Malwarehunterr
Apr 17, 12:33 url http://hyndoffr.pages.dev @Malwarehunterr
Apr 16, 12:51 domain souzahidraulica.com.br @Coolcarlos17
Apr 16, 12:51 url https://www.souzahidraulica.com.br @Coolcarlos17
Apr 16, 12:47 domain redeconstrudecor.com @Coolcarlos17
Apr 16, 12:47 url https://redeconstrudecor.com @Coolcarlos17
Apr 16, 12:44 domain depositovisual.com @Coolcarlos17
Apr 16, 12:44 url https://www.depositovisual.com @Coolcarlos17
Apr 15, 07:36 domain 1sea.nikens.at @JAMESWT_WT
Apr 15, 07:36 url https://1sea.nikens.at/payouts/account/exchange-form @JAMESWT_WT

Related tags

Tags that frequently co-occur with #scam.

See all tags on the Dashboard or browse the full IOC feed.

Frequently asked questions

What counts as a scam vs phishing?

Phishing typically aims to steal credentials or session tokens to take over an account. Scam covers a broader category of fraud where the attacker convinces the victim to part with money, crypto or sensitive data without necessarily compromising an account. The lines blur (many phishing kits are also scam infrastructure), so adjacent tags often co-occur on the same IOC.

What kinds of scams are most common in the feed?

Crypto-investment platforms, fake e-commerce stores, romance scams targeting Western dating-app users, fake X/Twitter giveaway bots, fake tax-refund sites, AI-generated deepfake celebrity-promo pages, and impersonation of legitimate exchanges (Binance, Coinbase) requesting wallet seeds.

How is this list updated?

Every 15 minutes. The TweetFeed pipeline scrapes RSS feeds from public Twitter/X security researcher accounts and lists, extracts IOCs, tags them with the relevant malware family or threat actor, and republishes the result in CSV, JSON and RSS. Scam-tagged IOCs are surfaced on this page within the next 15-minute tick. The page itself is regenerated daily by a GitHub Action.

What is the license? Can I use this commercially?

All TweetFeed IOC data, including this Scam subset, is released under CC0 1.0 Universal (Public Domain Dedication). No attribution required, no warranty. Commercial use is allowed. The TweetFeed website code and branding are not covered by CC0.

License

Scam IOC data: CC0 1.0 Public Domain. No attribution required, no warranty. Source code for the pipeline: github.com/0xDanielLopez/TweetFeed (MIT).