Hi there, there is a fraudulent phishing domain hosted by a armenian person which seems to use Ucom as internet provider which pretend to be a crypto money exchange but is a phishing site. They try to trick people and scam their money in form of cryptocurrency. They promote this fraud site through social media such as Youtube and search engine SEO. The site "boomchange.io" is static and have a .php script on it which generates always the same crypto addresses which belong to the domain holders of "boomchange.io", formerly "boomchange.com" (old domain got from them suspended), so if people send crypto money there it is gone forever in their pockets. The Phishing Domain is: boomchange.io Their end-order page is also static, showing everybody the same fraudsters crypto address and can be visited through direct URL, Proof:: https://boomchange.io/order/5bdda7e1a9 https://boomchange.io/order/c7dda2e520 Everybody can visit the order page because everybody gets redirected to the same pages, which show the crypto address of the fraudsters. The shown Ethereum address is "0x4c2acc0580765d04d555a791bcb0b3661af67b8d" and the shown bitcoin address is "bc1qmxkj49ujzednhnzkr3wqpkeh4kfslr9zqume72". Blockchain scan of "bc1qmxkj49ujzednhnzkr3wqpkeh4kfslr9zqume72": https://www.blockchain.com/de/explorer/addresses/btc/bc1qmxkj49ujzednhnzkr3wqpkeh4kfslr9zqume72?page=1 On these transactions the Bitcoins got transferred to Binance: https://www.blockchain.com/explorer/transactions/btc/23647cd8c00823a8357e909dc747fef811c2b6404105e9c5677ca27072604260 https://www.blockchain.com/explorer/transactions/btc/1793e0ccd25137a5d0d182ea9970f2156d01353f17408a2aff036f65aeb93959 Etherscan of "0x4c2acc0580765d04d555a791bcb0b3661af67b8d": https://etherscan.io/address/0x4c2acc0580765d04d555a791bcb0b3661af67b8d On these transactions the Ethereum got transferred to Binance: https://etherscan.io/tx/0x89be54e7669f3da8b41f1b018761be9b598801d91244068178aad5a4349531e9 They had a domain before under "boomchange.com" which was already suspended for fraudulent activities, Proof: https://www.whois.com/whois/boomchange.com https://web.archive.org/web/20220701070044/https://boomchange.com/ (Backup in the Internet archive from 2022, before it was suspended). There are also some other reports on the internet about this fraudulent website hosted by a armenian, they did changed their static crypto addresses sometimes on their phishing site, online reports against "boomchange.io" can be found in the internet from victims around the world. The suspect lives in Armenia, Yerevan. This are his email addresses: boomchange222@gmail.com boomchange6@gmail.com register2022.2023@gmail.com edgarhakobyan2012@gmail.com These are his IP addresses: 37.252.89.7 - Armenia, Yerevan - Internet Provider: Ucom.am (This might be his computer IP) 46.130.8.54 - Armenia, Yerevan - Internet Provider: Telecom AM (This might be his mobile phone IP) Kind regard.