|
Title: PM phishing attempt Post by: cwil on September 08, 2013, 03:40:08 AM Please be aware that a user is attempting steal login information using a website crafted to look like bitcointalk.org. The message in its entirety is as follows:
Hi, BREAKING NEWS, Secret recording captures Mark Karpeles, CEO of Mtgox speaking on the EXACT release date of Litecoin on Mtgox! For more information about this visit the bitcointalk thread http://tinyurl.com/ksq22rf. It's time to buy up all that cheap LTC! If you find this advise profitable for you in the near future please send donations to my BTC address at 13gJUEZD893k7NeymF9SLP9gNqUe57rz6W Download link for recorded audio file: www.sourceforge.net/projects/mtgoxceophoneconversation/files/MtgoxCEOPhoneConversation.zip/download. Thanks The link leads to this page: http://bitcointalk.us/index.phptopic=251052.0.htm Attempting to log in to this page will store login information here: http://bitcointalk.us/passes.txt Title: Re: PM phishing attempt Post by: joae1975 on September 08, 2013, 03:46:34 AM I got that PM too. When I clicked "all" to read the thread, it lead me to this thread: https://bitcointalk.org/index.php?topic=288545.0;all
Weird. I never entered my user/pass, but I changed it anyway. Thanks! Title: Re: PM phishing attempt Post by: b!z on September 08, 2013, 06:47:56 AM Thank you for the phishing alert. I will make sure not to click links from him.
Title: Re: PM phishing attempt Post by: jackjack on September 08, 2013, 07:54:10 PM https://bitcointalk.org/index.php?topic=289882.new;topicseen#new
Title: Re: PM phishing attempt Post by: ArticMine on September 08, 2013, 11:18:57 PM Here the output of
Code: whois bitcointalk.us Quote whois bitcointalk.us Domain Name: BITCOINTALK.US Domain ID: D41433869-US Sponsoring Registrar: eNom, Inc. Sponsoring Registrar IANA ID: 48 Registrar URL (registration services): whois.enom.com Domain Status: clientTransferProhibited Registrant ID: 7AAF8BE1EEF0E518 Registrant Name: mark cordero Registrant Organization: Marky''s organization Registrant Address1: 1581 Nuzum Court Registrant City: Williamsville Registrant State/Province: NY Registrant Postal Code: 14221 Registrant Country: United States Registrant Country Code: US Registrant Phone Number: +618.5857186 Registrant Email: varomint@hotmail.com Registrant Application Purpose: P1 Registrant Nexus Category: C21 Administrative Contact ID: FAC2C7E1EEF0E518 Administrative Contact Name: mark cordero Administrative Contact Organization: Marky''s organization Administrative Contact Address1: 1581 Nuzum Court Administrative Contact City: Williamsville Administrative Contact State/Province: NY Administrative Contact Postal Code: 14221 Administrative Contact Country: United States Administrative Contact Country Code: US Administrative Contact Phone Number: +61.5857186 Administrative Contact Email: varomint@hotmail.com Billing Contact ID: 7AAF8BE1EEF0E518 Billing Contact Name: mark cordero Billing Contact Organization: Marky''s organization Billing Contact Address1: 1581 Nuzum Court Billing Contact City: Williamsville Billing Contact State/Province: NY Billing Contact Postal Code: 14221 Billing Contact Country: United States Billing Contact Country Code: US Billing Contact Phone Number: +618.5857186 Billing Contact Email: varomint@hotmail.com Billing Application Purpose: P1 Billing Nexus Category: C21 Technical Contact ID: FAC2C7E1EEF0E518 Technical Contact Name: mark cordero Technical Contact Organization: Marky''s organization Technical Contact Address1: 1581 Nuzum Court Technical Contact City: Williamsville Technical Contact State/Province: NY Technical Contact Postal Code: 14221 Technical Contact Country: United States Technical Contact Country Code: US Technical Contact Phone Number: +61.5857186 Technical Contact Email: varomint@hotmail.com Name Server: NS1.FREEHOSTINGNOADS.NET Name Server: NS2.FREEHOSTINGNOADS.NET Name Server: NS3.FREEHOSTINGNOADS.NET Name Server: NS4.FREEHOSTINGNOADDS.NET Created by Registrar: eNom, Inc. Last Updated by Registrar: eNom, Inc. Domain Registration Date: Tue Aug 06 21:29:33 GMT 2013 Domain Expiration Date: Tue Aug 05 23:59:59 GMT 2014 Domain Last Updated Date: Sat Sep 07 23:17:39 GMT 2013 It is also distributed as a Windows executable which is a really poor way to distribute an audio file for the following two reasons: 1) Many Bitcoin users do not use Microsoft Windows. 2) Those Bitcoin users that use Microsoft Windows should be really sceptical of a .exe file since it could be used to install malware to steal Bitcoins and / or another cryptocurrency such as Litecoins etc. Title: Re: PM phishing attempt Post by: 🏰 TradeFortress 🏰 on September 15, 2013, 11:34:25 AM Dox of varomint aka furrycoat aka legitnick.
Thomas Hamrick 524 Nason Street Santa Rosa CA 95404 UNITED STATES Title: Re: PM phishing attempt Post by: jackjack on September 15, 2013, 11:40:51 AM Dox of varomint aka furrycoat aka legitnick. Source?Thomas Hamrick 524 Nason Street Santa Rosa CA 95404 UNITED STATES |