|
Title: Shady job request Post by: AlexSimion on January 22, 2020, 06:17:17 AM What happened - User is asking for a shady service on telegram . Though he is advertising here on bitcointalk like simple tasks :
Paying in btc or monero for online task help in all week,search things for me,give me links of certain things,tell me whats the price of certain asset or crypto at the moment by google,etc,and other simple tasks User's profile https://bitcointalk.org/index.php?action=profile;u=2649540if any question please ,telegram: @jonathAlmiz19 Bitcointalk thread https://bitcointalk.org/index.php?topic=5219330.0 Contacted him on Telegram about it , about these small tasks what he was requesting . Turns out he needed someone to help him with some pentests , claiming that the first website would be his own. Pentests A penetration test, colloquially known as a pen test, pentest or ethical hacking, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system. The test is performed to identify both weaknesses (also referred to as vulnerabilities), including the potential for unauthorized parties to gain access to the system's features and data, as well as strengths,enabling a full risk assessment to be completed. I asked him these pentests are authorized , he claimed yes , and that the first website is his own . I went ahead with it ( wanted to see which website it's about , and possibly informing the owner/owners about it , that someone is trying to hack their website , he sent me a link , I didn't have time to check it , or take a screen shot though as he removed it very fast claiming it was a wrong link . And hasn't replied since . I do believe this is obviously a hack attempt from him and he needs " help " from someone here , first of all if he actually wanted to pentest his website we would have many legitimate options where to go to with this task and not simply ask forum members here and advertise it like "simple online jobs , search things for him , links of certain things , price of an asset etc " Don't know if this classifies as a Scam Accusation so will leave it here for feedback , and if yes I'll move it to Scam Accusations and format the post. https://i.postimg.cc/XYHVZ2t7/Untitled.png https://i.postimg.cc/zBW5cqvV/betroarcontest.jpg Title: Re: Shady job request Post by: yahoo62278 on January 22, 2020, 06:31:47 AM Seems odd he stopped responding. Likely he is looking to steal from sites. Did you notice what type of site he was trying to hack? Gambling, exchange, commerce, or something else?
Title: Re: Shady job request Post by: d.kevin29 on January 22, 2020, 06:34:44 AM Definitely shady. If it was my website, I would have provided proof of ownership. Otherwise, it's just as sketchy as asking someone to help you break a house's door providing 0 proof it's yours.
I've been receiving messages being requested shady jobs here years ago, but unfortunately I have never taken any countermeasure against these guys. Pentests are meant to be done so it can be assured that a website has no detectable vulnerability, they are meant to do 0 damage to the website. The problem is that it simulates what a cyberattack would look like, and having no agreement with the website owner means that, if the website gudayuzazo provides is not his own, you are directly cyberattacking someone else's which, as far as I know, is illegal. EDIT: Will post a red trust feedback with this thread as reference. The negative feedback will be removed in case he turns out to have good intentions, but for now it looks shady enough. Title: Re: Shady job request Post by: AlexSimion on January 22, 2020, 06:35:58 AM Seems odd he stopped responding. Likely he is looking to steal from sites. Did you notice what type of site he was trying to hack? Gambling, exchange, commerce, or something else? I didn't manage to see the site he sent me , I just got the notification and when I oppened telegram he already deleted the message and said "wrong link".I see other people have responded to his thread so maybe one of them managed to get more info out of it . If someone got the website it would be good if we can inform the website owners that possibly someone is targeting it. Title: Re: Shady job request Post by: stompix on January 22, 2020, 04:17:28 PM Quote telegram: @jonathAlmiz19 https://cardingclub.cc/topic/36559-visa-live-kill-it/ Quote ecadotulosoqu 4257234517033525|07|2021|863 need help with electrum wallet and exodus,paying in btc/bat/monero,telegram = @jonathAlmiz19 From the same user: Quote NEW CARDABLE CLOTHING SITE 2019 karlkani.com, use usa cc,visa preferably,wait a few hours before order giving away a few sites,private ones,and needing some partners for cashouts,if interested, i c q = 747721902 The same history on hackforums, only 40/60 jobs :D I'm pretty sure he's just a good samaritan looking to help websites owners in secrecy so they don't remain indebted to him. ;D Title: Re: Shady job request Post by: AlexSimion on January 22, 2020, 04:52:45 PM Quote telegram: @jonathAlmiz19 https://cardingclub.cc/topic/36559-visa-live-kill-it/ Quote ecadotulosoqu 4257234517033525|07|2021|863 need help with electrum wallet and exodus,paying in btc/bat/monero,telegram = @jonathAlmiz19 From the same user: Quote NEW CARDABLE CLOTHING SITE 2019 karlkani.com, use usa cc,visa preferably,wait a few hours before order giving away a few sites,private ones,and needing some partners for cashouts,if interested, i c q = 747721902 The same history on hackforums, only 40/60 jobs :D I'm pretty sure he's just a good samaritan looking to help websites owners in secrecy so they don't remain indebted to him. ;D Title: Re: Shady job request Post by: Upgrade00 on January 22, 2020, 05:45:01 PM Once a user offering a service or looking to hire one link to an external platform (usually telegram) right from the start, it's an automatic red flag for me. When dealing with forum users I prefer to deal here on the forum and as public as js possible without divulging any personal information.
I guess there are people that will offer this service for free without questioning the notice as long as they get paid. Website owners should regularly audit their websites and upgrade their protection system to avoid getting hacked. Title: Re: Shady job request Post by: Btchunter3333 on February 02, 2020, 08:18:23 PM That guy from telegram ask people to install a program and deactivate antivirus, that contain a malware as i tried on a vps and after he will steal what he can. but i don't have chat with him as he delete it. he ask people to install burp suite but after he say to install from his link and if try install that version will auto capture all what is done on pc. so people please don't fall on this. he will steal all crypto coins or other accounts.
someone should stop these scams. if possible to take his ip and contact his internet provider to start an investigation against him |
