Title: Beware of this hacking organisation 3J3dWtKXgxMWKEAZyDENMRDSan753asAJi $1M hack Post by: cryptoworld99 on June 05, 2020, 05:48:26 PM Hello everyone!
I have discovered a big group of cryptocurrency hackers, and these guys need to be stopped. So the least I could do is make everyone aware and post as much information I could gather and maybe it could be useful to a victim out there. Address where all hacked funds end up: (after being mixed). 3J3dWtKXgxMWKEAZyDENMRDSan753asAJi wallet balance: 93.23541381 BTC and growing :) His IP address: 115.164.204.24 links back to Malaysia ISP: DiGi Telecommunications Sdn Bhd Email I managed to find an email address zero.wallets@gmail.com linked to 3J3dWtKXgxMWKEAZyDENMRDSan753asAJi Just posting this for users to be aware of this address and any information that can be found should be posted here. After doing a lot more research: I linked up Iranian IP addresses used to exploit web servers Iranian Bitcoin hackers seem to be linked as well, details are below of the team(or person behind cyber attacks): alicr2019@gmail.com (IP address: 86.57.101.61) 1711352@gmail.com (IP address: 5.114.237.75) sajadghochian1220@gmail.com (IP address: 37.129.69.34) salehmohamadali5@gmail.com (IP address: PENDING) Pars55055@gmail.com (IP address: PENDING) Iranian hackers website with exposed information http://95.156.254.35/api/login SERVER_SOFTWARE "Apache/2.4.6 (CentOS) PHP/7.1.14" SERVER_NAME "95.156.254.35" EXCEPTION_IP_ADDRESS "46.209.255.138,91.72.219.46" CREDIT_ALERTS_NUMBERS "09351866262,09124037786,09102471966" CLICK_SEND_USERNAME "admin@infinite8.ae" tgbsco.com https://infinite8.ae/ (this website is linked with tgbsco.com ) Iran and united Arab emirates. https://whois.domaintools.com/infinite8.ae https://tgbsco.com/services/payment-services based UAE and Iranian background https://www.crunchbase.com/organization/tgbs-tadbir-gostaran-behine-saz#section-overview https://www.linkedin.com/company/infinite8.ae/ https://www.linkedin.com/in/hamid-fathalian-61716a3a/?originalSubdomain=ae https://reverseip.domaintools.com/search/?q=tgbsco.com 1. badbadak.ir 2. mpos.ir 3. payam-pardaz.ir Title: Re: Beware of this hacking organisation 3J3dWtKXgxMWKEAZyDENMRDSan753asAJi $1M hack Post by: RapTarX on June 05, 2020, 08:13:01 PM You are claiming this is linked to this, that is linked to that but you have posted no proof of your claiming. Why the address you think is an address of hacker, how the email is connected to that hacker, how the IP is connected to the hacker.
Address where all hacked funds end up: (after being mixed). 3J3dWtKXgxMWKEAZyDENMRDSan753asAJi If they used mixing service, how do you know who own this address? I believe ther are smart enough not to use such a mixing service which will link their previous input.Title: Re: Beware of this hacking organisation 3J3dWtKXgxMWKEAZyDENMRDSan753asAJi $1M hack Post by: bithisach on June 05, 2020, 08:56:27 PM Hello everyone! I have discovered a big group of cryptocurrency hackers, and these guys need to be stopped. So the least I could do is make everyone aware and post as much information I could gather and maybe it could be useful to a victim out there. Address where all hacked funds end up: (after being mixed). 3J3dWtKXgxMWKEAZyDENMRDSan753asAJi wallet balance: 93.23541381 BTC and growing :) His IP address: 115.164.204.24 links back to Malaysia ISP: DiGi Telecommunications Sdn Bhd Email I managed to find an email address zero.wallets@gmail.com linked to 3J3dWtKXgxMWKEAZyDENMRDSan753asAJi Just posting this for users to be aware of this address and any information that can be found should be posted here. After doing a lot more research: I linked up Iranian IP addresses used to exploit web servers Iranian Bitcoin hackers seem to be linked as well, details are below of the team(or person behind cyber attacks): alicr2019@gmail.com (IP address: 86.57.101.61) 1711352@gmail.com (IP address: 5.114.237.75) sajadghochian1220@gmail.com (IP address: 37.129.69.34) salehmohamadali5@gmail.com (IP address: PENDING) Pars55055@gmail.com (IP address: PENDING) Iranian hackers website with exposed information http://95.156.254.35/api/login SERVER_SOFTWARE "Apache/2.4.6 (CentOS) PHP/7.1.14" SERVER_NAME "95.156.254.35" EXCEPTION_IP_ADDRESS "46.209.255.138,91.72.219.46" CREDIT_ALERTS_NUMBERS "09351866262,09124037786,09102471966" CLICK_SEND_USERNAME "admin@infinite8.ae" tgbsco.com https://infinite8.ae/ (this website is linked with tgbsco.com ) Iran and united Arab emirates. https://whois.domaintools.com/infinite8.ae https://tgbsco.com/services/payment-services based UAE and Iranian background https://www.crunchbase.com/organization/tgbs-tadbir-gostaran-behine-saz#section-overview https://www.linkedin.com/company/infinite8.ae/ https://www.linkedin.com/in/hamid-fathalian-61716a3a/?originalSubdomain=ae https://reverseip.domaintools.com/search/?q=tgbsco.com 1. badbadak.ir 2. mpos.ir 3. payam-pardaz.ir While I appreciate the info, you don't provide much proof where you got the information, it could be anyone and you're not showing us what made you draw those lines. Investigate the issue better and come back with something supporting your claims, good luck! |