Title: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: Spoetnik on September 13, 2014, 10:13:01 PM So i am being serious here.. some time today i got a pm from a new user trying to lure me to a web site.
and then another pm right after that warning me about it for some reason.. this guy sent it.. https://bitcointalk.org/index.php?action=profile;u=349554 Quote LOL909 Brand new * Offline Activity: 0 View Profile Personal Message (Offline) Trust: -6: -1 / +0(0) Warning: Trade with extreme caution! saying this.. Quote (No subject) « Sent to: galbros, Spoetnik, Muhammed Zakir on: Today at 02:34:59 PM » DO NOT CLICK ON THE QUOTED LINK - no idea what bad things it might have (notice URL = bilcointalk.org ..using the letter 'L') Quote Hi bro! I have bad news for you! You can see about in there http://bilcointalk.org/index.php?topic=654845.msg7515541#msg751554 Then one of the guys who got it with me sent me this.. Quote This is a fetching site. Don't enter your username and password. If you did, change it ASAP. it is bilcointalk not bitcointalk. Beware! ~~MZ~~ So thanks for the warning guy but i did NOT click on the link ;) I want to warn people because this is common behavior around here. In the last year i have gotten countless requests to go to various web sites and i have never gone to any of them LOL I was on cryptsy chat last year when some scammer was posting a web site link that was similar to Cryptsy's and the scammer had created a site i was told that stole peoples session login's (cookie) which allowed scammers to go and clean out some Cryptsy guys account.. I watched it unfold in front of me on chat as the original user was powerless and watched as the scammer cleaned him out of all his coins etc. So the point is you don't even HAVE to enter your login info.. web sites can be created to steal your login data regardless. I have always told people don't use any links via Google for starters and be careful ! so.. HAIL Satan ! Blood Orgy !!! The anti-christ is here ! Title: galbros Post by: Spoetnik on September 13, 2014, 10:17:43 PM added the sent to info on first post..
hopefully the user "galbros" see's this before going there lol Thanks again to the guy trying to be nice and warn me too.. nice to see some people care :) Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: liquidiser on September 13, 2014, 10:32:47 PM I read a post on the NEM thread that said hackers were trying to hack bitcointalk accounts.
https://bitcointalk.org/index.php?topic=654845.msg8808287#msg8808287 It must be the same hackers conducting a mass attack. Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: liquidiser on September 13, 2014, 10:43:52 PM What happened during the last hack?
Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: liquidiser on September 13, 2014, 11:09:23 PM What happened during the last hack? Was pretty big, looked like a DNS poisoning attack they basically had a clone website of Bitcointalk.org but poised the main DNS server and changed their IP for the real website. After that everyone had to change their Passwords and since lots of people use only "one" in their whole life that made the hacker rich. So there was no way to tell the difference between the fake website and this one? Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: Spoetnik on September 14, 2014, 12:02:33 AM someone has been going over board today trying to get into at least 3 of my email accounts i see.
they will have of course failed miserably LOL it amuses my balls off hahhaa not sure what they think their going to accomplish with my email account or old emails i may have.. no one can pretend to be me because there is only one real Spoetnik 8) and there is nothing of value attached to any email i have in any way in the slightest. if anything, i think who ever is behind is just trying to piss me off and they fail again.. ROFL'z i really don't care.. go hax my ass off tough guys (who ever you are) wake me up when you guys get anything done.. you bore me ::) edit: fixed bad spelling LOL Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: liquidiser on September 14, 2014, 12:17:01 AM ciappa says the hacker tried it on with him too.
https://bitcointalk.org/index.php?topic=734680.msg8810089#msg8810089 Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: Willisius on September 14, 2014, 01:53:13 AM <snip> no one can pretend to be me because there is only one real Spoetnik 8) <snip> ^ This is true. You're wasting your time. Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: bitbaby on September 14, 2014, 02:27:25 AM DO NOT CLICK ON THE QUOTED LINK - no idea what bad things it might have (notice URL = bilcointalk.org I think it would be best if all of us reported this bilcointalk website as phishing site so that people who visit it will see a warning if they access it accidentally. Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: berate48 on September 14, 2014, 03:18:29 AM The phishing site bilcointalk.org is protected behind Cloudflare, but investigation reveals its real IP address as 192.64.118.239 (Namecheap hosting).
It shares IP space with nxtchange.net which is a scam operation being run by the same miscreants. You can see them advertising this scam on bitcointalk here: https://bitcointalk.org/index.php?topic=767002.0 (I recommend a bitcointalk administrator bans their account and looks for any other registrations or posts from the IPs they used, as I suspect they're trying to advertise numerous scams and phishing pages here.) It also shares IP space with neecoin.org, a scam cryptocurrency. Information about this scam can be found here: https://bitcointalk.org/index.php?topic=664202.0 Please report 192.64.118.239's hosting of this phishing page to Namecheap, and report those 3 domains to abuse@internet.bs to get the domains shut down. Due to the same IP and the same domain registrar, I am very confident that the same person or group of people is running all 3 of these scams. Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: Spoetnik on September 14, 2014, 04:06:23 AM I looked it up at http://www.ip-address.org/tracer/ip-whois.php
And what that guy was saying is confirmed the rest of his info though i have no idea. City:Panama ? The whois data looks familiar i know that much.. Quote Results for bilcointalk.org : Domain Name:BILCOINTALK.ORG Domain ID: D173130196-LROR Creation Date: 2014-06-28T21:29:38Z Updated Date: 2014-08-28T03:46:02Z Registry Expiry Date: 2015-06-28T21:29:38Z Sponsoring Registrar:Internet.bs Corp. (R1601-LROR) Sponsoring Registrar IANA ID: 814 WHOIS Server: Referral URL: Domain Status: clientTransferProhibited Registrant ID:INTE1qkk7hwuudd2 Registrant Name:Domain Administrator Registrant Organization:Fundacion Private Whois Registrant Street: Attn: bilcointalk.org Registrant City:Panama Registrant State/Province: Registrant Postal Code:Zona 15 Registrant Country:PA Registrant Phone:+507.65967959 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email:53af33be81vuywlc@5225b4d0pi3627q9.privatewhois.net Admin ID:INTEw8yo6el796ab Admin Name:Domain Administrator Admin Organization:Fundacion Private Whois Admin Street: Attn: bilcointalk.org Admin City:Panama Admin State/Province: Admin Postal Code:Zona 15 Admin Country:PA Admin Phone:+507.65967959 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email:53af33c0ok90ryv1@5225b4d0pi3627q9.privatewhois.net Tech ID:INTEnplbxfdhb9lt Tech Name:Domain Administrator Tech Organization:Fundacion Private Whois Tech Street: Attn: bilcointalk.org Tech City:Panama Tech State/Province: Tech Postal Code:Zona 15 Tech Country:PA Tech Phone:+507.65967959 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email:53af33c0119vzt1k@5225b4d0pi3627q9.privatewhois.net Name Server:ANDY.NS.CLOUDFLARE.COM Name Server:RITA.NS.CLOUDFLARE.COM Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC:Unsigned Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: berate48 on September 14, 2014, 04:18:06 AM I looked it up at http://www.ip-address.org/tracer/ip-whois.php They used WHOIS registration privacy for all 3 of their domains, so that won't tell you anything. They registered all 3 through internetbs.com, a domain registrar, so you can contact them to get the domains shut down.And what that guy was saying is confirmed the rest of his info though i have no idea. City:Panama ? The whois data looks familiar i know that much.. Quote Results for bilcointalk.org : Domain Name:BILCOINTALK.ORG Domain ID: D173130196-LROR Creation Date: 2014-06-28T21:29:38Z Updated Date: 2014-08-28T03:46:02Z Registry Expiry Date: 2015-06-28T21:29:38Z Sponsoring Registrar:Internet.bs Corp. (R1601-LROR) Sponsoring Registrar IANA ID: 814 WHOIS Server: Referral URL: Domain Status: clientTransferProhibited Registrant ID:INTE1qkk7hwuudd2 Registrant Name:Domain Administrator Registrant Organization:Fundacion Private Whois Registrant Street: Attn: bilcointalk.org Registrant City:Panama Registrant State/Province: Registrant Postal Code:Zona 15 Registrant Country:PA Registrant Phone:+507.65967959 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email:53af33be81vuywlc@5225b4d0pi3627q9.privatewhois.net Admin ID:INTEw8yo6el796ab Admin Name:Domain Administrator Admin Organization:Fundacion Private Whois Admin Street: Attn: bilcointalk.org Admin City:Panama Admin State/Province: Admin Postal Code:Zona 15 Admin Country:PA Admin Phone:+507.65967959 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email:53af33c0ok90ryv1@5225b4d0pi3627q9.privatewhois.net Tech ID:INTEnplbxfdhb9lt Tech Name:Domain Administrator Tech Organization:Fundacion Private Whois Tech Street: Attn: bilcointalk.org Tech City:Panama Tech State/Province: Tech Postal Code:Zona 15 Tech Country:PA Tech Phone:+507.65967959 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email:53af33c0119vzt1k@5225b4d0pi3627q9.privatewhois.net Name Server:ANDY.NS.CLOUDFLARE.COM Name Server:RITA.NS.CLOUDFLARE.COM Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: Name Server: DNSSEC:Unsigned If anyone has lost Bitcoins through this phishing, you could also file a lawsuit and subpoena Internet.bs Corp for the registration information they used, and potentially regain what you lost. Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: Spoetnik on September 14, 2014, 04:21:55 AM it said "sponsoring Registrar:Internet.bs Corp. (R1601-LROR)"
in what i posted.. which is what you said. i mainly did that for one reason.. to assure people that the complaint email address you suggested is valid. so from my whois i posted i can see that it matches ;) also that company can not keep them anon.. by law if you don't provide your contact data when requested (via proxy or not) your site will be taken down. all it takes is 1 unfulfilled request and they will be gone ! edit: someone wanted to be an asshole a while back and had the tech news site Neowin.net taken down LOL it was offline for a while until the owner could convince them that their dead email address the used to register the domain was legit etc AND CORRECTED. Neowin admitted their email address was no good so the site was pulled immediately with no questions asked ! It doesn't matter how big you think you are.. if your contact info is not valid your ass is gone (if you get reported or caught) You can all google search the neowin.net incident to prove i too if ya don't believe me ;) edit2: A Valid phone number and email address is non-optional but mandatory or any site can be reported and taken down promptly. Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: AltCoinBuddah on September 14, 2014, 04:22:15 AM Thanks for the heads up. This scam shit is very fucked. Such bullshit. Ban these guys accounts and their IP's
Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: berate48 on September 14, 2014, 04:25:32 AM it said "sponsoring Registrar:Internet.bs Corp. (R1601-LROR)" Ah sorry, might've misunderstood what you were getting at.in what i posted.. which is what you said. i mainly did that for one reason.. to assure people that the complaint email address you suggested is valid. so from my whois i posted i can see that it matches ;) For reference, you can run a WHOIS on any domain, even a Cloudflare protected one, (go to http://whois.domaintools.com for example) to see what domain registrar was used. There may be an abuse@ email address included in the WHOIS record; if not go to the company's website and they will list one. Internet.bs Corp's is abuse@internet.bs Title: Re: [WARNING] Hackers Trying to Steal Your Login HERE ! Post by: Spoetnik on September 14, 2014, 04:30:17 AM @berate48
thanks for your help and info on this :) i edited my last comment a bit too ..you guys posted pretty fast lol |