BTCOxygen phishing attempt

[redtwitz]

It looks like BTCOxygen's account has been compromised again.

Presumably because I posted in the pool's topic once, I got the following PM:

Hello,

This is an important message to all BitcoinOxygen miners. We've discovered an error in the way we have been calculating payments for miners for the past few weeks. Many of our miners have been overpaid, therefore we have corrected the balances on the accounts affected. We will be accepting all losses on balances that have already been paid out.

You can check your current balance by logging into your account at http://btc-oxygen.com or if you have any questions or concerns you can contact us via PM here or email support@btc-oxygen.com

We apologize for any inconviences this may have caused.

Regards,
BitcoinOxygen

The link, just like the link in the user's signature points to btc-oxygen.com, while the real pool's address is btcoxygen.com.

After somebody pointed this out in the pool's official thread here, BTCOxygen locked the thread.

[rme]

Nothing to be alarmed about, both those domains point to the same server and are under our control.

Hacked account ^

[redtwitz]

Nothing to be alarmed about, both those domains point to the same server and are under our control.

Oh really?

Code:

$ nslookup
> btcoxygen.com
Server:		127.0.1.1
Address:	127.0.1.1#53

Non-authoritative answer:
Name:	btcoxygen.com
Address: 185.14.184.98
> btc-oxygen.com
Server:		127.0.1.1
Address:	127.0.1.1#53

Non-authoritative answer:
Name:	btc-oxygen.com
Address: 192.31.186.13

Your IP address is 185.14.184.98
City:
Country: Netherlands
Continent: Europe
Time Zone:

Your IP address is 192.31.186.13
City: Wilmington
Country: United States
Continent: North America
Time Zone: EST

A word of advice: The next time you go to the trouble of infiltrating a pool operator's forum account and setting up a phishing site for said pool, don't offer to sell the account for a Bitcent.

SELLING THE PASSWORD FOR THIS ACCOUNT FOR JUST 0.01BTC:

18vBa4DTgu9VJUetRtxdSGBd7x8QgYdSm8

Send to that address and PM me for password.

[MPOE-PR]

Nothing to be alarmed about, both those domains point to the same server and are under our control.

Nothing could be further from the truth:

btc-oxygen.com
IP Address   192.31.186.13
Server Type   nginx

btcoxygen.com
IP Address   185.14.184.98
Server Type   Apache/2.2.22 (Ubuntu)

[John (John K.)]

Account banned temporarily and theymos notified.

[MPOE-PR]

hey guys,

Hacker/phisher here, so apparently the VPS is down. *big surprise* but, if by any chance it is because of a massive DDOS like earlier today, can the person please stop as I've been in contact with theymos and BTCoxygen about voluntarily handing over the domains. Sadly I can't reset the registrars account password, there is a chance somebody else has changed it and maybe even the email but I have no way of knowing, but if I can somehow get the VPS online just long enough to grab the emails off it I can hopefully reset the registrars password.

I don't expect people to believe me, if you check the logs for freenode #btcoxygen you'll know I'm not lying, I'm doing this out of my own freewill I even turned down the BTC that was offered to me for them. So if your just going to assume its a lie and keep DDOSSing, then honestly I don't care but I know the two guys really want these domains.

It's possible the VPS provider finally just shut it down too, in that case it'll probably be a few days before namecheap will let me back in.

Also mods this is not a hacked account but just my spare.

And for anyone who is worried about the recent increase in hacked accounts...well...I'm done. I'm not targeting bitcoiners again. Funny how money changes things.

Everyone please use different passwords for every site. 80% of the logins I got had a password reused on another site, lots of people even posted on the threads for bitcoin sites to make it easy for me to find out which sites they were registered too. I also had a list of common bitcoin sites too and would try every login I phished on them, and I'd usually get a lot of hits. NEW PASSWORD FOR EVERY ACCOUNT!

Also when you are hacked, check EVERYTHING, security questions, alternate emails, recovery emails and try and find out what personal info the hacker got from it because they will collect info from each account and that could lead them to something bigger.

And everybody use 2FA, but don't forget, 2FA can still be phished, so check your URL's.

Regards,
PhishyLeaks

This is kinda lulzy.