Bitcointalk.org clone website pops up on google (?) possibly phishing

[alani123]

bitcointalk dotNo SEOxyz is probably trying to fool people into giving them the password to their bitcointalk account. The website looks exactly like bitcointalk.org and is accessible through google searches.

Entering a username and a password there will somehow redirect to bitcointalk.org and try to login with the credentials? Can someone from the staff confirm that it is not (or is) affiliated with bitcointalk.org? Because if it's not, we should consider reporting it to google as a phishing website.

Edit: Theymos posted here from his secondery account:

It's not mine. Leeching traffic for ads, phishing, malware, or maybe just bypassing China/Russia's ban of the forum. I strongly recommend not logging in there in any case.

If you end up visiting this website do not put in your login details. We can't be sure about the reason this website was created, but you shouldn't trust it with your login credentials as it's operated by a third party we know nothing about.

[tspacepilot]

Wow, I'm amazed at their ability to mirror so quickly if they're aren't actually a legit version of this forum (even your post in meta appears there!).  Really interested in what the official word is on this one.

Icann wiki says TLD xyz is supposed to be a "truly generic" tld (http://icannwiki.com/.xyz), I had never heard of it before seeing this thread.

[alani123]

Wow, I'm amazed at their ability to mirror so quickly if they're aren't actually a legit version of this forum (even your post in meta appears there!).  Really interested in what the official word is on this one.

Icann wiki says TLD xyz is supposed to be a "truly generic" tld (http://icannwiki.com/.xyz), I had never heard of it before seeing this thread.

.xyz is one of the newly authorised TLDs. The website is indeed a very convincing and dynamic clone of bitcointalk.org but it's SEO is suspiciously good. Makes me think that it's not here to serve as a mirror of bitcointalk.org but instead an attempt to steal people's accounts.

[jbrnt]

The xyz forum looks exactly like bitcointalk. Is it a frame redirect and not actually phishing?

[chmod755]

I just reported it to Google and others for phishing.

[RussianRaibow]

bitcointalk dotNo SEOxyz is probably trying to fool people into giving them the password to their bitcointalk account. The website looks exactly like bitcointalk.org and is accessible through google searches.

Entering a username and a password there will somehow redirect to bitcointalk.org and try to login with the credentials? Can someone from the staff confirm that it is not (or is) affiliated with bitcointalk.org? Because if it's not, we should consider reporting it to google as a phishing website.

It seems they are just domain cloaking. Not using any DB at their end like bitcointa.lk. That is why their threads are getting updated in real time.

[alani123]

The xyz forum looks exactly like bitcointalk. Is it a frame redirect and not actually phishing?

It doesn't seem like a simple frame. You can check the source of the page and see that the code is similar to the original.

Click this image for a screenshot comparing the first lines of source pages from the two websites

[tspacepilot]

The xyz forum looks exactly like bitcointalk. Is it a frame redirect and not actually phishing?

It doesn't seem like a simple frame. You can check the source of the page and see that the code is similar to the original.

Click this image for a screenshot comparing the first lines of source pages from the two websites

Most likely they are mirroring from the back-end. I e, you can run curl and print to stdout if you want to republish the source of another site.  I'm also curious if this might be a legit experiment that theymos is doing with changing the TLD or something.

[alani123]

The xyz forum looks exactly like bitcointalk. Is it a frame redirect and not actually phishing?

It doesn't seem like a simple frame. You can check the source of the page and see that the code is similar to the original.

Click this image for a screenshot comparing the first lines of source pages from the two websites

Most likely they are mirroring from the back-end. I e, you can run curl and print to stdout if you want to republish the source of another site.  I'm also curious if this might be a legit experiment that theymos is doing with changing the TLD or something.

This is why I'm suggesting that we should wait for a staff member to give us a hint on what this is before taking action.

[theymos_away]

It's not mine. Leeching traffic for ads, phishing, malware, or maybe just bypassing China/Russia's ban of the forum. I strongly recommend not logging in there in any case.

[ISIS Representative]

Theymos can issue a takedown notice if he feels the need too. Glad you notified us about it.

No, there is no such thing as a takedown notice. Most nations do not care about US laws.

[tspacepilot]

It's not mine. Leeching traffic for ads, phishing, malware, or maybe just bypassing China/Russia's ban of the forum. I strongly recommend not logging in there in any case.

Well, now we know that it's not something theymos is doing anyway.  Interesting suggestion that they might be somehow trying to provide something legit.  I certainly won't be logging in there.

[guitarplinker]

Theymos can issue a takedown notice if he feels the need too. Glad you notified us about it.

No, there is no such thing as a takedown notice. Most nations do not care about US laws.

Looks like the domain is registered through a Chinese provider (the whois says it's registered through Xiamen Nawang technology Co., Ltd) so I don't think they would take the site down even if theymos complained. However the fact that it's registered through a Chinese provider could also mean that it is indeed trying to pass Chinese restrictions on the normal Bitcointalk site, as theymos mentioned.

[chmod755]

Looks like the domain is registered through a Chinese provider (the whois says it's registered through Xiamen Nawang technology Co., Ltd) so I don't think they would take the site down even if theymos complained. However the fact that it's registered through a Chinese provider could also mean that it is indeed trying to pass Chinese restrictions on the normal Bitcointalk site, as theymos mentioned.

There are already several websites mirroring bitcointalk and calling it bitcointalk.xyz should make it quite easy to detect for those who are monitoring the traffic. I think I would use a foreign (non-chinese) company if I tried to bypass the "Great Firewall of China" to avoid getting arrested for doing that.

[shorena]

Same as bitcoin-forums (DOT) net as it was reported in the german section[1].

[1] https://bitcointalk.org/index.php?topic=1058533.0