Bitcoin Forum
November 15, 2018, 09:36:43 AM *
News: Latest Bitcoin Core release: 0.17.0 [Torrent].
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: fflakmining.com scam thread  (Read 100 times)
plastick
Member
**
Offline Offline

Activity: 148
Merit: 15


View Profile
January 27, 2018, 09:51:55 PM
 #1

Another mining scam made its exit today.

The following is info I was able to collect on their operation, and I hope this information helps anybody who got ripped off by these criminals.

The phone number given by fflak mining is the same as the phone number on this site: http://www.comptroub.com.hk/

The address listed on this site is 2/F, Dah Sing Life Bldg, 99-105 Des Voeux Road Central, Central, Hong Kong
different than given from the fflak mining site: The New World Tower, 16 Queen’s Road, Central, Hong Kong

IP history results for fflakmining.com.
==============
IP Address   Location   IP Address Owner   Last seen on this IP
104.18.37.239   United States   Cloudflare, Inc.   2018-01-27
104.18.36.239   United States   Cloudflare, Inc.   2018-01-27
167.114.213.199   Montreal - Canada   OVH Hosting, Inc.   2017-08-18
164.132.212.72   France   OVH Static IP   2017-08-18
107.161.23.204   Atlanta - United States   RamNode LLC   2017-08-18

2017
Aug 20
Changes on that date
Removed   ns3.dnsowl.com
Removed   ns2.dnsowl.com
Removed   ns1.dnsowl.com
Added   serena.ns.cloudflare.com
Added   chuck.ns.cloudflare.com

Old DNS info:
> dig fflakmining ns1.dnsowl.com A +short
198.105.244.64
198.105.254.64
198.251.84.16
173.254.242.221
185.34.216.159

> dig fflakmining.com ns1.dnsowl.com A +short
188.166.204.107 <-- this one looks interesting http://188.166.204.107
185.34.216.159
173.254.242.221
198.251.84.16

> dig fflakmining.com ns2.dnsowl.com A +short
188.166.204.107
168.235.75.52
104.143.9.16
64.32.22.100

>dig fflakmining.com ns3.dnsowl.com A +short
188.166.204.107
70.39.125.242
45.63.5.234
209.141.39.150


Other known domains/sites: fflak.com litemihub.com (all taken down at the same time as fflakmining.com)

The links in their emails lead to https://u5956394.ct.sendgrid.net

Here is some header information from an email reply I got from "Charlie" - hiring@fflakmining.com:

X-Originating-IP: [135.84.80.217] Authentication-Results: .....yahoo.com from=fflakmining.com; domainkeys=neutral (no sig); from=fflakmining.com; dkim=neutral (no sig) Received: from 127.0.0.1 (EHLO sender-of-o52.zoho.com) (135.84.80.217) by ...yahoo.com with SMTPS; Wed, 20 Dec 2017 16:23:11 +0000 Received: from mail.zoho.com by mx.zohomail.com with SMTP id 1513786989701737.825572623641; Wed, 20 Dec 2017 08:23:09 -0800 (PST) Date: Wed, 20 Dec 2017 14:23:09 -0200 From: Hiring FFLAKMINING hiring@fflakmining.com


And their vimeo account: https://vimeo.com/user72246105

Interesting links:
https://www.linkedin.com/in/fred-fischer-7a44605a/
http://business-services.scmp.com/services-directory/office-it-services/computer-troubleshooters
https://hongkong.asiaxpat.com/directory/arts-culture-education/computer-training/1c1ac0f3-6cc7-43c4-a41d-e31912d4dd16/cts-pc-support-centre/
http://www.comptroub.com.hk/contacushk.htm

Another match for the phone number in this forum thread:
https://www.kaskus.co.id/thread/000000000000000000873755/all-about-hong-kong-ii/240+&cd=12&hl=en&ct=clnk&gl=us
Here is a site mentioned in that thread: http://www.hkfix.net/en/

Further investigation shows us this is a franchise business (look at all the white people in the staff picture, pretty strange for an asian business).
https://www.technology-solved.com/



BTC Tips/Donations: 1HeYdvo9VatQBPhnmww5TsMPhX4F2abPTW
ETH Tips/Donations: 0xf22EA6F4B2Ae2AE7A7205d8836EE0763C884BbcA
1542274603
Hero Member
*
Offline Offline

Posts: 1542274603

View Profile Personal Message (Offline)

Ignore
1542274603
Reply with quote  #2

1542274603
Report to moderator
1542274603
Hero Member
*
Offline Offline

Posts: 1542274603

View Profile Personal Message (Offline)

Ignore
1542274603
Reply with quote  #2

1542274603
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1542274603
Hero Member
*
Offline Offline

Posts: 1542274603

View Profile Personal Message (Offline)

Ignore
1542274603
Reply with quote  #2

1542274603
Report to moderator
1542274603
Hero Member
*
Offline Offline

Posts: 1542274603

View Profile Personal Message (Offline)

Ignore
1542274603
Reply with quote  #2

1542274603
Report to moderator
1542274603
Hero Member
*
Offline Offline

Posts: 1542274603

View Profile Personal Message (Offline)

Ignore
1542274603
Reply with quote  #2

1542274603
Report to moderator
plastick
Member
**
Offline Offline

Activity: 148
Merit: 15


View Profile
January 27, 2018, 11:16:39 PM
 #2

This is interesting....

Domain Name: FFLAKMINING.COM
Registry Domain ID: 2154063648_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: http://www.namesilo.com
Updated Date: 2018-01-27T10:44:40Z
Creation Date: 2017-08-16T17:53:40Z
Registry Expiry Date: 2019-08-16T17:53:40Z
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Registrar Abuse Contact Email: abuse@namesilo.com
Registrar Abuse Contact Phone: +1.4805240066
Domain Status: clientHold https://icann.org/epp#clientHold
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: CHUCK.NS.CLOUDFLARE.COM
Name Server: SERENA.NS.CLOUDFLARE.COM
DNSSEC: unsigned


clientHold   

This status code tells your domain's registry to not activate your domain in the DNS and as a consequence, it will not resolve. It is an uncommon status that is usually enacted during legal disputes, non-payment, or when your domain is subject to deletion.

Often, this status indicates an issue with your domain that needs resolution. If so, you should contact your registrar to resolve the issue. If your domain does not have any issues, but you need it to resolve, you must first contact your registrar and request that they remove this status code.


BTC Tips/Donations: 1HeYdvo9VatQBPhnmww5TsMPhX4F2abPTW
ETH Tips/Donations: 0xf22EA6F4B2Ae2AE7A7205d8836EE0763C884BbcA
plastick
Member
**
Offline Offline

Activity: 148
Merit: 15


View Profile
January 28, 2018, 03:59:14 AM
 #3

According to http://whoisrequest.com/history/ 'fflak.com' used the exact same nameservers as fflakmining.com but has been registered much longer (since 2012).

Also the fflakmining facebook shows (showed) fflak.com as their corporate web page, and fflak.com appeared as a corporate sight specializing in blockchain tech (see latest archive.org cache).

Here are the DNS records for fflak.com, look familiar?

Aug 10
Changes on that date
Removed   ns3.dnsowl.com
Removed   ns2.dnsowl.com
Removed   ns1.dnsowl.com
Added   ns3.digitalocean.com
Added   ns2.digitalocean.com
Added   ns1.digitalocean.com
Active Name Servers on that date
ns3.digitalocean.com
ns2.digitalocean.com
ns1.digitalocean.com
Aug 16
Changes on that date
Removed   ns3.digitalocean.com
Removed   ns2.digitalocean.com
Removed   ns1.digitalocean.com
Added   serena.ns.cloudflare.com
Added   chuck.ns.cloudflare.com


https://www.whoxy.com/history/fflak.com shows that this domain has been registered to the same owner since 2012.

archive.org shows this is a page for a mexican band and has a link to a facebook group. https://www.facebook.com/grupofflak

I am fairly certain our scammer is probably in one of the photos in this group assuming the domain name wasn't hacked and stolen or sold.

BTC Tips/Donations: 1HeYdvo9VatQBPhnmww5TsMPhX4F2abPTW
ETH Tips/Donations: 0xf22EA6F4B2Ae2AE7A7205d8836EE0763C884BbcA
3dart
Newbie
*
Offline Offline

Activity: 7
Merit: 0


View Profile
January 28, 2018, 04:55:49 AM
 #4

lost 10 LTC  Embarrassed  Embarrassed  Embarrassed
CryptoNinja11
Newbie
*
Offline Offline

Activity: 201
Merit: 0


View Profile WWW
January 28, 2018, 08:16:02 AM
 #5

They got me too.  Angry
elserjon
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
January 28, 2018, 08:56:18 AM
 #6

they got me too...  Angry
s^3
Newbie
*
Offline Offline

Activity: 4
Merit: 0


View Profile
January 28, 2018, 09:47:56 AM
 #7

and me also Sad
bambara
Newbie
*
Offline Offline

Activity: 8
Merit: 0


View Profile
January 29, 2018, 06:42:08 AM
 #8

get hit too  Sad
akazakou
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
January 30, 2018, 10:33:19 AM
 #9

Loose 0.3 BTC on them  Embarrassed
vaLinBSD
Newbie
*
Offline Offline

Activity: 1
Merit: 0


View Profile
February 17, 2018, 08:56:55 AM
 #10

I'm another victim...lost huge amount from my point of view Cry

Is there some sort of class action lawsuit going on?
plastick
Member
**
Offline Offline

Activity: 148
Merit: 15


View Profile
February 19, 2018, 05:22:50 AM
 #11

Now there is a new facebook group that was created a couple of days after fflakmining exit scammed. They are trying to get people to send them bitcoins, saying their site was hacked and they are working on a new one. PRETTY LOW TO BE SCAMMING PEOPLE WHO WERE ALREADY SCAMMED. These low-lifes need to be hacked or worse.

https://www.facebook.com/groups/842559639247307

BTC Tips/Donations: 1HeYdvo9VatQBPhnmww5TsMPhX4F2abPTW
ETH Tips/Donations: 0xf22EA6F4B2Ae2AE7A7205d8836EE0763C884BbcA
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!