Bitcoin Forum
November 24, 2017, 10:00:26 AM *
News: Latest stable version of Bitcoin Core: 0.15.1  [Torrent].
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: mt.gox phishing …  (Read 1163 times)
phatsphere
Hero Member
*****
Offline Offline

Activity: 765


View Profile
February 28, 2012, 03:52:09 PM
 #1

… hit me once again. fortunately i'm "yubikeyed". wondering from where they know my address.

page: http://ejubg3.tmweb.ru/

header:
Code:
Received: by 10.50.135.36 with SMTP id pp4csp99778igb;
        Tue, 28 Feb 2012 07:41:04 -0800 (PST)
Received: by 10.14.101.129 with SMTP id b1mr8494837eeg.12.1330443664220;
        Tue, 28 Feb 2012 07:41:04 -0800 (PST)
Return-Path: <samanito@xm63.hostsila.org>
Received: from xm63.hostsila.org (xm63.hostsila.org. [194.28.85.190])
        by mx.google.com with ESMTPS id c42si4380583eeo.73.2012.02.28.07.41.03
        (version=TLSv1/SSLv3 cipher=OTHER);
        Tue, 28 Feb 2012 07:41:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of samanito@xm63.hostsila.org designates 194.28.85.190 as permitted sender) client-ip=194.28.85.190;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of samanito@xm63.hostsila.org designates 194.28.85.190 as permitted sender) smtp.mail=samanito@xm63.hostsila.org
Received: from samanito by xm63.hostsila.org with local (Exim 4.69)
(envelope-from <samanito@xm63.hostsila.org>)
id 1S2PFS-0002xV-PM
for XXXX@gmail.com; Tue, 28 Feb 2012 17:45:54 +0200
To: XXXX
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: 194.28.85.190/~samanito/index.php for 84.19.169.163
From:info@mtgox.com
Reply-To:info@mtgox.com
MIME-Version:1.0
Content-Type: text/html;
Message-Id: <E1S2PFS-0002xV-PM@xm63.hostsila.org>
Sender:  <samanito@xm63.hostsila.org>
Date: Tue, 28 Feb 2012 17:45:54 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - xm63.hostsila.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1226 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - xm63.hostsila.org
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/samanito/public_html/index.php
X-Source-Dir: samanito.net:/public_html
Join ICO Now A blockchain platform for effective freelancing
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1511517626
Hero Member
*
Offline Offline

Posts: 1511517626

View Profile Personal Message (Offline)

Ignore
1511517626
Reply with quote  #2

1511517626
Report to moderator
1511517626
Hero Member
*
Offline Offline

Posts: 1511517626

View Profile Personal Message (Offline)

Ignore
1511517626
Reply with quote  #2

1511517626
Report to moderator
XMPPwocky
Newbie
*
Offline Offline

Activity: 21


View Profile WWW
February 28, 2012, 05:47:40 PM
 #2

I SQL-injected them and dropped various tables.
rjk
Sr. Member
****
Offline Offline

Activity: 434


1ngldh


View Profile
February 28, 2012, 05:48:29 PM
 #3

I SQL-injected them and dropped various tables.
Hacking the phishers. Me likey.  Grin

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Otoh
Donator
Legendary
*
Offline Offline

Activity: 2254



View Profile
February 28, 2012, 06:30:12 PM
 #4

yep I too got this .ru one a couple of days ago, the last one was .tk or .tw if I remember correctly but otherwise the same, I'm still waiting for the first Intersango phish since their emails got broadcast not so long ago

BTC = $c²     My BTC addie = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc     DASH, Digital Cash = www.dash.org     VIA, The future of crypto-currency = www.via.org 
Node40.com is a leader in DASH hosting, dedicated exclusively to fully managed masternode hosting. Professional, organized and responsive. I've dozens of nodes with them.
CHARITY | MY REP | PREDICTION
neo_rage
Full Member
***
Offline Offline

Activity: 196



View Profile
February 28, 2012, 07:20:34 PM
 #5

I SQL-injected them and dropped various tables.

good!

Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
February 29, 2012, 04:43:20 AM
 #6

I still continue to receive (phishing) emails about Photo ID verification - I thought they were real until I click the link and get some wierd wigydsjkhfd.de address or somthing similar to what i put....
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
February 29, 2012, 04:36:06 PM
 #7

I'm shocked and amazed that, as someone on the MtGox leak list, I've never received these emails...

neo_rage
Full Member
***
Offline Offline

Activity: 196



View Profile
February 29, 2012, 09:23:12 PM
 #8

Really, check site address in the address bar every time when you enter mtgox or other important site like topicstarter do.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!