Bitcoin Forum
December 04, 2016, 04:09:54 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: mt.gox phishing …  (Read 1095 times)
phatsphere
Hero Member
*****
Offline Offline

Activity: 739


View Profile
February 28, 2012, 03:52:09 PM
 #1

… hit me once again. fortunately i'm "yubikeyed". wondering from where they know my address.

page: http://ejubg3.tmweb.ru/

header:
Code:
Received: by 10.50.135.36 with SMTP id pp4csp99778igb;
        Tue, 28 Feb 2012 07:41:04 -0800 (PST)
Received: by 10.14.101.129 with SMTP id b1mr8494837eeg.12.1330443664220;
        Tue, 28 Feb 2012 07:41:04 -0800 (PST)
Return-Path: <samanito@xm63.hostsila.org>
Received: from xm63.hostsila.org (xm63.hostsila.org. [194.28.85.190])
        by mx.google.com with ESMTPS id c42si4380583eeo.73.2012.02.28.07.41.03
        (version=TLSv1/SSLv3 cipher=OTHER);
        Tue, 28 Feb 2012 07:41:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of samanito@xm63.hostsila.org designates 194.28.85.190 as permitted sender) client-ip=194.28.85.190;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of samanito@xm63.hostsila.org designates 194.28.85.190 as permitted sender) smtp.mail=samanito@xm63.hostsila.org
Received: from samanito by xm63.hostsila.org with local (Exim 4.69)
(envelope-from <samanito@xm63.hostsila.org>)
id 1S2PFS-0002xV-PM
for XXXX@gmail.com; Tue, 28 Feb 2012 17:45:54 +0200
To: XXXX
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: 194.28.85.190/~samanito/index.php for 84.19.169.163
From:info@mtgox.com
Reply-To:info@mtgox.com
MIME-Version:1.0
Content-Type: text/html;
Message-Id: <E1S2PFS-0002xV-PM@xm63.hostsila.org>
Sender:  <samanito@xm63.hostsila.org>
Date: Tue, 28 Feb 2012 17:45:54 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - xm63.hostsila.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1226 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - xm63.hostsila.org
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/samanito/public_html/index.php
X-Source-Dir: samanito.net:/public_html
1480824594
Hero Member
*
Offline Offline

Posts: 1480824594

View Profile Personal Message (Offline)

Ignore
1480824594
Reply with quote  #2

1480824594
Report to moderator
1480824594
Hero Member
*
Offline Offline

Posts: 1480824594

View Profile Personal Message (Offline)

Ignore
1480824594
Reply with quote  #2

1480824594
Report to moderator
1480824594
Hero Member
*
Offline Offline

Posts: 1480824594

View Profile Personal Message (Offline)

Ignore
1480824594
Reply with quote  #2

1480824594
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1480824594
Hero Member
*
Offline Offline

Posts: 1480824594

View Profile Personal Message (Offline)

Ignore
1480824594
Reply with quote  #2

1480824594
Report to moderator
XMPPwocky
Newbie
*
Offline Offline

Activity: 21


View Profile WWW
February 28, 2012, 05:47:40 PM
 #2

I SQL-injected them and dropped various tables.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
February 28, 2012, 05:48:29 PM
 #3

I SQL-injected them and dropped various tables.
Hacking the phishers. Me likey.  Grin

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Otoh
Donator
Legendary
*
Offline Offline

Activity: 1918



View Profile
February 28, 2012, 06:30:12 PM
 #4

yep I too got this .ru one a couple of days ago, the last one was .tk or .tw if I remember correctly but otherwise the same, I'm still waiting for the first Intersango phish since their emails got broadcast not so long ago

Node40.com is a leader in DASH hosting, dedicated exclusively to fully managed masternode hosting. Professional, organized, and responsive. I have many dozens of nodes with them.    
BTC = $c²     BTC = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc      DASH, Digital Cash = www.dash.org   
   CHARITY | MY REP | DICE
neo_rage
Full Member
***
Offline Offline

Activity: 196



View Profile
February 28, 2012, 07:20:34 PM
 #5

I SQL-injected them and dropped various tables.

good!

Xenland
Legendary
*
Offline Offline

Activity: 980


I'm not just any shaman, I'm a Sha256man


View Profile
February 29, 2012, 04:43:20 AM
 #6

I still continue to receive (phishing) emails about Photo ID verification - I thought they were real until I click the link and get some wierd wigydsjkhfd.de address or somthing similar to what i put....
Maged
Legendary
*
Offline Offline

Activity: 1260


View Profile
February 29, 2012, 04:36:06 PM
 #7

I'm shocked and amazed that, as someone on the MtGox leak list, I've never received these emails...

neo_rage
Full Member
***
Offline Offline

Activity: 196



View Profile
February 29, 2012, 09:23:12 PM
 #8

Really, check site address in the address bar every time when you enter mtgox or other important site like topicstarter do.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!