Bitcoin Forum
April 19, 2018, 02:41:36 PM *
News: Latest stable version of Bitcoin Core: 0.16.0  [Torrent]. (New!)
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: mt.gox phishing …  (Read 1166 times)
phatsphere
Hero Member
*****
Offline Offline

Activity: 765
Merit: 500


View Profile
February 28, 2012, 03:52:09 PM
 #1

… hit me once again. fortunately i'm "yubikeyed". wondering from where they know my address.

page: http://ejubg3.tmweb.ru/

header:
Code:
Received: by 10.50.135.36 with SMTP id pp4csp99778igb;
        Tue, 28 Feb 2012 07:41:04 -0800 (PST)
Received: by 10.14.101.129 with SMTP id b1mr8494837eeg.12.1330443664220;
        Tue, 28 Feb 2012 07:41:04 -0800 (PST)
Return-Path: <samanito@xm63.hostsila.org>
Received: from xm63.hostsila.org (xm63.hostsila.org. [194.28.85.190])
        by mx.google.com with ESMTPS id c42si4380583eeo.73.2012.02.28.07.41.03
        (version=TLSv1/SSLv3 cipher=OTHER);
        Tue, 28 Feb 2012 07:41:04 -0800 (PST)
Received-SPF: pass (google.com: best guess record for domain of samanito@xm63.hostsila.org designates 194.28.85.190 as permitted sender) client-ip=194.28.85.190;
Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of samanito@xm63.hostsila.org designates 194.28.85.190 as permitted sender) smtp.mail=samanito@xm63.hostsila.org
Received: from samanito by xm63.hostsila.org with local (Exim 4.69)
(envelope-from <samanito@xm63.hostsila.org>)
id 1S2PFS-0002xV-PM
for XXXX@gmail.com; Tue, 28 Feb 2012 17:45:54 +0200
To: XXXX
Subject: [Mt.Gox] Your account is currently pending review.
X-PHP-Script: 194.28.85.190/~samanito/index.php for 84.19.169.163
From:info@mtgox.com
Reply-To:info@mtgox.com
MIME-Version:1.0
Content-Type: text/html;
Message-Id: <E1S2PFS-0002xV-PM@xm63.hostsila.org>
Sender:  <samanito@xm63.hostsila.org>
Date: Tue, 28 Feb 2012 17:45:54 +0200
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - xm63.hostsila.org
X-AntiAbuse: Original Domain - gmail.com
X-AntiAbuse: Originator/Caller UID/GID - [1226 32007] / [47 12]
X-AntiAbuse: Sender Address Domain - xm63.hostsila.org
X-Source: /usr/bin/php
X-Source-Args: /usr/bin/php /home/samanito/public_html/index.php
X-Source-Dir: samanito.net:/public_html
1524148896
Hero Member
*
Offline Offline

Posts: 1524148896

View Profile Personal Message (Offline)

Ignore
1524148896
Reply with quote  #2

1524148896
Report to moderator
1524148896
Hero Member
*
Offline Offline

Posts: 1524148896

View Profile Personal Message (Offline)

Ignore
1524148896
Reply with quote  #2

1524148896
Report to moderator
The trust scores you see are subjective; they will change depending on who you have in your trust list.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1524148896
Hero Member
*
Offline Offline

Posts: 1524148896

View Profile Personal Message (Offline)

Ignore
1524148896
Reply with quote  #2

1524148896
Report to moderator
1524148896
Hero Member
*
Offline Offline

Posts: 1524148896

View Profile Personal Message (Offline)

Ignore
1524148896
Reply with quote  #2

1524148896
Report to moderator
XMPPwocky
Newbie
*
Offline Offline

Activity: 21
Merit: 0


View Profile WWW
February 28, 2012, 05:47:40 PM
 #2

I SQL-injected them and dropped various tables.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
February 28, 2012, 05:48:29 PM
 #3

I SQL-injected them and dropped various tables.
Hacking the phishers. Me likey.  Grin

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
Otoh
Donator
Legendary
*
Offline Offline

Activity: 2296
Merit: 1000



View Profile
February 28, 2012, 06:30:12 PM
 #4

yep I too got this .ru one a couple of days ago, the last one was .tk or .tw if I remember correctly but otherwise the same, I'm still waiting for the first Intersango phish since their emails got broadcast not so long ago

BTC = $c²     My BTC addie = 1otohotohMoQoxHuxLBveQiZcV3Pji3Tc     DASH, Digital Cash = www.dash.org     VIA, The future of crypto-currency = www.via.org 
Node40.com is a leader in DASH hosting, dedicated exclusively to fully managed masternode hosting. Professional, organized and responsive. I've dozens of nodes with them.
CHARITY | MY REP | PREDICTION
neo_rage
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
February 28, 2012, 07:20:34 PM
 #5

I SQL-injected them and dropped various tables.

good!

Xenland
Legendary
*
Offline Offline

Activity: 980
Merit: 1000


I'm not just any shaman, I'm a Sha256man


View Profile
February 29, 2012, 04:43:20 AM
 #6

I still continue to receive (phishing) emails about Photo ID verification - I thought they were real until I click the link and get some wierd wigydsjkhfd.de address or somthing similar to what i put....
Maged
Legendary
*
Offline Offline

Activity: 1260
Merit: 1004


View Profile
February 29, 2012, 04:36:06 PM
 #7

I'm shocked and amazed that, as someone on the MtGox leak list, I've never received these emails...

neo_rage
Full Member
***
Offline Offline

Activity: 196
Merit: 100



View Profile
February 29, 2012, 09:23:12 PM
 #8

Really, check site address in the address bar every time when you enter mtgox or other important site like topicstarter do.

Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!