[WARNING] Hackers Trying to Steal Your Login HERE !

[Spoetnik]

So i am being serious here.. some time today i got a pm from a new user trying to lure me to a web site.
and then another pm right after that warning me about it for some reason..

this guy sent it..

https://bitcointalk.org/index.php?action=profile;u=349554

LOL909
Brand new
*
Offline

Activity: 0

View Profile Personal Message (Offline)
Trust: -6: -1 / +0(0)
Warning: Trade with extreme caution!

saying this..

(No subject)
« Sent to: galbros, Spoetnik, Muhammed Zakir on: Today at 02:34:59 PM »

DO NOT CLICK ON THE QUOTED LINK - no idea what bad things it might have (notice URL = bilcointalk.org ..using the letter 'L')

Hi bro! I have bad news for you! You can see about in there http://bilcointalk.org/index.php?topic=654845.msg7515541#msg751554

Then one of the guys who got it with me sent me this..

This is a fetching site. Don't enter your username and password. If you did, change it ASAP. it is bilcointalk not bitcointalk. Beware!

  ~~MZ~~

So thanks for the warning guy but i did NOT click on the link

I want to warn people because this is common behavior around here.
In the last year i have gotten countless requests to go to various web sites and i have never gone to any of them LOL

I was on cryptsy chat last year when some scammer was posting a web site link that was similar to Cryptsy's
and the scammer had created a site i was told that stole peoples session login's (cookie)
which allowed scammers to go and clean out some Cryptsy guys account..
I watched it unfold in front of me on chat as the original user was powerless and watched as the scammer cleaned him out of all his coins etc.
So the point is you don't even HAVE to enter your login info.. web sites can be created to steal your login data regardless.

I have always told people don't use any links via Google for starters and be careful !

so.. HAIL Satan ! Blood Orgy !!!

The anti-christ is here !

[1715579302]

1715579302

[1715579302]

1715579302

[1715579302]

1715579302

[1715579302]

1715579302

[1715579302]

1715579302

[Spoetnik]

added the sent to info on first post..

hopefully the user "galbros" see's this before going there lol

Thanks again to the guy trying to be nice and warn me too.. nice to see some people care

[liquidiser]

I read a post on the NEM thread that said hackers were trying to hack bitcointalk accounts.

https://bitcointalk.org/index.php?topic=654845.msg8808287#msg8808287

It must be the same hackers conducting a mass attack.

[liquidiser]

What happened during the last hack?

[liquidiser]

What happened during the last hack?

Was pretty big, looked like a DNS poisoning attack they basically had a clone website of Bitcointalk.org but poised the main DNS server and changed their IP for the real website. After that everyone had to change their Passwords and since lots of people use only "one" in their whole life that made the hacker rich.

So there was no way to tell the difference between the fake website and this one?

[Spoetnik]

someone has been going over board today trying to get into at least 3 of my email accounts i see.
they will have of course failed miserably LOL

it amuses my balls off hahhaa

not sure what they think their going to accomplish with my email account or old emails i may have..

no one can pretend to be me because there is only one real Spoetnik  
and there is nothing of value attached to any email i have in any way in the slightest.
if anything, i think who ever is behind is just trying to piss me off and they fail again.. ROFL'z

i really don't care.. go hax my ass off tough guys (who ever you are)
wake me up when you guys get anything done.. you bore me  

edit:
fixed bad spelling LOL

[liquidiser]

ciappa says the hacker tried it on with him too.

https://bitcointalk.org/index.php?topic=734680.msg8810089#msg8810089

[Willisius]

<snip>
no one can pretend to be me because there is only one real Spoetnik  
<snip>

^ This is true. You're wasting your time.

[bitbaby]

DO NOT CLICK ON THE QUOTED LINK - no idea what bad things it might have (notice URL = bilcointalk.org

I think it would be best if all of us reported this bilcointalk website as phishing site so that people who visit it will see a warning if they access it accidentally.

[berate48]

The phishing site bilcointalk.org is protected behind Cloudflare, but investigation reveals its real IP address as 192.64.118.239 (Namecheap hosting).

It shares IP space with nxtchange.net which is a scam operation being run by the same miscreants. You can see them advertising this scam on bitcointalk here: https://bitcointalk.org/index.php?topic=767002.0

(I recommend a bitcointalk administrator bans their account and looks for any other registrations or posts from the IPs they used, as I suspect they're trying to advertise numerous scams and phishing pages here.)

It also shares IP space with neecoin.org, a scam cryptocurrency. Information about this scam can be found here: https://bitcointalk.org/index.php?topic=664202.0

Please report 192.64.118.239's hosting of this phishing page to Namecheap, and report those 3 domains to abuse@internet.bs to get the domains shut down. Due to the same IP and the same domain registrar, I am very confident that the same person or group of people is running all 3 of these scams.

[Spoetnik]

I looked it up at http://www.ip-address.org/tracer/ip-whois.php
And what that guy was saying is confirmed the rest of his info though i have no idea.
City:Panama ?

The whois data looks familiar i know that much..

Results for bilcointalk.org :
   

Domain Name:BILCOINTALK.ORG
Domain ID: D173130196-LROR
Creation Date: 2014-06-28T21:29:38Z
Updated Date: 2014-08-28T03:46:02Z
Registry Expiry Date: 2015-06-28T21:29:38Z
Sponsoring Registrar:Internet.bs Corp. (R1601-LROR)
Sponsoring Registrar IANA ID: 814
WHOIS Server:
Referral URL:
Domain Status: clientTransferProhibited
Registrant ID:INTE1qkk7hwuudd2
Registrant Name:Domain Administrator
Registrant Organization:Fundacion Private Whois
Registrant Street: Attn: bilcointalk.org
Registrant City:Panama
Registrant State/Province:
Registrant Postal Code:Zona 15
Registrant Country:PA
Registrant Phone:+507.65967959
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:53af33be81vuywlc@5225b4d0pi3627q9.privatewhois.net
Admin ID:INTEw8yo6el796ab
Admin Name:Domain Administrator
Admin Organization:Fundacion Private Whois
Admin Street: Attn: bilcointalk.org
Admin City:Panama
Admin State/Province:
Admin Postal Code:Zona 15
Admin Country:PA
Admin Phone:+507.65967959
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:53af33c0ok90ryv1@5225b4d0pi3627q9.privatewhois.net
Tech ID:INTEnplbxfdhb9lt
Tech Name:Domain Administrator
Tech Organization:Fundacion Private Whois
Tech Street: Attn: bilcointalk.org
Tech City:Panama
Tech State/Province:
Tech Postal Code:Zona 15
Tech Country:PA
Tech Phone:+507.65967959
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:53af33c0119vzt1k@5225b4d0pi3627q9.privatewhois.net
Name Server:ANDY.NS.CLOUDFLARE.COM
Name Server:RITA.NS.CLOUDFLARE.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

[berate48]

I looked it up at http://www.ip-address.org/tracer/ip-whois.php
And what that guy was saying is confirmed the rest of his info though i have no idea.
City:Panama ?

The whois data looks familiar i know that much..

Results for bilcointalk.org :
   

Domain Name:BILCOINTALK.ORG
Domain ID: D173130196-LROR
Creation Date: 2014-06-28T21:29:38Z
Updated Date: 2014-08-28T03:46:02Z
Registry Expiry Date: 2015-06-28T21:29:38Z
Sponsoring Registrar:Internet.bs Corp. (R1601-LROR)
Sponsoring Registrar IANA ID: 814
WHOIS Server:
Referral URL:
Domain Status: clientTransferProhibited
Registrant ID:INTE1qkk7hwuudd2
Registrant Name:Domain Administrator
Registrant Organization:Fundacion Private Whois
Registrant Street: Attn: bilcointalk.org
Registrant City:Panama
Registrant State/Province:
Registrant Postal Code:Zona 15
Registrant Country:PA
Registrant Phone:+507.65967959
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:53af33be81vuywlc@5225b4d0pi3627q9.privatewhois.net
Admin ID:INTEw8yo6el796ab
Admin Name:Domain Administrator
Admin Organization:Fundacion Private Whois
Admin Street: Attn: bilcointalk.org
Admin City:Panama
Admin State/Province:
Admin Postal Code:Zona 15
Admin Country:PA
Admin Phone:+507.65967959
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:53af33c0ok90ryv1@5225b4d0pi3627q9.privatewhois.net
Tech ID:INTEnplbxfdhb9lt
Tech Name:Domain Administrator
Tech Organization:Fundacion Private Whois
Tech Street: Attn: bilcointalk.org
Tech City:Panama
Tech State/Province:
Tech Postal Code:Zona 15
Tech Country:PA
Tech Phone:+507.65967959
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:53af33c0119vzt1k@5225b4d0pi3627q9.privatewhois.net
Name Server:ANDY.NS.CLOUDFLARE.COM
Name Server:RITA.NS.CLOUDFLARE.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

They used WHOIS registration privacy for all 3 of their domains, so that won't tell you anything. They registered all 3 through internetbs.com, a domain registrar, so you can contact them to get the domains shut down.

If anyone has lost Bitcoins through this phishing, you could also file a lawsuit and subpoena Internet.bs Corp for the registration information they used, and potentially regain what you lost.

[Spoetnik]

it said "sponsoring Registrar:Internet.bs Corp. (R1601-LROR)"
in what i posted.. which is what you said.

i mainly did that for one reason.. to assure people that the complaint email address you suggested is valid.
so from my whois i posted i can see that it matches

also that company can not keep them anon..
by law if you don't provide your contact data when requested (via proxy or not)
your site will be taken down.

all it takes is 1 unfulfilled request and they will be gone !

edit:
someone wanted to be an asshole a while back and had the tech news site Neowin.net taken down LOL
it was offline for a while until the owner could convince them that their dead email address the used to register the domain was legit etc AND CORRECTED.
Neowin admitted their email address was no good so the site was pulled immediately with no questions asked !
It doesn't matter how big you think you are.. if your contact info is not valid your ass is gone (if you get reported or caught)
You can all google search the neowin.net incident to prove i too if ya don't believe me

edit2:
A Valid phone number and email address is non-optional but mandatory or any site can be reported and taken down promptly.

[AltCoinBuddah]

Thanks for the heads up. This scam shit is very fucked. Such bullshit. Ban these guys accounts and their IP's

[berate48]

it said "sponsoring Registrar:Internet.bs Corp. (R1601-LROR)"
in what i posted.. which is what you said.

i mainly did that for one reason.. to assure people that the complaint email address you suggested is valid.
so from my whois i posted i can see that it matches

Ah sorry, might've misunderstood what you were getting at.

For reference, you can run a WHOIS on any domain, even a Cloudflare protected one, (go to http://whois.domaintools.com for example) to see what domain registrar was used. There may be an abuse@ email address included in the WHOIS record; if not go to the company's website and they will list one. Internet.bs Corp's is abuse@internet.bs

[Spoetnik]

@berate48
thanks for your help and info on this

i edited my last comment a bit too ..you guys posted pretty fast lol