Possible BitcoinTalk Forum Spoof?

[luckypyrate]

I found this while looking for some cgminer compatibility info...

 Malicious site, use caution down06.no-ip.org/?css=aHR0CHM6Ly9iaXRjb2ludGFSay5vCmCvaW5kzXguCGhwP2JvYXJkPtQyLjA

Is this ya'll?

[1715424162]

1715424162

[Quickseller]

I wouldn't click on the link as it appears to be a malicious site according to

https://www.virustotal.com/en/url/b1d0e2ab7dbdfb1d9bc166df3419578dd597182d450769f1ffab49e26495f389/analysis/1416066890/

[Muhammed Zakir]

I wouldn't click on the link as it appears to be a malicious site according to

https://www.virustotal.com/en/url/b1d0e2ab7dbdfb1d9bc166df3419578dd597182d450769f1ffab49e26495f389/analysis/1416066890/

Indeed, it is! Bitcointalk with some extra features.



   ~~MZ~~

[Quickseller]

I wouldn't click on the link as it appears to be a malicious site according to

https://www.virustotal.com/en/url/b1d0e2ab7dbdfb1d9bc166df3419578dd597182d450769f1ffab49e26495f389/analysis/1416066890/

Indeed, it is! Bitcointalk with some extra features.



   ~~MZ~~

what are the extra features?

[Muhammed Zakir]

what are the extra features?

Reload and look the pic again.

   ~~MZ~~

[Quickseller]

what are the extra features?

Reload and look the pic again.

   ~~MZ~~

All I see is some weird toolbar at the bottom.

[feryjhie]

what are the extra features?

Reload and look the pic again.

   ~~MZ~~

what is the function of that feature ?

[marcotheminer]

what are the extra features?

Reload and look the pic again.

   ~~MZ~~

All I see is some weird toolbar at the bottom.

Which is most likely what he is talking about when he says: "extra features"

[Muhammed Zakir]

what are the extra features?

Reload and look the pic again.

   ~~MZ~~

All I see is some weird toolbar at the bottom.

Which is most likely what he is talking about when he says: "extra features"

Yes, that's what I meant. But I ain't going back there. It seems like some fetching site. I used Incognito mode, so I can't make sure it is a fetching site. If you want to know, just click it and look whether it is asking for password.

Edit: One should go there, so I went there. It is a fetching site. It is asking me to login once more.

Edit 2: It isn't a fetching site, I think. It is something like an internal browser.

Edit 3: It is a dynamic network. I think the user who posted can't access BT without dynamic network(did China block BT? ) . It can be used by download Freegate software from the site or through the website. The site and software is mainly for Chinese. I think there is nothing suspicious.

   ~~MZ~~

[Dare]

It's running from a dynamic IP address (no-ip.org is a dynamic DNS resolver) and it's mimicking bitcointalk.org, so it's probably a phishing site intended to trick people into providing their bitcointalk passwords and downloading some sort of malware. Removing the "css" parameter from the link resulted in a different website, so there are probably multiple phishing sites with different targets running on the same server.

[luckypyrate]

It's running from a dynamic IP address (no-ip.org is a dynamic DNS resolver) and it's mimicking bitcointalk.org, so it's probably a phishing site intended to trick people into providing their bitcointalk passwords and downloading some sort of malware. Removing the "css" parameter from the link resulted in a different website, so there are probably multiple phishing sites with different targets running on the same server.

Yes I am familiar with noip I use them for my p2pool.  But I also considered it might be someone like someone else mentioned about a not bitcoin friendly locale.  If you disected it enough to determine it is malicious I will report it as should everyone else.  Or I could...have it removed 

[botany]

It's running from a dynamic IP address (no-ip.org is a dynamic DNS resolver) and it's mimicking bitcointalk.org, so it's probably a phishing site intended to trick people into providing their bitcointalk passwords and downloading some sort of malware. Removing the "css" parameter from the link resulted in a different website, so there are probably multiple phishing sites with different targets running on the same server.

Bitcointalk ids have become so valuable. There are now phishing sites for it. 

[Muhammed Zakir]

It's running from a dynamic IP address (no-ip.org is a dynamic DNS resolver) and it's mimicking bitcointalk.org, so it's probably a phishing site intended to trick people into providing their bitcointalk passwords and downloading some sort of malware. Removing the "css" parameter from the link resulted in a different website, so there are probably multiple phishing sites with different targets running on the same server.

I don't think it is a phishing site. The link in the OP was anonymous surfing through Dynaweb [1]. Just go to Dynaweb and enter a link and press 'Enter/Return'. You will surf that website.

[1] http://down06.no-ip.org/?css=zG9uz3RhaXdhbmCuY29TL2xvYy9waG9TzV9lbi5waHA - You can also go there by clicking 'English' on top left, the language of the site will change to English.

    ~~MZ~~