My short analyses of TheHedgeCoinGroup:
I too have been exchanging a few emails with them looking for a new hosting location.
I also spent a bit of time researching anything I could find related to them on the web - looking for indications if it is legit OR fraud……
My conclusion is that there is a medium to high probability this is fraud. Not conclusive, but highly likely. Would love to be proven wrong.
Below are my reasons leaning towards being fraudulent:
a. Only accepts bitcoins as payment and no wire transfer.
b. Domain registered only 3 months ago: Creation Date: 2017-09-08T16:35:42.00Z
c. Domain with private registration.
d. Elusive with photos/images.
e. Unable to verify identify of individuals I exchanged emails with. Very little on linkedin, web searches, china's version of linked in, etc
f. Large inventory of many machines types available when I inquired about purchasing machines. No one has inventory like this sitting around.
g. Text on web site seems to be copied from other sites.
h. Claims to be in China with mining location in Mongolia, but a bit of forensic analyses on source email appears to indicate who ever emailed me did so on a browser from of Alberta, Canada. This is the needle in the haystack.
I exchanged emails with Vince and analyzed everything I could in the header, writing styles, etc.
The email was generated using Microsoft office 365 and owa.
Emails originating from ip: 184.68.199.50
This is visible in the headers we can see:
authentication-results: spf=none (sender IP is )
[email protected];
x-originating-ip: [184.68.199.50]
Ip 2 Location lookup on IP 184.68.199.50 indicates a physical location of Canada, Alberta, Calgary, from Shaw Communications Inc.
A bit more research -- this is tied to DSL line in Canada from Shaw Communications
A bit more search... isp ip also in an SFP record for
www.patchingassociates.com "v=spf1 mx ip4:184.68.199.50 include:spf.protection.outlook.com -all"
A bit more research... ip 184.68.199.50 is running a public facing ftp server.
A bit more search the ftp server is running on plain text, no tls/sftp and appears to be an old version. My guess this is how they got into the server. A very common exploit pattern by guessing a uid/pwd OR exploiting some unpatched vulnerability. This is a good way to cover your tracks......
Conclusion:
If I were to guess, they are using a compromised server in Alberta, Canada belonging to PatchingAssociates.com to use Web Mail in office 365 to cover up their tracks. Server in Alberta, Canada belongs to
www.PatchingAssociates.com which has nothing to do with mining operations and appears to lack security on their ftp server........too many steps have been taken to cover up and hide identity - private domain registration, cloud flare for web site hosting, using server/pc in Canada for web mail, and only accepting bitcoins for payment.
Stay safe out there!!!!
Hello,
We would prefer that you remove any personal information that you have posted. There are a ton of logistics behind every company that no one sees and we have done our best to please everyone.
What you don't know before posting all of this is the following:
1. We have members based in different parts of the world in order to actively respond to messages at all times
2. We are actively building out a data center in Canada that is almost ready to be announced, for which I am assigned to take care of construction and overseeing completion. We will be creating a documentary on this as we continue to develop it.
3. We have lost 3 customers money due to wire transfer and had to remove it as such, we also have a limit to the amount of foreign currency available for receipt in our bank accounts until we get a new one in Hong Kong, which we think is a valid reason to not accept it.
4. We have only recently, as stated before looked into expanding our brand online and to get new customers outside of China so it would be normal to not have to create a domain unless needed to satisfy our new customers, we did this because of the huge increase in interest of Bitcoin
5. We have tried to satisfy as many questions and suggestions posted by forum users, we cannot take a picture every single time that we want to sell 10 units to someone because then the majority of our time would be spent driving back and forth to the facility just to take photos
6. We have a deep supply chain, what we have in stock is not only ours, but our suppliers as well.
We have continually done so many things to try and improve our process from hiring a web developer, to getting a new CRM, to getting a new invoicing system, to reaching out on multiple platforms and look for different business opportunities and ventures. We have invested a lot more than any other company and if this were all to be for a small scam, do you think it would really be worth it?
I guess this would be a good time to announce our Canadian Data Center:
We are opening a new Data Center in Canada! The minimum amount for hosting in this facility is 1000 machines, we have a capacity of over 100 000 machines and will be offering facility visits for people with interest and proof that they have the minimum amount of machines! We realize that there is a lot of discontent within China and this is the reason we have started shifting gears to announce this!
We are looking at a capacity of around 20000 machines by the end of February, so message us if you would like more details!
Thanks,
THCG (The Hedge Coin Group)