Topic: btc-arbs.com - Update: dead HYIP, Refund progress: BTC-arbs still doing refunds - page 152. (Read 276958 times)

Yep, run on the bank is my biggest worry at this point. All the talk about scams could be a self-fulfilling prophesy. I still posit that no scam was intended, at least at this point. A scammer would not have had intermittent problems before going offline. They would have taken the money and abandoned the site.

If they were well run, they were making a ton of cash, and will have enough to cover. Unfortunately, we have no way of knowing if they were or not. The returns they were generating were quite possible via arbitrage between sites. All you have to do is chart out the prices on the three major exchanges for a day, and see they often differ by a percent or more. If you have both cash and money on all three, you wait for a one percent difference, and make a balanced trade. Then, move money and coin around to balance what is on each exchange, which takes a couple of hours, and do it again.

If you don't believe me, back test it over a couple of days. If they have a few hundred coin and a few tens of thousands of dollars, they are earning a bigger percent than they are are paying. Also, notice that when they figure the payouts, they are truncating, rather than rounding. That alone covers any transaction fees, and skimming 0.1 - 1 percent before posting the payouts they make easily makes a great profit for them, while still maintaining the payouts they offer members.

If they are scamming, they are extremely lazy and killing the goose that lay the golden egg. I have done the math. The payouts are not high if they have sufficient capital to work with. The only risk to their capital is theft, or a Mt Gox type situation. If I had the cash, I'd do it myself, rather than through them. I've thought of creating a similar service to raise the cash, but I would quickly lose patience with the doubters that would claim I was trying to scam people without knowing anything about me. That annoyance is just not worth the money.

Dishonest people are a small minority, but it doesn't take many to make raging paranoid lunatics out of otherwise reasonable people. As with any investment, don't put in more than you can comfortably afford to lose, diversify your holdings, and you will still do well despite the occasional scam.

I completely agree with the argument you have made.  Technically your analysis is flaweless. The most alarming thing for me is the lack of any other contact points between the staff of the site and the customers of the site.

Well at this point it is pretty safe to assume it is over.   Even if they come back, there will probably be a run on the bank.  

I posit that the site being down coupled to the lack of announcement by their staff anywhere on the net suggests that they are done.  I hope I'm wrong but unless we get information from the inside soon, a scam seems a likely explanation. 

Why do you assume that the web interface is on the same server as the arbitrage app? Or the database? or even the web app? I maintain deployment processes for the fortune 500 financial company I work for. Not saying we can't be hacked, but our security is among the best out there. Your diagnostics would show at least as many ports as you see here. However, if you broke in through them, you would get nothing of use. The public facing server is essentially a proxy. It filters and monitors requests, and asks other servers behind a firewall to deliver the content. No way you can tell that from the outside.

Beyond other firewalls, on other servers, are the logic, databases and applications. You are making assumptions that you have no way of proving, unless you have hacked through at least the world-facing layer. For all you can see from the outside, the public web address could contain essentially nothing.

Yes, I was mocking those saying the site was a scam. If it is a scam, why play the server up, server down game? A scammer would just shut it down without any games and take your money. T

The evidence posted on this thread shows nothing other than a dns problem followed by some server issues. It does not show a scam, or negligence, or incompetence. There is absolutely no way you can tell, unless you get on that server and poke around from the inside.

As for those worried about Maybe the alarmists are right, but they have yet to show any evidence of that on this thread.

Guys its over, accept the fact. "We have been hacked, we shut down server for security reasons, will be back soon blablabla"

Some of you are falling in this "all will be fine"-hope-state, searching for reasons coz your not ready to accept the truth about this scam-site.

FYI

Discovered open port 22/tcp on 111.90.150.219   Secure shell
Discovered open port 993/tcp on 111.90.150.219 IMAP over SSL (hope it was patched for HeartBleed)
Discovered open port 587/tcp on 111.90.150.219 Secure Mail (IMAP)
Discovered open port 110/tcp on 111.90.150.219 POP (mail)
Discovered open port 25/tcp on 111.90.150.219  SMTP (mail)
Discovered open port 80/tcp on 111.90.150.219  HTTP
Discovered open port 995/tcp on 111.90.150.219 MAIL
Discovered open port 143/tcp on 111.90.150.219 IMAP
Discovered open port 443/tcp on 111.90.150.219 HTTPS
Discovered open port 111/tcp on 111.90.150.219 RPC
Discovered open port 21/tcp on 111.90.150.219 FTP
Discovered open port 53/tcp on 111.90.150.219 DNS
Discovered open port 26/tcp on 111.90.150.219 RSFTP
Discovered open port 465/tcp on 111.90.150.219 SMTP SSL (hope it was patched for HeartBleed)

These ports are world facing and NOT filtered.

This machine is basically a Linux box built for the purpose by someone who could not secure it but who could do an installation and get software running.  It may be hosted somewhere.  It maybe some guy with his own dedicated IP address but he is running all this shit on one server and most of it should not be available to world access.

This is another classic case of someone who can build a web server and make it work but who has absolutely NO CLUE how to properly secure the box he is running.

We are seeing too many of these in the community.  This shit HAS TO STOP, if we are to be accepted as a viable force in the economic community.

What on earth are you babbling on about. Who said the services aren't needed? Who said it's even on the same server? Have you heard of NAT? These are common external facing protocols. Get a clue!

You obviously do not understand that any open port can be hacked.

Think about it for a moment an you will get it.

On a server which is managing say a few thousand dollars a day, only that, would you run multiple additional unnecessary services if you were competent?  I think not.

and by the way NO THEY ARE NOT MOSTLY MAIL RELATED SERVICES...

Now as far as exactly what each service is, I can detail them as well as you can.

Discovered open port 22/tcp on 111.90.150.219   Secure shell
Discovered open port 993/tcp on 111.90.150.219 IMAP over SSL (hope it was patched for HeartBleed)
Discovered open port 587/tcp on 111.90.150.219 Secure Mail (IMAP)
Discovered open port 110/tcp on 111.90.150.219 POP (mail)
Discovered open port 25/tcp on 111.90.150.219  SMTP (mail)
Discovered open port 80/tcp on 111.90.150.219  HTTP
Discovered open port 995/tcp on 111.90.150.219 MAIL
Discovered open port 143/tcp on 111.90.150.219 IMAP
Discovered open port 443/tcp on 111.90.150.219 HTTPS
Discovered open port 111/tcp on 111.90.150.219 RPC
Discovered open port 21/tcp on 111.90.150.219 FTP
Discovered open port 53/tcp on 111.90.150.219 DNS
Discovered open port 26/tcp on 111.90.150.219 RSFTP
Discovered open port 465/tcp on 111.90.150.219 SMTP SSL (hope it was patched for HeartBleed)

You completely miss the point.  The POINT IS many, many thousands of dollars per day are being handled by a server which has maybe 12 more ports open than it needs to do the SINGLE FUNCTION it should be doing.  That is only one of two things INCOMPETENCE or NEGLIGENCE.  That is it dude.  That is it.

You want email service, do it elsewhere.  You want SQL service, do it elsewhere.  Ok, so you want SQL service... FINE FILTER IT.  This server is offering services to the WORLD facing interface which it SHOULD NEVER OFFER.

I'm just saying.

Those are mostly mail related services.

Dear Lord,

Plz bring btc-arbs.com back online.

Amen.

You are either an idiot, or you are mocking the rest of us...

Too many services open...  What we have here is a Linux server with *WAY* too many services open.


NSE: Loaded 106 scripts for scanning.
NSE: Script Pre-scanning.
Initiating Ping Scan at 23:02
Scanning 111.90.150.219 [4 ports]
Completed Ping Scan at 23:02, 0.34s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 23:02
Completed Parallel DNS resolution of 1 host. at 23:02, 0.40s elapsed
Initiating SYN Stealth Scan at 23:02
Scanning mail.btc-arbs.com (111.90.150.219) [1000 ports]
Discovered open port 22/tcp on 111.90.150.219
Discovered open port 993/tcp on 111.90.150.219
Discovered open port 587/tcp on 111.90.150.219
Discovered open port 110/tcp on 111.90.150.219
Discovered open port 25/tcp on 111.90.150.219
Discovered open port 80/tcp on 111.90.150.219
Discovered open port 995/tcp on 111.90.150.219
Discovered open port 143/tcp on 111.90.150.219
Discovered open port 443/tcp on 111.90.150.219
Discovered open port 111/tcp on 111.90.150.219
Discovered open port 21/tcp on 111.90.150.219
Discovered open port 53/tcp on 111.90.150.219
Discovered open port 26/tcp on 111.90.150.219
Discovered open port 465/tcp on 111.90.150.219
Completed SYN Stealth Scan at 23:02, 7.33s elapsed (1000 total ports)
Initiating Service scan at 23:02
Scanning 14 services on mail.btc-arbs.com (111.90.150.219)
Completed Service scan at 23:02, 14.29s elapsed (14 services on 1 host)
Initiating OS detection (try #1) against mail.btc-arbs.com (111.90.150.219)
Initiating Traceroute at 23:02
Completed Traceroute at 23:02, 3.02s elapsed
Initiating Parallel DNS resolution of 16 hosts. at 23:02
Completed Parallel DNS resolution of 16 hosts. at 23:02, 11.04s elapsed
NSE: Script scanning 111.90.150.219.
Initiating NSE at 23:02
Completed NSE at 23:04, 110.97s elapsed
Nmap scan report for mail.btc-arbs.com (111.90.150.219)
Host is up (0.26s latency).
Not shown: 981 closed ports
PORT     STATE    SERVICE     VERSION
21/tcp   open     tcpwrapped
22/tcp   open     tcpwrapped
25/tcp   open     smtp        Postfix smtpd
|_smtp-commands: Couldn't establish connection on port 25
26/tcp   open     tcpwrapped
53/tcp   open     tcpwrapped
80/tcp   open     http        Apache httpd 2.2.26 ((Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635)
|_http-methods: No Allow or Public header in OPTIONS response (status code 301)
|_http-title: Did not follow redirect to https://mail.btc-arbs.com/
110/tcp  open     tcpwrapped
111/tcp  open     tcpwrapped
135/tcp  filtered msrpc
139/tcp  filtered netbios-ssn
143/tcp  open     tcpwrapped
| imap-capabilities:
|_  ERROR: Failed to connect to server
443/tcp  open     ssl/http    Apache httpd 2.2.26 ((Unix) mod_ssl/2.2.26 OpenSSL/1.0.1e-fips mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635)
|_http-methods: No Allow or Public header in OPTIONS response (status code 500)
|_http-title: 500 Internal Server Error
| ssl-cert: Subject: commonName=btc-arbs.com
| Issuer: commonName=PositiveSSL CA 2/organizationName=COMODO CA Limited/stateOrProvinceName=Greater Manchester/countryName=GB
| Public Key type: rsa
| Public Key bits: 2048
| Not valid before: 2014-02-14T00:00:00+00:00
| Not valid after:  2015-02-14T23:59:59+00:00
| MD5:   1b49 96d4 de3c 022b 640a 1bfd 41a2 682f
|_SHA-1: d43b 2f3b 4929 2f2c c76a 698d 7045 f52a 996e 70f3
|_ssl-date: 2014-04-17T03:02:52+00:00; +5s from local time.
|_sslv2: server supports SSLv2 protocol, but no SSLv2 cyphers
465/tcp  open     tcpwrapped
|_smtp-commands: Couldn't establish connection on port 465
587/tcp  open     tcpwrapped
|_smtp-commands: Couldn't establish connection on port 587
993/tcp  open     tcpwrapped
995/tcp  open     tcpwrapped
6667/tcp filtered irc
6668/tcp filtered irc
6669/tcp filtered irc
Device type: general purpose
Running: Linux 3.X
OS CPE: cpe:/o:linux:linux_kernel:3
OS details: Linux 3.1 - 3.4
Uptime guess: 6.316 days (since Thu Apr 10 15:29:06 2014)
Network Distance: 18 hops
TCP Sequence Prediction: Difficulty=247 (Good luck!)
IP ID Sequence Generation: All zeros

Paranoia strikes deep
Into your life it will creep
It starts when you're always afraid
Step out line the man come, and take you away.

btc-arbs.com registry whois
   Updated 2 hours ago - Refresh
Domain Name: BTC-ARBS.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.WEBKEVLAR.NET
Name Server: NS2.WEBKEVLAR.NET
Status: clientTransferProhibited
Updated Date: 28-jan-2014
Creation Date: 04-jan-2014
Expiration Date: 04-jan-2015
btc-arbs.com registrar whois
   Updated 2 hours ago
Domain Name: BTC-ARBS.COM
Registry Domain ID: 1841415035_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2014-01-04 12:13:19Z
Creation Date: 2014-01-04 20:13:00Z
Registrar Registration Expiration Date: 2015-01-04 20:13:00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.4252744500
Reseller: NAMECHEAP.COM
Domain Status: clientTransferProhibited
Registry Registrant ID:
Registrant Name: WHOISGUARD PROTECTED
Registrant Organization: WHOISGUARD, INC.
Registrant Street: P.O. BOX 0823-03411
Registrant City: PANAMA
Registrant State/Province: PANAMA
Registrant Postal Code: NA
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:
Admin Name: WHOISGUARD PROTECTED
Admin Organization: WHOISGUARD, INC.
Admin Street: P.O. BOX 0823-03411
Admin City: PANAMA
Admin State/Province: PANAMA
Admin Postal Code: NA
Admin Country: PA
Admin Phone: +507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID:
Tech Name: WHOISGUARD PROTECTED
Tech Organization: WHOISGUARD, INC.
Tech Street: P.O. BOX 0823-03411
Tech City: PANAMA
Tech State/Province: PANAMA
Tech Postal Code: NA
Tech Country: PA
Tech Phone: +507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email: [email protected]
Name Server: NS1.WEBKEVLAR.NET
Name Server: NS2.WEBKEVLAR.NET
DNSSEC: unSigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-01-04 12:13:19Z

yea i trust them.

i would look pretty stupid well my site would if they end up being a scam.

2 adbanenrs, on every page, top 5 lists hahah praised

But the arbitrage factor is just it...simple when explained in comparison to wall street


ADAM WHERE ARE YOU!!!

Just going to point out to you that they are stored on exchanges under someone else's key.

I agree, although I don't have it enabled due to low account and crappy BlackBerry ATM

I just realized this...

I did some advertising on my site's adbanner options with them privately and they purchased but whenever I would ask for an EMAIL to further talk this over as the support option is incredibly ill effective I would never get a reply.... now that could mean just about anything right? but now makes me think about the fact that

They have No Twitter
No Facebook
Kinda came outta nowhere and honestly every acceptable - popular bitcoin site had their banner all of a sudden. Including my bitfilliates at which time wasn't getting enough hits for the deal he offered and was soooooooooo like here take it with the money.

So I worked up literally a 1500 page advertising campaign for his payment and he just said sent the btc, could't bare to read all of that but just i trust you.


Now, i know some yall got lucky and bought early, me however found bitcoin through silkroad.


Think about the fact that they may not EVEN be doing ANY TRADING AT ALL and just putting those percentages up, that deposit balance has no TRANSPARENCY WHATSOVER to show that hey i actually own what I earned....

Wow I'm actually getting even more suspicious now...

I am trusting the admins WRT to their intentions.

Still with Heartbleed, and all the other DNS stuff that has been going on with them all day.  I am not comfortable with the skill of the administrative staff.  I have tens of BTCs invested and I am worried whenever a site that stores passwords crashes.

Like I said, KIDDIES enable two factor authentication.

By definition of the site btc are not stored there they are on exchanges. I have multiple BTCs invested and I'm not worried until all Hostgator servers are back up.

It is not a damn fraud...  This is a typical site hack.  The clowns who run the site are not competent to manage security.

For that matter the damn owners of the site need to UNPLUG THAT THING FROM THE NETWORK until they figure out what happend.  AT THIS POINT they have not done that.  That troubles me greatly.  Why?  Because once a site is compromised the attacker can do whatever he wants with the site.  He can break the web server and continue to steal from the site.

That site needs to be OFF LINED RIGHT NOW!

Anyone with a contact to the admins of that site, call them RIGHT now and have them take the damn thing off the network RIGHT NOW.  We should not be getting an error page from the server.  The system should be offlined BECAUSE it has our BTC stored on it.  If it is OFFLINE, that BTC can not be stolen.