Topic: Experiences with CoinsMarkets.com? - page 158. (Read 60711 times)

Right, have been somewhat on the sidelines for a bit, but feel I need to weigh in on this:

Domainname and WHOIS data
The domainname (coinsmarkets.com) is registered at the hostname registrar Gandi.net, Gandi.net does not actually check the WHOIS records provided by its clients since +31.0001220358 (not a valid .NL phonenumber) and "amesterdam" are incorrect.

I think the WHOIS information is fake, but there are three companies registered on the address [1], namely:
a. Stichting Moerka,KvK 27259166 Surinamestraat 26 - kamer 5 - 2585GJ 's-Gravenhage Rechtspersoon
b. Bohema 's-Gravenhage B.V. (Hoofdvestiging) KVK 27030037 - Vestigingsnr. 000020540590 - Surinamestraat 26 kamer 5 - 2585GJ 's-Gravenhage
c. Hoogsteder & Hoogsteder B.V. - KVK 27119670 - Surinamestraat 26 2585GJ's-Gravenhage Nevenvestiging

Only the first two are active, c. is stated as inactive.
This tells us two things: apparently there are multiple rooms at the Surinamestraat 26 (the Dutch word kamer means room), and one of the rooms has two companies registered to it (a. being a not-for-profit). There are hardly any references to a. on Google, but b. is listed as a financial organization of some sorts [2] - and has the phonenumber listed as: (0031 70 364 0475). This is also the phonenumber of "W J Hoogsteder-Vd Weiden" which might be the elderly couple another forum member talked about as having visited [4]. I also recall reading somewhere that someone called the phonenumber above, and that an elderly person answered, not sure where that was. Gandi.net (where the hostname coinsmarkets.com is registered) is a large company that has it's own Wikipedia page [5]. It's not shady nor relevant that other Exchanges/companies used the same domainname registrar.

Configuration of the server
Basically their configuration sucks; but to make it clear: they use Cloudflare to offer HTTPS and DDoS protection (https://www.coinsmarkets.com) but the website can be contacted directly at: http://mail.coinsmarkets.com (but be aware that this is HTTP so do not login on a public WiFi). It can also be contacted directly at the IP that was mentioned before in the SQL error that was visible on the frontpage: 185.66.140.234 => http://185.66.140.234 . This is also their mailserver (for receiving e-mail) but obviously the incoming and outgoing mail has been disabled. The server runs PHP on Windows Server 2008 R2 which (and more info) can be found on the /info.php page on mail.coinsmarkets.com [6] that shows the full phinfo() output... (wow). The website seems to be programmed by a complete noob: copypasting JavaScript files in the webroot for different purposes (ajax10.js, ajax12.js, ajax14.js, ajax21.js, ajax23.js, ajax28.js, ajax3.js, ajax32.js, ajax5.js, ajax7.js, ajax9.js, ajax11.js, ajax13.js, ajax20.js, ajax22.js, ajax24.js, ajax29.js, ajax30.js, ajax4.js, ajax6.js, ajax8.js). The programmer is probably not using a framework (based on files like header.php) and uses inline styling like: style="margin-bottom: 2px; width: 30px;" - which are all signs of amateurism. Another interesting file is /test.php which shows some debug output. Oh and also, the website looks like it was designed by a five year old.  If http://mail.coinsmarkets.com is down, the https://www.coinsmarkets.com only shows the cached version.

The most important scripts: withdraw.php and apiv1.php are removed from the webserver.

One other thing: https://www.coinsmarkets.com shows cached pages! Therefore: any error message you might see might be cached on a Cloudfare server that is close to you. Different pages might have different messages, but the best way to see the current message is through viewing the site (the source) at http://mail.coinsmarkets.com. Stuff like: "ordered new servers" and "DB load balancing" have been displayed at one point before and cached. I doubt that there was ever a new server, because all the time it was hosted at the same IP (185.66.140.234).  

Hosting of the server
The mail.coinsmarkets.com server, or 185.66.140.234, is hosted by NForce - which is a Dutch hoster, that allows for payments in Bitcoins [6] - possibly making it more difficult to trace the guy purely on his payment history.

Conclusion of technical part
- Domainname coinsmarkets.com is registered with (very likely) bogus WHOIS information;
- Website coinsmarkets.com is 'protected' by Cloudflare, so no information can be retrieved from the IP for www.coinsmarkets.com or the SSL-certificate.
- Actual website is hosted on http://mail.coinsmarkets.com (port 80) which is hosted by the Dutch company NForce.

Wallet balances
Unfortunately I cannot confirm or deny whether any money is gone, because I do not fully understand the process that an exchange goes through with regards to storing wallets for its members. But - having the right balances shown on the webpage does not actually mean anything. If the money was moved it should be visible on some of the blockchains, I hope that someone can do some more digging into this.

Speculative: thoughts on CM being a scam
At first I didn't hope CM was a scam (I do have some BTC stashed there) but unfortunately I do think we're fucked because:

-> There is NO communication from the owners. NO communication. It would be VERY SIMPLE to provide daily updates;
-> Outgoing e-mail, the trading engine, most of the wallets and critical PHP-scripts have been disabled/removed: apiv1.php, withdraw.php;
-> There are no signs of ANY updates to the website, next to the ECA trades a couple of days ago (which was very hopeful, at the time);
-> Messages like new servers were ordered/have arrived: the same infrastructure is in use since the beginning, there was no change of servers;
-> The admin did have an account on this forum [7] and was active before when there were issues on the site, but is totally silent now.

Honestly I have declared my coins there as lost.

My advice: consider the coins lost (lowers the frustration) go to your local police and report them as fraudster, if enough people do this it _will_ become an investigation. The guy(s) did leave more than enough traces for a (high tech) police department to find.

[1] Check www.kvk.nl with the address information; KVK is the Dutch Chamber of Commerce
[2] www.infobel.com/nl/netherlands/bohema_s_gravenhage_b_v/s_gravenhage/NL100070924-0703640475/businessdetails.aspx
[3] plusbedrijf.com/stad/s-gravenhage/surinamestraat
[4] https://bitcointalksearch.org/topic/m.27582400
[5] https://en.wikipedia.org/wiki/Gandi
[6] https://www.nforce.com/payments
[7] https://bitcointalksearch.org/user/coinsmarkets-978044

I Also had coins on Coinsmarkets few thousand euro's

But i dont think it is a scam things are changing on the site. I Worked with Servers, i can see that CM, went from under million to over 4 million traffic in just a month, and januari just exploded. I really beleive they will come back.

No one can run a online business without leaving a track, even Devs, of markets on Deep web got caught.

Ones we had issues with our own servers spend also more than 1 week, to get them working again, Processors burning, software crashing not working properly, and if this is a Scam it is huge, so Federal Governments from all over the world will make work to get them.

Someone with proof of a blockchain from the wallet they used on CM and still see their coins there?

Anyone can login with a whitelisted IP address... Only the website shell works. Everything else is connected to the servers does not. Yup Withdraw.php does not work.

I just tried to access coinsmarkets.com for the hundredth times since 01/02/2018. I was able to log into my account and see the balance of my coins but I could not withdraw them because of the following error:

"NOT FOUND. The requested URL/withdraw.php was not found on this server."

I did take a screenshot of my account balance, but I cannot upload an image yet. I have over $10K's worth of coins got stuck here so I am obviously anxious to transfer my coins out and very disappointed that I can't; however, I must say that this is an improvement and I hope that it is not a scam, but just a server upgrade that went horribly wrong.

Anyway, I just want to let everybody know that there are signs of improvement and hopefully we can get our coins back some day.

We're counting on you.

Do you speak french ?

What do you mean by reseller?

ok guys! please give me 15/20 minutes, im not good in english but i will try! i did just spoke with Nforce the 'ISP" of coinsmarkets.  A guy who's on the 24 hours service did admit that coinsmarkets is a reseller and that the website is hosted by them.

I have some connections..  i can't tell you guys who but what i can assure you all that somebody is gonna pick this up from the government.

Please read my new topic GOOD do your homework about the information you have! their ain't no chance anymore that coinsmarkets is gonna be online!

But Blockfolio’s comments are from yesterday.

Blockfolio
@BlockfolioApp
Replying to @crypto401k
@fatjohn1408 @bveenings @LPC83848433 last contact was over a week ago. We were told they were working on API endpoints
9:45 PM · Jan 11, 2018

https://mobile.twitter.com/BlockfolioApp/status/951555798467047426

"Over a week ago"

..

What do you guys think of this?

https://mobile.twitter.com/BlockfolioApp/status/951194866192560128

They pretend working on the "issues". I am sure there were not any ddos attack. They  themselves ddosed the website to trick their users and give users a reason to cease a common operation for the inside trade. I think they will be back later when the market is back to normal prices.

https://www.whois.com/whois/coinsmarkets.com

Really nobody understands that further expectation does not make sense anymore? if someone can do something to punish the scammers - do it.

THE TREATMENT OF THE SITE IS CHANGING EVERY MIN

SO I THINK THEY ARE WORKING ON IT AND THIS IS PROVING IT ,,

Maybe they're upgrading the site to have better charts.  Seriously though it has the worst charts of any exchange I've ever seen.  They're almost completely useless and would probably be better if they weren't there at all.

We have now January 2018 and not single word from whoever is behind CM exchange.
All messages on chatbox or website are automated and formulated the way to keep people waiting.
Simple play to gain more time.

Not much of a value on talking about past while facing current situation.

This user is last online on Jan 4 which is about the time coinsmarkets went down. so either he is busy fixing or busy running

So you truly believe it'll come back?

This was back from september