Fake Bitcointalk forum Warning | Bitcointalksearch.org

MoparMiningLLC

legendary

Activity: 2212

Merit: 2365

EIN: 82-3893490

Quote from: TryNinja on October 16, 2019, 06:37:05 PM

Looks like the login and register buttons lead to BitcoinTalk? This shouldn't be such a big issue (at least for now). Just like BitcoinTalk.to which AFAIK only showed ads and his captcha didn't work, so no one could try to login or register.

their site could have some code that copies login info - so while directing back to here, they then get our credentials perhaps.

smyslov

sr. member

Activity: 2030

Merit: 269

Quote from: dkbit98 on October 16, 2019, 05:02:11 PM

Few days ago someone created fake Bitcointalk forum with all our data.
It is collecting data Live!

Watch out for potential Phishing and Scam attempts.

bitinfo.cc
A bit more information with images I posted in Scam Acussation section:
https://bitcointalksearch.org/topic/scam-fake-bitcointalk-forum-clone-bitinfocc-5193535

Stay safe

This is the fourth time since I started here in Bitcointalk, but the admin of that phishing site is not that good he only clones the home page and not the login page which is where he can get the login details, we have no problem with old-timer I'm pretty sure they know what real Bitcointalk link is they already bookmark it, only the newbies are not aware of this.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: mainconcept on October 19, 2019, 03:41:48 AM

I created a pull request for MetaMask: https://github.com/MetaMask/eth-phishing-detect/pull/3404

The MetaMask extension should block the website if they accept the request.

Thank you.
I did the same thing.... and guys from Metamask github told me they need more information.
I hope they will accept one of our requests.

mainconcept

sr. member

Activity: 588

Merit: 422

I created a pull request for MetaMask: https://github.com/MetaMask/eth-phishing-detect/pull/3404

The MetaMask extension should block the website if they accept the request.

actmyname

copper member

Activity: 2562

Merit: 2510

Spear the bees

Quote from: TalkStar on October 17, 2019, 03:20:18 PM

most probably they put their login button destination to real bitcointalk domain which will force visitors to think that this site associated with real bitcointalk forum

Not the login/registration button directly, but the subsequent buttons redirect you to bitcointalk. This is what gives a special hint of malice, or ignorance.

An appropriate clone site would probably even do away with logins entirely.

TalkStar

copper member

Activity: 1204

Merit: 737

✅ Need Campaign Manager? TG > @TalkStar675

Quote from: marlboroza on October 17, 2019, 06:41:06 AM

Login button on main page is linking bitcointalk.org, but inside threads link is for phishing purposes.

Yeah that's the main trap for visitors IMO and most probably they put their login button destination to real bitcointalk domain which will force visitors to think that this site associated with real bitcointalk forum. Usually most of the phishing attack come from similar looking sites and visitors put their foot on this kinda trap.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: KingScorpio on October 17, 2019, 01:04:31 PM

why is it a fake? it is simply a different bitcoin forum, are here some greedy monopolists upset?

Dude? It's a literal clone of BitcoinTalk.

I found your exact post in there: https://bitinfo.cc/topic.php?topic=5193542.msg52790760#msg52790760 < FAKE BITCOINTALK

What does fake mean to you?

actmyname

copper member

Activity: 2562

Merit: 2510

Spear the bees

Quote from: KingScorpio on October 17, 2019, 01:04:31 PM

why is it a fake? it is simply a different bitcoin forum, are here some greedy monopolists upset?

Read that part back.

KingScorpio

sr. member

Activity: 1470

Merit: 325

Quote from: dkbit98 on October 16, 2019, 05:02:11 PM

Few days ago someone created fake Bitcointalk forum with all our data.
It is collecting data Live!

Watch out for potential Phishing and Scam attempts.

bitinfo.cc
A bit more information with images I posted in Scam Acussation section:
https://bitcointalksearch.org/topic/scam-fake-bitcointalk-forum-clone-bitinfocc-5193535

Stay safe

why is it a fake? it is simply a different bitcoin forum, are here some greedy monopolists upset?

marlboroza

legendary

Activity: 1932

Merit: 2272

Quote from: Chikito on October 16, 2019, 07:22:44 PM

https://www.virustotal.com/gui/url/c14a1cc39ed84f106df83648b84a908e20f5ac9aa455224b9b4bdaf5d33627c0/detection

Quote

One engine detected this URL https://bitinfo.cc/

Forcepoint ThreatSeeker - Malicious

I looked into this yesterday and I find very strange that only Forcepoint showed warning while other engines showed it as clean. I used their scanner and got this result :

Login button on main page is linking bitcointalk.org, but inside threads link is for phishing purposes.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Chikito on October 16, 2019, 07:22:44 PM

https://www.virustotal.com/gui/url/c14a1cc39ed84f106df83648b84a908e20f5ac9aa455224b9b4bdaf5d33627c0/detection

Be careful

Thanks for reporting. I missed this

Quote from: akamit on October 17, 2019, 04:31:54 AM

Report phishing sites to Google here > https://safebrowsing.google.com/safebrowsing/report_phish/ and Google will do the rest.

Hopefully, the phishing site will not get indexed and rank to any keyword. Moreover, if any visitor accidentally visits the site then Google may show the red warning saying "Phishing Site".

I have reported it!

Yeah this shitsite is reported as soon as I saw it, but it would help if more people do it.
You can also report it to Symantec: https://submit.symantec.com/antifraud/phish.cgi

I also reported it to Metamask

hugeblack

legendary

Activity: 2646

Merit: 3911

Quote from: dkbit98 on October 16, 2019, 05:02:11 PM

Watch out for potential Phishing and Scam attempts.

There are a lot of differences that can be noticed such as the logo of the forum at the top of the page, the pumping button, +Merit, userscripts do not work.

Quote

Registrar URL: http://www.key-systems.net
Updated Date: 2019-09-10T15:03:43Z
Creation Date: 2019-09-10T15:03:26Z
Registry Expiry Date: 2020-09-10T15:03:26Z

Not much work has been done on this site, so it may seem like an alternative to Bitcointalk.to

Generally, you should be careful and Re-check the domain.

akamit

hero member

Activity: 1498

Merit: 596

Report phishing sites to Google here > https://safebrowsing.google.com/safebrowsing/report_phish/ and Google will do the rest.

Hopefully, the phishing site will not get indexed and rank to any keyword. Moreover, if any visitor accidentally visits the site then Google may show the red warning saying "Phishing Site".

I have reported it!

DdmrDdmr

legendary

Activity: 2338

Merit: 10802

There are lies, damned lies and statistics. MTwain

Quote from: PrimeNumber7 on October 17, 2019, 02:54:33 AM

<…>

You don’t really need to scrape any data at all to do what the clone site does. I’d say that the cloned site merely inserts Bitcointalk in a frame (or such), and that it’s own sole native development is that of the login screen, used to capture your credential and then redirect you to Bitcointalk. At least, that is the intent when they get it to work properly.

They do not need to scrape a single page. I just compared the clone to the original, refreshed them, compared data, and the content was verbatim (even stats). They do not scrape, but simply mask the content in a frame.

PrimeNumber7

copper member

Activity: 1624

Merit: 1899

Amazon Prime Member #7

There are only a small number of people who are collecting enough data to pull this off.

I have said before that there should be limits as to how much data/many pages a person can access per time unit.

In case the person behind this site is not collecting the data live, but rather is pulling the data on request, it should not be difficult for the administration to compare a random set of page requests via the site referenced in the OP to logs to see the IP address of who is accessing the pages in real time, and take action.

pooya87

legendary

Activity: 3472

Merit: 10611

Quote from: TryNinja on October 16, 2019, 11:02:30 PM

TIP: Add the website to your hosts file to block it and avoid clicking on it by mistake.

there is also a simple remedy that could cover all other possible fake copy-sites which i find very useful and that is the browser's zoom option for those browsers that store the zoom state per domain not for the whole browser (eg. Chrome and Firefox).

for example i have zoomed reddit to 200% so when i visit https://www.reddit.com/r/Bitcoin/ i'll get an easy visual confirmation that i am on a website i have visited before. but if i go somewhere else like https://np.reddit.com/r/Bitcoin/ i'll immediately see a zoomed out (default) size which is a quick indication of different domain.

TryNinja

legendary

Activity: 2758

Merit: 6830

Quote from: logfiles on October 16, 2019, 07:27:33 PM

I think the idea is to get those people who search for related to what is discussed on Bitcointalk through google. They would then be tricked to click on mirror links of threads similar to those on bitcointalk after which they will be prompted to log in onto the phishing website.

That's indeed the case. This already happened multiple times with the Bitcointalk.TO website, which was a third-party random mirror of the forum. I already clicked on it by mistake multiple times. And I'm not the only one.

Quote from: hosseinimr93 on October 16, 2019, 06:59:54 PM

If you click on "Login" button, you navigate to real bitcointalk. But if you open one of the threads and then click on "Login" button you will navigate to the fake "login" page.
Seems that they are still working on their website.

I tried logging in with some random username and password and looks like when you click the "Login" button, the request is sent to the real BitcoinTalk. While this doesn't mean the website isn't stealing our data (at least not stealing through the POST request from the login form), I agree that we sould treat it as a scam.

TIP: Add the website to your hosts file to block it and avoid clicking on it by mistake.

Quote from: LoyceV on January 14, 2018, 10:37:30 AM

I totally fell for the cloned site, until I realized I couldn't see your trust ratings.
I have added this line to /etc/hosts

Code:

127.0.0.1       bitcointalk.to

Now my computer can't access that phishing site anymore.

Just do the above but with bitinfo.cc instead of bitcointalk.to.

Code:

127.0.0.1       bitinfo.cc

Coyster

legendary

Activity: 2058

Merit: 1270

Play Poker on Telegram

Quote from: logfiles on October 16, 2019, 07:27:33 PM

I think the idea is to get those people who search for related to what is discussed on Bitcointalk through google. They would then be tricked to click on mirror links of threads similar to those on bitcointalk after which they will be prompted to log in onto the phishing website.

I think this looks well like a very smart and calculative move, I always try to use the forum's search engine and not google, though sometimes it's not really a straightforward process in searching for what you're looking for.

I thought if probably you're searching for a thread on Google, you'll just be redirected or taken straight to the thread? Does the user need to login there?

logfiles

copper member

Activity: 2114

Merit: 1794

Top Crypto Casino

Quote from: hosseinimr93 on October 16, 2019, 06:59:54 PM

If you click on "Login" button, you navigate to real bitcointalk. But if you open one of the threads and then click on "Login" button you will navigate to the fake "login" page.
Seems that they are still working on their website.

I think the idea is to get those people who search for related to what is discussed on Bitcointalk through google. They would then be tricked to click on mirror links of threads similar to those on bitcointalk after which they will be prompted to log in onto the phishing website.

Chikito

legendary

Activity: 2366

Merit: 2054

https://www.virustotal.com/gui/url/c14a1cc39ed84f106df83648b84a908e20f5ac9aa455224b9b4bdaf5d33627c0/detection

Quote

One engine detected this URL https://bitinfo.cc/

Forcepoint ThreatSeeker - Malicious

Be careful

Topic: Fake Bitcointalk forum Warning (Read 515 times)