Topic: Found new(?) Miner, need help! [Mod note: malware] (Read 7946 times)
lol, i agree, who posts login details on a public forum; much less one that is valid across multiple accounts.
What a bastard, somebody makes some wakeup calls at 3-4-5am to his fuking cellphone.
---
Drecks Naziarsch, verpiss zurück in deinen Hurrenmutterarsch wo du raus gekrochen bist.
Quote
[owner-c] phone: +49-162-2615486
---
Drecks Naziarsch, verpiss zurück in deinen Hurrenmutterarsch wo du raus gekrochen bist.
traceroute wotan.cc
traceroute to wotan.cc (188.40.20.130), 30 hops max, 40 byte packets
1 *************************
*
*
4 nix-gw.hetzner.de (195.85.217.16) 0.800 ms 0.845 ms 0.834 ms
5 hos-bb2.juniper2.rz10.hetzner.de (213.239.240.141) 3.034 ms hos-bb2.juniper1.fs.hetzner.de (213.239.240.146) 2.934 ms 2.956 ms
6 hos-tr1.ex3k13.rz10.hetzner.de (213.239.227.142) 3.825 ms hos-tr3.ex3k13.rz10.hetzner.de (213.239.227.206) 5.808 ms 5.697 ms
7 server13.fasthp.de (188.40.139.
3.045 ms 3.025 ms 3.061 ms
8 static.130.20.40.188.clients.your-server.de (188.40.20.130) 2.970 ms 3.060 ms 3.026 ms
Sebastian have his vserver or dedi hostet @ www.hetzner.de
Sebastian hopefully ur change our root password i think alot of ppl know this here:
# ssh -l root 188.xxxxxxxxxxxx
Science
traceroute to wotan.cc (188.40.20.130), 30 hops max, 40 byte packets
1 *************************
*
*
4 nix-gw.hetzner.de (195.85.217.16) 0.800 ms 0.845 ms 0.834 ms
5 hos-bb2.juniper2.rz10.hetzner.de (213.239.240.141) 3.034 ms hos-bb2.juniper1.fs.hetzner.de (213.239.240.146) 2.934 ms 2.956 ms
6 hos-tr1.ex3k13.rz10.hetzner.de (213.239.227.142) 3.825 ms hos-tr3.ex3k13.rz10.hetzner.de (213.239.227.206) 5.808 ms 5.697 ms
7 server13.fasthp.de (188.40.139.
3.045 ms 3.025 ms 3.061 ms8 static.130.20.40.188.clients.your-server.de (188.40.20.130) 2.970 ms 3.060 ms 3.026 ms
Sebastian have his vserver or dedi hostet @ www.hetzner.de
Sebastian hopefully ur change our root password i think alot of ppl know this here:
# ssh -l root 188.xxxxxxxxxxxx
Science
And his contact website is "wotan.cc" a very popular concept with the whitepower crowd. I think we done found a nazi hiding here.
His ineptitude rather brings the image of a failed nazi eugenic experiment to mind He seems to have some tough moments before him,
You'd believe even the dumbest of retards would change his damned password (ein Volk, ein Reich, ein Passwort) having been burned once already.
Sonderbehandlung highly recommended.
Yeah, among other things its short for "will of the aryan nation"
http://en.wikipedia.org/wiki/Wotanism
http://en.wikipedia.org/wiki/Wotanism
And his contact website is "wotan.cc" a very popular concept with the whitepower crowd. I think we done found a nazi hiding here.
Now he is trying to sell FGPA mining shares ;-)
[owner-c] fname: Sebastian
[owner-c] lname: Petters
[owner-c] org:
[owner-c] address: Karl-Keil-Strasse 42
[owner-c] city: Zwickau
[owner-c] pcode: 08060
[owner-c] country: DE
[owner-c] state: DE
[owner-c] phone: +49-162-2615486
[owner-c] email: [email protected]
http://de-de.facebook.com/people/Sebastian-Petters/100001541876950 here he also had wh1t3p0w3r as psw
[owner-c] fname: Sebastian
[owner-c] lname: Petters
[owner-c] org:
[owner-c] address: Karl-Keil-Strasse 42
[owner-c] city: Zwickau
[owner-c] pcode: 08060
[owner-c] country: DE
[owner-c] state: DE
[owner-c] phone: +49-162-2615486
[owner-c] email: [email protected]
http://de-de.facebook.com/people/Sebastian-Petters/100001541876950 here he also had wh1t3p0w3r as psw
Haha, I don't actually laugh out loud a lot using my computer, but this thread is epic! Thanks guys.
This thread went up in quality pretty fast. Incredible job, dani.
How come you nerdy people didn't notice this when questioning if "Montico" really is "account-stolen"?
Quote from: Montico
... Linux-version
... Windows-Version
... "Memory exception"-Error
... Windows-Version
... "Memory exception"-Error
Quote from: account-stolen
... PayPal-Account
... gmail-Account
... gmail-Account
Nice! Good find
How come you nerdy people didn't notice this when questioning if "Montico" really is "account-stolen"?
Quote from: Montico
... Linux-version
... Windows-Version
... "Memory exception"-Error
... Windows-Version
... "Memory exception"-Error
Quote from: account-stolen
... PayPal-Account
... gmail-Account
... gmail-Account
Quote
Montico == account-stolen
Thanks!
I can no longer login to his paypal, so I believe it is now safe to disclose his password and how I guessed it: After server run his program he posted something (maybe an error messages) which contained a login name and password for his ftp: btc:btcwh1t3p0w3r. And these also worked for ssh. I tried logging in as root with that password, and it didn't work. So I omitted the 'btc' part and tried just 'wh1t3p0w3r' which did work.
Oh, and his e-mail address contains his name, so we have that too. (I'm not making that public, but theymos can probably see it if needed.)
good work man!!! you have brought justice and stopped his wallet stealing
Seems like its not only a drop dead stupid script kiddie trying to steal wallets, but possibly a neo nazi too.
The thought he may have lost his paypal account makes me want to cry.
Not.
The thought he may have lost his paypal account makes me want to cry.
Not.
Quote
Montico == account-stolen
Thanks!
I can no longer login to his paypal, so I believe it is now safe to disclose his password and how I guessed it: After server run his program he posted something (maybe an error messages) which contained a login name and password for his ftp: btc:btcwh1t3p0w3r. And these also worked for ssh. I tried logging in as root with that password, and it didn't work. So I omitted the 'btc' part and tried just 'wh1t3p0w3r' which did work.
Oh, and his e-mail address contains his name, so we have that too. (I'm not making that public, but theymos can probably see it if needed.)
He was stupid enough to create that account from the same IP?
LOL. I nominate him for most stupid hacked of the year award
LOL. I nominate him for most stupid hacked of the year award
Could an administrator or moderator look at the IP addresses of Montico and account-stolen? I am interested whether they are different...
Montico == account-stolen
Dear mother of God. Remind me not to mess with you people.
Unfortunately he changed his password before I could start downloading everything he had... Anyway, at least his site it down now (he took it down, not I).
If it's any consolation, if you were able to guess the SSH password, the box was owned a few seconds after it connected to the internet. You did the world a great service to have it get taken down.
I'll pass on the IP check request.
EDIT: That idiot has ssh on the box, and I managed to guess the root password (it wasn't hard). What do you think I should do? 
getting some personal information would be nice , but i dont think he is that stupid is he?Unfortunately he changed his password before I could start downloading everything he had... Anyway, at least his site it down now (he took it down, not I).
I'll pass on the IP check request.
Could an administrator or moderator look at the IP addresses of Montico and account-stolen? I am interested whether they are different...
(My IP is 94.248.129.19, I have logged into Montico with this, I hope this didn't screw up anything.)
EDIT:I'm reporting this message to a moderator, hoping that it will get answered more quickly. The forum software doesn't allow me to do that.
(My IP is 94.248.129.19, I have logged into Montico with this, I hope this didn't screw up anything.)
EDIT:
The following report was just made.
Poster has asked for moderation effort on this thread, but is unable to self-report. This is a proxy report only. Thank you.
Could an administrator or moderator look at the IP addresses of Montico and account-stolen? I am interested whether they are different...
(My IP is 94.248.129.19, I have logged into Montico with this, I hope this didn't screw up anything.)
EDIT:I'm reporting this message to a moderator, hoping that it will get answered more quickly. The forum software doesn't allow me to do that.
(My IP is 94.248.129.19, I have logged into Montico with this, I hope this didn't screw up anything.)
EDIT:
Jump to: