Pages:
Author

Topic: http://www.asic-technologies.com/ http://asic-tech.com - page 2. (Read 13270 times)

full member
Activity: 215
Merit: 100
Today there's another ASICMinerSoftSetup.exe file on the same page, now detected by some antiviruses:

https://www.virustotal.com/en/file/754eba41eff62fe2ea01a4e2658ac5d3b131e94f673602400074e4d777076c78/analysis/1387296322/

"Detection ratio:    7 / 49

Antiy-AVL    Trojan/Win32.Agent
DrWeb    Trojan.DownLoader10.64511
Ikarus    AutoIt
Kaspersky    Trojan-PSW.Win32.Fareit.amtz
McAfee    Artemis!20AD9F8C2B83
McAfee-GW-Edition    Artemis!20AD9F8C2B83
TrendMicro-HouseCall    TROJ_GEN.F47V1216"

I was wrong about "lame password stealer" btw, read a few articles about recent trend of AutoIt-based malware, some of which is quite complex:

http://blogs.mcafee.com/mcafee-labs/bitcoin-miners-use-autoit-complied-programs-with-antianalysis-code (stealth bitcoin miner, anti-VMware code)
http://blogs.mcafee.com/mcafee-labs/andromeda-botnet-hides-behind-autoit (botnet)
https://blogs.mcafee.com/mcafee-labs/vertexnet-botnet-hides-behind-autoit (botnet)

Don't run that shit!

upd: And here is the file from minersoftware.com (minersoftware.com/wp-content/uploads/2013/12/BitcoinMinerSoftware.rar):

https://www.virustotal.com/en/file/7451e81453842bc6f894ed5a797efa3431e84faea2443876f9f4c39f0f3c7f3b/analysis/1387374239/

"Detection ratio:    32 / 49" Cheesy
sr. member
Activity: 259
Merit: 250
I guess the demo will only give a fake error  Grin
Tomorrow I want to try it on a virtual machine  Grin
full member
Activity: 215
Merit: 100
What about that 7-day trial? https://asicminersoft.com/free-7-days-trial/
Someone brave enough to try it out?
Ha, I didn't see it. Ok, I downloaded it, unpacked and checked with virustotal.com:

https://www.virustotal.com/en/file/c3719223dd1bb7828d8fed53eae4c52966ca24b5e2e92a0be9105347529eb34a/analysis/1387190265/
(not detected by major antiviruses)

Checked with Anubis (service for analyzing malware):

http://anubis.iseclab.org/?action=result&task_id=1ebfff9f2128627b48946fa20572b58f5&format=html

So according to Anubis ASICMinerSoftSetup.exe is a self-extracting archive, I unpacked it with WinRar:

5 files inside (with hidden and system attributes): ygF.BQI, Jd.fga, yc.ocf, rm.QCO, jIlL.vbs

jIlL.vbs contents:

Code:
CreateObject("WScript.Shell").Exec "JD.FGA yC.OCF"

Jd.fga VirusTotal results:

https://www.virustotal.com/en/file/fb73a819b37523126c7708a1d06f3b8825fa60c926154ab2d511ba668f49dc4b/analysis/1387190674/

Code:
Product AutoIt v3 Script
Original name AutoIt3.exe
File version 3, 3, 8, 1
Comments http://www.autoitscript.com/autoit3/

From comments: "AutoIt macro engine. Clean file by itself, but usually bundled along with malicios macro files when arrives by mail, claiming "shipment information", "invoice", "order" or alike..."

yc.ocf contents (an extract, it's 800kb file):

Code:
;QA
;jqix
;Ip
;RBm
;eKmPZ
;g
;fP
;uvp
;Fml
;gR
;Id
;JN
;VC
;yjj
;OkZN
;T
;iBCdV
;czNK
;QGJCR
;KkmYOC
;MqMIKFeNl

Seems like encrypted AutoIt script or something. If somebody knows how to decrypt/decompile it, pls help.

But I think, it's clear that this is some kind of lame password stealer, I doubt somebody will write "some special CPU and GPU algorithm" in AutoIt script language (lol)!
newbie
Activity: 6
Merit: 0
Hard to say if it's the same scammer. That site has a lot more grammar mistakes.

What about that 7-day trial? https://asicminersoft.com/free-7-days-trial/
Someone brave enough to try it out?
full member
Activity: 215
Merit: 100
Is asicminersoft.com the same scammer? Their claims are too hilarious: "ASIC Miner Software is new developed software bitcoin mining technology. You can turn your computer to ASIC mining with average 100 GH/s mining speed. ASIC software use some special CPU and GPU algorithm to raise maximum capacity of your computer and make bigger mining speed." (screenshot: https://i.imgur.com/SgsOwVg.png)

Warning: the page is suspicious according to virustotal.com:

https://www.virustotal.com/en/url/5df115fd94637a36c51c68b2bb067ce4ed95a7e508abfea7bb70e68eb11ebbc1/analysis/1387046862/

"Detection ratio:    2 / 51
BitDefender    Malware site
Emsisoft    Malware site"

http://quttera.com/detailed_report/asicminersoft.com

"Potentially Suspicious files: 1

/wp-content/themes/mio/js/jquery.carouFredSel-packed.js?ver=6.1.0

Severity:   Potentially Suspicious
Reason:   Detected potentially suspicious content.
Details:   Detected potentially suspicious initialization of function pointer to JavaScript method eval __tmpvar1778231783 = eval;
Threat dump:   View code"

upd: minersoftware.com has almost the same content
newbie
Activity: 38
Merit: 0
Hello,

I spend this nice compay before 2 week´s 2 BTC (~ 1200 €) to buy 20 USB Miners. So far no good´s or Email of course.
Try to grab any information about Asic-Tech. to provide this to the German Police. May it helps a littel bit  Angry

Regards Tron2013   
 
sr. member
Activity: 266
Merit: 250
We have had over 30+ request to lists these guys so we did it, hopefully more users will come out of the wood work and discuss the ASIC schemes.
newbie
Activity: 6
Merit: 0
Alright, so asic-tech.com is offline and asic-technologies.com redirects to asictech.info

asictech.info is registered to a gentleman named Mark Niggerson.

According to http://whois.domaintools.com/asictech.info his email-address [email protected] is associated with one other domain, registered with ENOM INC. (http://reversewhois.domaintools.com/?email=edebdaaedc11e59662fdd65aca241145).

Someone mentioned asic-market.com being the same person as asic-tech.com, and asic-market.com is also registered with ENOM, but with a protected email-address.

domaintools.com only tells us about that second domain in this form: a _ _ _ _ _ _ _ _ _ _ s.com
Both domains were created on Dec, 7th.

By guessing I found asic-markets.com (http://whois.domaintools.com/asic-markets.com) which right now is a fresh wordpress installation without content. But I'm sure it's just a backup domain, in case asic-market.com gets taken down.

His other email-address "[email protected]" is also registered with two domains: http://reversewhois.domaintools.com/?email=e205cc57c802e2fab93aa75b7499df90
asic-tech.com, created Nov. 22nd, and a _ _ _ _ _ _ _ _ _ e.net, created June 21st. Both registered with ENOM again.

According to http://who.is/domain-history/asic-technologies.com his older domain asic-technologies.com was also registered with [email protected] up until yesterday it seems. Now it's privacy protected.

I tried guessing what "a _ _ _ _ _ _ _ _ _ e.net" could be, I suppose it starts with asic, but then what? machine? service? .... then I found it: asic-online.net
http://whois.domaintools.com/asic-online.net

The Domain itself is offline by now (or taken down), but a quick google search got me this: http://www.kde.ps.pl/dsk0/ftp.ietf.org/ietf-mail-archive/krb-wg/2013-06.mail and this: http://oss.sgi.com/cgi-bin/extract-mesg.cgi?a=pcp&m=2013-06&i=c2e6c0d106b4f6438f8858dd593253ac%40asic-technologies.com

Seems like he was sending some spam mails in June.

Then there's this topic from May: https://bitcointalksearch.org/topic/bitcoin-related-spam-update-not-resolved-201024
Again spam, with the following return addresses:
[email protected]
[email protected]
[email protected]

A quick check for those domains shows, that they are again registered to Scott Davie from Edinburgh.

But that's it, couldn't find more.

So in the end I got nothing much, sorry. Maybe it helps nonetheless.

full member
Activity: 172
Merit: 100
Hi all,

1st of all, AFRICA IS A CONTINENT. Try to at least speak like y'all got a western education.

These assholes took me for 7.4 BTC a couple of months ago. I assume most of you other victims got the email yesterday talking about refunds? I mailed [email protected] and some guy answered back saying that Asic-Tech is 'blackmailing' him by forwarding their unsatisfied customers to them.

Now I don't know what the hell 'blackmailing' means, but it sure as hell sounds suspect to me. Has anyone managed to find more details on the owner of the site? Whois gives:


Registrar History: 1 registrar NS History: 1 change    on 2 unique name servers    over 0 year. IP History: 1    change on 2 unique IP addresses over 0 years. Whois History: 26 records have been archived since 2013-05-13 . Reverse IP: 1,681 other sites hosted on this server. Join DomainTools to start monitoring this domain name Preview the complete Domain Report for asic-technologies.com

Domain Name: ASIC-TECHNOLOGIES.COM
Registry Domain ID:
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2013-11-29 00:53:23
Creation Date: 2013-05-13 01:02:46
Registrar Registration Expiration Date: 2014-05-13 01:02:46
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller: Fasthosts Internet Limited
Reseller:
Reseller: +44.8445830777
Reseller: http://www.Fasthosts.co.uk
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registry Registrant ID:
Registrant Name: Contact Privacy Inc. Customer 0134664681
Registrant Organization: Contact Privacy Inc. Customer 0134664681
Registrant Street: 96 Mowat Ave
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M6K 3M1
Registrant Country: CA
Registrant Phone: +1.4165385457
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Registry Admin ID:
Admin Name: Contact Privacy Inc. Customer 0134664681
Admin Organization: Contact Privacy Inc. Customer 0134664681
Admin Street: 96 Mowat Ave
Admin City: Toronto
Admin State/Province: ON
Admin Postal Code: M6K 3M1
Admin Country: CA
Admin Phone: +1.4165385457
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Registry Tech ID:
Tech Name: Contact Privacy Inc. Customer 0134664681
Tech Organization: Contact Privacy Inc. Customer 0134664681
Tech Street: 96 Mowat Ave
Tech City: Toronto
Tech State/Province: ON
Tech Postal Code: M6K 3M1
Tech Country: CA
Tech Phone: +1.4165385457
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:
Name Server: NS2.LIVEDNS.CO.UK
Name Server: NS3.LIVEDNS.CO.UK
Name Server: NS1.LIVEDNS.CO.UK
DNSSEC:
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

Registration Service Provider:
    Fasthosts Internet Limited,
    +44.8445830777
    +44.8708883760 (fax)
    http://www.Fasthosts.co.uk
    http://facebook.com/fasthostsinternet

Phone number is dead or just a long ringer. Has anyone managed to pinpoint where their server is being accessed from? I think with the combined evidence of posts on bitcointalk about this company (and boy there a quite a number of threads on Asic-tech) we can take this guy down if he's found. If I can get an address, I can send somebody there to check it out. There have been nothing but naysayers and pessimists every-time I bring the subject up of tracking this motherfucker down but I think the more he scams the more tracks he's leaving behind.


No one ever said Africa wasn't a continent, actually my comments about Africa, which can be referred to as such, as it is a single continent with a single name, were about how big and vast it is and how there are so many differing areas of governance and also none at all, that it would be next to impossible to find him if he was in Africa, anywhere in Africa. Especially if all you knew was "Africa" as being the most information you have to go on. I know its off topic but your simple quick comments that you probably weren't thinking about were misguided, misinformed, and baseless. Unfortunately people who think along these lines usually do fall for scams rather easily, as they don't read the whole of the situation and make educated decisions. My advice would be read things in full before you comment or buy.
sr. member
Activity: 266
Merit: 250
100% garbage!  ASIC and everything related to mining has a 90% scam success rate.
full member
Activity: 140
Merit: 100
BTC in Namibia
So this guy just sent me three emails filled with 'Nigger' Facebook memes. This guy is DEFINITELY a suburban white boy, my money is on Canada. There is no way you will have that kind of cultural influence coming from some African backwater country.

Wow five now! The images provide valuable clues, they're rascist as hell but I'll repost the emails in original if it could help anyone track this puta....or make fun of me, whatever. I just want to catch this thug.

Edit:

Did a trace on the email it originates from 62.205.82.51

IP2location gives:

Sender



IP Address   62.205.82.51
Location    BELGIUM, OOST-VLAANDEREN, SINT-NIKLAAS
Latitude, Longitude   51.16509, 4.1437 (51°9'54"E   4°8'37"N)
Connection through   TELENET N.V. HOTSPOT
Local Time   05 Dec, 2013 08:25 PM (UTC +01:00)
Net Speed   DSL
Area Code   03
IDD Code   32
ZIP Code   9112
Weather Station   SINT-NIKLAAS (BEXX0019)
Mobile Country Code (MCC)   -
Mobile Network Code (MNC)   -
Carrier Name   -
 
Carrier


IP Address   74.125.82.169
Location    UNITED STATES, CALIFORNIA, MOUNTAIN VIEW
Latitude, Longitude   37.405992, -122.078515 (37°24'22"W   -122°4'43"N)
Connection through   GOOGLE INC.
Local Time   06 Dec, 2013 03:25 AM (UTC -08:00)
Net Speed   COMP
Area Code   650
IDD Code   1
ZIP Code   94043
Weather Station   MOUNTAIN VIEW (USCA0746)
Mobile Country Code (MCC)   -
Mobile Network Code (MNC)   -
Carrier Name   -
 


You
You
full member
Activity: 140
Merit: 100
BTC in Namibia
Asic Market and ASIC Technologies are the same cunts. Why the hell there isn't a fucking large sticky on the forum root about these assholes is beyond me. Excuse my profanity but the nonchalant way these guys respond to emails and are STILL bagging victims ,on the daily, really busts my chops.

I also think these guys are regularly monitoring the forum to see if anyone is making any headway in finding them.
full member
Activity: 140
Merit: 100
BTC in Namibia
Hi all,

1st of all, AFRICA IS A CONTINENT. Try to at least speak like y'all got a western education.

These assholes took me for 7.4 BTC a couple of months ago. I assume most of you other victims got the email yesterday talking about refunds? I mailed [email protected] and some guy answered back saying that Asic-Tech is 'blackmailing' him by forwarding their unsatisfied customers to them.

Now I don't know what the hell 'blackmailing' means, but it sure as hell sounds suspect to me. Has anyone managed to find more details on the owner of the site? Whois gives:


Registrar History: 1 registrar NS History: 1 change    on 2 unique name servers    over 0 year. IP History: 1    change on 2 unique IP addresses over 0 years. Whois History: 26 records have been archived since 2013-05-13 . Reverse IP: 1,681 other sites hosted on this server. Join DomainTools to start monitoring this domain name Preview the complete Domain Report for asic-technologies.com

Domain Name: ASIC-TECHNOLOGIES.COM
Registry Domain ID:
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2013-11-29 00:53:23
Creation Date: 2013-05-13 01:02:46
Registrar Registration Expiration Date: 2014-05-13 01:02:46
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller: Fasthosts Internet Limited
Reseller:
Reseller: +44.8445830777
Reseller: http://www.Fasthosts.co.uk
Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited
Registry Registrant ID:
Registrant Name: Contact Privacy Inc. Customer 0134664681
Registrant Organization: Contact Privacy Inc. Customer 0134664681
Registrant Street: 96 Mowat Ave
Registrant City: Toronto
Registrant State/Province: ON
Registrant Postal Code: M6K 3M1
Registrant Country: CA
Registrant Phone: +1.4165385457
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Registry Admin ID:
Admin Name: Contact Privacy Inc. Customer 0134664681
Admin Organization: Contact Privacy Inc. Customer 0134664681
Admin Street: 96 Mowat Ave
Admin City: Toronto
Admin State/Province: ON
Admin Postal Code: M6K 3M1
Admin Country: CA
Admin Phone: +1.4165385457
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Registry Tech ID:
Tech Name: Contact Privacy Inc. Customer 0134664681
Tech Organization: Contact Privacy Inc. Customer 0134664681
Tech Street: 96 Mowat Ave
Tech City: Toronto
Tech State/Province: ON
Tech Postal Code: M6K 3M1
Tech Country: CA
Tech Phone: +1.4165385457
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:
Name Server: NS2.LIVEDNS.CO.UK
Name Server: NS3.LIVEDNS.CO.UK
Name Server: NS1.LIVEDNS.CO.UK
DNSSEC:
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

Registration Service Provider:
    Fasthosts Internet Limited,
    +44.8445830777
    +44.8708883760 (fax)
    http://www.Fasthosts.co.uk
    http://facebook.com/fasthostsinternet

Phone number is dead or just a long ringer. Has anyone managed to pinpoint where their server is being accessed from? I think with the combined evidence of posts on bitcointalk about this company (and boy there a quite a number of threads on Asic-tech) we can take this guy down if he's found. If I can get an address, I can send somebody there to check it out. There have been nothing but naysayers and pessimists every-time I bring the subject up of tracking this motherfucker down but I think the more he scams the more tracks he's leaving behind.
member
Activity: 112
Merit: 10
I got an email today from asic-technologies.

(we are now refunding people for non delivery

To apply for a refund , please contact

[email protected])

so I did what they said I gave them my date of purchase and price paid witch was 1btc for 10 miners
here is the reply I got from a Benjamin ashwood

(Hello,

Unfortunately we are not in any way related to the asic-technologies scam.

Please do not fall for a scammer blackmailing us.

Kind regards,
Benjamin)

I like the way he says it is unfortunate that he is not involved in this scam


DONATIONS 1EP2ALBd1gaPhXy3gx3NbQ8zUindRmXuA8

I got the same return!

But, in ASIC-MARKET, the "about" and "faq" pages are just COPY-PASTE of the same in ASIC-TECH and ASIC-TECHNOLOGIES.
newbie
Activity: 14
Merit: 0
I got an email today from asic-technologies.

(we are now refunding people for non delivery

To apply for a refund , please contact

[email protected])

so I did what they said I gave them my date of purchase and price paid witch was 1btc for 10 miners
here is the reply I got from a Benjamin ashwood

(Hello,

Unfortunately we are not in any way related to the asic-technologies scam.

Please do not fall for a scammer blackmailing us.

Kind regards,
Benjamin)

I like the way he says it is unfortunate that he is not involved in this scam


DONATIONS 1EP2ALBd1gaPhXy3gx3NbQ8zUindRmXuA8
member
Activity: 112
Merit: 10
BEWARE!!

they change the URL to www.asic-tech.com

also, beware the same scammer owns https://asic-market.com
sr. member
Activity: 266
Merit: 250
LOl all these mining rig companies 90% scams selling low end substitution to force belief in high end rigs. If this plot gets any thicker it would be ASIC coming out and literally say "WE AGREE WITH YOU GUYS WE ARE SCAMMERS"
full member
Activity: 172
Merit: 100
damn, i was going to buy some blades. forget that. Anyone have a reputable vendor for blades now?

Wtcr.ca is an official asicminer store for canada.

Blades are really not worth spending the bitcoin right now though. They don't make more than they will cost in coin.
full member
Activity: 239
Merit: 100
damn, i was going to buy some blades. forget that. Anyone have a reputable vendor for blades now?
full member
Activity: 172
Merit: 100
Notice his comment about Africa. I would assume he is pulling this scam from so place in Africa and isn't worried about stealing bitcoin, as it isn't "legal currency"

I don't know about you, but if somebody who scammed me told me he lives in Africa, I'd expect him to be everywhere but there.

Africa is big enough and unregulated enough to pull scams right out in the open, do you really think if I said "I live in Africa- come find me!" that you would actually be able to do that? Even with a law enforcement agency helping you out it would be MORE than difficult unless I was a very well known individual who stays in one spot all the time, and I pay taxes, and have a job, and went to school and have I live in somewhat affluent area.. I would assume someone pulling this scam can be moving all around Africa pretty freely with those kind of money reserves.

I have family who have been in Africa for years.

Pages:
Jump to:
© 2020, Bitcointalksearch.org