Topic: PaulieGolding Sorry, not the guy (Read 1959 times)

Move this thread in scam accusations board...
here seems to be just a bit off topic... without specific name of a malware we can't understand how protect a laptop...

Me and OP have exchanged a couple of emails and are trying to smooth this out, while also trying to get the actual attacker, I think there will be an update from OP later on

So we come to the conclusion ,you must be having information about the developer.He seems more like your friend,out of all the places on the internet,he choose to host files on your server.I'm totally aware of RAT's and how they work.If he actually hosted on your server that's a smart move.You can help OP  by providing all the information about the developer.
@OP : Format your Computer before he empties other stuff and takes access of your personal data.

Wow.Interesting case.

Never put all eggs in one basket OP.

I`ll never put 10000 USD of crypto currency into a single wallet.

Good luck with finding the real scammer.

So I have spent half my day now trying to catch up all these posts I've resorted to just copy pasting a response. i have my deepest sympathy for this guy and I'm trying to help out the best i can. my response is as follows:

So this was an interesting morning checking my mails to find all of this. I'd read just about as much as I could find on the matter and would like everyone to take a second to read this.

I'm not the guy, this is a case of a little misunderstood information leading everyone in the wrong direction.

The user has been infected with a Remote Admin Tool, a legal bit of software that has been used for malicious purposes so the attacker has been able to access the crypto funds.

The person who analysed the malware has seen a call to one of my domains, this is correct I was hosting some files for the developer of the remote admin tool (see more below). This has been incorrectly described as the "attack server" Today I have removed those files in order to slow down the attacker, though all he needs to to is upload a copy somewhere else. The files themselves are pertain to password recovery and are again totally legal.

The person who analysed the malware has seen a call to bnaf12[dot]no-ip[dot]biz This is the control server of the attacker. He is using a dynamic DNS service so he can change the location of his control server quickly. The last update to that domain points to an IP in Palestine.
OP mentions is places he has seen me "bragging" about the hack. This is not true and again misunderstood information. I have a keen interest in network security and a part of my job is ensuring servers a secure. Following the rule of keep your enemies closer I crafted a few identities that hang around the blackhat world in order to keep my finger on the pulse. The "bragging" in question is all smoke used to gain trust in these communities, I'll also mention that none of my identities concern themselves with financial fraud and there is no "bragging" anywhere close that subject matter. Simply a few posts claiming my user has "got a load of installs"

Some of you may wonder why I was hosting the files in the first place, this is simple. The developer was looking for a place to host them and asked if I would do it. I saw this as a great way to get an insight in how popular the tool was and collect some usage data. No information from an infected machine would be sent to me this all goes to the control server configured by the admin using the tool (or the attacker when used for malicious purposes)

The OP has contacted me via email and as of now I am awaiting his reply. I've offered to help him in any way I can to get his funds recovered.

[email protected]

So I searched here.

http://w3bin.com/domain/paulie.rocks

Edit to add:

IP: 52.49.13.68

Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset.
1/67 2016-05-14 18:36:58 http://paulie.rocks/

https://www.virustotal.com/en/ip-address/52.49.13.68/information/

So what happens now ? From the previous posts, I can make out you have more than enough information to base your accusation in the court with relevant details [except for the theft].

No problem. I hope you get your property back!

Hi Cloptrix,  are you the scammer?

I don't understand why the guy wouldn't just sell the coins over at localbitcoins, that's what I would personally do if I were this hacker since they are probably pretty tainted now... so you might want to check over there?

Plus, do you really think the police (especially in the US) is going to do anything to get you back those bitcoins?  I'd be surprised if your local police even know what Bitcoins are, rather than them actually know how to go about a process of identifying and retrieving the Bitcoins for you.

The thief will probably want to sell the coins off the exchanges and to a private buyer. And what if a mixer is used? Can the police still track the original funds if the money is run through a mixer? I mean the guy will want to stay low under the radar. Please keep us updated while the story is unfolding and I wish you luck in recovering your money.

To OP:
Are you by any chance from Romania because on the screenshot rdsnet.ro must be your Internet Service Provider? If bnaf12.no-ip.biz is the attacker's destination whose is the Romanian one?

I've found another profile that claims she/he lives in Spain. That's what she/he put there at least

https://bazaarbay.org/b26788279ce73de5b53de7a32c4b74114c932e81

edit:
and here she/he is asking for "Help Remove DDOS protection from BritainFirst.org":  http://pastebin.com/ZUxmAes8

edit2: ok so Paulie Golding is a fake handle in reference to "Paul Golding"
http://www.ibtimes.co.uk/britain-first-leader-paul-golding-run-london-mayor-wants-hang-opponents-1521415


Her/him behind this will hopefully in jail shortly. Bitcointalk community will help enforce this.


@OP: Give this info to the police - - - the FBI will retrieve the real information behind the domainsbyproxy whois protection. I've seen this happening before. The guy will be caught. If you are reading this, scammer, enjoy the heartbeat.

Found something interesting from his Bitcointalk profile :


I'm working on getting his images and other contact info.To my short search I suspect maybe he is from United Kingdom.

you could have just explained it in one line

I was about to ask the same but found the answer here: https://www.reddit.com/r/btc/comments/4jkdhy/i_found_some_information_about_the_guy_who_stole/

@OP: I really hope you get your money back!

How did u link him too it

wow man thats a lot of money :/ i hope u get it back.

Dude, this place and almost all other Bitcoin related sites share the same users on different platforms... You cannot just single out Bitcointalk users, because these users just use other profiles on

other platforms, but they are still the same scammers. The good thing is, that you warned other people about this person and I would also place something under this thread to make it easier for

people to discuss this : https://bitcointalk.org/index.php?board=83.0 {Just follow the bread crumbs and it will lead you back to the source} Even if you have to pay someone to do it for you. 

i'm feel sorry about your story,its hurt and sad story. but its good for us to know people around us can scamming without any corious. but so far we dont find any reliable solution to chase this scammer,the only one to make this not happen is prevent from scammer by set our wallet security with high level security.

Remember that it is easy for these users to set up alternative accounts on bitcointalk under a different name and sell the coins. You need to alert all the exchanges with the addresses you think the coins have been sent to - if the thief sells them over-the-counter, and the buyer then tries to sell on an exchange, the exchange should be able to freeze them just by tracking the movement in the blockchain.

Good luck with retrieving them.