Pages:
Author

Topic: Scam Alert : TimeToBit/timetobit.com Scammed 3.38 BTC (Read 15926 times)

full member
Activity: 925
Merit: 100
Any news on this? It seems the BTC address isn't in use anymore?

As it seems to be connected to the LTCGear (hack) also...

Here's another one (100 BTC):
https://bitcointalk.org/index.php?topic=791367.0;all
hero member
Activity: 700
Merit: 500
Daily Bitcoins for your Paypal/Skrill
Not sure how it is all connected but that addy.... 1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL   is involved in this mornings localbitcoins theft

What is happening is someone owns locolbiticoins.co m <------------ don't go there

But it is the first link on google.  If you log in from there, someone is watching so they immediately see your user name, password and your 2FA so they immediately sign in on the real site and robbing the entire lbc wallet then the coins are going to 1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

Any info would be very helpful.
legendary
Activity: 2212
Merit: 1038
Here we can see the scammers at Black Arrow posting in a thread about adding a time-lock feature to the Bitcoin protocol. In it they claim their BTC was stolen and sent to the following address:

Look at the size of this operation of stolen bitcoins:

https://blockchain.info/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

Yesterday there were 175k. Today 182k.

I guess this is the reason why bitcoin falls in price these days.

What makes you say that these coins are stolen?

We've chased our stolen coins here.

We suspect this is just an excuse to embezzle our money and that the convicted Romanian internet fraud artist Alexandru Ion Sovu (CEO of BA and the clown behind the BCT user blackarrow) is still in control of our BTC and the 1fsVc address.

If it's the case that 1fsVc doesn't belong to Alex then karma's a bitch motherfucker.

Some Blockchain research on the scam:

I think most of the BTC is now here (last transaction just 2 hours ago, so he's busy moving the money  Angry):
https://blockchain.info/nl/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

It was previously on:
https://blockchain.info/nl/address/1JvAoBTTgF36Xj7gJkpfcNHsBA8tMSyfHb

This transaction for example, has five btc 0.47704704 payments, which was the price for the 150GH/s server that day.
https://blockchain.info/nl/tx/023f860b63e21e839cbd02bfefea238650df1e18e73abc68153c72bdaf6faa83

An interesting graph of the received payments:
https://blockchain.info/nl/charts/received-per-day?timespan=60days&showDataPoints=false&daysAverageString=1&show_header=true&scale=0&address=1JvAoBTTgF36Xj7gJkpfcNHsBA8tMSyfHb
newbie
Activity: 55
Merit: 0
the question is how did someone even give 3.38 bitcoin.. to this site..
newbie
Activity: 1
Merit: 0
Some Blockchain research on the scam:

I think most of the BTC is now here (last transaction just 2 hours ago, so he's busy moving the money  Angry):
https://blockchain.info/nl/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

It was previously on:
https://blockchain.info/nl/address/1JvAoBTTgF36Xj7gJkpfcNHsBA8tMSyfHb

This transaction for example, has five btc 0.47704704 payments, which was the price for the 150GH/s server that day.
https://blockchain.info/nl/tx/023f860b63e21e839cbd02bfefea238650df1e18e73abc68153c72bdaf6faa83

An interesting graph of the received payments:
https://blockchain.info/nl/charts/received-per-day?timespan=60days&showDataPoints=false&daysAverageString=1&show_header=true&scale=0&address=1JvAoBTTgF36Xj7gJkpfcNHsBA8tMSyfHb



What is this address where it ended up 1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL?

I lost 748.75 bitcoins on the 23rd of September 2014, most of which ended up at 1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL. I'm very interested to know who controls it. I suspect the hack resulted from the bash bug. Attack vectors could be from using the public wifi of Puri Dewa Bharata Hotel & Villas in Legian, Bali, Indonesia or an employee at Blizzard slipping in code into the update, as coins were moved very shortly after updating StarCraft II.

My set up was Bitcoin-QT unencrypted on Mac OS X 10.9.4.

https://blockchain.info/tx/7c67634b40d85ae08a6300a0f8613455d5d687772f9b982a11597418d805dd3d

Yes, I probably should have used cold storage or multi-sig. Facepalm. Sad

Recently my 1.05 BTC were stolen in BITTREX.

The end address of the wallet that were sent BTC (1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL)

Recalling that this happened after I use the BOT Quatloo trader.

I remember not I enabled the API KEY to make withdrawals and still managed to break into my account to sell all the coins and had to withdraw my BTC.

Sorry my english.
full member
Activity: 182
Merit: 100
can everyone interested about some news about this address contact me via pm here? will send some new info
full member
Activity: 178
Merit: 100
Some Blockchain research on the scam:

I think most of the BTC is now here (last transaction just 2 hours ago, so he's busy moving the money  Angry):
https://blockchain.info/nl/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

It was previously on:
https://blockchain.info/nl/address/1JvAoBTTgF36Xj7gJkpfcNHsBA8tMSyfHb

This transaction for example, has five btc 0.47704704 payments, which was the price for the 150GH/s server that day.
https://blockchain.info/nl/tx/023f860b63e21e839cbd02bfefea238650df1e18e73abc68153c72bdaf6faa83

An interesting graph of the received payments:
https://blockchain.info/nl/charts/received-per-day?timespan=60days&showDataPoints=false&daysAverageString=1&show_header=true&scale=0&address=1JvAoBTTgF36Xj7gJkpfcNHsBA8tMSyfHb



What is this address where it ended up 1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL?

I lost 748.75 bitcoins on the 23rd of September 2014, most of which ended up at 1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL. I'm very interested to know who controls it. I suspect the hack resulted from the bash bug. Attack vectors could be from using the public wifi of Puri Dewa Bharata Hotel & Villas in Legian, Bali, Indonesia or an employee at Blizzard slipping in code into the update, as coins were moved very shortly after updating StarCraft II.

My set up was Bitcoin-QT unencrypted on Mac OS X 10.9.4.

https://blockchain.info/tx/7c67634b40d85ae08a6300a0f8613455d5d687772f9b982a11597418d805dd3d

Yes, I probably should have used cold storage or multi-sig. Facepalm. Sad
legendary
Activity: 1498
Merit: 1000
Some Blockchain research on the scam:

I think most of the BTC is now here (last transaction just 2 hours ago, so he's busy moving the money  Angry):
https://blockchain.info/nl/address/1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL

It was previously on:
https://blockchain.info/nl/address/1JvAoBTTgF36Xj7gJkpfcNHsBA8tMSyfHb

This transaction for example, has five btc 0.47704704 payments, which was the price for the 150GH/s server that day.
https://blockchain.info/nl/tx/023f860b63e21e839cbd02bfefea238650df1e18e73abc68153c72bdaf6faa83

An interesting graph of the received payments:
https://blockchain.info/nl/charts/received-per-day?timespan=60days&showDataPoints=false&daysAverageString=1&show_header=true&scale=0&address=1JvAoBTTgF36Xj7gJkpfcNHsBA8tMSyfHb



What is this address where it ended up 1FsVcdeHbpvUVT3gjeuVR2ZSDnpcsJMsLL?
newbie
Activity: 17
Merit: 0
Not a lead, just a curiosity, from the spidering results I found the pending reviews (https://www.timetobit.com/starreviews/34eayghzrtdj56rtjsh/). Apparently the review system approval mechanism was unprotected. There are 157 pending reviews, all of which state the site is a scam. They seem to have be spammed since there is a lot of repetition on the review text and they were all done on the same day. Follows some examples:

- Leave immediately, and do not get scammed like I did.  No one answers support, no payout
- Do not throw your bitcoins down the drain of TimeToBit.  Once payment is received, they stop responding, and there are no payouts
- I made a terrible mistake joining TimeToBit, one of the biggest bitcoin scam ever.  Please do not lose your money too.  No payouts, no support
- (...)

Screenshot of the webpage http://i.cubeupload.com/m2AfU0.png

EDIT: Google Cache cached the page with some of the "it's a scam" reviews http://webcache.googleusercontent.com/search?q=cache%3Awww.timetobit.com&btnG=

Well, I can clear this up right now: All those reviews were posted by me, the same day I posted the scam alert, here on this forum. 

After getting no replies from the site support, and happening to note reviews are getting posted to the home page unfiltered, I posted these using random first name-last name-email combinations, and a set of around 6 reviews, just to see if they would react..
newbie
Activity: 5
Merit: 0
If there's a link with India, please check on the following:

Anstele.com, registred by Prashant Powle, Mumbai India, +91.919322607034, [email protected]

This was hosted on the same server as TimeToBit:
192.64.118.151    -> server1.timetobit.com (ns1.timetobit.com)   
newbie
Activity: 6
Merit: 0
Not a lead, just a curiosity, from the spidering results I found the pending reviews (https://www.timetobit.com/starreviews/34eayghzrtdj56rtjsh/). Apparently the review system approval mechanism was unprotected. There are 157 pending reviews, all of which state the site is a scam. They seem to have be spammed since there is a lot of repetition on the review text and they were all done on the same day. Follows some examples:

- Leave immediately, and do not get scammed like I did.  No one answers support, no payout
- Do not throw your bitcoins down the drain of TimeToBit.  Once payment is received, they stop responding, and there are no payouts
- I made a terrible mistake joining TimeToBit, one of the biggest bitcoin scam ever.  Please do not lose your money too.  No payouts, no support
- (...)

Screenshot of the webpage http://i.cubeupload.com/m2AfU0.png

EDIT: Google Cache cached the page with some of the "it's a scam" reviews http://webcache.googleusercontent.com/search?q=cache%3Awww.timetobit.com&btnG=
legendary
Activity: 1960
Merit: 1010
Perhaps be carefull with what you download here. (not saying it's bad, i've no idea)

About the site, it's likely build by a freelancer since there are a lot of jobposts mentioning this:
Build a website similar to the following: Cloudhashing.com timetobit.com bitvestllc.com use weebly to build the site setup SEO etc.

https://www.google.nl/webhp?sourceid=chrome-instant&rlz=1C1DVCB_enNL430NL539&ion=1&espv=2&ie=UTF-8#q=Build+a+website+similar+to+the+following%3A+Cloudhashing.com+timetobit.com+bitvestllc.com+use+weebly+to+build+the+site+setup+SEO+etc.
newbie
Activity: 6
Merit: 0
No, as per http://www.iana.org/assignments/registrar-ids/registrar-ids.xhtml

I have also been following a lead. I have made a local copy of the website (right before the site went down). The live chat functionality used in TimeToBit seems to be custom made because there isn't any copyright on it (javascripts, stylesheets, etc.) and there is a very limited set of sites using it (read, indexed by Google). I'm trying to find out who has developed the other sites and see if there is any match from what we already know.

The site archive can be downloaded here, http://www49.zippyshare.com/v/13484773/file.html You will need Burpsuite to open the file (http://portswigger.net/burp/download.html < free version will suffice). In Burpsuite, click "File" > "Restore State".

I was wrong, the chat functionality isn't custom made.
full member
Activity: 168
Merit: 100
so that IP you posted is yours?

117.214.24.177 you located in india?


No. It might have been used while registering timetobit.com.

It's probably a proxy. 

sorry i was being a fool, just when it said your IP thought it was showing requesting IP (ie you)
legendary
Activity: 1960
Merit: 1010
so that IP you posted is yours?

117.214.24.177 you located in india?


No. It might have been used while registering timetobit.com.

It's probably a proxy. 
full member
Activity: 168
Merit: 100
so that IP you posted is yours?

117.214.24.177 you located in india?
legendary
Activity: 1960
Merit: 1010
Your browser:   Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36
Your ipadress:   117.214.24.177
Google pagerank:   No data av
Thumbnail:   
Dmoz Description:   
Dmoz Category:   
Alexa Links:   1
Alexa Rank:   3825324
Alexa Reach:   4739792
Alexa country   rank
Whois:   
Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

   Domain Name: TIMETOBIT.COM
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com
   Name Server: NS1.TIMETOBIT.COM
   Name Server: NS2.TIMETOBIT.COM
   Status: ok
   Updated Date: 20-jun-2014
   Creation Date: 20-jun-2014
   Expiration Date: 20-jun-2015

>>> Last update of whois database: Mon, 18 Aug 2014 18:52:49 UTC <<<


Domain Name: TIMETOBIT.COM
Registry Domain ID: 1863693159_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.enom.com
Registrar URL: www.enom.com
Updated Date: 2014-06-20 15:05:55Z
Creation Date: 2014-06-20 22:05:00Z
Registrar Registration Expiration Date: 2015-06-20 22:05:00Z
Registrar: ENOM, INC.
Registrar IANA ID: 48
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.4252744500
Reseller: NAMECHEAP.COM
Domain Status: ok
Registry Registrant ID:
Registrant Name: WHOISGUARD PROTECTED
Registrant Organization: WHOISGUARD, INC.
Registrant Street: P.O. BOX 0823-03411
Registrant City: PANAMA
Registrant State/Province: PANAMA
Registrant Postal Code: 00000
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Phone Ext:
Registrant Fax: +51.17057182
Registrant Fax Ext:
Registrant Email: [email protected]
Registry Admin ID:
Admin Name: WHOISGUARD PROTECTED
Admin Organization: WHOISGUARD, INC.
Admin Street: P.O. BOX 0823-03411
Admin City: PANAMA
Admin State/Province: PANAMA
Admin Postal Code: 00000
Admin Country: PA
Admin Phone: +507.8365503
Admin Phone Ext:
Admin Fax: +51.17057182
Admin Fax Ext:
Admin Email: [email protected]
Registry Tech ID:
Tech Name: WHOISGUARD PROTECTED
Tech Organization: WHOISGUARD, INC.
Tech Street: P.O. BOX 0823-03411
Tech City: PANAMA
Tech State/Province: PANAMA
Tech Postal Code: 00000
Tech Country: PA
Tech Phone: +507.8365503
Tech Phone Ext:
Tech Fax: +51.17057182
Tech Fax Ext:
Tech Email: [email protected]
Name Server: NS1.TIMETOBIT.COM
Name Server: NS2.TIMETOBIT.COM
DNSSEC: unSigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
Last update of WHOIS database: 2014-06-20 15:05:55Z
full member
Activity: 168
Merit: 100
can you dump the output of

http://mail.knows.nl/index.php?url=timetobit.com

I cant view blocked due to previous malware on that site.
legendary
Activity: 1960
Merit: 1010
newbie
Activity: 6
Merit: 0
No, as per http://www.iana.org/assignments/registrar-ids/registrar-ids.xhtml

I have also been following a lead. I have made a local copy of the website (right before the site went down). The live chat functionality used in TimeToBit seems to be custom made because there isn't any copyright on it (javascripts, stylesheets, etc.) and there is a very limited set of sites using it (read, indexed by Google). I'm trying to find out who has developed the other sites and see if there is any match from what we already know.

The site archive can be downloaded here, http://www49.zippyshare.com/v/13484773/file.html You will need Burpsuite to open the file (http://portswigger.net/burp/download.html < free version will suffice). In Burpsuite, click "File" > "Restore State".
Pages:
Jump to: