DNForum - Domain Sales, Domain Forum, Domain Appraisals, Domain Registrars
DNForum - Domain Sales, Domain Forum, Domain Appraisals, Domain Registrars
Quick Search:  
Register Now! Welcome to Dnforum.com You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today! If you have any problems with the registration process or your account login, please contact us.
Go Back   DNForum - Domain Sales, Domain Forum, Domain Appraisals, Domain Registrars > Domain News, Beginners Guides and Legal Stuff! > Legal Issues > Unresolved Forum Sales
Register Domains for $6.99 - GoDaddy.com
Closed Thread
 
LinkBack Thread Tools Display Modes
Old 03-11-2008, 03:43 PM   #661 (permalink)
Platinum Lifetime Member
 
calif.bob's Avatar
 
Name: B0B
Last Online: 03-20-2008 07:59 PM
iTrader: (0)
Join Date: Sep 2007
Posts: 62
DNF$: 0
Location: New Ganada, California
Country:


Lightbulb

Quote:
Originally Posted by Kamloops View Post
I dont know what laugauge it is, wish I did, one of the files is in english.

And there is some very private info in there logged, Id and passwords for web based email accounts on Yahoo and Aol

I tried one and it worked. Plus there was enough info to steal domains.
Its easy to see how these guys are stealing them now!


Not sure what I should do with this info, wish I could figure out how I got into the root to get those files as there was so much more there as well. Maybe enought to nail these guys!

I think it is turkish, using the whois info for the site I found this about the guy

xremotex@hotmail.com

Age: 22
Gender: Male
Location: istanbul, Turkey

I ran the email address, xremotex@hotmail.com, through RapLeaf.com and found a photo of the user who's online identity is OGUZHAN at Hi5. He is a 22 year old male, which we knew, with a birthday of March 16th.

Up until this huge thread, I have never heard of Hi5.com however several of the known alleged conspirators have accounts there. I will look into this further to see if they are at all linked together.

CB
__________________
Calif.Bob @ Gmail.com
www.LockOurRate.com
.net .org also available. PM Serious Offers Only
calif.bob is offline  
Old 03-11-2008, 04:08 PM   #662 (permalink)
Platinum Lifetime Member
 
Last Online: 05-09-2008 08:40 PM
iTrader: (12)
Join Date: Jan 2007
Posts: 162
DNF$: 10
Location: Oradea, Romania
Country:


Hi5 is a very big site, so it is not a scammer's heaven.
alexsimon is offline  
Old 03-11-2008, 04:08 PM   #663 (permalink)
Platinum Lifetime Member
 
Last Online: Today 02:33 AM
iTrader: (5)
Join Date: Mar 2006
Posts: 370
DNF$: 1,161
Location: Kamloops


Quote:
Originally Posted by liberator View Post
Looks like it uses activex to download jpeg.exe to your computer. It uses GetSpecialFolder(2) which points to a temporary internet folder. Then uses ShellExecute execute the file!

If you viewed the page with javascript, most likely need activex on as well, search for jpeg.exe located in a temp internet folder. I don't know what happends after it is executed as I'm not downloading the file.

Hope that helps

Jay
Been digging into the site and it is not jpeg.exe it is jpg.exe
Kamloops is offline  
Old 03-11-2008, 04:20 PM   #664 (permalink)
Platinum Lifetime Member
 
calif.bob's Avatar
 
Name: B0B
Last Online: 03-20-2008 07:59 PM
iTrader: (0)
Join Date: Sep 2007
Posts: 62
DNF$: 0
Location: New Ganada, California
Country:


Quote:
Originally Posted by alexsimon View Post
Hi5 is a very big site, so it is not a scammer's heaven.

I didn't think that it was a scammer's heaven, however my thought was that it's just another method for them to communicate with each other.

After further review of the play, it appears that it's just another social networking site and probably not worth spinning my wheels on.
__________________
Calif.Bob @ Gmail.com
www.LockOurRate.com
.net .org also available. PM Serious Offers Only
calif.bob is offline  
Old 03-11-2008, 04:27 PM   #665 (permalink)
Platinum Lifetime Member
 
liberator's Avatar
 
Name: Jason
Last Online: Yesterday 10:31 PM
iTrader: (5)
Join Date: Jan 2007
Posts: 311
DNF$: 157
Location: Canada
Country:


Quote:
Originally Posted by Kamloops View Post
Been digging into the site and it is not jpeg.exe it is jpg.exe
correct sorry for the typo!!
__________________
Rashes.ca - Mayors.ca - Thrillers.ca
liberator is offline  
Old 03-11-2008, 04:29 PM   #666 (permalink)
Never Sleep ..
 
pcproffenno's Avatar
DNF Verified Member
Verified Member
 
Name: Stian
Last Online: Today 05:48 AM
iTrader: (104)
Join Date: Jan 2007
Posts: 3,503
DNF$: 8,650
Location: www.ehot.net
Country:


I got that God damn PM on NP's as well.. Clicked the URL but closed the browser as soon as I read the "Loading.. Please wait 10 seconds.." sh*t ..

I have scanned my entire computer since with antivirus and anti-spyware. I have also changed all my passwords on forums, registrars, paypal etc. from another (new, secure) computer as well, just in case.

What p*sses me off, is that some prick in some country actually tried to install a keylogger on my box and steal my domains. Sometimes I wish I could kick people in the face via internet.

One more thing that you should frequently do to make sure you haven't got any sh*t installed on your computer, is to check all running processes (CTRL+ALT+DEL WinXP/Vista). Look up every process (google them) that you are not sure what is. If you see any weird process names, it might be spyware and you should consider getting it removed.
__________________


Don't miss Boot.net and Assorted.com @ T.R.A.F.F.I.C. East LIVE Auction May 23rd !

Last edited by pcproffenno; 03-11-2008 at 04:33 PM. Reason: Automerged Doublepost
pcproffenno is offline  
Old 03-11-2008, 04:34 PM   #667 (permalink)
GenericDomainMarket.com
 
EG.domains's Avatar
DNF Verified Member
Verified Member
 
Last Online: Yesterday 09:19 PM
iTrader: (32)
Join Date: Apr 2007
Posts: 1,094
DNF$: 500
Location: Online


Quote:
Originally Posted by pcproffenno View Post
Sometimes I wish I could kick people in the face via internet.


__________________
Pregnants.org @ Sedo - No reserve
Harbors.biz For Sale
OldVideoGames.net For Sale
EG.domains is offline  
Old 03-11-2008, 04:51 PM   #668 (permalink)
Platinum Lifetime Member
 
tinner666's Avatar
DNF Verified Member
Verified Member
 
Name: Frank
Last Online: 05-14-2008 08:37 PM
iTrader: (5)
Join Date: Dec 2007
Posts: 264
DNF$: 545
Location: Richmond
Country:


Thought I had nothing to contribute to this thread,, but........................

I think it was 2 weeks ago. GrennGambler or somebody got taken. On DP, I THINK...... Anyway, I followed a few threads and of several thefts...
They led to a hackerz forum.. The thief was a member and returned some stolen LLLL's, but a ring of hackers was revealed then!
I'm sorry, but not being involved, I didn't make a note of the thread, the LLLL's or the names!

I hope this post will jog somebody's memory!!!! The forum is private, invite only, but at least one member of DP or NP was able to get in for awhile when they switched their DNS, before it went private again...



Anybody remember this????
I'll poke around and see if I can find anything.

To all here.

Copy the name 'istnight.com'. Open 'tools', click privacy, click 'Sites' Paste it in the box, click 'Block'. Click OK twice to leave the balcklist.

Found it!

Originally Posted by LenHey guy's it it just me or has the desihackerz site been taken down?

It was back up for a while last night but it is again down.

FYI, they already started a new forum called ProHackerz.com. I suggest you join now before they turn on the invite only feature, so that you can keep an eye on that place in the future, if it lasts long.



I hope this was a help, and not an off-topic. Sorry if I'm wrong.
__________________
Frank
Domain Sales Zone

Last edited by tinner666; 03-11-2008 at 05:31 PM. Reason: Automerged Doublepost
tinner666 is offline  
Old 03-11-2008, 05:48 PM   #669 (permalink)
Platinum Lifetime Member
 
Last Online: Today 02:33 AM
iTrader: (5)
Join Date: Mar 2006
Posts: 370
DNF$: 1,161
Location: Kamloops


I have sent the file jpg.exe to Norton, I will post what they say to me here when I get a response

https://submit.symantec.com/websubmit/retail.cgi
Kamloops is offline  
Old 03-11-2008, 05:50 PM   #670 (permalink)
DNF Addict
 
domain newbie's Avatar
 
Last Online: Today 05:10 AM
iTrader: (20)
Join Date: Mar 2005
Posts: 2,702
DNF$: 1,543
Location: my home is where my bank account is
Country:


Quote:
Originally Posted by tinner666 View Post

FYI, they already started a new forum called ProHackerz.com. I suggest you join now before they turn on the invite only feature, so that you can keep an eye on that place in the future, if it lasts long.

how do u get it to that forums ? my machine cant' handle it

throws me out to adverts
domain newbie is offline  
Old 03-11-2008, 06:11 PM   #671 (permalink)
Platinum Lifetime Member
 
spidergoat's Avatar
 
Last Online: 04-08-2008 11:04 PM
iTrader: (10)
Join Date: May 2006
Posts: 241
DNF$: 583
Location: Yellowknife Canada


notice Frikkle is back lurking ...
__________________
www.oneprettydomain.com
spidergoat is offline  
Old 03-11-2008, 06:18 PM   #672 (permalink)
Platinum Lifetime Member
 
calif.bob's Avatar
 
Name: B0B
Last Online: 03-20-2008 07:59 PM
iTrader: (0)
Join Date: Sep 2007
Posts: 62
DNF$: 0
Location: New Ganada, California
Country:


Exclamation

Quote:
Originally Posted by tinner666 View Post
FYI, they already started a new forum called ProHackerz.com. I suggest you join now before they turn on the invite only feature, so that you can keep an eye on that place in the future, if it lasts long.
I went to the ProHackerz.com forum and poked around a bit.

It's no different than any other hacker website in my opinion. You can purchase verified PayPal accounts for $10 USD. There is also listings for domains for sale. I didn't stick around too long since the vibe was kinda funky and there were a bunch of lamers sleeping on several cots in the lobby.
__________________
Calif.Bob @ Gmail.com
www.LockOurRate.com
.net .org also available. PM Serious Offers Only
calif.bob is offline  
Old 03-11-2008, 06:28 PM   #673 (permalink)
Platinum Lifetime Member
 
klklinc's Avatar
 
Name: Len
Last Online: Yesterday 08:59 PM
iTrader: (5)
Join Date: Mar 2007
Posts: 129
DNF$: 0
Location: Canada
Country:


desihackerz.com was shut down but was revived as desihackerz.org. One of the threads that is associated with those thefts is http://www.namepros.com/warnings-and...t-scammed.html
BTW I am len.
__________________
Justicefordads Look>>>> Whistle
klklinc is offline  
Old 03-11-2008, 06:35 PM   #674 (permalink)
Platinum Lifetime Member
 
Last Online: Today 02:33 AM
iTrader: (5)
Join Date: Mar 2006
Posts: 370
DNF$: 1,161
Location: Kamloops


Wow just went that prohacker site, they are selling hacked paypal accounts over there!
Check this out.

http://vshare.ws./images/qqm3lnqlbujdfsqcaeg.gif

guys this is my latest acc hacked by me
so i am selling it for 15$

payment via
1>moneybooker
2>paypal

i want 10$ in money booker and 5$ in paypal and the money should be legal
Kamloops is offline  
Old 03-11-2008, 06:43 PM   #675 (permalink)
Never Sleep ..
 
pcproffenno's Avatar
DNF Verified Member
Verified Member
 
Name: Stian
Last Online: Today 05:48 AM
iTrader: (104)
Join Date: Jan 2007
Posts: 3,503
DNF$: 8,650
Location: www.ehot.net
Country:


Crazy....
pcproffenno is offline  
Old 03-11-2008, 06:45 PM   #676 (permalink)
DNF Addict
 
TheLegendaryJP's Avatar
 
Last Online: Today 07:30 AM
iTrader: (21)
Join Date: Jul 2005
Posts: 1,741
DNF$: 2,724
Location: Canada
Country:




There was another domain theft I cannot name still but it also was in the 6 figure range and they were a member here. They too were a member of this sort of hack and sale forum group.
TheLegendaryJP is online now  
Old 03-11-2008, 06:47 PM   #677 (permalink)
DNF Regular
 
Ginge's Avatar
 
Last Online: Today 03:19 AM
iTrader: (41)
Join Date: Jan 2007
Posts: 563
DNF$: 396
Location: Manchester UK
Country:


Quote:
Originally Posted by Kamloops View Post
Wow just went that prohacker site, they are selling hacked paypal accounts over there!
Check this out.

http://vshare.ws./images/qqm3lnqlbujdfsqcaeg.gif

guys this is my latest acc hacked by me
so i am selling it for 15$

payment via
1>moneybooker
2>paypal

i want 10$ in money booker and 5$ in paypal and the money should be legal
Scary stuff.. There would be no way of knowing that your Paypal account was being sold for $15 either, that's the worst bit!
Ginge is offline  
Old 03-11-2008, 06:48 PM   #678 (permalink)
Administrator
 
DotComGod's Avatar
DNF Verified Member
Verified Member
 
Name: Adam Dicker
Last Online: Yesterday 10:22 AM
iTrader: (34)
Join Date: Feb 2003
Posts: 8,089
DNF$: 4,621,536
Location: Toronto, Canada
Country:


The things we learn when we poke around, if only I had more time.

-=DCG=-
DotComGod is offline  
Old 03-11-2008, 07:05 PM   #679 (permalink)
Platinum Lifetime Member
 
Last Online: Today 02:33 AM
iTrader: (5)
Join Date: Mar 2006
Posts: 370
DNF$: 1,161
Location: Kamloops


It is scarey over there the stuff they are selling!

Also did some more detective work on that keylogger site. Looks like they have made some change as the screen you get with firefox is not changed,

When I take the page I get in firefox - decode it and then try to save it as a txt file in notepad, Norton catches it and deletes it, says this -

Discovered: June 8, 2001
Updated: February 13, 2007 11:50:11 AM
Type: Trojan Horse
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP



Downloader connects to the Internet and downloads other Trojan horses or components.

Note: Virus definitions dated June 1, 2006 or earlier may detect this threat as Download.Trojan.
ProtectionInitial Rapid Release version June 11, 2001
Latest Rapid Release version March 11, 2008 revision 036
Initial Daily Certified version June 11, 2001 revision 007
Latest Daily Certified version March 11, 2008 revision 035
Initial Weekly Certified release date June 13, 2001
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.

Threat AssessmentWildWild Level: Low
Number of Infections: 0 - 49
Number of Sites: 0 - 2
Geographical Distribution: Low
Threat Containment: Easy
Removal: Easy
DamageDamage Level: Low
DistributionDistribution Level: Low

Writeup By: Gor Nazaryan
Kamloops is offline  
Old 03-11-2008, 07:06 PM   #680 (permalink)
fab
DNF Addict
 
fab's Avatar
DNF Verified Member
Verified Member
 
Last Online: Yesterday 04:45 PM
iTrader: (26)
Join Date: Dec 2004
Posts: 2,541
DNF$: 212
Location: Elad
Country:


Quote:
Originally Posted by Kamloops View Post
Wow just went that prohacker site, they are selling hacked paypal accounts over there!
Check this out.

http://vshare.ws./images/qqm3lnqlbujdfsqcaeg.gif

guys this is my latest acc hacked by me
so i am selling it for 15$

payment via
1>moneybooker
2>paypal

i want 10$ in money booker and 5$ in paypal and the money should be legal
Oh my!
fab is offline  
Closed Thread

Tags
1337 n00b h4x0r , 16 years old , 9mm gets f*cked(.com) , 9mm out of bullets , 9mm peter , bloodclot p*ssyclot 9mm , canadian scammer , domain theft unravels , fbi , foolish kid , framed!= , freestyler@live.ca , huge dildo store , jp for president , pornos.com , scam , scam of the year , self-appointed cop , stains in his underwear , thieves , third person? , ticks on dicks , un-bloody-believable , wanker , who's tracy wilder?



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes