Доброе утро всем. Наш милый друг начинает завиратся. В посте с логами на первой странице он писал что акк уведшего "pendalf2008". теперь прислал письмо, да и в английской ветке уже отписывает ник как "pendolf2008":
Все в том же посте с логами я обратил внимание на одну интересную деталь, на которую сразу не глянул... Он еще кичится там "одинковостью" User-Agent. Так вот user-Agent там Mac... Вы не поверите, но у меня не мак. Мак в принципе на мою машину не станет насколько мне известно
. Похуду наш спамер когда эти логи делал допустить даже не мог что на нашей територии подавляющее большинство машин не Mac...
Quote
Let us start fresh, because obviously there is some miscommunication on your end.
Hi Anton, I'm a security researcher and I was hired by an exchange to do post-hack forensic work, and identify who stole their Bitcoins. About 600 BTC and 2700 LTC were stolen from the exchange. I can not mention the exchange at the time because it is currently not willing to disclose the fact.
When I began doing the research I found that the attacker discovered a vulnerability on the site from his home IP, the same IP was used to log into the 'pendolf2008' account.
The three IPs I presented you in the forum threads are IPs that were used to log into your account. If you google "Whatsmyip" and find a site to tell you your IP address and compare that address to the IP I have listed in the forum threads you will see that you're either in the same range, or have the same IP used to attack the exchange.
I'm sure your IP is dynamic, because 3 IPs from the same /19 IP range were used to log into the 'pendolf2008' account. The 3 IPs tied to your account are pointed to Everest ISP to your town in Ukraine.
With that being said - the attack points directly to you. Now, if you did not commit the attack - can you please think of who it may have been that used your connection or computer?
Looking forward to your response.
Hi Anton, I'm a security researcher and I was hired by an exchange to do post-hack forensic work, and identify who stole their Bitcoins. About 600 BTC and 2700 LTC were stolen from the exchange. I can not mention the exchange at the time because it is currently not willing to disclose the fact.
When I began doing the research I found that the attacker discovered a vulnerability on the site from his home IP, the same IP was used to log into the 'pendolf2008' account.
The three IPs I presented you in the forum threads are IPs that were used to log into your account. If you google "Whatsmyip" and find a site to tell you your IP address and compare that address to the IP I have listed in the forum threads you will see that you're either in the same range, or have the same IP used to attack the exchange.
I'm sure your IP is dynamic, because 3 IPs from the same /19 IP range were used to log into the 'pendolf2008' account. The 3 IPs tied to your account are pointed to Everest ISP to your town in Ukraine.
With that being said - the attack points directly to you. Now, if you did not commit the attack - can you please think of who it may have been that used your connection or computer?
Looking forward to your response.
Все в том же посте с логами я обратил внимание на одну интересную деталь, на которую сразу не глянул... Он еще кичится там "одинковостью" User-Agent. Так вот user-Agent там Mac... Вы не поверите, но у меня не мак. Мак в принципе на мою машину не станет насколько мне известно
. Похуду наш спамер когда эти логи делал допустить даже не мог что на нашей територии подавляющее большинство машин не Mac...