You still think I'm Bradley? 

No matter who it was, I still got screwed. "This is why we can't have nice things." lol.

Why did you self-troll your alt on this thread, using a hacked account ?

If it was this ironcross guy, he really screwed up my stuff here. RainingBitcoin is just now starting to gain some traction in advertising Bitcoin sites and this negative publicity is bad for my site. All of the stupid comments he made got me a lot of negative attention. I tried going through all the threads from the 17th and 18th and rectifying the situation, but it's still sucking pretty bad to be me.

FYI scotaloo, also found out the alt of MoneyPakTrader

BTCTalkAccounts are a group. Ironcross360 was the 14 year old who was controlling krudkeeper - he's involved, and has been trying (& failing) to give me pathetically wrong information.

scotaloo, you forgot to tell ironcross to not troll

Hi,
My account was hacked by this guy. I am the real Cayce Franklin. The guy said on other recent posts (scams) that his name is Mark. I have since changed my password. My apologies if this has caused you any trouble. I have never even been to Minneapolois or anywhere else in Minnesota.

All I am doing is running a website called rainingbitcoin.com . I don't want anyone's money or Bitcoin, I don't mine, use asics, build them, or want to start an ipo. (these were some of the idiot's posts using my account). I am also not 13. I am 33. Hope you find him. Sorry for any inconvenience this may have caused you (Lord knows it has caused me a lot today)

They're known for planting misinformation and doing the same thing twice, I'm pretty sure it is scotaloo trying to make us believe in the info that "krudkeeper" uncovered, and also had a suspicious PM exchange with BCB. Good thing I never PM'd him in the first place because of how suspicious his posts were.

It doesn't make much sense otherwise. This account was obviously not for scamming.

Yes you are, BTCTalkAccs !== BTCTalkAccounts but BTCTalkAccs == BTCTalkAccounts.

Don't you already know it's not night where I am from?

 

I actually don't give a fuck about the IP 49.176.67.225

Yes, I've used it before. I've been doing some digging on a RAT file that has the phone home set to my IP:

BTCTalkAccs pointed me to this virustotal analysis of a DarkComet/DarkKomet RAT with the name 'minecraft.exe':

https://www.virustotal.com/en/file/9970283d1c08091f9260a5bbbc76220ed7b88b75d8352bcbfe35c4730f608262/analysis/

This RAT is set to phone home to: 58.111.143.105:200, which is my IP and on the port 200. However, this is quite meaningless as anyone can do that - it's no different than linking to another webpage. This is the first time I became aware of 'minecraft.exe', and a search on 9970283d1c08091f9260a5bbbc76220ed7b88b75d8352bcbfe35c4730f608262 doesn't turn up anything.

It also has the file name MSRSAAP.EXE, which turns up on virustotal here:

https://www.virustotal.com/en/file/4589cc7f0791e87906da850d27306637d01a71fb6aca9cee74be84c5bfff65c2/analysis/

The SHA hash doesn't also turn up anything other than virustotal on Google, but there are a lot of info on the name MSRSAAP.EXE.

http://answers.yahoo.com/question/index?qid=20120219155647AAN5JIV
http://softwaredownloadpro.com/question14580.html
http://translate.googleusercontent.com/translate_c?depth=1&hl=en&prev=/search%3Fq%3DMSRSAAP.EXE%26safe%3Doff%26client%3Dfirefox-a%26hs%3DFi4%26sa%3DN%26rls%3Dorg.mozilla:en-US:official%26biw%3D1920%26bih%3D940&rurl=translate.google.com&sl=ru&u=http://otvet.mail.ru/question/76611000&usg=ALkJrhiiM8v8n5hHgMTrWiy8ZWjVQYIGJg

This malware has been posted by the user "manolz" as some anti-anticheat or something:
http://www.gamersoul.com/forums/showthread.php?185177-Hackshield-AntiHook-NoShield-0-1-beta/page3

Also on youtube by "iCrack Trainers" (shell youtube account):
http://www.youtube.com/watch?v=VaKLmM40428

So, there's two possibilities:

1) I've been spreading malware disguised as anticheat bypasses and trainers for games that has been documented in English, Chinese and Russian while using my own IP address and have been doing it from 2012 or earlier decides to make a new RAT and upload it to virustotal and do nothing with it.

2) Someone who wants to frame me / plant false evidence and has a history of making game-related malware makes a new RAT that connects to my IP and port 200 (which isn't even open), uploads it to virustotal and does nothing with it.

If you look at the date (2013-06-09), you'll see that exactly a week earlier MoneyPakTrader got butthurt that I penetrated his website (which deals with currency exchange) - without doing any malicious damage - and found my IP address:

https://bitcointalk.org/index.php?topic=223665
June 02, 2013, 05:36:28 PM

You decide. Thanks for digging that out, BTCTalkAccounts!

If by "your IP" you are asking if I used it or not, then yes

I actually don't give a fuck about the IP 49.176.67.225

More alts.

var altcount = 9000

altdetect.addEventListener(ALTPHISHER.CREATE, REPFUCK) {
   repfuck;
}

Inb4 someone whines about how it is not proper AS code, yes it is a joke ._.

I should remind you of him too.

Don't ban scotaloo if he's not causing trouble. (I speak from personal experience, I was banned from CoinChat for not causing trouble and ban evading)

TradeFortress   I believe my server has being compromised. Apache access.log and error.log is missing Jan 12th   01:04
=== Malediction_ is now known as Malediction
TradeFortress   How do I see if someone actually logged onto my server? access.log has a lot of disconnects from an IP in china   01:07
=== ejnahc_ is now known as ejnahc
ikonia   TradeFortress: then they have not logged in   01:12
TradeFortress   ok, thanks. is there any reason for missing Jan 12th in Apache logs? other than an attacker removed them?   01:13
patdk-lap   isn't the default only weekly rotates?   01:13
PryMar56   TradeFortress, see if they are parsing for php* (blogs,wordpress,sql) setup config files... they will try to get credentials   01:14
TradeFortress   ahh, I'm not running a custom script, I'm running a self developed one (which was hacked)   01:15
ikonia   TradeFortress: if you have any reason to suspect comrpomise, re-install your whole OS resetting all passwords   01:15
TradeFortress   ikonia: I'll do that, but then I'll get attacked again.. can't see how they did it with the logs.   01:16
ikonia   TradeFortress: no,   01:16
patdk-lap   the longs won't show much   01:16
ikonia   TradeFortress: you seem to know what it was already, your script   01:16
patdk-lap   and it might show 1 issue, but not all issues you have   01:16
patdk-lap   expecially if they used POST requests   01:17
TradeFortress   okay, but the attacker somehow got root access..   01:17
ikonia   TradeFortress: delete your OS - re-install   01:18
ikonia   TradeFortress: that is the answer   01:18
patdk-lap   if they got root access you have many levels of issues to correct   01:18
patdk-lap   and the logs won't show that   01:18
TradeFortress   thanks everyone, I'm going to reinstall & look for a pentester

Try hacking inputs.io or coinlenders actually.

Oh wait

FYI, that's not actually for any of my projects, but I'll let you think whatever you want.

Already got an admission from Gordon Bleu who you got this account from along with applebloom and such.

Good to see you already refunded EarthVPN, you know the address to send my 25 BTC to

Please just ban him for ban evasion already, otherwise what's the point of banning people in the first place? If he wants to post an "important announcement" then he'll have to use up another alt.

One easy way to stop scams with alt accounts is to simply make that unprofitable. Make alt accounts and sell them to the account traders that use them to scam, phish, and spread misinformation. Follow what the accounts are used for and you'll find plenty of trails left.