how a hacker got stopped quickly after attempting to hack me
-
so the story starts like this.
I have an email alias with duckduckgo which has apparently been on a dating agency, darktoy@duck.com.
now this email, you may not know this, has been targeted with hacking attempts.
these hacks are typically attacks relating to dating sites, which are fake.
btw, if you're on this forum for some fuckin reason, stop sending me hacker links, thank you.
but anyways...
the alias was originally meant to sign up for a forum of some sort (not the cloudron forum).
now most of you guys may just ignore the email...but I like to click links.
now I noticed something going on.
first, they send me to a direction link, which is similar to bitly, except it's a different URL.
then, they'll send me to the real deal, which is a dating site that is fake.
now fortunately, security companies that I work with offen catch these before I can even report them.
now 1 domain is off the list, because I have fucked that domain over.
and by that, I mean I have managed to get the domain suspended or placed on a clientthold.
so the domain they tryed to send me was
hxxps://women-finder.top
now unfortunately for the hacker here, their domain got reported by the badi adi.
this is why you don't fuck with me like this, trying to hack my account, you'll get fucked over yourself.
now I reported this to a few resepectible security companies.
but out of all the companies that didn't even give me a reply, they are Microsoft smart screen, and Google safebrowsing!!!!!!
now to give you the picture of what I think they are, I think they're like sleeping giants.
they ask for your input, but don't pay attention.
and it makes me super mad that they don't take action despite the data I give them!!!!!
o, and namesilo, I hate the.
absolutely,
hate them!
now I will give them credit this time, because they took me seriously this time and put the domain on at least a hold.
now if you have a security appliance, or use something like Kaspersky or bitdefender, you may be protected because the domain was set on a blacklist for those antivirus companies.
now the hacker, as i've noticed, is a stupid idiots, because guess what?
I managed to find his IP address, which he was using to host the site.
the IP is located in Switzerland.
now if you see a domain hosted by this IP, you'll know if it's malicious.
note this is not his exact home IP I don't think (who would be that stupid) but this is an IP that hosts this domain.
185.155.184.184.
when I tryed contacting the IP provider, as5398, letting them know this was happening, they have not responded at all!
it would help if 1 of you could point me to maybe a good IP abuse database that I could use to get this reported.
something that could actually do some good, because I want this guys hosting abilities (for now) taken down.
now I want to give you some security tips.
don't just click weird links and give your information.
you should look up links on virustotal and or use hybrid analysis to check websites.
or if you're like me, you'll detect sites yourself.
now if you check the who's information for the site above, you'll see that the site has been placed on a clientthold, which basically gets rid of or deactivates the DNS records, essentially not allowing the site to run.
now I wonna talk about Google safe browsing for a moment, because they're stupid!
the funny thing is, they'll mark any new site that comes up, including , yes, my website. at the time, when I had my early days of my website blindsoft.net, Google flagged my website marking as "a fishing website" and telling anyone who were to visit I'm basically this bad guy who wants to steel your passwords.
however, when ever it comes to an actual malicious site, they won't do shit.
that's why I hate googles safe browsing.
hate it!
and i'm not joking when I say I hate it.
they wonna take down any talented dev just trying to make a living and or a bit of fame for themselves, but when they come across a malicious site, up, that's not a problem, we cant do anything.
disappointed in you Google.
just:
disappointed
and I'm sorry if i'm using a lot of profanity, but it makes me mad when companies don't take the time to protect their users.
just imagine, if that's the case, how bad Google advanced protection program users get it? my own account would have never been able to use my own website.
thank you for reading my rant. -
so I forgot to mention.
fortinet did not initially get this (usually they dood) however, thankfully, their fortiguard web filtering service caught this as soon as I reported it. fortiguard is very respectable in my opinion, they catch pretty much anything I send them.
I can respect fortiguard as it is a security service and as part of fortinet.
now do I endorce them?
no!
but I do respect them and their fortiguard service for taking me seriously and pretty much responding to all of my reports.
I can also respect adguard, which I have used time and time again, because they do also take things seriously.
most of the security companies I try to work with (except for the 2 I mentioned) I can respect.
I could actually tell part of what he (the hacker) was using, openssl, due to a known configuration error of the certificate when you go to the IP address that is very obvious when the, invalid cert, warning comes up.
nevertheless, i'm glad I am catching this guy, and may be on the way to taking this guy down. -
so the IP I found out was hosting several dating sites/domains, which i'm sure are all fishing domains by every count. he's pulling them out like pulling out 100 cups of water, and he has hundreds of these sites lieiing around on the same IP
-
now I noticed that fortinet, at very least, has went on to block this IP address and has categorized it as a malicious website, if you go here and check out that on the IP by searching 185.155.184.184 on the search URL bar
-
I also scanned the IP for more stuff. I found he had ports opened on his server.
22/SSH, 80/HTTP, 443/HTTP, 4041/HTTP, 8301/UNKNOWN, 9113/HTTP, 9180/HTTP, 9999/HTTP, 11752/HTTP -
this guy actually sounds stupid