Hackers who wants them, we refuse to pay and fight back!
WE ALL HATE BLOOD SUCKING HACKERS
http://www.oil-high-returns.com/we_a...g_hackers.html
Written by hacked site, Admin: www.oil-high-returns.com
Email: [email protected]
This week has been a fight with Hackers, trying to blackmail our site or really our investors, we believe we have won the battle and the the hackers are out, still if they do come back you will see this page while we backup our site and repair the damages, WE DO NOT PAY HACKERS, ONLY INVESTORS.
Our support email, as if you are seeing this we have been hacked again, is: [email protected]
Do not worry investors the date-base is safe and backed up three times a day and kept in different locations.
We have friend at Hostgator so we are going to try to expose more information on this hacker, we hope he was smart enough to use a virtual visa or a straw man, ANYBODY HAS INFORMATION, LETS GIVE THIS HACKER A HARD TIME, we all have been burnt by this guy, admin, and investors have suffered from his past attacks.
IP Address of StormAttack: 123.125.156.92
IP trace map image
| 123.125.156.92 |
| China |
| Beijing |
| Beijing |
| 39.9289 |
| 116.3883 |
| China Unicom Beijing Province Network |
| China Unicom Beijing Province Network |
Cenwa.com
Are hackers and cannot be trusted they will blackmail you in and inject SQL code, even if you pay them then they come back under new name.
This was found in my SQL database documents, once converted to text file I did a search for his email addresss [email protected]:
'StormAttack', '[email protected]', 0, '', '', '', '', '0', '1', '0', '2011-05-28', 'U1804555', 8, 'StormAttack', '123.125.156.92', 'new', '41ac392', 'yes', '', ''),
We believe that it is actually Cenwa.com as our Stats show that the 2nd country with the most hits came from Latvia, Cenwa.com is emailing under the name: Name : Eduard Malevsky
Email : [email protected]
On checking the header information of the contact form that Cenwa sent his contact email offering his services, we found the IP address: 91.190.54.18
On who.is reverse IP the following information came up:
Title: mikrotik routeros > administration
Description: n/a
Keywords: n/a
91.190.54.18 Server Details
IP address: 91.190.54.18
Server Location: Latvia
ISP: SIA Stream Networks
Then using http://ip-lookup.net/index.php, this contact information came up.
person: Alexandr Ribakov
address: Baldones 1-1, Daugvpils, Latvia
phone: +37126775265
e-mail: [email protected]
nic-hdl: AR6375-RIPE
source: RIPE # Filtered
Due to this information and the amount of hits we have from Latvia we are 99% sure that it is Cenwa.com whom is the hacker and the site has not been sold as Storm Attack claims, we believe they are using VPN or proxy server and trying to give the appreance that they are from China, I am Admin and we was number one country in the list, Latvia being number two.
We are going to publish this on the web as Hacking HYIP sites, kills the investors and the Admin, I think many people have suffered under this team or person and we leave this on the Internet for those to comment and if they wish pursue this further and try to claim their monies back.
Please now google Storm Attacks LR account:
You will find lots of information about this LR account in connection with website: www.cenwa.com
Go to this URL:
http://www.moneymakergroup.com/lofiv...p/t333715.html
At bottom of the page you will find proof that the hackers account was that of cenwa.com
Date : 2010-01-03 21:59:33
From/To Account : U1804555 (cenwa.com)
Amount : 0.1500
Currency : LRUSD
Batch : 31159769
Memo : Withdraw from Cenwa Investment Project
Even on Cenwa Website you will find Storm Attacks LR Account: http://cenwa.com/?a=partners
http://www.hyips.es/forum/hyips-cerr...nwa-com-2.html
Pedi 30 y me dio 27...http://www.oil-high-returns.com/we_a...p_image001.gif
2/28/2010 21:19 31041050 U1804555 (cenwa.com) + $0.27
On Google this information below came up and much more, proving StormAttack connection to www.cenwa.com:
1. Put this logo on your site!
- [ Traducir esta página ]
cenwa.com/?a=partners - En caché
Transfer $40 : U1804555. Comments: [email protected] - ... Transfer $80 : U1804555. Comments: [email protected] - ... Transfer $25 : U1804555. Comments: ...
1. MoneyMakerGroup > Cenwa - Cenwa.com
- [ Traducir esta página ]
www.moneymakergroup.com/lofiversion/.../t333715.html - En caché
6 entradas - 4 autores - Última entrada: 2 Mar 2010
From/To Account : U1804555 (cenwa.com) Amount : 0.1500. Currency : LRUSD Batch : 31159769. Memo : Withdraw from Cenwa Investment Project ...
1. cenwa - cenwa.com - Página 2 - Foro de HYIP, Autosurf, PTC, PTR ...
www.hyips.es › ... › HYIPs Actuales › HYIPs cerradas y SCAM - En caché
15 entradas - 4 autores - Última entrada: 11 Mar 2010
Pedi 30 y me dio 27... 2/28/2010 21:19 31041050 U1804555 (cenwa.com) + $0.27. Antiguo 01-Mar-2010, 12:39. roquito roquito está desconectado ...
1. Fountain Oil Investments - oil-high-returns.com - Страница 2 ...
- [ Traducir esta página ]
mmgp.ru/showthread.php?t=97421&page=2 - En caché
4 entradas - 3 autores - Última entrada: 11 Jun
LR: U1804555 It's not Joke! Name : StormAttack. Email : [email protected]. I give you 5 hours, if you refuse to pay $100 - your site will ...
Email communications between Cenwa or AKA StormAttack or AKA DarkStyle
From: Storm Attack
Sent: Saturday, August 20, 2011 5:33 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Good luck man, cenwa.com was sold 3 months ago. I'm not admin of cenwa.com. Try to contact support. I'm out of HYIP business.
From: Storm Attack
Sent: Saturday, August 20, 2011 5:22 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Congratulations, you found my LR account in google. Ha ha
From: Storm Attack
Sent: Friday, August 19, 2011 9:01 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Why I must to find other target, if I can hack you?
From: Storm Attack
Sent: Friday, June 10, 2011 2:09 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Ok, I will help you.
My LR: U1804555
From: Storm Attack
Sent:Friday, June 10, 2011 2:09 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
I give you 5 hours, if you refuse to pay $100 - your site will be under ddos attacks.
LR: U1804555
It's not Joke!
This is communications from DarkStyle, DarkStyle email address is: [email protected], StormAttacks student but they write exactly the same so I expect them to be the same person, please read this line of chat below:
From: My Darkstyle
Sent: Wednesday, August 17, 2011 8:39 AM
To: [email protected]
Subject: ShadowHackers - Urgent
Dear admin,
You must to pay $200, if you refuse to pay, your site will be hacked. After payment I will leave you. I will give you 24 hours. Do not try ignore me.
From: My Darkstyle
Sent: Thursday, August 18, 2011 3:32 AM
To: Fountain Oil Investments Ltd.
Subject: Re: ShadowHackers - Urgent
Ok, I can help you with investors... but you must pay $200.
I have email adresses from hacked visotrade.com (800 adresses) and other one hyip DB.
After payment I will give you.
Do you agree?
From: My Darkstyle
Sent: Thursday, August 18, 2011 4:18 AM
To: Fountain Oil Investments Ltd.
Subject: Re: ShadowHackers - Urgent
This is your last chance, if after 1 hour I will not receive money, I will start strong attack. You will lose all your investors! But now, you must to pay $50 for my time.
My LR: U9580825
Chat from DarkStyle:
Attention:
4:14 PM 1st time, your site was hacked by StormAttack, this man is my teacher
IT WEB DESIGN TEAM CHAT WITH HACKER
---------- Forwarded message ----------
From: My Darkstyle <[email protected]>
Date: Fri, Aug 19, 2011 at 4:32 PM
Subject: Chat with My Darkstyle
To: [email protected]
4:11 PM me: Hello.
My: hi
me: May I know you name please?
4:12 PM My: ShadowHackers
me: This is Soumya and I recently started this HYIP business. So, are you a group of people doing this?
My: no
4:14 PM 1st time, your site was hacked by StormAttack, this man is my teacher
me: I believe you have good potential. Right.
4:15 PM But doing such dark stuff in such a manner. Does it make you happy always?
My: it's my job
me: Anyways, that's your way of doing things.
4:16 PM I shouldn't mind. Now that we both need each other, what could be our best deal?
4:17 PM Let us assume we pay you. What would be your offer?
Would we be protected against all other hackers?
How can we possibly grow this relationship?
4:18 PM My: I will give you email base from hacked visotrade.com and other hyips. And will help you protect your site from other hackers
me: because I am a business man and would continue with many sensitive sites in future
4:19 PM And if your teacher comes and hacks it?
4:20 PM See, the moment I decide to vacate my wallet, I also want to make sure that I am not paying for another threat to come
4:21 PM My: dont worry, all is gonna be alright, StormAttack is my friend and teacher
4:22 PM me: OK. A moment please!
4:26 PM See, the only problem I have here is trust. Since you are involved in such things, I am a bit apprehensive about this. We are not big investors.
4:27 PM My: I understand you, You can trust me
4:28 PM me: Thanks. I want to be very honest here. We have been in pain and would not want to. And we believe you could be of real help to us.
And I value your words.
Neither I have options.
4:29 PM Could you be kind enough so that we can stabilize everything? I have lost a lot of money that I had got by exchanging through exchangezone. I will pay you the amount you have demanded.
4:30 PM I just need to raise few dollars. So, need 12-18 hours.
Can we be this much professional and friendly at this point please?
4:31 PM My: ok, I will give you 24 hours
4:32 PM me: Thank you very much. Hope we will have a very strong relationship. Thanks a lot for your time.
I will get back to you asap.
My: good bye.
4:33 PM me: Bye.
More proof
http://www.talkgold.com/forum/showthread.php?t=329803
CENWA.COM
REGISTRY WHOIS FOR CENWA.COM
Domain Name: cenwa.com
Updated: 4 seconds ago - Refresh
Registrar: NAME.COM LLC
Whois Server: whois.name.com
Referral URL: http://www.name.com
Status: clientTransferProhibited
Expiration Date: 2012-01-19
Creation Date: 2010-01-19
Last Update Date: 2011-05-28
Name Servers:
ns2705.hostgator.com
ns2706.hostgator.com
See cenwa.com DNS Records
Get your <a href="http://www.name.com">domains</a> at Name.com.
Domain Name: cenwa.com
Registrar: Name.com LLC
Expiration Date: 2012-01-20 02:49:56
Creation Date: 2010-01-20 02:49:56
Name Servers:
ns2705.hostgator.com
ns2706.hostgator.com
REGISTRANT CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
ADMINISTRATIVE CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
TECHNICAL CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
BILLING CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
Timestamp: 1314036102.7504
Cached on: 2011-08-22T12:01:42-06:00
Information Updated: Mon, 22 Aug 2011 18:01:44 UTC
__________________________________________________ _________________________________________
STORM ATTACKS IP INFORMATION
inetnum: 123.112.0.0 - 123.127.255.255
netname: UNICOM-BJ
descr: China Unicom Beijing province network
descr: China Unicom
country: CN
admin-c: CH1302-AP
tech-c: SY21-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-BJ
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC host*******.
remarks: To update this object, please contact APNIC
remarks: host******* and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: [email protected] 20070129
changed: [email protected] 20090507
changed: [email protected] 20090508
source: APNIC
person: ChinaUnicom Hostmaster
nic-hdl: CH1302-AP
e-mail: [email protected]
address: No.21,Jin-Rong Street
address: Beijing,100140
address: P.R.China
phone: +86-10-66259940
fax-no: +86-10-66259764
country: CN
changed: [email protected] 20090408
mnt-by: MAINT-CNCGROUP
source: APNIC
person: sun ying
address: fu xing men nei da jie 97, Xicheng District
address: Beijing 100800
country: CN
phone: +86-10-66030657
fax-no: +86-10-66078815
e-mail: [email protected]
nic-hdl: SY21-AP
mnt-by: MAINT-CNCGROUP-BJ
changed: [email protected] 19980824
changed: [email protected] 20060717
changed: [email protected] 20090630
source: APNIC |
Hackers who wants them, we refuse to pay and fight back!
WE ALL HATE BLOOD SUCKING HACKERS
http://www.oil-high-returns.com/we_a...g_hackers.html
Written by hacked site, Admin: www.oil-high-returns.com
Email: [email protected]
This week has been a fight with Hackers, trying to blackmail our site or really our investors, we believe we have won the battle and the the hackers are out, still if they do come back you will see this page while we backup our site and repair the damages, WE DO NOT PAY HACKERS, ONLY INVESTORS.
Our support email, as if you are seeing this as our index page, we have been hacked again, is: [email protected]
Do not worry investors the date-base is safe and backed up three times a day and kept in different locations.
We have friend at Hostgator so we are going to try to expose more information on this hacker, we hope he was smart enough to use a virtual visa or a straw man, ANYBODY HAS INFORMATION, LETS GIVE THIS HACKER A HARD TIME, we all have been burnt by this guy, admin, and investors have suffered from his past attacks.
IP Address of StormAttack: 123.125.156.92
IP trace map image
| 123.125.156.92 |
| China |
| Beijing |
| Beijing |
| 39.9289 |
| 116.3883 |
| China Unicom Beijing Province Network |
| China Unicom Beijing Province Network |
Cenwa.com
Are hackers and cannot be trusted they will blackmail you in and inject SQL code, even if you pay them then they come back under new name.
This was found in my SQL database documents, once converted to text file I did a search for his email addresss [email protected]:
'StormAttack', '[email protected]', 0, '', '', '', '', '0', '1', '0', '2011-05-28', 'U1804555', 8, 'StormAttack', '123.125.156.92', 'new', '41ac392', 'yes', '', ''),
We believe that it is actually Cenwa.com as our Stats show that the 2nd country with the most hits came from Latvia, Cenwa.com is emailing under the name: Name : Eduard Malevsky
Email : [email protected]
On checking the header information of the contact form that Cenwa sent his contact email offering his services, we found the IP address: 91.190.54.18
On who.is reverse IP the following information came up:
Title: mikrotik routeros > administration
Description: n/a
Keywords: n/a
91.190.54.18 Server Details
IP address: 91.190.54.18
Server Location: Latvia
ISP: SIA Stream Networks
Then using http://ip-lookup.net/index.php, this contact information came up.
person: Alexandr Ribakov
address: Baldones 1-1, Daugvpils, Latvia
phone: +37126775265
e-mail: [email protected]
nic-hdl: AR6375-RIPE
source: RIPE # Filtered
Due to this information and the amount of hits we have from Latvia we are 99% sure that it is Cenwa.com whom is the hacker and the site has not been sold as Storm Attack claims, we believe they are using VPN or proxy server and trying to give the appreance that they are from China, I am Admin and we was number one country in the list, Latvia being number two.
We are going to publish this on the web as Hacking HYIP sites, kills the investors and the Admin, I think many people have suffered under this team or person and we leave this on the Internet for those to comment and if they wish pursue this further and try to claim their monies back.
Please now google Storm Attacks LR account:
You will find lots of information about this LR account in connection with website: www.cenwa.com
Go to this URL:
http://www.moneymakergroup.com/lofiv...p/t333715.html
At bottom of the page you will find proof that the hackers account was that of cenwa.com
Date : 2010-01-03 21:59:33
From/To Account : U1804555 (cenwa.com)
Amount : 0.1500
Currency : LRUSD
Batch : 31159769
Memo : Withdraw from Cenwa Investment Project
Even on Cenwa Website you will find Storm Attacks LR Account: http://cenwa.com/?a=partners
http://www.hyips.es/forum/hyips-cerr...nwa-com-2.html
Pedi 30 y me dio 27...http://www.oil-high-returns.com/we_a...p_image001.gif
2/28/2010 21:19 31041050 U1804555 (cenwa.com) + $0.27
On Google this information below came up and much more, proving StormAttack connection to www.cenwa.com:
1. Put this logo on your site!
- [ Traducir esta página ]
cenwa.com/?a=partners - En caché
Transfer $40 : U1804555. Comments: [email protected] - ... Transfer $80 : U1804555. Comments: [email protected] - ... Transfer $25 : U1804555. Comments: ...
1. MoneyMakerGroup > Cenwa - Cenwa.com
- [ Traducir esta página ]
www.moneymakergroup.com/lofiversion/.../t333715.html - En caché
6 entradas - 4 autores - Última entrada: 2 Mar 2010
From/To Account : U1804555 (cenwa.com) Amount : 0.1500. Currency : LRUSD Batch : 31159769. Memo : Withdraw from Cenwa Investment Project ...
1. cenwa - cenwa.com - Página 2 - Foro de HYIP, Autosurf, PTC, PTR ...
www.hyips.es › ... › HYIPs Actuales › HYIPs cerradas y SCAM - En caché
15 entradas - 4 autores - Última entrada: 11 Mar 2010
Pedi 30 y me dio 27... 2/28/2010 21:19 31041050 U1804555 (cenwa.com) + $0.27. Antiguo 01-Mar-2010, 12:39. roquito roquito está desconectado ...
1. Fountain Oil Investments - oil-high-returns.com - Страница 2 ...
- [ Traducir esta página ]
mmgp.ru/showthread.php?t=97421&page=2 - En caché
4 entradas - 3 autores - Última entrada: 11 Jun
LR: U1804555 It's not Joke! Name : StormAttack. Email : [email protected]. I give you 5 hours, if you refuse to pay $100 - your site will ...
Email communications between Cenwa or AKA StormAttack or AKA DarkStyle
From: Storm Attack
Sent: Saturday, August 20, 2011 5:33 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Good luck man, cenwa.com was sold 3 months ago. I'm not admin of cenwa.com. Try to contact support. I'm out of HYIP business.
From: Storm Attack
Sent: Saturday, August 20, 2011 5:22 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Congratulations, you found my LR account in google. Ha ha
From: Storm Attack
Sent: Friday, August 19, 2011 9:01 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Why I must to find other target, if I can hack you?
From: Storm Attack
Sent: Friday, June 10, 2011 2:09 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Ok, I will help you.
My LR: U1804555
From: Storm Attack
Sent:Friday, June 10, 2011 2:09 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
I give you 5 hours, if you refuse to pay $100 - your site will be under ddos attacks.
LR: U1804555
It's not Joke!
This is communications from DarkStyle, DarkStyle email address is: [email protected], StormAttacks student but they write exactly the same so I expect them to be the same person, please read this line of chat below:
From: My Darkstyle
Sent: Wednesday, August 17, 2011 8:39 AM
To: [email protected]
Subject: ShadowHackers - Urgent
Dear admin,
You must to pay $200, if you refuse to pay, your site will be hacked. After payment I will leave you. I will give you 24 hours. Do not try ignore me.
From: My Darkstyle
Sent: Thursday, August 18, 2011 3:32 AM
To: Fountain Oil Investments Ltd.
Subject: Re: ShadowHackers - Urgent
Ok, I can help you with investors... but you must pay $200.
I have email adresses from hacked visotrade.com (800 adresses) and other one hyip DB.
After payment I will give you.
Do you agree?
From: My Darkstyle
Sent: Thursday, August 18, 2011 4:18 AM
To: Fountain Oil Investments Ltd.
Subject: Re: ShadowHackers - Urgent
This is your last chance, if after 1 hour I will not receive money, I will start strong attack. You will lose all your investors! But now, you must to pay $50 for my time.
My LR: U9580825
Chat from DarkStyle:
Attention:
4:14 PM 1st time, your site was hacked by StormAttack, this man is my teacher
IT WEB DESIGN TEAM CHAT WITH HACKER
---------- Forwarded message ----------
From: My Darkstyle <[email protected]>
Date: Fri, Aug 19, 2011 at 4:32 PM
Subject: Chat with My Darkstyle
To: [email protected]
4:11 PM me: Hello.
My: hi
me: May I know you name please?
4:12 PM My: ShadowHackers
me: This is Soumya and I recently started this HYIP business. So, are you a group of people doing this?
My: no
4:14 PM 1st time, your site was hacked by StormAttack, this man is my teacher
me: I believe you have good potential. Right.
4:15 PM But doing such dark stuff in such a manner. Does it make you happy always?
My: it's my job
me: Anyways, that's your way of doing things.
4:16 PM I shouldn't mind. Now that we both need each other, what could be our best deal?
4:17 PM Let us assume we pay you. What would be your offer?
Would we be protected against all other hackers?
How can we possibly grow this relationship?
4:18 PM My: I will give you email base from hacked visotrade.com and other hyips. And will help you protect your site from other hackers
me: because I am a business man and would continue with many sensitive sites in future
4:19 PM And if your teacher comes and hacks it?
4:20 PM See, the moment I decide to vacate my wallet, I also want to make sure that I am not paying for another threat to come
4:21 PM My: dont worry, all is gonna be alright, StormAttack is my friend and teacher
4:22 PM me: OK. A moment please!
4:26 PM See, the only problem I have here is trust. Since you are involved in such things, I am a bit apprehensive about this. We are not big investors.
4:27 PM My: I understand you, You can trust me
4:28 PM me: Thanks. I want to be very honest here. We have been in pain and would not want to. And we believe you could be of real help to us.
And I value your words.
Neither I have options.
4:29 PM Could you be kind enough so that we can stabilize everything? I have lost a lot of money that I had got by exchanging through exchangezone. I will pay you the amount you have demanded.
4:30 PM I just need to raise few dollars. So, need 12-18 hours.
Can we be this much professional and friendly at this point please?
4:31 PM My: ok, I will give you 24 hours
4:32 PM me: Thank you very much. Hope we will have a very strong relationship. Thanks a lot for your time.
I will get back to you asap.
My: good bye.
4:33 PM me: Bye.
More proof
http://www.talkgold.com/forum/showthread.php?t=329803
CENWA.COM
REGISTRY WHOIS FOR CENWA.COM
Domain Name: cenwa.com
Updated: 4 seconds ago - Refresh
Registrar: NAME.COM LLC
Whois Server: whois.name.com
Referral URL: http://www.name.com
Status: clientTransferProhibited
Expiration Date: 2012-01-19
Creation Date: 2010-01-19
Last Update Date: 2011-05-28
Name Servers:
ns2705.hostgator.com
ns2706.hostgator.com
See cenwa.com DNS Records
Get your <a href="http://www.name.com">domains</a> at Name.com.
Domain Name: cenwa.com
Registrar: Name.com LLC
Expiration Date: 2012-01-20 02:49:56
Creation Date: 2010-01-20 02:49:56
Name Servers:
ns2705.hostgator.com
ns2706.hostgator.com
REGISTRANT CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
ADMINISTRATIVE CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
TECHNICAL CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
BILLING CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
Timestamp: 1314036102.7504
Cached on: 2011-08-22T12:01:42-06:00
Information Updated: Mon, 22 Aug 2011 18:01:44 UTC
__________________________________________________ _________________________________________
STORM ATTACKS IP INFORMATION
inetnum: 123.112.0.0 - 123.127.255.255
netname: UNICOM-BJ
descr: China Unicom Beijing province network
descr: China Unicom
country: CN
admin-c: CH1302-AP
tech-c: SY21-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-BJ
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC host*******.
remarks: To update this object, please contact APNIC
remarks: host******* and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: [email protected] 20070129
changed: [email protected] 20090507
changed: [email protected] 20090508
source: APNIC
person: ChinaUnicom Hostmaster
nic-hdl: CH1302-AP
e-mail: [email protected]
address: No.21,Jin-Rong Street
address: Beijing,100140
address: P.R.China
phone: +86-10-66259940
fax-no: +86-10-66259764
country: CN
changed: [email protected] 20090408
mnt-by: MAINT-CNCGROUP
source: APNIC
person: sun ying
address: fu xing men nei da jie 97, Xicheng District
address: Beijing 100800
country: CN
phone: +86-10-66030657
fax-no: +86-10-66078815
e-mail: [email protected]
nic-hdl: SY21-AP
mnt-by: MAINT-CNCGROUP-BJ
changed: [email protected] 19980824
changed: [email protected] 20060717
changed: [email protected] 20090630
source: APNIC |
We refuse to pay Hackers, only investors
Please read the below URL for full information
http://www.oil-high-returns.com/we_a...g_hackers.html
This week has been a fight with Hackers, trying to blackmail our site or really our investors, we believe we have won the battle and the the hackers are out, still if they do come back you will see this page while we backup our site and repair the damages, WE DO NOT PAY HACKERS, ONLY INVESTORS.
Our support email, as if you are seeing this we have been hacked again, is: [email protected]
Do not worry investors the date-base is safe and backed up three times a day and kept in different locations.
We have friend at Hostgator so we are going to try to expose more information on this hacker, we hope he was smart enough to use a virtual visa or a straw man, ANYBODY HAS INFORMATION, LETS GIVE THIS HACKER A HARD TIME, we all have been burnt by this guy, admin, and investors have suffered from his past attacks.
IP Address of StormAttack: 123.125.156.92
IP trace map image
| 123.125.156.92 |
| China |
| Beijing |
| Beijing |
| 39.9289 |
| 116.3883 |
| China Unicom Beijing Province Network |
| China Unicom Beijing Province Network |
Are hackers and cannot be trusted they will blackmail you in and inject SQL code, even if you pay them then they come back under new name.
This was found in my SQL database documents, once converted to text file I did a search for his email addresss [email protected]:
'StormAttack', '[email protected]', 0, '', '', '', '', '0', '1', '0', '2011-05-28', 'U1804555', 8, 'StormAttack', '123.125.156.92', 'new', '41ac392', 'yes', '', ''),
We believe that it is actually Cenwa.com as our Stats show that the 2nd country with the most hits came from Latvia, Cenwa.com is emailing under the name: Name : Eduard Malevsky
Email : [email protected]
On checking the header information of the contact form that Cenwa sent his contact email offering his services, we found the IP address: 91.190.54.18
On who.is reverse IP the following information came up:
Title: mikrotik routeros > administration
Description: n/a
Keywords: n/a
91.190.54.18 Server Details
IP address: 91.190.54.18
Server Location: Latvia
ISP: SIA Stream Networks
Then using http://ip-lookup.net/index.php, this contact information came up.
person: Alexandr Ribakov
address: Baldones 1-1, Daugvpils, Latvia
phone: +37126775265
e-mail: [email protected]
nic-hdl: AR6375-RIPE
source: RIPE # Filtered
Due to this information and the amount of hits we have from Latvia we are 99% sure that it is Cenwa.com whom is the hacker and the site has not been sold as Storm Attack claims, we believe they are using VPN or proxy server and trying to give the appreance that they are from China, I am Admin and we was number one country in the list, Latvia being number two.
We are going to publish this on the web as Hacking HYIP sites, kills the investors and the Admin, I think many people have suffered under this team or person and we leave this on the Internet for those to comment and if they wish pursue this further and try to claim their monies back.
Please now google Storm Attacks LR account:
You will find lots of information about this LR account in connection with website: www.cenwa.com
Go to this URL:
http://www.moneymakergroup.com/lofiv...p/t333715.html
At bottom of the page you will find proof that the hackers account was that of cenwa.com
Date : 2010-01-03 21:59:33
From/To Account : U1804555 (cenwa.com)
Amount : 0.1500
Currency : LRUSD
Batch : 31159769
Memo : Withdraw from Cenwa Investment Project
Even on Cenwa Website you will find Storm Attacks LR Account: http://cenwa.com/?a=partners
http://www.hyips.es/forum/hyips-cerr...nwa-com-2.html
Pedi 30 y me dio 27...http://www.oil-high-returns.com/we_a...p_image001.gif
2/28/2010 21:19 31041050 U1804555 (cenwa.com) + $0.27
On Google this information below came up and much more, proving StormAttack connection to www.cenwa.com:
1. Put this logo on your site!
- [ Traducir esta página ]
cenwa.com/?a=partners - En caché
Transfer $40 : U1804555. Comments: [email protected] - ... Transfer $80 : U1804555. Comments: [email protected] - ... Transfer $25 : U1804555. Comments: ...
1. MoneyMakerGroup > Cenwa - Cenwa.com
- [ Traducir esta página ]
http://www.moneymakergroup.com/lofiv..../t333715.html - En caché
6 entradas - 4 autores - Última entrada: 2 Mar 2010
From/To Account : U1804555 (cenwa.com) Amount : 0.1500. Currency : LRUSD Batch : 31159769. Memo : Withdraw from Cenwa Investment Project ...
1. cenwa - cenwa.com - Página 2 - Foro de HYIP, Autosurf, PTC, PTR ...
www.hyips.es › ... › HYIPs Actuales › HYIPs cerradas y SCAM - En caché
15 entradas - 4 autores - Última entrada: 11 Mar 2010
Pedi 30 y me dio 27... 2/28/2010 21:19 31041050 U1804555 (cenwa.com) + $0.27. Antiguo 01-Mar-2010, 12:39. roquito roquito está desconectado ...
1. Fountain Oil Investments - oil-high-returns.com - Страница 2 ...
- [ Traducir esta página ]
mmgp.ru/showthread.php?t=97421&page=2 - En caché
4 entradas - 3 autores - Última entrada: 11 Jun
LR: U1804555 It's not Joke! Name : StormAttack. Email : [email protected]. I give you 5 hours, if you refuse to pay $100 - your site will ...
Email communications between Cenwa or AKA StormAttack or AKA DarkStyle
From: Storm Attack
Sent: Saturday, August 20, 2011 5:33 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Good luck man, cenwa.com was sold 3 months ago. I'm not admin of cenwa.com. Try to contact support. I'm out of HYIP business.
From: Storm Attack
Sent: Saturday, August 20, 2011 5:22 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Congratulations, you found my LR account in google. Ha ha
From: Storm Attack
Sent: Friday, August 19, 2011 9:01 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Why I must to find other target, if I can hack you?
From: Storm Attack
Sent: Friday, June 10, 2011 2:09 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
Ok, I will help you.
My LR: U1804555
From: Storm Attack
Sent:Friday, June 10, 2011 2:09 AM
To: Fountain Oil Investments Ltd.
Subject: Re: StormAttack NOTIFICATION
I give you 5 hours, if you refuse to pay $100 - your site will be under ddos attacks.
LR: U1804555
It's not Joke!
This is communications from DarkStyle, DarkStyle email address is: [email protected], StormAttacks student but they write exactly the same so I expect them to be the same person, please read this line of chat below:
From: My Darkstyle
Sent: Wednesday, August 17, 2011 8:39 AM
To: [email protected]
Subject: ShadowHackers - Urgent
Dear admin,
You must to pay $200, if you refuse to pay, your site will be hacked. After payment I will leave you. I will give you 24 hours. Do not try ignore me.
From: My Darkstyle
Sent: Thursday, August 18, 2011 3:32 AM
To: Fountain Oil Investments Ltd.
Subject: Re: ShadowHackers - Urgent
Ok, I can help you with investors... but you must pay $200.
I have email adresses from hacked visotrade.com (800 adresses) and other one hyip DB.
After payment I will give you.
Do you agree?
From: My Darkstyle
Sent: Thursday, August 18, 2011 4:18 AM
To: Fountain Oil Investments Ltd.
Subject: Re: ShadowHackers - Urgent
This is your last chance, if after 1 hour I will not receive money, I will start strong attack. You will lose all your investors! But now, you must to pay $50 for my time.
My LR: U9580825
Chat from DarkStyle:
Attention:
4:14 PM 1st time, your site was hacked by StormAttack, this man is my teacher
IT WEB DESIGN TEAM CHAT WITH HACKER
---------- Forwarded message ----------
From: My Darkstyle <[email protected]>
Date: Fri, Aug 19, 2011 at 4:32 PM
Subject: Chat with My Darkstyle
To: [email protected]
4:11 PM me: Hello.
My: hi
me: May I know you name please?
4:12 PM My: ShadowHackers
me: This is Soumya and I recently started this HYIP business. So, are you a group of people doing this?
My: no
4:14 PM 1st time, your site was hacked by StormAttack, this man is my teacher
me: I believe you have good potential. Right.
4:15 PM But doing such dark stuff in such a manner. Does it make you happy always?
My: it's my job
me: Anyways, that's your way of doing things.
4:16 PM I shouldn't mind. Now that we both need each other, what could be our best deal?
4:17 PM Let us assume we pay you. What would be your offer?
Would we be protected against all other hackers?
How can we possibly grow this relationship?
4:18 PM My: I will give you email base from hacked visotrade.com and other hyips. And will help you protect your site from other hackers
me: because I am a business man and would continue with many sensitive sites in future
4:19 PM And if your teacher comes and hacks it?
4:20 PM See, the moment I decide to vacate my wallet, I also want to make sure that I am not paying for another threat to come
4:21 PM My: dont worry, all is gonna be alright, StormAttack is my friend and teacher
4:22 PM me: OK. A moment please!
4:26 PM See, the only problem I have here is trust. Since you are involved in such things, I am a bit apprehensive about this. We are not big investors.
4:27 PM My: I understand you, You can trust me
4:28 PM me: Thanks. I want to be very honest here. We have been in pain and would not want to. And we believe you could be of real help to us.
And I value your words.
Neither I have options.
4:29 PM Could you be kind enough so that we can stabilize everything? I have lost a lot of money that I had got by exchanging through exchangezone. I will pay you the amount you have demanded.
4:30 PM I just need to raise few dollars. So, need 12-18 hours.
Can we be this much professional and friendly at this point please?
4:31 PM My: ok, I will give you 24 hours
4:32 PM me: Thank you very much. Hope we will have a very strong relationship. Thanks a lot for your time.
I will get back to you asap.
My: good bye.
4:33 PM me: Bye.
More proof
http://www.talkgold.com/forum/showthread.php?t=329803
CENWA.COM
REGISTRY WHOIS FOR CENWA.COM
Domain Name: cenwa.com
Updated: 4 seconds ago - Refresh
Registrar: NAME.COM LLC
Whois Server: whois.name.com
Referral URL: http://www.name.com
Status: clientTransferProhibited
Expiration Date: 2012-01-19
Creation Date: 2010-01-19
Last Update Date: 2011-05-28
Name Servers:
ns2705.hostgator.com
ns2706.hostgator.com
See cenwa.com DNS Records
Get your <a href="http://www.name.com">domains</a> at Name.com.
Domain Name: cenwa.com
Registrar: Name.com LLC
Expiration Date: 2012-01-20 02:49:56
Creation Date: 2010-01-20 02:49:56
Name Servers:
ns2705.hostgator.com
ns2706.hostgator.com
REGISTRANT CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
ADMINISTRATIVE CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
TECHNICAL CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
BILLING CONTACT INFO
NIRMS LLC
Bill Detrix
New York, Wall Street, 9934
New York
NY
5460
US
Phone: +1.10384927322
Email Address: [email protected]
Timestamp: 1314036102.7504
Cached on: 2011-08-22T12:01:42-06:00
Information Updated: Mon, 22 Aug 2011 18:01:44 UTC
__________________________________________________ _________________________________________
STORM ATTACKS IP INFORMATION
inetnum: 123.112.0.0 - 123.127.255.255
netname: UNICOM-BJ
descr: China Unicom Beijing province network
descr: China Unicom
country: CN
admin-c: CH1302-AP
tech-c: SY21-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-BJ
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC host*******.
remarks: To update this object, please contact APNIC
remarks: host******* and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: [email protected] 20070129
changed: [email protected] 20090507
changed: [email protected] 20090508
source: APNIC
person: ChinaUnicom Hostmaster
nic-hdl: CH1302-AP
e-mail: [email protected]
address: No.21,Jin-Rong Street
address: Beijing,100140
address: P.R.China
phone: +86-10-66259940
fax-no: +86-10-66259764
country: CN
changed: [email protected] 20090408
mnt-by: MAINT-CNCGROUP
source: APNIC
person: sun ying
address: fu xing men nei da jie 97, Xicheng District
address: Beijing 100800
country: CN
phone: +86-10-66030657
fax-no: +86-10-66078815
e-mail: [email protected]
nic-hdl: SY21-AP
mnt-by: MAINT-CNCGROUP-BJ
changed: [email protected] 19980824
changed: [email protected] 20060717
changed: [email protected] 20090630
source: APNIC |
30 day trial program to help build confidence with the investor after a much shook market
Oil High Returns is new to the HYIP scene, although we work on behalf of company Technology Market Ltd, it is our challenge to raise more capital to add to the private investment fund of Technology Market Ltd, whom administer the collective funds and put them to work.
You will notice from our early arrival to the HYIP scene, if you followed the forums it was not met without troubles, hackers being number one, and trusting some in some monitors services was another.
We are offering long 150 day programs and for some investors this is a long period and are looking for a shorter high, we have now decided to bring about a 30 day trial program to help build confidence with the investor after a much shook market, we hope this will lead to more confidence in our company and that we can then go forward and carry the investor on longer and higher interest plans.
Adminstration from OHR
oil-high-returns.com
