Menu
What's New
By:
Filters

Security Warning

ElanorPL

ElanorPL

Alpha
Joined
May 6, 2006
Posts
547
Location
Poland
Avatar Name
Elanor Elanor Gamgee
A misspelling could cost us loosing our account.

Everyone knows the address of official EU website - www.entropiauniverse.com

But today a friend of mine who wanted to visit the page, made a small misspelling. He entered www.entropiaunvierse.com .See the difference in letters? on the page everything's the same.. except some particulars.If you want example - open both pages and check the headings.
Moreover, on that ''fake EU page'' we're able to log on our account. It's simple mechanism - it's possible cause fake page sends information to ''real'' page. (of course after getting them down)
Great thing to steal passwords from unawared users.

Friend did some further investigation - the server is located somewhere in Chile.
He sent a support case, here is the answer he got:
Hi,
Our website is called www.entropia-universe.com. You should always be careful when surfing the web.

Regards,
Entropia Support

Friend has Gold Card, so nothing bad could happen at all.

This is just future warning (and prove of MA's rashness).

Regards..
 
argggggggg
 
Ach ;) sorry..
mod move it/ delete it pls
 
If you use IE... You can report the site as a phishing site, to Microsoft :) This is the first time I have done this, so I am not sure what the outcome will be...
 
Snag said:
If you use IE... You can report the site as a phishing site, to Microsoft :) This is the first time I have done this, so I am not sure what the outcome will be...
Click to expand...

Very nice ;D Carry It on In the other thread... Its shite having to follow 2 threads about the same things. Points often get brought up twice!
 
WhoIs:
http://who.is/whois-com/ip-address/entropiaunvierse.com/

Result:
Domain Name: ENTROPIAUNVIERSE.COM
Domain Status: REGISTRAR LOCK
Registrar: Korea Information Certificate Authority, Inc. dba DomainCA.com
Referral URL: http://www.DomainCA.com

Registrant:
yoonjeonghyun
Ingye-dong Suwon Si Paldal-gu
408-ho b-dong twinpark 1134-9
Gyeonggi-Do, 442834
KR

Administrative, Technical, Billing Contact:
yoonjeonghyun
email.php

Ingye-dong Suwon Si Paldal-gu
408-ho b-dong twinpark 1134-9
Gyeonggi-Do, 442834
KR
(TEL) +82.312230971, (FAX)

Domain Registration Date....: 2007-03-19 GMT.
Domain Expiration Date......: 2008-03-19 GMT.
Domain Last Updated Date....: 2007-03-19 23:08:09 GMT.

Domain Name Servers in listed order:
NS.DOMAINCA.COM 211.106.65.101
NS2.DOMAINCA.COM 211.106.65.102

This one is far from being owned by MindArk...
 
mrproper said:
WhoIs:
http://who.is/whois-com/ip-address/entropiaunvierse.com/

Result:
Domain Name: ENTROPIAUNVIERSE.COM
Domain Status: REGISTRAR LOCK
Registrar: Korea Information Certificate Authority, Inc. dba DomainCA.com
Referral URL: http://www.DomainCA.com

Registrant:
yoonjeonghyun
Ingye-dong Suwon Si Paldal-gu
408-ho b-dong twinpark 1134-9
Gyeonggi-Do, 442834
KR

Administrative, Technical, Billing Contact:
yoonjeonghyun
email.php

Ingye-dong Suwon Si Paldal-gu
408-ho b-dong twinpark 1134-9
Gyeonggi-Do, 442834
KR
(TEL) +82.312230971, (FAX)

Domain Registration Date....: 2007-03-19 GMT.
Domain Expiration Date......: 2008-03-19 GMT.
Domain Last Updated Date....: 2007-03-19 23:08:09 GMT.

Domain Name Servers in listed order:
NS.DOMAINCA.COM 211.106.65.101
NS2.DOMAINCA.COM 211.106.65.102

This one is far from being owned by MindArk...
Click to expand...

Though, whois, only lets you know who the isp is. You cant get further than that. Though, Im a quite sure that MA doesnt get their bandwidth from korea....
 
Dom_sufc said:
Very nice ;D Carry It on In the other thread... Its shite having to follow 2 threads about the same things. Points often get brought up twice!
Click to expand...

As mentioned there's already a thread in Technical/Security on this matter. Let's try to keep the discussion on that thread since its been going longer:

https://www.planetcalypsoforum.com/forums/showthread.php?t=63175

However, since we want as many people as possible to know about it I'll let this thread bump for a day or two before closing it.
 
i dunno if this was mentioned in the other thread, but didnt want to read it all.

Have you guys never heard of it? you mispel websites and you get to them, why? oh simple money, its called affiliating, dunno if eu pays for it, but its one suggestion.
 
RidingDirty said:
Though, whois, only lets you know who the isp is. You cant get further than that. Though, Im a quite sure that MA doesnt get their bandwidth from korea....
Click to expand...

ISP?

You go further than that, it tells you the guy that's using the domain, and where the site is hosted at. This also allows you to send abuse reports and also go to police authorities in Korea and tell them some guy is cross-frame exploiting entropiauniverse.com (which I warned Marco one year ago about).
 
If you start watching where the links point, they ALL point to entropiaunIVerse.com which is the legit site.

Don't get all up in arms about it. Which is why you received a bottled response from tech support.

Don't believe me? Check your in-out traffic and your status bar.

Even the source code is safe. Go ahead. Read it.
 
Last edited:
mrproper said:
ISP?

You go further than that, it tells you the guy that's using the domain, and where the site is hosted at. This also allows you to send abuse reports and also go to police authorities in Korea and tell them some guy is cross-frame exploiting entropiauniverse.com (which I warned Marco one year ago about).
Click to expand...

Hmmm..?

Last time I tried to trace someone through the IP-number I didnt get further than the ISP. When I searched the internet all I got told was that in order to get further I needed to contact the isp or something like that :scratch2:
 
Angel of Death said:
If you start watching where the links point, they ALL point to entropiaunIVerse.com which is the legit site.

Don't get all up in arms about it. Which is why you received a bottled response from tech support.

Don't believe me? Check your in-out traffic and your status bar.

Silly noobs.
Click to expand...

That website is sitting between a visitor's computer and the official website. As such, it can monitor all the packets of data that pass through it.

I don't think it is silly to be wary of someone that could be reading your password shortly after you login. :rolleyes:
 
RidingDirty said:
Hmmm..?

Last time I tried to trace someone through the IP-number I didnt get further than the ISP. When I searched the internet all I got told was that in order to get further I needed to contact the isp or something like that :scratch2:
Click to expand...

Yes, but we aren't tracing through the IP number this time. We are tracing the domain name, which was registered to:

yoonjeonghyun
Ingye-dong Suwon Si Paldal-gu
408-ho b-dong twinpark 1134-9
Gyeonggi-Do, 442834
KR

;)
 
Midori Fairlona said:
Yes, but we aren't tracing through the IP number this time. We are tracing the domain name, which was registered to:

yoonjeonghyun
Ingye-dong Suwon Si Paldal-gu
408-ho b-dong twinpark 1134-9
Gyeonggi-Do, 442834
KR

;)
Click to expand...

Oh I see...

Now I understand ;)
 
If you are ever unsure about the ownership of a website, just type the domain name into a look-up tool like this one:

http://www.networksolutions.com/whois/index.jsp


Official MindArk websites will be registered to:

MindArk PE AB
Jarntorget 8
Goteborg, 413 04
SE
 
Midori Fairlona said:
If you are ever unsure about the ownership of a website, just type the domain name into a look-up tool like this one:

http://www.networksolutions.com/whois/index.jsp


Official MindArk websites will be registered to:

MindArk PE AB
Jarntorget 8
Goteborg, 413 04
SE
Click to expand...


Or any way a place and name close to what information we already know. The most important part of a domain name is the nameservers pool. For MA, those are:

dns1.mindark.com
dns3.mindark.com

Those are the nameservers MA can control. Any other nameserver can be controlled by third parties.

http://who.is/whois-com/ip-address/entropiauniverse.com/
 
Why whould people give a Credit card number to a site without the HTTP"S" in the adress?

Ok, alot do it lol. The point is, even a noob in PE might know something about comps or at least see what he is doing.


If not, then, BUY A DAM GOLD CARD!!!!!

http://www.entropiauniverse.com/en/rich/6399.html
 
I did a little playing around and also found that entropauniverse.com is the same deal. Wonder how many variations there are. Good work on this one!
 
just because the links are a mirror doesnt mean the "home page" isnt something not right.
 
Posted my 2 pecs on the first thread...

again, just my two pecs...

DS...

but again, thanks for the info, did not see the first thread...did see this one..

DS
 
huhuuhuhuhuhu,

I dont want be this guy if he gets punished the korean way ;D


contact the webmaster of domainca and tell him about it...

webmaster@domainca.com


p.s.
Hail to the goldfarmers!
 
Last edited:
mrproper said:
Or any way a place and name close to what information we already know. The most important part of a domain name is the nameservers pool. For MA, those are:

dns1.mindark.com
dns3.mindark.com

Those are the nameservers MA can control. Any other nameserver can be controlled by third parties.

http://who.is/whois-com/ip-address/entropiauniverse.com/
Click to expand...

Ehm, yes... and dns2.mindark.com and dns5.telia.com and mail1.mindark.com and mail2.mindark.com...

And there are 218 other domains sharing DNS with mindark.se, 8 sharing DNS with entropiauniverse.com, 216 sharing with mindark.com... for example welter.se, who is sharing with 30 other sites... like shaolin.se... doh!

And welter.se is sharing mailserver with 3rex.net... which has some registered subdomains like bank0, bank1, bank2, bank3,... ooooh, I have to stop digging for information now. :D

So maybe not that relialble to look at DNS.

Whoever wants to start digging (it's for free, no bombs needed): Start at http://www.robtex.com/dns/mindark.se.html


Ag.
 
Phaser said:
Why whould people give a Credit card number to a site without the HTTP"S" in the adress?

Ok, alot do it lol. The point is, even a noob in PE might know something about comps or at least see what he is doing.


If not, then, BUY A DAM GOLD CARD!!!!!

http://www.entropiauniverse.com/en/rich/6399.html
Click to expand...

Erm... the link can still be https, even the adress bar can display the https, but if enclosed in a frame, along with some JS code, and maybe one of the cool IE exploits, anyone can easily sniff your password.

Even a BHO or trojan installed on your system can do it.

As for DNS, do you have any reason not to trust mindark.com, mindark.se nameservers, Agnus Dei ?
 
Agnus_Dei said:
Ah... good... seems to be the right decision NOT to buy a gold card. Looks like you get a bit braindead after that...


Ag.
Click to expand...

Am I missing something?
Care to explain?
Thx.
 
With MA moving into the Asian market I wonder if this is an intentional registration.
 
You must log in or register to reply here.
Back
Top