NoBing Chrome Extension Changing Names

NoBing was removed from the chrome web store after a copyright complaint from Microsoft (see below). Now relaunched as Bongle.

From: <[email protected]>
Date: Sun, Sep 10, 2017 at 5:42 PM
Subject: [7-1658000018900] Chrome Web Store Takedown Notice

Hi,

Google was notified that some of your materials allegedly infringe upon the trademarks of others, the details of the removed extension may be found at the end of this message.

Please note that repeated violations may result in a suspension of your Chrome Web Store Publisher account. If you have any further concerns about this issue, please address them directly to the complainant in the Trademark Infringement Notice provided.

The affected extension(s) are listed below:
https://chrome.google.com/webstore/detail/nobing/gbnjfjhjjemhhfhhdeojkhpjjliaidpfRegards,
The Chrome Web Store Team

On 08/14/17 18:27:22 [email protected]appdetex.com wrote:

full_name: Alexis Meghrouni Rivas {Submitted by AppDetex}
your_title: Director, Enforcement Strategies and Services
companyname: Microsoft Corporation
address: 501 W. Grove Street
Boise
ID
83702
UScountry_residence: US
contact_email_noprefill: [email protected]appdetex.com
phone: 8722402777
trademark_relationship: Note: AppDetex is authorized by Microsoft
Corporation to facilitate the submission of and correspondence regarding
complaints.

tm_work: BING 2008/26333: ZA 2008/26332: ZA BING 2008/26334: ZA 2008/26335:
ZA BING IR 996797: CH IR 996700: CH BING 2008/26331: ZA 2013/15673: ZA BING
228425: EG 228426: EG BING IR 996700: SG IR 996797: SG BING IR 1171876:
SG,CH BING 1641400: TW TN/E/2013/1081: TN BING 9/1/12: EC IR 996700: TR
BING IR 996797: TR IR 1171876: UA BING IR 1171876: TR 46975: TT BING
BOR46697: TH 1383046: TW BING 1378808: TW IR 1171876: WO BING BOR 46695: TH
BOR46696: TH BING 228427: EG 15 Book 225: SV BING 165426: GT 193689: GT
BING 165423: GT 165427: GT BING IR 1171876: PH 4-2009-2253: PH BING 198768:
GT 57278: PE BING 204996: PE 199089: GT BING 83129: PE 57276: PE BING
57277: PE 82295: QA BING 82296: QA IR 1171876: RU BING IR 996797: RU
1232/92: SA BING 1232/93: SA 1232/94: SA BING IR 996700: RU IR 996797: RO
BING 82298: QA 82297: QA BING 82299: QA 82300: QA BING IR 996700: RO
126683: AE BING 161169: AE 159655-C: BO BING 159654-C: BO 159656-C: BO BING
159657-C: BO 388741: CO BING IR 996700: EM 159658-C: BO BING I
trademark_explain: The app uses the trademarks of Microsoft Corporation
without authorization. In this instance, the app uses “Bing” in the title
and “Bing” imagery in the icon.

infringing_location:
https://chrome.google.com/webstore/detail/nobing/gbnjfjhjjemhhfhhdeojkhpjjliaidpf
tm_sworn_statement1: tm_good_faith
tm_sworn_statement2: tm_swear
NoticeToDeveloper: agree1
signature_date: 8/14/17
signature: Alexis Meghrouni Rivas {Submitted by AppDetex}
subject_lr_trademark: Your Request to Google
hidden_product: chromewebstoreextensionsgallery
geolocation: US

:—- Automatically added fields —-:
Language: en
IIILanguage: en
country_code: US
auto-helpcenter-id: 1647639
auto-helpcenter-name: legal
auto-internal-helpcenter-name: legal
auto-full-url:
https://support.google.com/legal/contact/lr_trademark?product=chromewebstoreextensionsgallery
auto-user-logged-in: false
auto-user-was-internal: false
IssueType: lr_trademark
form-id: lr_trademark
form: lr_trademark
subject-line-field-id: subject_lr_trademark
body-text-field-id:
AutoDetectedBrowser: Chrome 45.0.2454.101
AutoDetectedOS: Intel Mac OS X 10_11_0
MendelExperiments: 10800027,10800108,10800141,10800161,10800169
Form.support-content-visit-id: 0-636383500115619980-1101090361

equihxbdrjn5czx2.onion Another Equifax Hack Tor Site

Another darknet site has popped up for the equifax hack, although no large data samples have been provided to give us convincing proof the site is real, they do provide some alleged screenshots of internal equifax management systems.

As a “Sample” of the data, they provide the SSN, DOB, and address of Donald Trump, Kim Kardashian, and Bill Gates – although this data is hardly proof as you can find all the information on these three people publically in google.

The sample screenshots appear to be taken by a Mac.

 

The Ethereum and Bitcoin addresses provided for the ransom have not received any payments as of yet:

https://etherscan.io/address/0x8D992F58f3887cCD72A14FE29aD22Ed0789f70Ef

https://blockchain.info/address/1KELNpR9ECN46QaNGxPhoJDL4iqaa7Hgch

The email provided, EQUIHAX AT PROTONMAIL.COM, has been reported to ProtonMail’s abuse team.

PGP Key given on the site:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1

mQINBFm4OK8BEADaaP8xnUpFEE1YJlVR5klWHV47nTx4KxwmULMNlWkLc3y5HXlf
f1mJOMAs5Iad+/R/klcx7724Nt6rGCNyHosbUHVD4lPKf3+ogF/WHOly1Lnmuelf
k4biDT8UpmajsTN2F+aUpJWNFmIELPDXijbRTFMDLeWirJW75J48vfmTAcbLH1AZ
TqO5vNbLuR95lIu1d7S+gFUy8gpNfAejHtP4yRzZvcSSQHTTKcK8bxdyXfGvLAn6
jKqDcPG9aoCd9r0zxn2LSvJ1gKE41ikhflypE+maNxl6L7cgcnwPw4WCN3DdZFoi
o/bCuL8POZILaAe3xgiUoKcdgonAVZ1Y6J9QEXU6AwoMbGMLViScd7zwNWSx11uO
+NrHQLCOabtrtMndn/jhLkd+m+mZCfDdJejXwkJV9RYq/Q+1C7IsE0qsYLnUvQsE
U/vBaUtAyQdvvRC1SguyGs6pdpF88c+qi18d4at82Hu+p6AFEyoiOXwI+a/E6Fz2
yhDvF1UxRQREsRfguhv7uimpawzDaqhOXJptV53v+8oag54089t9NIn8DyCjOm3x
+DkUAJY0+Zes3tLQNolSDyAfEjTbs6n9TGtXYiO1pMX2OHXahUn+/cXF6+YS80RM
CgWz54wEKSD9Z4O0y6ZRn/gr/3xKQZvDY1M8r25bdKycZTFV/2t3qAL5EwARAQAB
tCBFcXVpaGF4IDxlcXVpaGF4QHByb3Rvbm1haWwuY29tPokCPgQTAQIAKAUCWbg4
rwIbAwUJACeNAAYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQRzLv2DrOFtcn
SQ//eJZCCF+L/nItmi9i36jnyYolFB3HjShZ/cKF+JzNfPfOOM/r9SCiUlTPd5MD
wrmG4HKY97n2EE4Iq36wXyDJOEkyJgH4gxiKtjUYhfhxnWKPaF/pfJxMQCKJ47az
rvnN7z/Z1CjB/xNBJPVc4iS2qTt6OM+Ted11VdmLiGGKAjevyCQH0mz16R5SljCg
wwdmHFHGozFy7k23dd0mmbgL0YTu+Rka17eugp/rBAfMoIF6UMc1eakuLcJpl08w
744z6jNEjt0xAXi/eLIkNxrG7wAfBcjpFpPIFckena3Y3Fp+6n+LSjemVvfSp00m
FFBOog5+2L4Hab4b7KglmM1LiOibIJWOTvvCe3MD8puzmJCmEmVUaD41vnQSkGqR
xLMkcF0BW+u1ThA8iuvqNe/wvRJQvgpSi7kDr8bTdGnk1JXyx4cP1jRdJolEcnJQ
Qw1TL7Uoztj8FgUZhmmiLxfSUY3EeFbE/RoYhIzN7G7s1cK28v+zeVx61Tq85Iyx
Q4/tbS9DfwS4Oc7bdCdTFt+FPkp4v4ikyk8qv9hdyJCKYAjtDkVjaMsKGilv2jvs
PgrWk0G1JPkGxZPJYmhIKM4lWsdb7+A6LIccjKZaA6kIg1JYt4YbGKgJwDvBpZ8Q
bRTvoBo45a605LCDdgb2JX50a7rCOsqNnxoFIme1CCZnDde5Ag0EWbg4rwEQAMMz
gXvpbH1NAmGFSMNYMXzuaURQuF3RlyzwxVFYQLg9ot+pmBJsvGFGO77a1itfbXFP
WLhJtuMzbuRHyh6qaFv0mhFANxXUvD+2wLNXJs5KiPZrMLH8WEn1E9RAaAQKLgkh
a2oQgo5UF2zlp+9IZ6YCllaUkCGWR7GaKvwz6IKpvHpb8IZ89WKj25iuP2/nIycJ
0sRHArSxc+pQ4ZjFS1xOm2Mt5bLLq4keW4OK9qwXjVge5e7G0eG+p3gxraT4Eman
5uIM53R25sKBXI9gh+TRZNtVdA++aiihnCRwWmjLdnTuV+rrSXWIkxMXbeQeDryL
aM+3UgH9oNfKt5hZYydqc0t4DhYX1oHyiWCGuqQ4w3gbWZUG4h1XjbevoohZMw3x
qf/j9gomr73hCino5kC1PTh+Q43s2E5fxgYWk4l3GrcBnvSnPiUjiWKvrTYxiGbB
ibu3YEg3MS6KP0ICBOnVhWRyG0RvFEbgvhcDkD+ojQylRccgekZJGMbSDeht/Rcq
1ctVSeTBeGUmkOC5r2e9nDIaIwj2J1cB6WpIBt5GU9HAcvwpq41UEBQQDNR03liv
hfb80F61JP+IEo5HQa93u7a+fVsuFnYJCfKDIfQzB1hBFPZjEACl7jN7JTYVTAzQ
MNwmMo4kidHZ15fZxVlAjdvqcZdM/eeosL2zXIvJABEBAAGJAiUEGAECAA8FAlm4
OK8CGwwFCQAnjQAACgkQRzLv2DrOFtfrNxAAvMhdnhGhM8twnyA/SQyNxgjpa2A1
XVkbdtN8K+FSsvFJ5DPrXYotaoyziAkKlrWrLyjAgsmuYXyNEQrufo2UbQVyqlcv
/WqYAbZNrRdiXRyTNQCtRim312mYCv1wdB28kSQRiFfI3BfGN3TWfzNN6pN05ymo
4z8AmCfUALMYFiehECQK8c1tF8cKxzu5guPkpgrrSs7X8YPapSY+mtWkUbn/By4l
2O3BNvp8LMh3pfRI6fyaHY7nVNaN/QbWfONqJ5kqDSIixu++tvWxzv45b04sjZJY
miJkyxVqqVfSddFxeAEyTZXMMm1oGGBCm69bFIzSsvBRt5gs6295Z1jxd1ZPWIGM
RKW5qpFGALj8+6qobRLEPu8T/RBUWUXmehX7HYIP/WBEkyDwf5cYwDuPQnKtyqPE
ODpkh6019/KzNwydg9Z90GpRzXHrBDEsk0eQiyRocSCKH+z8Jn8+qNnjvDvVxcl1
t8uKY19ggkbjN6zkesb4ta9B3FNP2BEod5n0HOTXiMp6fgdMDNrR39//sZY/c/4v
VN2ATU5Hd2H7yaGD5YJUBFjld4vy7L4MJTkAoT0Yun1RLle8pTKTa9dVw9mCofUE
YxMFYJjB1cd2nohXCfejmL7H8pXUxk3qzCRuQCq72/1sFk+svlljlVlGC0ojDYc/
d0A/mEK67UFQ7KA=
=VAaR
-----END PGP PUBLIC KEY BLOCK-----

PastHole Hacking Team

The PastHole hacking team is the hacking group claiming responsibility for the 2017 Equifax data breach – affecting nearly half of the US population.

Their only contact with the outside world has been through their ransom request site badtouchyonqysm3.onion as well as their anonymous email [email protected].

The group may have a Russian origin based off the tag “Оборудование для взлома” added to the bottom of one of their email responses.

 

onionscan Cannot connect to Tor proxy, is the –torProxyAddress setting correct?

Trying to run onionscan, but encountering the error
Cannot connect to Tor proxy, is the --torProxyAddress setting correct?

Simply get the latest tor browser running on your machine and add the following proxy:

–torProxyAddress 127.0.0.1:9150

The latest tor runs on your local machine at port 9150. This flag instructs onionscan to use that as the proxy.

Example command:

onionscan –torProxyAddress 127.0.0.1:9150 –verbose targetsite.onion

Attachment: signature.asc

The PGP Signature attached to the equifax hack response email.

-----BEGIN PGP SIGNATURE-----

iQIcBAEBCgAGBQJZsztpAAoJEAhZPbtpB0Q42DIQANIKD/Z3hCD3JeYC1LraZA8m
p5ZfR+Nfju6QimXG8LwKg893P97UwXkFO5BzVvsPVHJq1k5P1mCTlN/wGXi31Nfn
MLkbZhQR/glGx3F7Tb+Fe17DO5YzW75Epaa8eAqgLf2I9ULG5RrdsqfoU4ACZ3Lu
7pFOjF+2PtmfkMaEG8UIZv6HPOuS7S1maPP9sq6MQncwPufwrNkB7vKHYK/zsVLY
07tPQIRXEFOecBPt0R26+/MLCffGlwqKva6TN8yusbjixB151ap9FAFKdFlPS7hA
whTbMpgLUK+o8LgNBpcfPaI9zgPOkNUH4BOWCtRj6CxzoeYVMx04ox0Lj/GuRyRH
fQzilr9yI7Svv42PHCIVTPUE5xsAcfl1pQA55oESa5AzHrxSnqDCtNsWEdsyHElK
4yiva+DDQ8/gd1p929YaKV96ler4L/2Rn0e1vIuHQvUE2e/HCLPxj8AcWfijYguY
uHV1yg8FBlrPk9ulugC1F5GXSskK79i1waQjsFIAHJ6eXM2OaaKnT9hHP/C1/RYz
OpLJkNb5AJPLhsgDu2LIdI/7fH2EbUJkal33LeuwBF+EbYCpWCq3Oq4bRyIK1P8X
UVo/izmPV43vIai3v+s/D63MZsWwnKU/0cXp4lz0T5HxDJ+UUIjWr2kVrSvqxO6M
tgE4BlgJazrfGVHeiBQ1
=FQKA
-----END PGP SIGNATURE-----

Complete PGPKey posted on their contact page:

-----BEGIN PGP PUBLIC KEY BLOCK----- 
mQINBFmyEqUBEADbLJpJmOAd0jQ8YesV4rEcnRqViKoM3Rxf+0TBC8R2PQCR/Pb+ WoXDdU1YRDckDkaGxzcgHKAXEBU3e7+kisu3cI51WX3FJyne+euE/j+oy3UJEGvH VlZqiO3T6zvENj1xjtNKxvCXGr3lOclKKjIh4XXrgV8oZDV628pTW6NvMDr6zLqc YI5gGYiccmE0SpnFainObqp7LgNY5wO0gPzojeUnmV+EK67cBQOO9/YrbpynjDq1 QzPNFmEVbeVJRx+BGq8k5cVA17fONF0K5t2BXhs07oUxyfj6cp5Or4OAzxMi3PMC a3EKDkNp4FErkcFcTtHNobrT/DJf5t7jLTe4ZmJa88YTLsRO7ZY0P7puFRIpwDJw T2M+cl985Rr2IKoUmtidjRn71DhFj2E8taxfRs+ZEbwKHV2nHAp1ddTw2BDAhWvO KOYvvSDzxUOQrf9B5+NrWIydxYPWX3x1laYfwZZwoM4NB340bULnyCh33GTgRikn ldXefluKpbtBduFBIW5XSBjGoRVRcny7a/zqFqa46r/dlf3rA2P+oYCBNSVhmMs7 bZyVjWrS5tKPR6NIH8isR4inO6rVUWHp55K1iCmXAAClD/0ytgjuLoBTOWuoXk+P DBpgjqAeRDcDaypIYphANvaSod6EVk6V/nqJYLN+fMPr65JmXllE2ODtswARAQAB tC9QYXN0aG9sZSA8cGFzdGhvbGVAbmF0aW9uYWwuc2hpdHBvc3RpbmcuYWdlbmN5 PokCPwQTAQgAKQUCWbISpQIbIwUJDShogAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4B AheAAAoJEAhZPbtpB0Q4D/YP/R2vdxS8Jh8d065KGxWsFbPSLj1+/Jyo6F8VT6KD ChswUM2ICBeXjFpx/OwZpjLDRO+t69MtrdtOKI6dazDCc6DtEMMoi/eDrjPC1Cj7 pqF3FcI+VPlfpF+SYJoeRlmwwb8qsWrqcB222kEZgb2T8TpmADFqq7d8j+HKV+LZ HZ+9byccFZoVMyMiw9wVIzF981t7z2yTMOb4NWIuVrw3NTXHWauYSfsM7wr0xZpZ 4WWqo8RpBjxCwjcR1wFVpoZ8e2zd8qRdfqHaxR6hLwZ3Dx3POFRWbJd/ftsdLnlD lgpg4O5dC+BWjxJk8d6SCs8BUzczJPGqsaJd7wKGSyUP7//BJSLwBh3ybeY08R7L aWs/vvohL6ZoBkBmOMxJod/K5YQnmyPK+jahL4QrtFNKYwRHq67EeLDSeLD5ZK+b 6b9u1dDjwjwV8suh4v96+y5Oz5SdBGfE8B3078hm89kE1sfzjQHnYp4FuBGCZ3LZ 4BBAlqIfj2zbPcqmlc7QGudUmWNp89B4yF7DfD8bpybMiHkBWiyYgDNjDn/vSHMI Id8ZN6zNN4Raxk+ikRrk79gVDUcjax+wF6WuDIJbKl2DwJk+bvQ+bNPqrNYmCgyv qW7B+ni3t/i1K+nwNOJj+jVPplC9T31ePs1KEKJAt5xYSVwqtL9Zfxn9IH5gj4nl wcwCuQINBFmyEqUBEADfgeCn8MPl5EvFDvfWyLT7yQqoulhM87oWQT+vnItYxLou l5wdtC1dtp5HEtCiwdpc4+CPWxIWD33RZQliKOUWGKX8zairP0Ki1CzqjrKYFDXA XvuIhxALGi2Qd0PuNhWFrBsl7YvzWZ6Uw0Gr4FgUfPpCwTAaAoLFZwlUW9p/tbpX fmpTAeefArQrSVLxolH/45MIyHDYzFysT8xVVU4uboPFRpKi1sLtrU8plUSBOHLa IDpXNJAp1KS6vWIF8T8rmzvDUKv3ReIoNXaiPTzySKamkA4OEA7Y7ZuuM/G7fq5N s7Feg8uVbIaplFqhbqLCPrFkwcA0sdDkYDilAOWL5srJSRUyNsusq6Xih7S5hS4y U6pG0T1cXhUAcz0/HrQxIj+MyVOPDWJsdj9Z1/6oRIcHdblg66xYhKYD7jvgY5+f nDe4KeG24KaIQ2gwinnWHw333kvQjJHcKOGQUFq6nMjYV9TUFR1A76Gu93RrZwT8 cre+E7PUq5rkV2feI2KlQRJ96sLtmtfmXaibOwg9LfbKeaNF6edau1kYqL/RWzSx R2C4sPgh5HPod5D5GB6Lzojj4fhruvJQeFFoBQLZ1b4cQMYKVnTtBt4+fZefjZbb xkmjCR4QJAVukJSX/F4MjxyPsGA4uDLluD/cHpMOL44lmyYUNaU437Ng0MFteQAR AQABiQIlBBgBCAAPBQJZshKlAhsMBQkNKGiAAAoJEAhZPbtpB0Q4FekQALLtAqfS lJhzMVOjg9Jt+MTPqFdUuo38oGBwiakmtHVG+3MuwdspR25yfsV2O9UwCAu6tnGJ IIcVtZIIuOhkqPEJSTzCmkdz7SRUpV1aj9tC4AbkLjX5tQYjhupTsyEt5+gYUYTz XoggdEF/TOPGVelj/o5ZUhLUdzwC6y4Y8QY8A0mHSWhuB05UfDexheHjC7At5CbI /aEoAX9BsLlc+Im3FnqyIhiHPw+qQ0P1op+/oKuKwjiZOaV7/Amh3sbnznEReDP/ oMmhl1TFpV5C45Ltcgj4uBHnVAhYEXdom400aNpqzv2SqQlDLAYwCFD9/5HHW41l 09ea2zomNubArvtsxtn5ohYvd3yBkutqW7iOW1Rs3KaBasvDMJQ07RLIJO0WOTVc MNMML2lodaRABgWEl4tV9xLpHs5T1mQx4sUBaHXvqIwuGcQsOP7cRZuWMkDJoT4y UnFxirzkF6D/7LyBp62Tyr5pii/MXAguobvguZ4pcgELha6Az8spgZPNu4gaTLGN dgAPqerDEa6lPoJv+CN1QQKwx8IMHUTy/Rv9xAjoK5SwDYkABDDIO5AxDdNEknL/ sk2MkYI9+fQKWhd+rWKQL729Nsfh8cuJPxiXkVBvpRQmW0w9EJOJSKNKALLBaETN AVfiMbveYrLw7iso104OHi76zBnHcTN+JfnU =ECQC
-----END PGP PUBLIC KEY BLOCK-----

An email from the Russian Equifax Hackers

I emailed the Equifax hackers at the email posted on their darknet site and they responded with the following:

We are processing information is not a single file and we must still
unite which data correspond to which people.

We are not going to give interviews.

We do not have expectations to collect anything so that on the 15th
everything will be published except the credit cards.

09/15 at 4pm UTC


PastHole
Оборудование для взлома

Note the Russian signature, loosely translated by Google translate to: “Equipment for hacking”. A quick google search says the name may have to do with Wardriving – an old technique for picking up insecure wifi for mobile roaming wifi. It is rather presumptuous to say they’re a Russian hacking group, but the Russian signature does raise an eyebrow.

The email is signed with their PGP signature.

[email protected] Equifax Hacker Email Address from badtouchyonqysm3.onion

The alleged equifax hackers have posted a contact email address of [email protected]

Despite its similarity, this email address is unaffiliated with the domain: https://nationalshitposting.agency/

The domain the email address is registered to, shitposting.agency was made under a private registration on 2015-03-07, far before the equifax hack took place.

shitposting.agency is a disposable email domain

I’ve sent an email to this address and verified it is working -delivered after 1 attempt.

    "delivery-status": {
        "tls": true,
        "mx-host": "mx1.cock.li",
        "attempt-no": 1,
        "description": "",
        "session-seconds": 1.7955520153045654,
        "code": 250,
        "message": "OK",
        "certificate-verified": true
    },

Equifax Hacker PGP Key from badtouchyonqysm3.onion 

The PGP public key of the alleged Equifax Hackers as posted on their website at badtouchyonqysm3.onion

-----BEGIN PGP PUBLIC KEY BLOCK-----

mQINBFmyEqUBEADbLJpJmOAd0jQ8YesV4rEcnRqViKoM3Rxf+0TBC8R2PQCR/Pb+
WoXDdU1YRDckDkaGxzcgHKAXEBU3e7+kisu3cI51WX3FJyne+euE/j+oy3UJEGvH
VlZqiO3T6zvENj1xjtNKxvCXGr3lOclKKjIh4XXrgV8oZDV628pTW6NvMDr6zLqc
YI5gGYiccmE0SpnFainObqp7LgNY5wO0gPzojeUnmV+EK67cBQOO9/YrbpynjDq1
QzPNFmEVbeVJRx+BGq8k5cVA17fONF0K5t2BXhs07oUxyfj6cp5Or4OAzxMi3PMC
a3EKDkNp4FErkcFcTtHNobrT/DJf5t7jLTe4ZmJa88YTLsRO7ZY0P7puFRIpwDJw
T2M+cl985Rr2IKoUmtidjRn71DhFj2E8taxfRs+ZEbwKHV2nHAp1ddTw2BDAhWvO
KOYvvSDzxUOQrf9B5+NrWIydxYPWX3x1laYfwZZwoM4NB340bULnyCh33GTgRikn
ldXefluKpbtBduFBIW5XSBjGoRVRcny7a/zqFqa46r/dlf3rA2P+oYCBNSVhmMs7
bZyVjWrS5tKPR6NIH8isR4inO6rVUWHp55K1iCmXAAClD/0ytgjuLoBTOWuoXk+P
DBpgjqAeRDcDaypIYphANvaSod6EVk6V/nqJYLN+fMPr65JmXllE2ODtswARAQAB
tC9QYXN0aG9sZSA8cGFzdGhvbGVAbmF0aW9uYWwuc2hpdHBvc3RpbmcuYWdlbmN5
PokCPwQTAQgAKQUCWbISpQIbIwUJDShogAcLCQgHAwIBBhUIAgkKCwQWAgMBAh4B
AheAAAoJEAhZPbtpB0Q4D/YP/R2vdxS8Jh8d065KGxWsFbPSLj1+/Jyo6F8VT6KD
ChswUM2ICBeXjFpx/OwZpjLDRO+t69MtrdtOKI6dazDCc6DtEMMoi/eDrjPC1Cj7
pqF3FcI+VPlfpF+SYJoeRlmwwb8qsWrqcB222kEZgb2T8TpmADFqq7d8j+HKV+LZ
HZ+9byccFZoVMyMiw9wVIzF981t7z2yTMOb4NWIuVrw3NTXHWauYSfsM7wr0xZpZ
4WWqo8RpBjxCwjcR1wFVpoZ8e2zd8qRdfqHaxR6hLwZ3Dx3POFRWbJd/ftsdLnlD
lgpg4O5dC+BWjxJk8d6SCs8BUzczJPGqsaJd7wKGSyUP7//BJSLwBh3ybeY08R7L
aWs/vvohL6ZoBkBmOMxJod/K5YQnmyPK+jahL4QrtFNKYwRHq67EeLDSeLD5ZK+b
6b9u1dDjwjwV8suh4v96+y5Oz5SdBGfE8B3078hm89kE1sfzjQHnYp4FuBGCZ3LZ
4BBAlqIfj2zbPcqmlc7QGudUmWNp89B4yF7DfD8bpybMiHkBWiyYgDNjDn/vSHMI
Id8ZN6zNN4Raxk+ikRrk79gVDUcjax+wF6WuDIJbKl2DwJk+bvQ+bNPqrNYmCgyv
qW7B+ni3t/i1K+nwNOJj+jVPplC9T31ePs1KEKJAt5xYSVwqtL9Zfxn9IH5gj4nl
wcwCuQINBFmyEqUBEADfgeCn8MPl5EvFDvfWyLT7yQqoulhM87oWQT+vnItYxLou
l5wdtC1dtp5HEtCiwdpc4+CPWxIWD33RZQliKOUWGKX8zairP0Ki1CzqjrKYFDXA
XvuIhxALGi2Qd0PuNhWFrBsl7YvzWZ6Uw0Gr4FgUfPpCwTAaAoLFZwlUW9p/tbpX
fmpTAeefArQrSVLxolH/45MIyHDYzFysT8xVVU4uboPFRpKi1sLtrU8plUSBOHLa
IDpXNJAp1KS6vWIF8T8rmzvDUKv3ReIoNXaiPTzySKamkA4OEA7Y7ZuuM/G7fq5N
s7Feg8uVbIaplFqhbqLCPrFkwcA0sdDkYDilAOWL5srJSRUyNsusq6Xih7S5hS4y
U6pG0T1cXhUAcz0/HrQxIj+MyVOPDWJsdj9Z1/6oRIcHdblg66xYhKYD7jvgY5+f
nDe4KeG24KaIQ2gwinnWHw333kvQjJHcKOGQUFq6nMjYV9TUFR1A76Gu93RrZwT8
cre+E7PUq5rkV2feI2KlQRJ96sLtmtfmXaibOwg9LfbKeaNF6edau1kYqL/RWzSx
R2C4sPgh5HPod5D5GB6Lzojj4fhruvJQeFFoBQLZ1b4cQMYKVnTtBt4+fZefjZbb
xkmjCR4QJAVukJSX/F4MjxyPsGA4uDLluD/cHpMOL44lmyYUNaU437Ng0MFteQAR
AQABiQIlBBgBCAAPBQJZshKlAhsMBQkNKGiAAAoJEAhZPbtpB0Q4FekQALLtAqfS
lJhzMVOjg9Jt+MTPqFdUuo38oGBwiakmtHVG+3MuwdspR25yfsV2O9UwCAu6tnGJ
IIcVtZIIuOhkqPEJSTzCmkdz7SRUpV1aj9tC4AbkLjX5tQYjhupTsyEt5+gYUYTz
XoggdEF/TOPGVelj/o5ZUhLUdzwC6y4Y8QY8A0mHSWhuB05UfDexheHjC7At5CbI
/aEoAX9BsLlc+Im3FnqyIhiHPw+qQ0P1op+/oKuKwjiZOaV7/Amh3sbnznEReDP/
oMmhl1TFpV5C45Ltcgj4uBHnVAhYEXdom400aNpqzv2SqQlDLAYwCFD9/5HHW41l
09ea2zomNubArvtsxtn5ohYvd3yBkutqW7iOW1Rs3KaBasvDMJQ07RLIJO0WOTVc
MNMML2lodaRABgWEl4tV9xLpHs5T1mQx4sUBaHXvqIwuGcQsOP7cRZuWMkDJoT4y
UnFxirzkF6D/7LyBp62Tyr5pii/MXAguobvguZ4pcgELha6Az8spgZPNu4gaTLGN
dgAPqerDEa6lPoJv+CN1QQKwx8IMHUTy/Rv9xAjoK5SwDYkABDDIO5AxDdNEknL/
sk2MkYI9+fQKWhd+rWKQL729Nsfh8cuJPxiXkVBvpRQmW0w9EJOJSKNKALLBaETN
AVfiMbveYrLw7iso104OHi76zBnHcTN+JfnU
=ECQC

-----END PGP PUBLIC KEY BLOCK-----

badtouchyonqysm3.onion Equifax Hack Ransom Request Site

The alleged equifax hackers have declared their ransom with the following website posted on a darknet tor page:

badtouchyonqysm3.onion – As gathered from the tor browser:

 EQUIFAX DATABASE Personally identifying information (included Social Security numbers, birth dates, addresses and driver’s license numbers) of more than 140 million people. More than 200000 credit card numbers.

 

 How can we verify that you have the information? Request a specific part or a specific data from an email that corresponds to Equifax and we will send it to you. We can also accept escrow from an unbiased third party (a hidden market).

 How much? Equifax executives sold 3 million dollars in shares taking advantage of their insider information after the attack. We believe that 600 BTC is a fair amount. Bitcoin If we do not receive the payment, the information will be published here on September 15th 4:00 pm UTC.

Contact Us Page:

 Contact Us Only questions of the managers and employees of Equifax will be answered. We will help you with your security after paying. We may change the email so save our PGP key.

In the source code of the website, it is declared:

 The synthesized database will be published on September 15. Contact me: pasthole@national.shitposting.agency

The ransom request requires Payment of 600 BTC to:

Bitcoin Payment Address 17vkHnkXwYaSRiLipEWNWvNqPvC51ZBswy
Bitcoin Ransom Payment Address

 

The site may be hosted by onionsnjajzkhm5g.onion /  dhosting4okcs22v.onion – a free tor website hosting service. According to their records, the site was added to their list on the morning of September 8th. The smtp servers (email servers) of the badtouch site point to dhosting4okcs22v.onion, but they may be using dhosting only as an email service.

INFO: Found SMTP Banner: 220 dhosting4okcs22v.onion ESMTP Postfix (Debian/GNU)
(f1f8f082294b8cabe944250a081f5e528cd8f251)

onionsnjajzkhm5g.onion Listing
onionsnjajzkhm5g.onion Listing

 

The website seems to be using a template sourced from http://www.omnisourceit.com/nh_web_design_samples/guardian/guardian/

I’ve reached out to OmniSourceIT to see if they can provide further information on who may have downloaded the template.

Project Fi Calling Rates (Incoming / Outgoing / Roaming)

Check the Rates for Incoming Calls, Outgoing Calls and Roaming Rates (rates for when you’re in that country)  on Google Voice / Google Project Fi using the table below:

Country Country Code Check Rates
Afghanistan 93 Check Afghanistan Rates
Albania 355 Check Albania Rates
Algeria 213 Check Algeria Rates
American Samoa 1-684 Check American Samoa Rates
Andorra 376 Check Andorra Rates
Angola 244 Check Angola Rates
Anguilla 1-264 Check Anguilla Rates
Antarctica 672 Check Antarctica Rates
Antigua and Barbuda 1-268 Check Antigua and Barbuda Rates
Argentina 54 Check Argentina Rates
Armenia 374 Check Armenia Rates
Aruba 297 Check Aruba Rates
Australia 61 Check Australia Rates
Austria 43 Check Austria Rates
Azerbaijan 994 Check Azerbaijan Rates
Bahamas 1-242 Check Bahamas Rates
Bahrain 973 Check Bahrain Rates
Bangladesh 880 Check Bangladesh Rates
Barbados 1-246 Check Barbados Rates
Belarus 375 Check Belarus Rates
Belgium 32 Check Belgium Rates
Belize 501 Check Belize Rates
Benin 229 Check Benin Rates
Bermuda 1-441 Check Bermuda Rates
Bhutan 975 Check Bhutan Rates
Bolivia 591 Check Bolivia Rates
Bosnia and Herzegovina 387 Check Bosnia and Herzegovina Rates
Botswana 267 Check Botswana Rates
Brazil 55 Check Brazil Rates
British Indian Ocean Territory 246 Check British Indian Ocean Territory Rates
British Virgin Islands 1-284 Check British Virgin Islands Rates
Brunei 673 Check Brunei Rates
Bulgaria 359 Check Bulgaria Rates
Burkina Faso 226 Check Burkina Faso Rates
Burundi 257 Check Burundi Rates
Cambodia 855 Check Cambodia Rates
Cameroon 237 Check Cameroon Rates
Canada 1 Check Canada Rates
Cape Verde 238 Check Cape Verde Rates
Cayman Islands 1-345 Check Cayman Islands Rates
Central African Republic 236 Check Central African Republic Rates
Chad 235 Check Chad Rates
Chile 56 Check Chile Rates
China 86 Check China Rates
Christmas Island 61 Check Christmas Island Rates
Cocos Islands 61 Check Cocos Islands Rates
Colombia 57 Check Colombia Rates
Comoros 269 Check Comoros Rates
Cook Islands 682 Check Cook Islands Rates
Costa Rica 506 Check Costa Rica Rates
Croatia 385 Check Croatia Rates
Cuba 53 Check Cuba Rates
Curacao 599 Check Curacao Rates
Cyprus 357 Check Cyprus Rates
Czech Republic 420 Check Czech Republic Rates
Democratic Republic of the Congo 243 Check Democratic Republic of the Congo Rates
Denmark 45 Check Denmark Rates
Djibouti 253 Check Djibouti Rates
Dominica 1-767 Check Dominica Rates
Dominican Republic 1-809, 1-829, 1-849 Check Dominican Republic Rates
East Timor 670 Check East Timor Rates
Ecuador 593 Check Ecuador Rates
Egypt 20 Check Egypt Rates
El Salvador 503 Check El Salvador Rates
Equatorial Guinea 240 Check Equatorial Guinea Rates
Eritrea 291 Check Eritrea Rates
Estonia 372 Check Estonia Rates
Ethiopia 251 Check Ethiopia Rates
Falkland Islands 500 Check Falkland Islands Rates
Faroe Islands 298 Check Faroe Islands Rates
Fiji 679 Check Fiji Rates
Finland 358 Check Finland Rates
France 33 Check France Rates
French Polynesia 689 Check French Polynesia Rates
Gabon 241 Check Gabon Rates
Gambia 220 Check Gambia Rates
Georgia 995 Check Georgia Rates
Germany 49 Check Germany Rates
Ghana 233 Check Ghana Rates
Gibraltar 350 Check Gibraltar Rates
Greece 30 Check Greece Rates
Greenland 299 Check Greenland Rates
Grenada 1-473 Check Grenada Rates
Guam 1-671 Check Guam Rates
Guatemala 502 Check Guatemala Rates
Guernsey 44-1481 Check Guernsey Rates
Guinea 224 Check Guinea Rates
Guinea-Bissau 245 Check Guinea-Bissau Rates
Guyana 592 Check Guyana Rates
Haiti 509 Check Haiti Rates
Honduras 504 Check Honduras Rates
Hong Kong 852 Check Hong Kong Rates
Hungary 36 Check Hungary Rates
Iceland 354 Check Iceland Rates
India 91 Check India Rates
Indonesia 62 Check Indonesia Rates
Iran 98 Check Iran Rates
Iraq 964 Check Iraq Rates
Ireland 353 Check Ireland Rates
Isle of Man 44-1624 Check Isle of Man Rates
Israel 972 Check Israel Rates
Italy 39 Check Italy Rates
Ivory Coast 225 Check Ivory Coast Rates
Jamaica 1-876 Check Jamaica Rates
Japan 81 Check Japan Rates
Jersey 44-1534 Check Jersey Rates
Jordan 962 Check Jordan Rates
Kazakhstan 7 Check Kazakhstan Rates
Kenya 254 Check Kenya Rates
Kiribati 686 Check Kiribati Rates
Kosovo 383 Check Kosovo Rates
Kuwait 965 Check Kuwait Rates
Kyrgyzstan 996 Check Kyrgyzstan Rates
Laos 856 Check Laos Rates
Latvia 371 Check Latvia Rates
Lebanon 961 Check Lebanon Rates
Lesotho 266 Check Lesotho Rates
Liberia 231 Check Liberia Rates
Libya 218 Check Libya Rates
Liechtenstein 423 Check Liechtenstein Rates
Lithuania 370 Check Lithuania Rates
Luxembourg 352 Check Luxembourg Rates
Macau 853 Check Macau Rates
Macedonia 389 Check Macedonia Rates
Madagascar 261 Check Madagascar Rates
Malawi 265 Check Malawi Rates
Malaysia 60 Check Malaysia Rates
Maldives 960 Check Maldives Rates
Mali 223 Check Mali Rates
Malta 356 Check Malta Rates
Marshall Islands 692 Check Marshall Islands Rates
Mauritania 222 Check Mauritania Rates
Mauritius 230 Check Mauritius Rates
Mayotte 262 Check Mayotte Rates
Mexico 52 Check Mexico Rates
Micronesia 691 Check Micronesia Rates
Moldova 373 Check Moldova Rates
Monaco 377 Check Monaco Rates
Mongolia 976 Check Mongolia Rates
Montenegro 382 Check Montenegro Rates
Montserrat 1-664 Check Montserrat Rates
Morocco 212 Check Morocco Rates
Mozambique 258 Check Mozambique Rates
Myanmar 95 Check Myanmar Rates
Namibia 264 Check Namibia Rates
Nauru 674 Check Nauru Rates
Nepal 977 Check Nepal Rates
Netherlands 31 Check Netherlands Rates
Netherlands Antilles 599 Check Netherlands Antilles Rates
New Caledonia 687 Check New Caledonia Rates
New Zealand 64 Check New Zealand Rates
Nicaragua 505 Check Nicaragua Rates
Niger 227 Check Niger Rates
Nigeria 234 Check Nigeria Rates
Niue 683 Check Niue Rates
North Korea 850 Check North Korea Rates
Northern Mariana Islands 1-670 Check Northern Mariana Islands Rates
Norway 47 Check Norway Rates
Oman 968 Check Oman Rates
Pakistan 92 Check Pakistan Rates
Palau 680 Check Palau Rates
Palestine 970 Check Palestine Rates
Panama 507 Check Panama Rates
Papua New Guinea 675 Check Papua New Guinea Rates
Paraguay 595 Check Paraguay Rates
Peru 51 Check Peru Rates
Philippines 63 Check Philippines Rates
Pitcairn 64 Check Pitcairn Rates
Poland 48 Check Poland Rates
Portugal 351 Check Portugal Rates
Puerto Rico 1-787, 1-939 Check Puerto Rico Rates
Qatar 974 Check Qatar Rates
Republic of the Congo 242 Check Republic of the Congo Rates
Reunion 262 Check Reunion Rates
Romania 40 Check Romania Rates
Russia 7 Check Russia Rates
Rwanda 250 Check Rwanda Rates
Saint Barthelemy 590 Check Saint Barthelemy Rates
Saint Helena 290 Check Saint Helena Rates
Saint Kitts and Nevis 1-869 Check Saint Kitts and Nevis Rates
Saint Lucia 1-758 Check Saint Lucia Rates
Saint Martin 590 Check Saint Martin Rates
Saint Pierre and Miquelon 508 Check Saint Pierre and Miquelon Rates
Saint Vincent and the Grenadines 1-784 Check Saint Vincent and the Grenadines Rates
Samoa 685 Check Samoa Rates
San Marino 378 Check San Marino Rates
Sao Tome and Principe 239 Check Sao Tome and Principe Rates
Saudi Arabia 966 Check Saudi Arabia Rates
Senegal 221 Check Senegal Rates
Serbia 381 Check Serbia Rates
Seychelles 248 Check Seychelles Rates
Sierra Leone 232 Check Sierra Leone Rates
Singapore 65 Check Singapore Rates
Sint Maarten 1-721 Check Sint Maarten Rates
Slovakia 421 Check Slovakia Rates
Slovenia 386 Check Slovenia Rates
Solomon Islands 677 Check Solomon Islands Rates
Somalia 252 Check Somalia Rates
South Africa 27 Check South Africa Rates
South Korea 82 Check South Korea Rates
South Sudan 211 Check South Sudan Rates
Spain 34 Check Spain Rates
Sri Lanka 94 Check Sri Lanka Rates
Sudan 249 Check Sudan Rates
Suriname 597 Check Suriname Rates
Svalbard and Jan Mayen 47 Check Svalbard and Jan Mayen Rates
Swaziland 268 Check Swaziland Rates
Sweden 46 Check Sweden Rates
Switzerland 41 Check Switzerland Rates
Syria 963 Check Syria Rates
Taiwan 886 Check Taiwan Rates
Tajikistan 992 Check Tajikistan Rates
Tanzania 255 Check Tanzania Rates
Thailand 66 Check Thailand Rates
Togo 228 Check Togo Rates
Tokelau 690 Check Tokelau Rates
Tonga 676 Check Tonga Rates
Trinidad and Tobago 1-868 Check Trinidad and Tobago Rates
Tunisia 216 Check Tunisia Rates
Turkey 90 Check Turkey Rates
Turkmenistan 993 Check Turkmenistan Rates
Turks and Caicos Islands 1-649 Check Turks and Caicos Islands Rates
Tuvalu 688 Check Tuvalu Rates
U.S. Virgin Islands 1-340 Check U.S. Virgin Islands Rates
Uganda 256 Check Uganda Rates
Ukraine 380 Check Ukraine Rates
United Arab Emirates 971 Check United Arab Emirates Rates
United Kingdom 44 Check United Kingdom Rates
United States 1 Check United States Rates
Uruguay 598 Check Uruguay Rates
Uzbekistan 998 Check Uzbekistan Rates
Vanuatu 678 Check Vanuatu Rates
Vatican 379 Check Vatican Rates
Venezuela 58 Check Venezuela Rates
Vietnam 84 Check Vietnam Rates
Wallis and Futuna 681 Check Wallis and Futuna Rates
Western Sahara 212 Check Western Sahara Rates
Yemen 967 Check Yemen Rates
Zambia 260 Check Zambia Rates
Zimbabwe 263 Check Zimbabwe