Discussion This LAN-play server is stealing your personal information

Discussion in 'Switch - Emulation, Homebrew & Software Projects' started by 5viki, Dec 20, 2018.

Thread Status:
Not open for further replies.
  1. 5viki
    OP

    5viki Member

    Newcomer
    2
    Nov 15, 2018
    Croatia
    LAN-play server CYBERGATE CLUB (relay.it-cybergate.club:11451) is stealing your personal information with a method called "phishing"

    [​IMG]
    [​IMG]

    Phishing (Wikipedia)
    When I update the Master server list from Lan-Play GUI, Bitdefender blocks a phishing attempt from the address of the server, as you can see on the screenshot here
    I'd advise you not to use this server if you don't want your info to be stolen

    image link (if image doesn't work) https://imgur.com/a/txEr5UQ
     
    Last edited by 5viki, Dec 20, 2018
  2. iriez

    iriez GBAtemp Fan

    Member
    8
    Oct 27, 2016
    United States
    What info is it going to steal? Your switches Mac address?

    It's not like this server requires you to install software. It can't get anything other than what you feed it, which is just switch lan play data
     
    focusonme and Subtle Demise like this.
  3. FMCore

    FMCore Advanced Member

    Newcomer
    4
    Jul 10, 2018
    Canada
    Yeah, you're gonna need to provide more information than just a screenshot of your anti-virus complaining about a phishing attempt. Which is most likely just a false positive.

    Listen to the packets going out through wireshark, if you see anything suspicious going on, then take a screenshot and post it.

    — Posts automatically merged - Please don't double post! —

    So, I did some basic digging,

    it looks like the domain hxxp://it-cybergate.club (hxxp to ensure no one accidentally clicks it) is listed on some malware block lists, I'm looking into why this is the case but it may take some time.

    Some info from the whois

    Code:
    Domain Name: it-cybergate.club
    Registry Domain ID: DB32EE432BA1C4BC69CA61DE269FD3789-NSR
    Registrar WHOIS Server: whois.namecheap.com
    Registrar URL: http://www.namecheap.com
    Updated Date: 2018-10-10T11:07:16Z
    Creation Date: 2018-10-05T11:07:16Z
    Registry Expiry Date: 2019-10-05T11:07:16Z
    Registrar: NameCheap, Inc.
    Registrar IANA ID: 1068
    Registrar Abuse Contact Email: abuse@namecheap.com
    Registrar Abuse Contact Phone: +1.6613102107
    Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
    Registry Registrant ID:
    Registrant Name:
    Registrant Organization:
    Registrant Street:
    Registrant Street:
    Registrant Street:
    Registrant City:
    Registrant State/Province: Panama
    Registrant Postal Code:
    Registrant Country: PA
    Registrant Phone:
    Registrant Phone Ext:
    Registrant Fax:
    Registrant Fax Ext:
    Registrant Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
    Registry Admin ID:
    Admin Name:
    Admin Organization:
    Admin Street:
    Admin Street:
    Admin Street:
    Admin City:
    Admin State/Province:
    Admin Postal Code:
    Admin Country:
    Admin Phone:
    Admin Phone Ext:
    Admin Fax:
    Admin Fax Ext:
    Admin Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
    Registry Tech ID:
    Tech Name:
    Tech Organization:
    Tech Street:
    Tech Street:
    Tech Street:
    Tech City:
    Tech State/Province:
    Tech Postal Code:
    Tech Country:
    Tech Phone:
    Tech Phone Ext:
    Tech Fax:
    Tech Fax Ext:
    Tech Email: Please query the RDDS service of the Registrar of Record identified in this output for information on how to contact the Registrant, Admin, or Tech contact of the queried domain name.
    Name Server: dns2.registrar-servers.com
    Name Server: dns1.registrar-servers.com
    DNSSEC: unsigned
    URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
    >>> Last update of WHOIS database: 2018-12-20T16:10:48Z 
    Looks like the content on the website is just a landing page that you see when you first register a domain with NameCheap.
     
    Last edited by FMCore, Dec 20, 2018
    PyroGoat and CallmeBerto like this.
  4. Nycholas

    Nycholas Newbie

    Newcomer
    1
    Aug 9, 2018
    United States
    Just because your crappy AV shows something does NOT mean it's true. Every heard of a false positive?
     
  5. FMCore

    FMCore Advanced Member

    Newcomer
    4
    Jul 10, 2018
    Canada
    So to summarize,

    relay-it-cybergate points to a server in Germany
    it-cybergate (the main domain) points to an IP belonging to Namecheap (which might explain why it gets picked up by some antivirus blacklists)

    The domain was registered in October of 2018

    The IP hosting the relay server was at one point used to host an IRC network related to Nintendo Switch topics.

    Bitdefender might be checking the main domain's IP instead of checking the sub-domain's IP and that would explain why it's getting blocked.

    That or somehow the sub-domain's IP address ended up on Bitdefender's blacklist
     
    Last edited by FMCore, Dec 20, 2018
    machine69_420, coppertj and Andalitez like this.
  6. PiracyForTheMasses

    PiracyForTheMasses GBAtemp Regular

    Member
    3
    Sep 25, 2018
    United States
    You obviously do not know what phishing is.
     
  7. TheRocK

    TheRocK GBAtemp Fan

    Member
    4
    Apr 16, 2003
    Gambia, The
    :rofl2: "stealing personal info"
    :rofl2: "a method called Phishing"
    :rofl2: Wikipedia Link to Phishing
    :rofl2: Bitdefender Antivirus
     
  8. 2Siralv

    2Siralv GBAtemp Regular

    Member
    4
    May 12, 2018
    Canada
    Cybergate is a rat (remote admin tool) so running lanplay will exectue his server connecting ur pc as a zombie on his pc
     
  9. Bladexdsl

    Bladexdsl ZOMG my posts...it's over 9000!!!

    Member
    16
    Nov 17, 2008
    Australia
    Queensland
    should just pay to use the nintendo online no Fishing there :creep:
     
    Last edited by Bladexdsl, Dec 21, 2018
  10. antiNT

    antiNT a.k.a Johnny El Pollo Loco

    Member
    7
    Sep 14, 2015
    Qatar
    Doha - Qatar
    *phishing
     
  11. linuxares

    linuxares I'm not a generous god!

    Moderator
    17
    Aug 5, 2007
    Sweden
    Bitdefender is fine, and they use machine learning. So it picks up the redirection to a IRC, that a shitload of trojans do so they become bots. So it's actually fine in this instance. I will lock this topic to not cause confusion.

    EDIT: Also thanks @FMCore for the information :)
     
    Last edited by linuxares, Dec 21, 2018
    PyroGoat and FMCore like this.
Loading...
Thread Status:
Not open for further replies.