alert Epik Had A Major Breach

[DaveX]

Just read this. Looks like Epik may have been hacked and sensitive data compromised...

Read here:
https://domainnamewire.com/2021/09/14/hackers-claim-significant-epik-breach/

Thought I would share this.

 

[tonyk2000]

kiwifarms.net - on a spot view and as per the screenshot - is regged with epik, is using epik dns, has a website located in UA. Did not visit it though. Anything special? what I'm missing?

 

[bmugford]

kiwifarms.net - on a spot view and as per the screenshot - is regged with epik, is using epik dns, has a website located in UA. Did not visit it though. Anything special? what I'm missing?

I don't really know much about this site, but I did see the post by Cloudflare regarding it, which was later reported on domain blogs and even major news outlets.

Just to clarify, targeted violent threats do not fall under "free speech". The website has also reportedly been tied to doxxing, stalking, swatting and all kinds of other incidents.

Internet infrastructure provider Cloudflare has “blocked” a site it provides domain services to after identifying “an imminent and emergency threat to human life”.​

https://domainincite.com/28211-cloudflare-blocks-anti-trans-site-for-emergency-threat-to-human-life

https://blog.cloudflare.com/kiwifarms-blocked/

This is an extraordinary decision for us to make and, given Cloudflare’s role as an Internet infrastructure provider, a dangerous one that we are not comfortable with. However, the rhetoric on the Kiwifarms site and specific, targeted threats have escalated over the last 48 hours to the point that we believe there is an unprecedented emergency and immediate threat to human life unlike we have previously seen from Kiwifarms or any other customer before.

 

[carob]

Archive.org has deleted that .net web address
https://www.thegamer.com/kiwi-farms-has-been-removed-from-the-internet-archive-erasing-old-threads/

But looks like a lot of it is still available as cached Google search results, for now.

 

[Lox]

I am getting an abnormal amount of spam lately and am guessing its due to the Epik breach and leak of personal info.
Anyone else getting more spam than usual who had their information leaked?

Download & Block Spam IPs (over 2500)

Post #1,384

 

[scithe]

Even if they collect $10 for a .com registration, around $8 of that goes to Verisign, as that is the wholesale price.

So their profit should be lower but the author might not know the difference between revenue and profit. If Epik takes in $10 for a renewal and sends away $8 then that's $10 in revenue, $8 in Costs of Goods Sold and leaves $2 as either profit or waiting for more expenditures.

 

[bmugford]

So their profit should be lower but the author might not know the difference between revenue and profit. If Epik takes in $10 for a renewal and sends away $8 then that's $10 in revenue, $8 in Costs of Goods Sold and leaves $2 as either profit or waiting for more expenditures.

Possibly, but in fairness revenue itself is pretty worthless.

If I buy a domain for $5m and sell it for $1m, that $1m in revenue is not very impressive.

I doubt they have access to financial records so any number is just an estimate anyway.

My point is just that domain registrations are often loss leaders or close, just to get customers.

Brad

 

[bhartzer]

The Kiwi Farms issue is a separate one than the Epik Breach that occurred, so it shouldn't it be separated out into another thread?

 

[FernandoBMS]

The Kiwi Farms issue is a separate one than the Epik Breach that occurred, so it shouldn't it be separated out into another thread?

Not my call but "Epik Had A Major Breach" because among its customers were far-right and neo-Nazi hate sites so when Epik decides to side with the internet's most famous hate forum where transphobic Nazis persecute random people I think we're on topic here.

 

[bmugford]

The Kiwi Farms issue is a separate one than the Epik Breach that occurred, so it shouldn't it be separated out into another thread?

I consider it relevant as much of the discussion in this thread was related to Epik's embrace and/or courtship of these type of websites, often under the defense of "free speech".

They have a new CEO, and this just happened.

Brad

 

[Name Trader]

Download & Block Spam IPs (over 2500)

Post #1,384

How do we use this list to block these IP addresses. (my first attempt to try this)?

 

[carob]

https://gizmodo.com/kiwi-farm-cloudfare-vanwatech-8kun-1849505214

The site transferred to a China-based hosting service but it’s now found a new domain on EPIK. Even though Kiwi Farms should be back online, the site is repeatedly going down. Using the site Isitdownrightnow shows that the domain is down and has been for nearly two hours, as of the time of reporting. Some users suggested the entire hosting network is being hit by a DDoS attack, which kinda does point to the difficulties that anybody hosting such a controversial network might find themselves under.

VanwaTech’s CEO Nick Lim told OPB that they were indeed doing hosting duties but reportedly declined to talk more about what kind of deal he struck between his hosting company and the internet cesspit that is Kiwi Farms. Joshua Moon, a former admin on 8chan, complained in a long Telegram screed “Journalists canonize the crimes as the behavior of the forum itself, which becomes the effective truth for the general public.”

Of course, shacking up with a hosting service renowned for supporting neo-Nazis and other recognized online hate group-laden forums does seem to put one in line with the rest of the worst parts of the internet. Lim himself has been cited in reports from the likes of Bloomberg for essentially being the back end tech support for white nationalists and the QAnon conspiracy.

 

[frank-germany]

The Kiwi Farms issue is a separate one than the Epik Breach that occurred, so it shouldn't it be separated out into another thread?

just pray a little
the lord will help
that's for sure

 

[Lox]

How do we use this list to block these IP addresses. (my first attempt to try this)?

You'll need to blacklist IPs from connecting to the SMTP server.

For cPanel users, go to Email Filters:
1. Click on Create a New Filter & Name the filter (whatever, e.g. BLOCKIP)
2. Under the RULES change the FROM to ANY HEADER & change the EQUALS to CONTAINS.
3. In the field below type in IP or range
For WHM users, go to Service Configuration > EXIM Manager
For Gmail, you will need a third-party service such as BlockSender .io
For Windows server, check the SMTP service properties (blocked IP management)
etc

 

[Name Trader]

I found the instructions with a simple Google Search. It's on a test run at the moment. I haven't yet figured out the GMAIL part yet. Thank you @Lox

 

[MasterOfMyDomains]

@Derek Peterson maybe the hack cost epik more than we thought since they are defaulting payments to sellers for sales made
Someone posted in one of the 275 epik threads here @Kirtaner got raided by feds and it had to do with epik. I dont remember what thread. Can someone find that twitter screenshot i think it was?

 

[MasterOfMyDomains]

Found this tab on my phone from days gone by.
https://archive.ph/traih

 

[Derek Peterson]

@Derek Peterson maybe the hack cost epik more than we thought since they are defaulting payments to sellers for sales made
Someone posted in one of the 275 epik threads here @Kirtaner got raided by feds and it had to do with epik. I dont remember what thread. Can someone find that twitter screenshot i think it was?

Interesting. I'm going to go and look into the Kirtaner info. We are continuing to update our article that kind of documents the whole sequence of events so as more info is revealed we will continue to update.

Yeah, maybe his "investors" pulled out of the deal after hackers and all of us revealed that epik was all smoke and mirrors and Rob is not an honest person. I just did a search for his name on twitter and tons of people complaining about epik service and payouts. I bet that new CEO is like, what did I do...lol.

https://providencepost.com/a-monster-of-epik-proportions/

 

[Derek Peterson]

The article doesn't seem very credible. It says Epik hosts 700k domains but only has $1m/year revenue? I'd think the average cost is $10 so that'd be $7m at least not counting all of the other services available and commissions from auction sales.

Domains have super low margins and in Epik's case they were mostly a lost leader to resell other, affiliate programs. Everything at epik was a white label.

 

[Derek Peterson]

So their profit should be lower but the author might not know the difference between revenue and profit. If Epik takes in $10 for a renewal and sends away $8 then that's $10 in revenue, $8 in Costs of Goods Sold and leaves $2 as either profit or waiting for more expenditures.

I don't believe that is the way it works. The registries don't let you collect all and then send them their cut, its the other way around. In any case you seem to be missing the point, which is, Epik is not worth $64,000,000. It's probably not even worth $500K.

 

[Derek Peterson]

Interesting. I'm going to go and look into the Kirtaner info. We are continuing to update our article that kind of documents the whole sequence of events so as more info is revealed we will continue to update.

Yeah, maybe his "investors" pulled out of the deal after hackers and all of us revealed that epik was all smoke and mirrors and Rob is not an honest person. I just did a search for his name on twitter and tons of people complaining about epik service and payouts. I bet that new CEO is like, what did I do...lol.

https://providencepost.com/a-monster-of-epik-proportions/

@MasterOfMyDomains Looks like Kirtaner was indeed raided for computer hacking but not sure for what specifically. Time frame is from jan 2021 til present.

Also, seems like congress want to talk to him and se how else was involved in hacks. Would not surprise me at all if monster is mixed up in this stuff. https://www.dailydot.com/debug/house-republicans-doj-letter-anonymous-hacks-givesend-go/