9D PK is hazardous.

Page 1 of 2 1 2
08/03/2016 20:39 Tetlaliloc#1
Hey, remember that I asked about if 9D PK server was infected?

Well, I decided to tell my antivirus it was ok to run the game, so I went to play for a week, then I have been receiving e-mails of another service I have, that there have been several failed login attempts into my account from that service. I registered into 9DPK with my usual e-mail (my mistake) and it's the only "new" thing and "suspicious" thing I have put part of my information in.

The IPs I have been attacked from are 76.12.161.171 and 93.123.84.237, they are from Delaware, US and Sofia, Bulgaria, respectively. Pretty far away from each other, but it's still suspicious.

Be careful.

My email has also received failed login attempts from Vietnam, Japan, Colombia and Irak. And these date back to the day I registered in 9ds.onl
08/04/2016 18:22 ngthtg735252#2
This suck a negative thread.
The Ninedragons.exe file has same MD5 and SHA with another private server. Same as file on old PA server.
08/04/2016 19:15 Adek#3
Quote:
Originally Posted by ngthtg735252 View Post
This suck a negative thread.
The Ninedragons.exe file has same MD5 and SHA with another private server. Same as file on old PA server.
What about installer? Launchers? Also, that's quite funny they had the same as PA's - I'm not sure, cuz I didn't check that, but icon on PA was changed on exe's resources - wouldn't that change hashes?
08/04/2016 19:17 Tetlaliloc#4
It might have not been the server files themselves. When I registered into 9ds.onl I used a certain e-mail. These people are trying to get into my other services that I have linked to my e-mail and they are trying to guess my password.

What I am saying is that maybe the files are not infected, but the purpose behind the whole server is to make either phishing or social engineering to get into your private information.

Idk if this will get me on the wrong side of all the community here, but I'd bet you are related to this server. (I don't mean you, Adek)
08/04/2016 19:55 eddwood#5
This doesn't sound like something wrk would do.

Is he still the owner?
08/04/2016 20:00 Adek#6
He used to be one, but I didn't see him anywhere, actually.
08/05/2016 19:10 Tetlaliloc#7
Anyone else thinks Kazuuu(add thousands of "u") is suspiciously defending 9DPK too much?
08/05/2016 20:26 Adek#8
Quote:
Originally Posted by Kazuuuuuuuuuuuuuuuuuuuuuu View Post
You know what else is hazardous? Your stupid ass.
So why didn't you die yet, since you licked it so much earlier?
08/05/2016 23:46 xtJamie#9
tis alright boys. i'm on the case. i'm downloading that exe op posted and i'll rip it a new orifice and post the results in next half hour.

no traffic generated such as udp/tcp/dns resolution.
no changes to keys in registry key/hive and no changes in any reg shot comparison.
no processes or ports or any kind of changes to any service
sample executable op provided only has three modules and no referenced text of any description towards 9dragons - 3 modules and one with some random dlls.

sha256 checksum matches virustotal upload previously with 8 detections.
[Only registered and activated users can see links. Click Here To Register...]

packed using yoda's cryptor (why yoda - incredibly easy to unpack)?


advice? fuck it off unless it comes from the actual people behind 9dpk but even then be cautious.
08/06/2016 09:33 zl0rd#10
Quote:
Originally Posted by xtJamie View Post
tis alright boys. i'm on the case. i'm downloading that exe op posted and i'll rip it a new orifice and post the results in next half hour.

no traffic generated such as udp/tcp/dns resolution.
no changes to keys in registry key/hive and no changes in any reg shot comparison.
no processes or ports or any kind of changes to any service
sample executable op provided only has three modules and no referenced text of any description towards 9dragons - 3 modules and one with some random dlls.

sha256 checksum matches virustotal upload previously with 8 detections.
[Only registered and activated users can see links. Click Here To Register...]

packed using yoda's cryptor (why yoda - incredibly easy to unpack)?


advice? fuck it off unless it comes from the actual people behind 9dpk but even then be cautious.

So you are saying that 9d pk is infected ?
08/06/2016 11:09 xtJamie#11
Quote:
Originally Posted by zl0rd View Post
So you are saying that 9d pk is infected ?
i'm offering advice to be cautious with any executable you run on your machine. if you want to run it, use caution.
08/07/2016 11:35 mrquickshipuk#12
Paranoia again.
08/09/2016 07:05 9D_player#13
Quote:
Originally Posted by Tetlaliloc View Post
Hey, remember that I asked about if 9D PK server was infected?

Well, I decided to tell my antivirus it was ok to run the game, so I went to play for a week, then I have been receiving e-mails of another service I have, that there have been several failed login attempts into my account from that service. I registered into 9DPK with my usual e-mail (my mistake) and it's the only "new" thing and "suspicious" thing I have put part of my information in.

The IPs I have been attacked from are 76.12.161.171 and 93.123.84.237, they are from Delaware, US and Sofia, Bulgaria, respectively. Pretty far away from each other, but it's still suspicious.

Be careful.

My email has also received failed login attempts from Vietnam, Japan, Colombia and Irak. And these date back to the day I registered in 9ds.onl
Seems like Play9D is still around. Браво :)
Man, never use your primary mail to register such things. You can make dozens of dummy accounts, which aren't linked to any social/personal service. I think the information is probably collected when registering account and not by the game exe itself. Any file related to the game on the local PC could/should be easily caught if trying to play bad.
08/09/2016 07:58 Tetlaliloc#14
Quote:
Originally Posted by 9D_player View Post
Seems like Play9D is still around. Браво :)
Man, never use your primary mail to register such things. You can make dozens of dummy accounts, which aren't linked to any social/personal service. I think the information is probably collected when registering account and not by the game exe itself. Any file related to the game on the local PC could/should be easily caught if trying to play bad.
That's what I tried to say and elaborate on, in that post and in following replies. Thanks, anyway.
08/21/2016 19:06 eyalmp#15
Quote:
Originally Posted by eddwood View Post
This doesn't sound like something wrk would do.

Is he still the owner?
Quote:
Originally Posted by adek1994 View Post
He used to be one, but I didn't see him anywhere, actually.
Quote:
Originally Posted by Tetlaliloc View Post
Anyone else thinks Kazuuu(add thousands of "u") is suspiciously defending 9DPK too much?
as i said WRZ not owner the owner is Kalzion paul he will replay here soon ^^
katzuki is him and kazu is tutski gm
take you time to understand my thread about it before ahh ic my bad english
all pvp_noobless are team of staff
such as pooh hook kalz ibomber and so on same like old ely all league runs it
btw i gift all beads santa etc so no need pm me 6eXy >.<
Page 1 of 2 1 2