http://www.dslreports.com/forum/r15294105 en Fri, 27 Nov 2009 17:15:15 EDT Fri, 27 Nov 2009 17:15:15 EDT http://www.dslreports.com/forum/remark,15298267 MGD : I re searched using different variations on the above "new" names and have now found old reports of fraudulent charges under 3 of them, the others still appear fresh.

CYBERMAMBO.com : I found a fraud report from back on 01/04/05 »64.233.187.104/search?q=cache:6L···BO&hl=en

AZBUSPROD.com : Multiple fraudulent charges show up as AZ BUSINESS PRODUCTS »www.google.com/search?hl=en&lr=&···%22+9.95

JMBUSPROD.com : Also multiple fraudulent charges under JM BUSINESS PRODUCTS »www.google.com/search?hl=en&lr=&···cts+9.95

Again all the cloned websites are set up for two primary reasons.

1) To enable the criminal to apply and get approved for an online merchant card processing account, using the website and domain name as a reference. They can then batch upload the the charges against the stolen card accounts.

2) To enable victims who discover and question the nominal charge a method of contacting the scammers. They will then issue a credit which reduces the "charge back ratio", saves them money, and slows the flagging process. Victims can either contact them via email or the cheap rent a voip mailbox. If they initiate contact the victims will be told that someone must have stolen and used their card data to buy products from them online. This steers suspicion away from the scammers.

So the website is just a front, or cover. There is really nothing for sale, and it is not even capable of completing an online purchase.

All the websites even have a meta tag in the main header field requesting that search engines not follow any of the links or index any of the pages !!.

>META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">

Victims should never provide details to the scammers to enable them to issue a credit, that helps them. Always have your bank charge it back, and always cancel the card immediately.

MGD]]> http://www.dslreports.com/forum/remark,15298267 Sat, 21 Jan 2006 19:00:44 EDT http://www.dslreports.com/forum/remark,15294105 MGD : In the "where are they now" category, I did a recheck on one of the largest and longest running credit card scammers on the net. Now into their third year of operation with no end in sight. Operating dozens of domain names with identical webpage layouts, then refreshing with new names as the old ones expire. Hitting thousands of credit cards for 9.95 or similar amounts. Some of the earliest scam domain names were PANSALCORP.com and USOFTWEBSYS.com They even showed up in a post on the DSLR security forum back in July of 2004.

Their fraudulent charges were last reported in the Trouble Bubble thread. Many of the charges were reported in combination with the digital Age fraud charges. There are victim reports as recent as a month ago still under some of the old names. It appeared that after two years of hosting them, Everyones Internet, Inc. (EV1.NET) did finally pull the plug. Though they did leave one of the scammers DNS dewhosting.com alone, which is still there.

Now they have a new home on Sagonet complete with their own bloc of 10 IP's and have moved some of the "old" scamming sites there.: BURDETTINC.com, ABSOLUTE-SOFT.com, KCSOFTLLC.com, ARTMAGICINC.com, and AZBUSPROD.com (aka AZ BUSINESS PRODUCTS)

In addition, they now have new pages up for fresh domains, so I can guarantee you that victim reports of fraudulent charges will soon follow for these names, soon after Google picks them up: WEB-TEMPLATES-FOR-YOU.com , ALTAVISTAWEBDESIGN.com , JMBUSPROD.com , EBONEY-WEBDESIGN.com , and CYBERMAMBO.com

I scanned the IP's in the bloc and listed all the websites hosted. Some of the dns is not completed yet, and Artmagic.com is up and down:

scan range [66.118.179.120 - 66.118.179.129]

ABSOLUTE-SOFT.com = IP »66.118.179.120 (413) 812-5720

KCSOFTLLC.com = IP »66.118.179.121 (509)-461-1556

ARTMAGICINC.com = IP »66.118.179.122

AZBUSPROD.com = IP »66.118.179.123 (403) 770-0283

CYBERMAMBO.com = IP »66.118.179.124 (270) 637-5080

JMBUSPROD.com = IP »66.118.179.125 (403) 668-1201

EBONEY-WEBDESIGN.com = IP »66.118.179.126 (860) 656-7718

ALTAVISTAWEBDESIGN.com = IP »66.118.179.127 (757) 271-6046

WEB-TEMPLATES-FOR-YOU.com = IP »66.118.179.128 (203) 608-0313

BURDETTINC.com = IP »66.118.179.129 (801) 407-1342

All of the domains and even the IP registration are fake, and/or carded victims. Sagonet.com needs to kick these criminals off now !!.

CustName: George Morris -------> LOOK
Address: 200 Manhattan Ave
City: New York

StateProv: NY
PostalCode: 10025
Country: US
RegDate: 2005-10-14 -------> LOOK
Updated: 2005-10-14

NetRange: 66.118.179.120 - 66.118.179.129
CIDR: 66.118.179.120/29, 66.118.179.128/31
NetName: SAGO-66-118-179-120
NetHandle: NET-66-118-179-120-1
Parent: NET-66-118-128-0-1
NetType: Reassigned
Comment: NOCWorx SWIP Interface v1.5 - »interworx.info
RegDate: 2005-10-14
Updated: 2005-10-14

RAbuseHandle: ABUSE32-ARIN
RAbuseName: Abuse Team
RAbusePhone: +1-866-510-4000
RAbuseEmail: abuse[AT]sagonet.com

RTechHandle: ZS203-ARIN
RTechName: Sago Networks
RTechPhone: +1-866-510-4000
RTechEmail: ipadmin[AT]sagonet.com

OrgTechHandle: TECHN20-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-866-510-4000
OrgTechEmail: support[AT]sagonet.com

ZS203-ARIN:

Name: Sago Networks
Handle: ZS203-ARIN
Company:
Address: 4465 W. Gandy Blvd. Suite 800
City: Tampa
StateProv: FL
PostalCode: 33611
Country: US
Comment:
RegDate: 2002-03-01
Updated: 2002-03-01
Phone: +1-866-510-4000 (Office)
Email: ipadmin[AT]sagonet.com

All the scammers new domains get DNS from:

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Domain name: NAME-SERVICES.COM

Administrative Contact:
eNom, Inc.
DNS Manager (paul.stahura@enom.com)
+1.4258838860
Fax: +1.4258833553
P.O. Box 7449
2002 156th Avenue NE, Ste. 300
Bellevue, WA 98007
US

These scumbags have used card processors and addresses in the USA, Canada, and Europe. They have hit cards that were never used, cards that were just issued, and hit cards repeatedly if they were not cancelled.

MGD

INSOFTTECH EADENSSOFT JM BUSINESS PRODUCTS

EDIT = added archived web page links for PANSALCORP.com and USOFTWEBSYS.com

CYBERMAMBO

EBONEY-WEBDESIGN

ALTAVISTAWEBDESIGN

U

]]> http://www.dslreports.com/forum/remark,15294105 Sat, 21 Jan 2006 01:11:29 EDT