Re: Nice Scam attempt! - dslreports.com

Author	All Replies
Kibbles Premium join:1999-07-31 Mission Viejo, CA	reply to Dude111 Re: Nice Scam attempt! Is wvps212-241-210-148.vps the actual account/website the scammer has hosted by webfusion...if so can they be reported for fraud..then again they more than likely are using a stolen credit card?
Kibbles Premium join:1999-07-31 Mission Viejo, CA	to forum · permalink · · 2008-03-01 17:16:03 ·
nwrickert sand groper Premium,MVM join:2004-09-04 Geneva, IL ·AT&T Midwest	Yes, the actual website is at wvps212-241-211-79.vps.webfusion.co.uk. However, the owner of that computer may not even be aware of the problem. The computer has been trojanized, and the installed malware is running the phish page. -- AT&T dsl; Westell 327w modem/router; SuSE 10.1; firefox 2.0.0.12
	to forum · permalink · · 2008-03-01 18:54:01 ·
removed I'm the bobblehead Premium,VIP join:2002-02-08 Houston, TX clubs:	reply to Kibbles said by Kibbles : Is wvps212-241-210-148.vps the actual account/website the scammer has hosted by webfusion...if so can they be reported for fraud..then again they more than likely are using a stolen credit card? My personal experience is that 90% of these scams are simply being uploaded via insecure scripts. The server's administrator and the ISP have no idea that this is being done ... this is why it helps to submit phishing attempts to the phishtracker and services such as SpamCop.
	to forum · permalink · · 2008-03-01 19:33:10 ·
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL	reply to Kibbles said by Kibbles : Is wvps212-241-210-148.vps the actual account/website the scammer has hosted by webfusion...if so can they be reported for fraud..then again they more than likely are using a stolen credit card? Yes it is either as removed and nwrickert suggested, or as you stated purchased hosting using a previous phish victim's card and personal data. If the later then the phisher opted for the 2.0 plus plan or the pro plan here: »www.webfusion.co.uk/virtual-private-servers/ I can tell it is either of those two Virtual Private Hosting (VPS) Plans running on IP 212.241.210.148. A quick audit reveals that the machine is named VPS 342830, and is one of the above two plans, because it is running Win2k3 server: Also has FTP running and Remote Terminal Services. Not sure of the significance of the sendmail_from moonbear@chinagirlson.net as that domain was never set up on that IP or hosting service. However it was infiltrated by Turkish hackers: »www.google.com/search?hl=en&q=@c···lson.net said by Dude111 : Is anyone filling out thier info?..... ergo, the suggestion to submit to »/phishtrack, as the focus will be on taking it down, plus it will be picked up by block lists. said by Dude111 : ......I have tried searching for the files (log files of entered data) but i cant find it,it must be emailing the data off server....... Yes, it is emailing the data. loginfinish.do.php dated 02/29 contains the email address where the data is being sent. The rest of the phish files are here: Heads up sent to Webfusion.co.uk via the account support panel: MGD
MGD Premium,MVM join:2002-07-31 Fort Lauderdale, FL	to forum · permalink · · 2008-03-02 23:46:00 ·


Sunday, 12-Oct 17:22:03	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 9 years online! © 1999-2008 dslreports.com. page compression OFF