MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to Kibbles
Re: Nice Scam attempt!
said by Kibbles  :Is wvps212-241-210-148.vps the actual account/website the scammer has hosted by webfusion...if so can they be reported for fraud..then again they more than likely are using a stolen credit card? Yes it is either as removed and nwrickert suggested, or as you stated purchased hosting using a previous phish victim's card and personal data.
If the later then the phisher opted for the 2.0 plus plan or the pro plan here: »www.webfusion.co.uk/virtual-private-servers/ I can tell it is either of those two Virtual Private Hosting (VPS) Plans running on IP 212.241.210.148. A quick audit reveals that the machine is named VPS 342830, and is one of the above two plans, because it is running Win2k3 server:
Also has FTP running and Remote Terminal Services. Not sure of the significance of the sendmail_from moonbear@chinagirlson.net
as that domain was never set up on that IP or hosting service. However it was infiltrated by Turkish hackers: »www.google.com/search?hl=en&q=@c···lson.net
said by Dude111 :Is anyone filling out thier info?..... ergo, the suggestion to submit to »/phishtrack, as the focus will be on taking it down, plus it will be picked up by block lists.
said by Dude111 :......I have tried searching for the files (log files of entered data) but i cant find it,it must be emailing the data off server....... Yes, it is emailing the data. loginfinish.do.php dated 02/29 contains the email address where the data is being sent.
The rest of the phish files are here:
Heads up sent to Webfusion.co.uk via the account support panel:
MGD |
