how-to block ads
|
|
Uniqs:
2835 |
Share Topic
 |
 |
|
|
|
MGDPremium,MVM
join:2002-07-31
kudos:9
4 edits | Credit card criminals Devbill have a new home !!!
CYBERMAMBO | 
EBONEY-WEBDESIGN | 
ALTAVISTAWEBDESIGN | 
U |
Their fraudulent charges were last reported in the Trouble Bubble thread. Many of the charges were reported in combination with the digital Age fraud charges. There are victim reports as recent as a month ago still under some of the old names. It appeared that after two years of hosting them, Everyones Internet, Inc. (EV1.NET) did finally pull the plug. Though they did leave one of the scammers DNS dewhosting.com alone, which is still there.
Now they have a new home on Sagonet complete with their own bloc of 10 IP's and have moved some of the "old" scamming sites there.: BURDETTINC.com, ABSOLUTE-SOFT.com, KCSOFTLLC.com, ARTMAGICINC.com, and AZBUSPROD.com (aka AZ BUSINESS PRODUCTS)
In addition, they now have new pages up for fresh domains, so I can guarantee you that victim reports of fraudulent charges will soon follow for these names, soon after Google picks them up: WEB-TEMPLATES-FOR-YOU.com , ALTAVISTAWEBDESIGN.com , JMBUSPROD.com , EBONEY-WEBDESIGN.com , and CYBERMAMBO.com
I scanned the IP's in the bloc and listed all the websites hosted. Some of the dns is not completed yet, and Artmagic.com is up and down:
scan range [66.118.179.120 - 66.118.179.129]
ABSOLUTE-SOFT.com = IP »66.118.179.120 (413) 812-5720
KCSOFTLLC.com = IP »66.118.179.121 (509)-461-1556
ARTMAGICINC.com = IP »66.118.179.122
AZBUSPROD.com = IP »66.118.179.123 (403) 770-0283
CYBERMAMBO.com = IP »66.118.179.124 (270) 637-5080
JMBUSPROD.com = IP »66.118.179.125 (403) 668-1201
EBONEY-WEBDESIGN.com = IP »66.118.179.126 (860) 656-7718
ALTAVISTAWEBDESIGN.com = IP »66.118.179.127 (757) 271-6046
WEB-TEMPLATES-FOR-YOU.com = IP »66.118.179.128 (203) 608-0313
BURDETTINC.com = IP »66.118.179.129 (801) 407-1342
All of the domains and even the IP registration are fake, and/or carded victims. Sagonet.com needs to kick these criminals off now !!.
CustName: George Morris -------> LOOK
Address: 200 Manhattan Ave
City: New York
StateProv: NY
PostalCode: 10025
Country: US
RegDate: 2005-10-14 -------> LOOK
Updated: 2005-10-14
NetRange: 66.118.179.120 - 66.118.179.129
CIDR: 66.118.179.120/29, 66.118.179.128/31
NetName: SAGO-66-118-179-120
NetHandle: NET-66-118-179-120-1
Parent: NET-66-118-128-0-1
NetType: Reassigned
Comment: NOCWorx SWIP Interface v1.5 - »interworx.info
RegDate: 2005-10-14
Updated: 2005-10-14
RAbuseHandle: ABUSE32-ARIN
RAbuseName: Abuse Team
RAbusePhone: +1-866-510-4000
RAbuseEmail: abuse[AT]sagonet.com
RTechHandle: ZS203-ARIN
RTechName: Sago Networks
RTechPhone: +1-866-510-4000
RTechEmail: ipadmin[AT]sagonet.com
OrgTechHandle: TECHN20-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-866-510-4000
OrgTechEmail: support[AT]sagonet.com
ZS203-ARIN:
Name: Sago Networks
Handle: ZS203-ARIN
Company:
Address: 4465 W. Gandy Blvd. Suite 800
City: Tampa
StateProv: FL
PostalCode: 33611
Country: US
Comment:
RegDate: 2002-03-01
Updated: 2002-03-01
Phone: +1-866-510-4000 (Office)
Email: ipadmin[AT]sagonet.com
All the scammers new domains get DNS from:
Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com
Domain name: NAME-SERVICES.COM
Administrative Contact:
eNom, Inc.
DNS Manager (paul.stahura@enom.com)
+1.4258838860
Fax: +1.4258833553
P.O. Box 7449
2002 156th Avenue NE, Ste. 300
Bellevue, WA 98007
US
These scumbags have used card processors and addresses in the USA, Canada, and Europe. They have hit cards that were never used, cards that were just issued, and hit cards repeatedly if they were not cancelled.
MGD
INSOFTTECH EADENSSOFT JM BUSINESS PRODUCTS
EDIT = added archived web page links for PANSALCORP.com and USOFTWEBSYS.com | |
MGDPremium,MVM
join:2002-07-31
kudos:9 | I re searched using different variations on the above "new" names and have now found old reports of fraudulent charges under 3 of them, the others still appear fresh.
CYBERMAMBO.com : I found a fraud report from back on 01/04/05 »64.233.187.104/search?q=cache:6L···BO&hl=en
AZBUSPROD.com : Multiple fraudulent charges show up as AZ BUSINESS PRODUCTS »www.google.com/search?hl=en&lr=&···%22+9.95
JMBUSPROD.com : Also multiple fraudulent charges under JM BUSINESS PRODUCTS »www.google.com/search?hl=en&lr=&···cts+9.95
Again all the cloned websites are set up for two primary reasons.
1) To enable the criminal to apply and get approved for an online merchant card processing account, using the website and domain name as a reference. They can then batch upload the the charges against the stolen card accounts.
2) To enable victims who discover and question the nominal charge a method of contacting the scammers. They will then issue a credit which reduces the "charge back ratio", saves them money, and slows the flagging process. Victims can either contact them via email or the cheap rent a voip mailbox. If they initiate contact the victims will be told that someone must have stolen and used their card data to buy products from them online. This steers suspicion away from the scammers.
So the website is just a front, or cover. There is really nothing for sale, and it is not even capable of completing an online purchase.
All the websites even have a meta tag in the main header field requesting that search engines not follow any of the links or index any of the pages !!.
>META NAME="ROBOTS" CONTENT="NOINDEX, NOFOLLOW">
Victims should never provide details to the scammers to enable them to issue a credit, that helps them. Always have your bank charge it back, and always cancel the card immediately.
MGD | |
|
