I'm a little new but this looks weird. I just received a new customer and this is the domain they want to use. I was checking on things and WTF is this website.
http://coolmerchant.biz

What would you all do?

Originally posted by buyourweb
I'm a little new but this looks weird. I just received a new customer and this is the domain they want to use. I was checking on things and WTF is this website.
http://coolmerchant.biz

What would you all do?

I wouldn't publically display your new client's info. :(

Nothing. The site seems harmless to me allthough i didn't look very hard. Who cares what they put on their site if they're paying you, unless it is breaking your tos/aup.

Originally posted by HotLinkHost
Nothing. The site seems harmless to me allthough i didn't look very hard. Who cares what they put on their site if they're paying you, unless it is breaking your tos/aup.

Did you actually look at the site? It's some sort of spam emailing script. I'd just refund their money and say you can't host them at this moment in time.

HTH

Why is this site still available?

Remove it!

Originally posted by djstonefish
Did you actually look at the site? It's some sort of spam emailing script. I'd just refund their money and say you can't host them at this moment in time.

HTH
Did you even read my post that you just quoted? I said I didn't look very hard.

He is trying to gather information fraudulently by the looks of things, I would gather all the info and suspend the account and turn the information over to ebay and citibank for investigation.

The site seems harmless to me

What do you think this script does...

I wouldn't publically display your new client's info.
I'm not very worried, we have an excellent web hosting company with great customer service. They already sent payment for one month and once they try us they will love us.
I'm more worried about doing something stupid and getting ripped off or something to that effect.

Call the cutomer to verify they purchased the account. Just call them and ask what's the worst that can happen.

I never created the account it is being hosted somewhere else. I'm still waiting on payment verification.

Originally posted by buyourweb
What do you think this script does...
Well as of right now it does nothing as the action field for the form is blank.

The script is harmless. You people don't even know exactly what this form does. Did you all even look at the source code?

Well according to whois he is using Yahoo. My advice is don't sign him up and point that domain in the direction of any of those 3 companies, Yahoo, Ebay and Citibank. Let them handle it, they can take action on it immediately.

How and what should I tell Yahoo, Ebay and Citibank

Hot Link Host I am sure you know enough about scripts to know it only takes a minute or two and that very script can start doing something. I just can't understand how you can look at it and not understand the intent here is enough whether he has used it or not we don't know but I sure wouldn't think twice about refusing him and turning it over to authorities.

Originally posted by HotLinkHost
Well as of right now it does nothing as the action field for the form is blank.

The script is harmless. You people don't even know exactly what this form does. Did you all even look at the source code?

It takes 10 seconds to cut and paste that code in to Dreamweaver to see that it's a script for sending out emails to try and get someone to pass on their card details.


buyourweb Do not host this you are aksing for trouble if you do.

Not going to host, How and what do I tell Yahoo, ebay and citibank

Turn him over to the authorities? ROFL. That is funny. If you plan to turn him over to anyone, then plan on getting laughed at. Even though that site has the potential to be a spamming site, as of right now it isn't one, so there is nothing wrong with the site and there is no "authority" to turn him into.

If you guys still don't see what that script is for, take a look at what the code in the box is:

http://www.dangrossman.info/coolmerchant.htm

This person pretty obviously plans to mail people as if they are eBay requesting their credit card information. I would watch this person VERY closely if you plan to let them open an account with you.

Thanks for everyones help, I appreciate it.

Originally posted by HotLinkHost
Turn him over to the authorities? ROFL. That is funny. If you plan to turn him over to anyone, then plan on getting laughed at. Even though that site has the potential to be a spamming site, as of right now it isn't one, so there is nothing wrong with the site and there is no "authority" to turn him into.

You got to be kidding me. You can't justify hosting that site just because it isn't doing anything bad at that moment. It's pretty damn obvious what he is going to do with it, whether or not he has done it yet.

I have sent a mail off to ebay with some details, what they do now is up to them.

As for HotLinkHost lets hope that it's not you or someone in your family that falls for this mail scam. people like this prey on those that are not so clued up on the net and I can see how easy it is for people to fall for these scams mails they are worse than spam. :angry:

But at least we know who his next host will be now.

Like the above posts, it looks to me that all this site is aimed for is scamming. They are faking to be billing@citi.com . Just look at the message part of the email thats already filled in, its a scam. On top of that they copied ebays payment submittal site and then cloaked the url to make it appear as the legitimate ebay payment page.

Report it to ebay by going here: http://pages.ebay.com/help/contact_inline/account_security.html

Select the 'Report fake eBay emails' option.

If you really want to go far you could also report it to citi by going here: http://www.citi.com/domain/contact/?BVE=http://web.da-us.citibank.com&BVP=/cgi-bin/citifi/scripts/&M=S&US&_u=visitor .

Look under the 'report a suspicious email' section.

Thanks Dan I was just looking those contact address up for him. I had an email but not the site links, lets hope they get this guy off the new for a few hours anyway.

It's obviously a phishing script.. It links off to an IP requesting credit card information as if your updating your ebay account..

:rolleyes:

wow, really this things exist !!

kill he please !!

thanks

He thinks he is Ebay or something! Report it asap!
Definetly illegal.

Woah. That is so illegal. You should terminate that account immediately or Citibank might think you are in on it!!!

Here's a what if - what if the customer is MOVING to you because his current website was hacked? or perhaps the whole server was hacked?

Communication is key, simply ask your customer what's up "hey I noticed your current site looks like a phishing scam and was curious what the story is here". If they answer at all it's probably ok, in my experience, scammers spammers and crooks never reply when you email them about much of anything especially a direct question of "hey what's going on?".

If all else fails, communcate, it might be a perfectly legitimate site hosting with a hacked webhost right now. Or it might be credit card phishers.

Not only Citibank nzbm but also if the ISP finds out they can blacklist the host as well. Lots of adverse effects, the cancellation should be asap to avoid frauds. Ebay would be very thankfull to the host ;)

Definately steer clear of this person.

Originally posted by HotLinkHost
Nothing. The site seems harmless to me allthough i didn't look very hard. Who cares what they put on their site if they're paying you, unless it is breaking your tos/aup.

If you have any customers I feel deeply sorry for them.

Originally posted by Webbase
If you have any customers I feel deeply sorry for them.
I have many happy customers and I feel deeply sorry for you.

You don't even sound concerned about what this person could do to your business if they are in fact going to execute a script like the one you showed; since you've shown that you know this person's likely intentions beforehand you could be liable for aiding this person in credit card fraud among other things by providing him resources to do it despite knowing what you know.

You could lose your business, or go to jail.

It's reason for more than a 'who cares' attitude.

Whoa,

This is very illegal and very clever,

The link he sends you to is http://212.28.148.207/~card/verify.php

if you click on that link it loads a page with ebay branding and he even masks the address bar with the following URL
with https://arribada.ebay.com/saw-cgi...etc
This is actually a floating frameless window which he has somehow managed to get over the actual address bar, you will notice there is no actual padlock in the browser yet the address is https?

If you look at the site in a different browser than IE you will clearly see the floating window.

here is the code he uses to mask the address bar

var vuln_html= '\x3Cdiv style="height: 100%; line-height: 17px; font-family: \'Tahoma\', sans-serif; font-size: 8pt;">https://arribada.ebay.com/saw-cgi/eBayISAPI.dll?PlaceCCInfo\x3C/div>'

I would not host this account until you have clarification from the user about what they intend on hosting.


No wonder people fall for these things

Well I use Opera - so it didn't work, I then looked in IE (yuck) and it still doesn't work as I have the Google toolbar!

Andrew

FYI, that is a scam artist attempting to retreive ebayers account information. You are at legal risk hosting this.

There are some pretty plain stupid responses posted in this thread. The decisioin not to host this site ios the only sensible choice. The site owner is pretty stupid himself for not even bothering to hide his web-form behind HTTP Authentication.

Spammers tend to not give a crap, they fake their idenities, they dont pay with their own money, they have nothing to lose, because know really knows who they are -- no matter HOW legit they seem.

I wouldnt want to host that site for more than a minute, alls it takes is a simple click of that submit button, and your servers IP is posted in every blacklist, that quick. These ebay spams are common, but trust me, they get picked up upon very rapidly, and you will soon hear from someone regarding it, probably Ebay themselves.

The web master of the site has contacted me almost instantly when I asked what he will be using the site for, Here is his reply.
PS. His credit card was approved.

Well i have seen the problem and dont know much about
it, several persons have acces to the webhosting,
thank you for informing me, i will look in to the
problem. The webhosting i order will be for a local
school site.

Thank you again for informing me about this. Hope to
hear from you soon!

Now what do you all think at WHT

Originally posted by buyourweb
The web master of the site has contacted me almost instantly when I asked what he will be using the site for, Here is his reply.
PS. His credit card was approved.



Now what do you all think at WHT

sounds fishy... coolmerchant.biz doesnt sound like a domain for a school website. hopefully you have in your AUP/TOS that illegal material/spam scripts are a violation for account suspension. You may not even know if the card is valid, if it's a stolen card, it may still clear, but you wont know until you get a chargeback.

seems to me the hassle isnt worth the customer just in case

I would try to follow it up with a phone call, and if eveything checks out then I would create the account but monitor it VERY closely to see what he actually uploads.

I still wouldn't accept the order. Period.

Originally posted by buyourweb
The web master of the site has contacted me almost instantly when I asked what he will be using the site for, Here is his reply.
PS. His credit card was approved.



Now what do you all think at WHT

You have already been give your answer - but please do keep us entertained. Some of the people posting in this thread really need to think about whether they are in the right job.

Best wishes.

To be honest I would rather loose one potential customer than risk effecting my service for all my current customers which is what you will be doing if you host this site.

A school web site? with that url? Man that DOES sound kinda fishy to me too. I'd probably give him a quick call and clarify my position that I just am concerned because you absolutely cannot have a phishing site on your servers and just wanted to be absolutely sure about the site before you set it up. Still I suppose if this is maybe a school project web site for something e-commerce related I could maybe buy into this "school site" explanation but I'd have to hear it over the phone :)

What he said..... ^

It is quite possible that it's a school web site, or some form of young enterprise type thing but you have to remember that, as the customer said: A lot of people have access to the account - so even if you believe your customer, they might pass on the details to somone else who goes and puts the phishing script up again.

I don't know about the US but the academic year's coming to an end here in the UK so no one's likely to be starting a web site up now are they?

We replied to his email asking what school and where it was located. Also let him know that all 3 companies where contacted with all his information and here is his reply.
Keeping up the entertainment factor for everyone.

Sriwittayapaknam is the name of the school and it is
situated in Thailand, i will not use anymore the
domain, i will register new domain, it is really
shocking about the script i was hosting on my site! i
have deleted it from the site..i hope its not a
problem... !


Good social engineering skills!

hmm... that school already has a website at http://www.sriwittayapaknam.ac.th/

Where was the customer located (according to the details they provided)? and where does the IP trace back to?

EDIT: There's a web camera here (http://www.thaistudents.com/webcamera.html). Your customer could be any of those kids sat at their desks...

Originally posted by joekushner
sounds fishy...
Actually, I beleive the term would be; "Phishy", as it looks to me that the site is all primed to be a phishing site.

The illegal request for ebay card information would give me that impression.

And yes, Phishing is highly illegal, and the authorities do act on it, so long as proper proof is rendered.

an FYI:
Just because the card passes, doesn't mean the order is genuine.

Proceed at your own risk. If you need to ask on a public forum, whether or not you should accept the order, then you already have your answer, in my opinion.

Simon

Ugh Thailand there's a big red flag already (sorry to anyone from Thailand/Indonesia/Russia/etc but any order I get from those countries is screened HEAVILY).

I dunno this really smells I'd still probably set it up but I'd keep an extremely close eye on their activities. I just hate to call someone a liar to their face until I've caught them red handed.

This one seems extremely familiar to me. I recently had a customers sign up for a reseller account with us, then immediately started sending out spam messages...this one was for paypal though.

it said pretty much the same thing as that site said....that they needed you to update their information....then they gave a link with an IP address: http://ip/updatescript.

The signature was exactly the same:

The Paypal Billing Deptartment .

I canceled the account right away, and within an hour they signed up again with a different credit card.

I canceled that one right away and they never came back.

I called both credit card contacts and there was no answer. I traced the IP address, which was different in both instances, and it appeared to be from a proxy...

The funny thing is I had setup a filter to filter out all of his messages, so none of them were actually sent out....

There are some shady people out there....

Is it even really worth it? All the time reading all these comments, checking this and checking that...all for a few bucks a month. If you question the legitimacy, leave it alone. Simple!

I wouldn't do anything. A mass mailing script does not mean that someone will use it to spam. I did make 2 programs (one in VB and one script based) to send mass mailings. I've sent approx 150.000 emails to my newsletters which is legal because these people have subcribed and did confirm their subscription. Mass mailing is not illegal. Only unrequested mass mailing is. If this guy is a spammer you will soon get complaints and then its time to remove the guy. Not before that...

Taketo, you obviously didn't look at the page. It wasn't just a mass mailer, it had filled in the email body which was requesting people verify their ebay accounts by providing a credit card at what looked to be an ebay address but was actually some random IP.

Originally posted by Dan Grossman
Taketo, you obviously didn't look at the page. It wasn't just a mass mailer, it had filled in the email body which was requesting people verify their ebay accounts by providing a credit card at what looked to be an ebay address but was actually some random IP.

Oh...well then I wouldn't host him either ;)

When I had my URL redirection service someone was using my subdomain redirection to steal credit card information. Some people did email ME and ask me where they had to submit their credit card info to... That was pretty wired and of course I kicked the guy out and even reported him to the authorities.

I think I would let him pay and set up his account, then 5 minutes later I would find the content and shut the account down without refunding the customer. If he complains I would tell him that there is a 5000 Dollar contractual penalty for illegal content (which is true according to my terms) and that he should pay the money shortly. I am sure he wouldn't ever contact me again ;)

Originally posted by taketo
I think I would let him pay and set up his account, then 5 minutes later I would find the content and shut the account down without refunding the customer. If he complains I would tell him that there is a 5000 Dollar contractual penalty for illegal content (which is true according to my terms) and that he should pay the money shortly. I am sure he wouldn't ever contact me again ;)

I dont think he would be stupid enough to leave a digital trail by using his own credit card to make payment. Then again he could be that pathetic :D

Well I think most of these guys are that stupid...

Originally posted by taketo
Well I think most of these guys are that stupid...

on the contrary...I think a lot of these guys are bright enough to cover their own trails....granted, there might be some dome ones out there, but a lot of them have thought it through pretty good.

Originally posted by noimad1
on the contrary...I think a lot of these guys are bright enough to cover their own trails....granted, there might be some dome ones out there, but a lot of them have thought it through pretty good. I would tend to agree with this statement. By the looks of the techniques employed, whoever put that together is pretty sharp, and knows exactly what they're doing!

I think I would subscribe to the, "Not worth the time and headaches" line of thinking. But please do keep us posted! I'd be interested in whether eBay & Citibank respond to you...

Originally posted by rrdega
I would tend to agree with this statement. By the looks of the techniques employed, whoever put that together is pretty sharp, and knows exactly what they're doing!


A lot sharper than some of the hosts who have posted in this thread.

Interesting!!! And probably related to what we see here... I just heard a 'top of the hour' newscast earlier where they were warning about the increase in "phishing," fraud, credit card and personal information theft, etc... And Citibank was referenced by name! Almost like Citibank had requested the piece as a Public Service Announcement...

They don't have to. The citibank schemes are just numerous at this point. I doubt the phishers are using their name to give them PR.

I doubt the phishers are using their name to give them PR.Huh?!? Did I imply that? Sorry if I did... :(

The piece I heard was saying that there has been a significant increase in these types of activities lately. And went on to reference Citibank in particular...

True that Yaser.