I'm fairly certain that the last three fraud orders we recieved are all from the same person. We keep getting orders in different names and all with emails from this domain:

Email: teub@telkom.net

My supposition is that whomever this is has several accounts with them, and just uses a different one everytime.

He/she is not particularly good at the fraud thing, as they haven't got a card past 2checkout.com yet, but I wanted to warn you all anyways. No doubt, he/she will move on from us to someone else...

BTW - Anyone have any idea of the location of telkom.net? Or even better, their IP range? It seems this is a good one to add to our .htaccess list...

Take care,

Brian

Ditto on that email address. Also this one: tahek@hehe.com . Twice in 3 days under different names. Both failed to pass through paysystems.

Originally posted by bteeter
BTW - Anyone have any idea of the location of telkom.net? Or even better, their IP range? It seems this is a good one to add to our .htaccess list...


Querying whois.apnic.net with "203.130.252.36"

inetnum: 203.130.224.0 - 203.130.255.255
netname: TELKOMNET




Registrant:
Bangus Divre V PT Telekomunikasi Indonesia (TELKOM4-DOM)
Jl Ketintang No. 156
Surabaya, Jatim 60231
INDONESIA

Domain Name: TELKOM.NET

Administrative Contact, Technical Contact:
Waldjijo, Briliantoro (BW6378) brilly@DIVRE5.TELKOM.CO.ID
Bangus Divre V PT Telekomunikasi Indonesia
Jl Ketintang No. 156
Surabaya, JATIM 60231
ID
+62-31-8293007 (FAX) +62-31-8286580

Record expires on 18-Sep-2002.
Record created on 18-Sep-1998.
Database last updated on 4-May-2002 00:58:28 EDT.

Domain servers in listed order:

NS2.TELKOM.NET 203.130.252.35
NS1.JATIMMALL.COM 203.130.252.34


- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

hehe.net is from a free email service provided by http://www.myownemail.com (one of 200+ domains they offer).

You'd be wise to run the IPs of the attempted signups...

http://xpenguin.com/plot.php is a nice tool to plot IPs.

First download a free utility from the esteemed GRC.com called IDServe (http://grc.com/id/IDServe.htm).
It can be a handy tool for tracking sdown IPs.

You might want to take a look at the email headers and try to determine whether the addy is forged or not. Most scammers are going to spoof this info if they have half a brain. Take a look at this site http://eddie.cis.uoguelph.ca/~tburgess/local/spam.html While ugly, it provides some good information on determining whether the email is valid (i.e. it was actually sent from the domain listed). If it is valid, you have something to work with:

I ran a Whois on Verisign. The domian is Indonesian based. I highly doubt the person holding the domain is responsible as the domain belongs to an Indonesian telecom service - they merely provide the service to the end user. However, reporting the user to them may result in something. Most ISPs get pretty pissy when users are utilizing their service for illegal means. You might be able to get the user's name and address if you get a lawyer to contact the ISP. At that point the culprit is pretty much screwed.

Here's the domain info for telkon.net:
====
Registrant:
Bangus Divre V PT Telekomunikasi Indonesia (TELKOM4-DOM)
Jl Ketintang No. 156
Surabaya, Jatim 60231
INDONESIA

Domain Name: TELKOM.NET

Administrative Contact, Technical Contact:
Waldjijo, Briliantoro (BW6378) brilly@DIVRE5.TELKOM.CO.ID
Bangus Divre V PT Telekomunikasi Indonesia
Jl Ketintang No. 156
Surabaya, JATIM 60231
ID
+62-31-8293007 (FAX) +62-31-8286580

Record expires on 18-Sep-2002.
Record created on 18-Sep-1998.
Database last updated on 4-May-2002 00:43:06 EDT.

Domain servers in listed order:

NS2.TELKOM.NET 203.130.252.35
NS1.JATIMMALL.COM 203.130.252.34

=======

Hope this helps you bust their asses.

Sem.

Ooops, too late. Chicken beat me to it ;) At least check out the page on spoofing email headers. I doubt they have the brain power, but if they are doing this, it may be harder to find them.

Sem

Yeah we've had that email address several times lately - Isn't it strange that this person targets posters on WHT?

I posted something on here about frauds and then within a few hours received a massive fraud order.... $2700 ($NZ), after saying they always buy the dearest plan for the longest time possible....... just to prove a point maybe....