Someone has been going around with the following IP address, making fraud orders, with the same persons Credit card Number, Name, address, & phone number:

Date: 03/16/2006 21:04
IP: 222.252.46.56
Host: 222.252.46.56

They have stolen all the person’s information, and have been using it. I called the phone number that they put down, and she was the owner of everything, but did not make the order. She said her personal information was stolen, and keeps getting phone calls, like mine within the past 3 days.

Ryan

THANK YOU!!

Pointing things like this out and bringing it our attention is what a "community" is all about.
:lovewht:

Well over 300ms tracert times from the east coast US. Resolves to an ADSL line two hops inside adsl.hnpt.com.vn

If the frauder is in the US he's using a proxy, the victum travels alot, or her information was given to a comprimised website and has now become property of the black hats.

I wish her the best of luck.

OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU

ReferralServer: whois://whois.apnic.net

NetRange: 222.0.0.0 - 222.255.255.255
CIDR: 222.0.0.0/8
NetName: APNIC8
NetHandle: NET-222-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: NS-SEC.RIPE.NET
NameServer: TINNIE.ARIN.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
RegDate: 2003-02-13
Updated: 2005-05-20

OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net

# ARIN WHOIS database, last updated 2006-03-17 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

I don't have any information on my website that is credit card related and, indeed, this site that's been getting whacked at hasn't even got ads on it or even sells anything... However from my stats:

country Pages Hits B/W (hopefully that lines up)
Vietnam vn 16537 16540 118.45 MB

This is the first time we've even had traffic from Vietnam that's made it into the top. It was getting railed on last week pretty heavy - no compromising or anything (we checked that) thank God but still it was pretty interesting.

I'm not sure if/what this has to do with it but it's just a bit interesting and perhaps it's nothing but who knows? I'd be interested to know if other people have been seeing similar.

We, the site's kgiii.info, don't have any credit card information or the likes. We don't have anything that anyone would want to take I don't think either. The traffic was nailing on the forum portion pretty heavily though the content hasn't been changed and there doesn't appear to have been any success with the attack.

It lasted for a few days and stopped. I wonder if, maybe, someone's been hammering on sites trying to pull CC data and if we were one of them that was targetted. The traffic from VN headed all over the site but seems to have concentrated on the forum more than anything. It could be nothing? It did seem to be a bit strange to have that just a few days ago and then this gets mentioned. ;)

KGIII

222.252.46.56 = VietNam = High risk country

I suggest getting MaxMind or FraudGuardian that will automatically reject orders coming from IPs in high risk countries :)

The ladie said the people who stole her information have been using in in europe.
Thats what she said on the phone.

This is common problem. But if you use 2CO they alway will do the check for you :)

Shouldn't it have been cancelled by now if she knows it's stolen.. :S or is it just not going through and coming up as fraud?

222.252.46.56 = VietNam = High risk country

I suggest getting MaxMind or FraudGuardian that will automatically reject orders coming from IPs in high risk countries :)
Yup, I agree almost 99% of orders that come from Vietnam are fraud. Thanks for the headups!

Thanks for the heads up!

We got many fraud orders this week...
These info can help ppl here :

Greg Mitchell, webpharmacy@gmail.com, ip: 200.75.247.226 (Panama), credit card: Usa

Summer Rayne, refered by Wht (doh!), raynesao7@aol.com, 69.46.0.37
(Florida), cc: USA, Phone number not valid

Lauren Wilcox, leafgs@smekerie.org, 172.177.145.181 (VA), cc: USA, Phone number not valid.

VietNam is a very High fraud risk country, always check your order ip address. If you enter the IP on dnsstuff.com, it will tell you if the country has high fraud rate.

Thanks for the heads up! The lady should call her credit card company to report the card as stolen, as it will freeze it from be usable.

Cheers,
-- Tim

Wow... like everyone else said, thank for letting us know!

Hehe.

222.252.46.56 is actually

Viet Nam - Vietnam Posts And Telecommunications Corp (vnpt)

descr: Vietnam Posts and Telecommunications Corp (VNPT)
descr: 23 Phan Chu Trinh st., Hanoi capital, Vietnam
country: VN
admin-c: NXC1-AP
tech-c: KNH1-AP


Admin seems to be:

address: Vietnam Posts and Telecommunications (VNPT)
address: 18 Nguyen Du street, Hanoi capital, Vietnam
phone: +84-4-9430427
fax-no: +84-4-8226861



-----
Also: United States - Florida - Tampa - Noc4hosts
69.46.0.37 - Possibly a dedicated server [compromised?]? Ask NOC4HOSTS if they might have details on the owner of this box
------
200.75.247.226 Panama - Panama City - Cable Onda
Probably not going to get too far there.

I must say this is the one problem with credit cards. Thanks for the info!

Jamez

... She said her personal information was stolen, and keeps getting phone calls, like mine within the past 3 days...
I do not understand why didn't she call her bank to block that credit card after the first call? Why did she wait for 3 days getting calls and doing nothing?

She did, however, she knows when its trying to be used again, by her bank.

She did, however, she knows when its trying to be used again, by her bank.

Least she was nice about things... I once called a lady about her credit card being stolen and she literally flipped out at me.

I clearly explained who I was and why I was calling (so there was no confusion) and long story short, she hanged up on me. <shakes his head>

She was scared at first, but I told her, to not worry about this situation with our company, we would not charge/ process anything, unless we had conformation from you.

But if you use 2CO they alway will do the check for you :)
Actually, they do do a fraud check, but they also recommend that you do one yourself.

Thanks for the info :D