Results 1 to 25 of 30
Thread: Fraud, fraud... ohh dear, fraud!
-
06-29-2002, 12:48 PM #1Registered User
- Join Date
- Dec 2001
- Location
- Fresno, CA
- Posts
- 306
Fraud, fraud... ohh dear, fraud!
Yesterday we have recieved a very very large fraud orders coming in.
We recieved about 40 orders yesterday....about 32 or 33 were fraud. We were forced to call up on someone, because these were valid credit cards, but invalid addresses and all came from the same ip block.
203.162.*.*
This guy tried changing IP I guess in every order used different e-mail addresses, but always kept it with @yahoo.com . Now I am not sure what Eryxma is doing about this, since they just kept us out form knowing that much information, just told us they notified the authorities, etc, and starting banning this person and well my asssignment was to remove all orders we have gotten from 203.162.*.* and there are a few and looking at them, all from Vietnam. . And looking at our order status page this person has tried to come to our order forms again, and tried to order 29 times today.
I can't recieve that much info from Eryxma right now, since they aren't saying much.
But I was wondering and to let you know about this IP, and has this has happened to anyone else?
-
06-29-2002, 12:50 PM #2Web Hosting Master
- Join Date
- Nov 2001
- Posts
- 5,383
Yes we have been hit by many today, let me get the ip's.
Clustered Hosting With Continuous Data Protection (CDP)
http://www.solidinternet.com
8 Years of hosting excellence!
-
06-29-2002, 01:28 PM #3Junior Guru Wannabe
- Join Date
- Jun 2002
- Location
- Australia & The Pacific
- Posts
- 75
has anyone tried hostabuse ?
-
06-29-2002, 01:46 PM #4Registered User
- Join Date
- Dec 2001
- Location
- Fresno, CA
- Posts
- 306
Look at this, since I monitor humanclick and monitor the order that come in, look what i found:
Shiekron: How may I help you ?
Visitor: zbrs.com and son3vil.ws hosting are del ?
Shiekron: yes sir for fraud
Visitor: thanks
Visitor: i'll never fraud
Shiekron: we have recieved a numerous amount of orders from this IP block and we were forced to do so
Visitor: do you wanna know how can i have that Credit Card
Shiekron: Why sir?
Visitor: here :
Visitor: http://www.vnlogic.net/cgi-bin/ultimatebb.cgi?
Visitor: i get it from that forum
Shiekron: sorry sir, we just don't welcome this, nor do we tolerate this
Visitor: yes,i know
Shiekron: Have a nice day.
Visitor: but
Shiekron: But what sir?
Visitor: can i register again with my CREDIT CARD ?
----REST CUT OFF---
I cut off the rest because it was just too violent.
-
06-29-2002, 01:55 PM #5Web Hosting Master
- Join Date
- Nov 2001
- Location
- Singapore
- Posts
- 769
This is quite worrying for hosts. I wonder does the other 3rd-party services like Revecom and 2Checkout have this kind of fraud screening...?
-
06-29-2002, 02:26 PM #6Web Hosting Master
- Join Date
- Jun 2000
- Location
- Southern California
- Posts
- 12,136
Some contact info on the domain. I suggest you try to verify that there are cc#'s being post, contact the host about it if so, and if that doesn't work, try RS abuse. Domain doesn't exactly have contact details (maybe enom would just remove it, heh)...
Address lookup
canonical name www.vnlogic.net.
aliases
addresses 216.127.70.95
Domain Whois record
Querying whois.internic.net with "dom vnlogic.net"...
Whois Server Version 1.3
Domain names in the .com, .net, and .org domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: VNLOGIC.NET
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS9.VNSTYLE.NET
Name Server: NS10.VNSTYLE.NET
Updated Date: 25-jun-2002
>>> Last update of whois database: Sat, 29 Jun 2002 04:50:21 EDT <<<
The Registry database contains ONLY .COM, .NET, .ORG, .EDU domains and
Registrars.
Querying whois.enom.com with "vnlogic.net"...
Access to eNom's Whois information is for informational
purposes only. eNom makes this information available "as is,"
and does not guarantee its accuracy. The compilation, repackaging,
dissemination or other use of eNom's Whois information in its
entirety, or a substantial portion thereof, is expressly prohibited
without the prior written consent of eNom, Inc. By accessing and
using our Whois information, you agree to these terms.
Domain name: vnlogic.net
Registrant Contact:
XXX
XXX XXX (huu_tu@yahoo.com)
XXX
FAX: XXX
xxx
xxxx, 10400
MA
Billing, Administrative Contact:
XXX
XXX XXX (huu_tu@yahoo.com)
XXX
FAX: XXX
xxx
xxxx, 10400
MA
Technical Contact:
xxx
xxx xx (huu_tu@yahoo.com)
xxx
FAX: xxx
xx
xxx, 10400
MA
Status: ACTIVE
Note: To help prevent fraudulent or erroneous
transfers, we encourage registrants to place their domains on "lock"
status with their current registrar.
Name servers:
ns9.vnstyle.net
ns10.vnstyle.net
Created: 01/08/02 03:10:14
Expires: 01/08/03 03:10:14
--------------------------------------------------------------------------------
This information was provided by Enom, Inc. an accredited ICANN registrar.
http://www.enom.com
Register your domain name today!
Network Whois record
Querying whois.arin.net with "216.127.70.95"...
Everyones Internet, Inc. (NET-EVRY-BLK-10) EVRY-BLK-10
216.127.64.0 - 216.127.95.255
Azeem Butt (NETBLK-AZEEM) AZEEM 216.127.70.88 - 216.127.70.95
To single out one record, look it up with "!xxx", where xxx is the
handle, shown in parenthesis following the name, which comes first.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
Querying whois.arin.net with "!NETBLK-AZEEM"...
Azeem Butt (NETBLK-AZEEM)
39867 Potrero Dr
Newark, CA 94560
US
Netname: AZEEM
Netblock: 216.127.70.88 - 216.127.70.95
Coordinator:
Administration, DNS (DA37-ORG-ARIN) hostadm@SIRIUS.COM
+1-415-865-5080
Fax- +1-415-865-5004
Record last updated on 13-Oct-1999.
Database last updated on 28-Jun-2002 19:59:48 EDT.
The ARIN Registration Services Host contains ONLY Internet
Network Information: Networks, ASN's, and related POC's.
Please use the whois server at rs.internic.net for DOMAIN related
Information and whois.nic.mil for NIPRNET Information.
DNS records
name class type data time to live
www.vnlogic.net IN A 216.127.70.95 86396s (23h 59m 56s)
vnlogic.net IN MX preference: 10
exchange: mail.vnlogic.net
86396s (23h 59m 56s)
vnlogic.net IN SOA server: ns9.vnstyle.net
email: webmaster@vntoday.org
serial: 6
refresh: 3600
retry: 600
expire: 86400
minimum ttl: 3600
3600s (1h)
70.127.216.in-addr.arpa IN SOA server: ns1.ev1.net
email: admin@ev1.net
serial: 1022774587
refresh: 10800
retry: 3600
expire: 432000
minimum ttl: 38400
38400s (10h 40m)
Service scan
FTP - 21 220 ProFTPD FTP Server ready.
SMTP - 25 220 ns9.vnstyle.net ESMTP Sendmail 8.11.6/8.11.6; Sun, 30 Jun 2002 02:17:01 -0600
HTTP - 80 HTTP/1.1 200 OK
Date: Sun, 30 Jun 2002 08:17:06 GMT
Server: Apache/1.3.22 (Unix) (Red-Hat/Linux) mod_jk/1.2.0 mod_perl/1.24_01 PHP/4.1.1 FrontPage/5.0.2 mod_ssl/2.8.5 OpenSSL/0.9.6b
Connection: close
Content-Type: text/html
POP3 - 110 +OK POP3 ns9.vnstyle.net v2000.70rh server ready
NNTP - 119 Error: Connection refused
Traceroute
Tracing route to www.vnlogic.net [216.127.70.95]
hop rtt rtt rtt ip address fully qualified domain name
1 0 0 0 216.46.228.241 port-216-3073265-dal16509b-drtn.devices.datareturn.net
2 0 0 0 64.29.192.237 port-64-1949933-zzt0prespect.devices.datareturn.net
3 0 0 0 64.29.192.226 port-64-1949922-zzt0prespect.devices.datareturn.net
4 0 0 0 209.246.152.201 gigabitethernet3-0-101.ipcolo2.dallas1.level3.net
5 0 0 0 209.244.15.101 gigabitethernet11-0.core2.dallas1.level3.net
6 0 0 0 209.247.10.109 so-4-1-0.mp2.dallas1.level3.net
7 40 30 30 64.159.0.249 so-2-0-0.mp2.losangeles1.level3.net
8 30 40 30 209.247.10.202 pos9-0.core1.losangeles1.level3.net
9 40 40 40 129.250.9.33 p4-6-0-0.r00.lsanca01.us.bb.verio.net
10 30 40 40 129.250.5.25 p16-7-0-0.r02.lsanca01.us.bb.verio.net
11 50 51 50 129.250.3.210 p4-0-3-0.r01.sndgca01.us.bb.verio.net
12 50 50 50 129.250.3.205 p4-2-0.r00.sndgca01.us.bb.verio.net
13 40 40 30 129.250.3.185 p4-1-0.r01.hstntx01.us.bb.verio.net
14 40 40 30 129.250.29.89 ge-0-2-0.a03.hstntx01.us.ra.verio.net
15 70 70 70 128.241.2.102 ge-0-0-0.a03.hstntx01.us.ce.verio.net
16 71 70 80 207.218.223.38 tayhou-223-38.ev1.net
17 70 70 70 216.127.70.95
Trace complete
-
06-29-2002, 02:31 PM #7Web Hosting Master
- Join Date
- Sep 2001
- Location
- Vienna, Austria
- Posts
- 1,074
ah goodness.
i feel a scandal coming on.
-
06-29-2002, 02:46 PM #8Web Hosting Evangelist
- Join Date
- May 2002
- Posts
- 542
Visitor: can i register again with my CREDIT CARD ?Jay » jay@frontdrive.com AIM » FDrive Support
Front Drive™ » Advanced multi-domain solutions
http://www.frontdrive.com/
-
06-29-2002, 03:45 PM #9Disabled
- Join Date
- Jun 2002
- Posts
- 74
Originally posted by Chicken
Some contact info on the domain. I suggest you try to verify that there are cc#'s being post, contact the host about it if so, and if that doesn't work, try RS abuse. Domain doesn't exactly have contact details (maybe enom would just remove it, heh)...
Enom.com. No wonder they have let it go on this long. They respond to abuse complaints as fast as molasses in winter. I've been reporting a pr0n spammer on their network for the last year and a half and the site is still active.
AVOID reporting anything to Enom for anything. Hit their upstream since they refuse to listen to abuse complaints. Im surprised they are still actively hosting.
-
06-29-2002, 03:50 PM #10Junior Guru
- Join Date
- Feb 2002
- Location
- Los Angeles, CA
- Posts
- 204
Report it to abuse ev1.net, or email abuse@ev1.net
Hackers I beleive are not allowed on their network. They will have it deleted in not time I hope so.
Or call rackshack█ FastWebHost.com - Business Web Hosting, Reseller Hosting, WordPress & Fast VPS Hosting
█ FastWebHost.in Best India Web Hosting Provider. India Web Hosting
█ Hosting Websites Since 2002. Locations: USA, Netherlands, Germany and India.
-
06-29-2002, 04:04 PM #11Newbie
- Join Date
- Feb 2002
- Posts
- 5
I have already reported this.
I hope soon this is solved.
I can't take it. I blocked all of Vietnam!
Have a nice day!
-
06-29-2002, 04:09 PM #12Web Hosting Master
- Join Date
- Jun 2000
- Location
- Southern California
- Posts
- 12,136
Originally posted by Annie-Mei
Enom.com. No wonder they have let it go on this long. They respond to abuse complaints as fast as molasses in winter. I've been reporting a pr0n spammer on their network for the last year and a half and the site is still active.
AVOID reporting anything to Enom for anything. Hit their upstream since they refuse to listen to abuse complaints. Im surprised they are still actively hosting.
-
06-29-2002, 07:29 PM #13Web Hosting Evangelist
- Join Date
- Feb 2001
- Location
- Nr Cambridge, UK
- Posts
- 525
it's shocking to see the amount of fraud going on.
I got a promotional email about some McAfee products.. looked legit.. but it wasn't on McAfee's site and their order form wasn't secure. So I went to McAfee's site and no mention of the offer.
James
-
06-29-2002, 07:58 PM #14Web Hosting Master
- Join Date
- Jun 2002
- Posts
- 1,378
I wanted to hop in here real quick and ask a couple questions...
First, I fail to understand at all why someone would be entering erroneous information on order forms? Am I misunderstanding this, or are they committing credit card fraud to sign up for... services they probably don't actually want?
Second, a quick technical question pertaining to netblock assignments (as Chicken has posted them.) Isn't there a way to get these via "whois", as opposed to going to ARIN's site (which is what I do now.)
Again, while I'm sorry this is going on, I really cannot understand their motives.
-
06-29-2002, 08:57 PM #15Web Hosting Master
- Join Date
- Jun 2002
- Posts
- 1,210
Originally posted by HostInspect
Look at this, since I monitor humanclick and monitor the order that come in, look what i found:
Shiekron: How may I help you ?
Visitor: zbrs.com and son3vil.ws hosting are del ?
Shiekron: yes sir for fraud
Visitor: thanks
Visitor: i'll never fraud
Shiekron: we have recieved a numerous amount of orders from this IP block and we were forced to do so
Visitor: do you wanna know how can i have that Credit Card
Shiekron: Why sir?
Visitor: here :
Visitor: http://www.vnlogic.net/cgi-bin/ultimatebb.cgi?
Visitor: i get it from that forum
Shiekron: sorry sir, we just don't welcome this, nor do we tolerate this
Visitor: yes,i know
Shiekron: Have a nice day.
Visitor: but
Shiekron: But what sir?
Visitor: can i register again with my CREDIT CARD ?
----REST CUT OFF---
I cut off the rest because it was just too violent.Professor of crime at St Andrews university.
-
06-29-2002, 09:45 PM #16WHT Addict
- Join Date
- Mar 2002
- Posts
- 141
We've had nothing but bad luck from Vietnamese orders also, they've all been spammers.
First, I fail to understand at all why someone would be entering erroneous information on order forms? Am I misunderstanding this, or are they committing credit card fraud to sign up for... services they probably don't actually want?http://www.sonichost.net
Hosting Solutions That Won't Break Your Budget!
-
06-30-2002, 01:22 AM #17Web Hosting Master
- Join Date
- Dec 2001
- Location
- New Jersey
- Posts
- 1,152
Hi did anybody send out a general notice to to 2checkout and the other CC companies we all do business with. if that link is a qualified CC link then I think they would want it.
mikeI am Mike From ADEHOST.Com, Multidomain Windows hosting with Cold Fusion and ASP and Dot.NET Also offering multi-domain Unix hosting. silently, each one should ask, Have I done my daily task. Have I kept my honor bright, can I sleep without guilt tonight. Have I done and have I did, everything, to be prepared. - our motto to maintain services.
-
07-12-2002, 04:51 AM #18Newbie
- Join Date
- Apr 2002
- Posts
- 11
I am new to credit card processing (and fraud), but it seems to me all the security checks before a credit card is verified and actually accepted online are just for show. My experience below suggests so:
I recently wanted to buy a domain from Godaddy and it just would not accept my card. The helpdesk told me that they do not accept customers from Singapore because of previous fraud(interestingly they do not dare to post such discrimination openly on their webpage).
Well, I went back to the order page and entered an address in Germany (I am German, but this is NOT my card billing address!) and it went through without problems, Singaporean card and all!
Next time I could put in a bogus address and later dispute the charges, right? Too bad I am honest, but it certainly serves them right if other people from the countries they discriminate against are not!
-
07-12-2002, 04:57 AM #19Web Hosting Master
- Join Date
- Sep 2001
- Location
- Clifton Park, NY
- Posts
- 925
We get many many fake successful orders a month, however we call and verify every one now and cancel the account and reverse the charge immediatly if it doesnt go through right. I think a big reason they do it is to test the cards to see if they are good before they take them somewhere to try to card actual merchandise.
-Brendan
-
07-12-2002, 05:48 AM #20Junior Guru
- Join Date
- Feb 2002
- Location
- Los Angeles, CA
- Posts
- 204
WE do not get fruad orders (touch wood) for 3 reasons
1. We have banned all free email addresses to submitt order about 300 or so and adding, only ISP address are allowed, this has however not decreased the order rate, but have zeroed the fruad orders.
2. Banned any IP's and ISP's which are known for fruad orders. So that narrows down even more. Even banned proxy servers in our billing .htaccess file.
3. We have strict authorize.net AVS and CVV2 system which also helps us, even if the address is right and zip is not , it declines the orders or vise versa and other tricks.
I see lots of orders being declined due to wrong billing address and 50% of those orders are fruad and 50% users didn't provide right billing address and they do write us an email that why is it declined, and we tell them that their zip or address didn't match the billing address from their bank or card bank and they modify it and order goes through.
We do get orders from vietnam and singapore and all are legit with right address in singapre and vietnam so far
Most fruadgets rejected by the .htaccess file.
Hope this helps█ FastWebHost.com - Business Web Hosting, Reseller Hosting, WordPress & Fast VPS Hosting
█ FastWebHost.in Best India Web Hosting Provider. India Web Hosting
█ Hosting Websites Since 2002. Locations: USA, Netherlands, Germany and India.
-
07-12-2002, 07:49 AM #21Web Hosting Evangelist
- Join Date
- Jul 2002
- Location
- Orlando Florida
- Posts
- 538
My God! Thats scary! They have a forum with CC#'s posted. I feel so sorry for the victems cards that are on this site. They need to be contacted themselves to cancel their cards ASAP!
-
07-12-2002, 09:53 AM #22Eternal Member
- Join Date
- Aug 2001
- Location
- Houston, Texas
- Posts
- 695
It looks like Rackshack was hosting that forum site. But, as it violates our AUP/TOS. it is no more. We shoudl all watch where this site goes and lat the new host know what is being done on that site.
RobertRobert Marsh
Head Surfer
-
07-12-2002, 01:30 PM #23Registered User
- Join Date
- May 2002
- Posts
- 604
Originally posted by fog
I wanted to hop in here real quick and ask a couple questions...
First, I fail to understand at all why someone would be entering erroneous information on order forms? Am I misunderstanding this, or are they committing credit card fraud to sign up for... services they probably don't actually want?
Second, a quick technical question pertaining to netblock assignments (as Chicken has posted them.) Isn't there a way to get these via "whois", as opposed to going to ARIN's site (which is what I do now.)
Again, while I'm sorry this is going on, I really cannot understand their motives.
-
07-12-2002, 01:36 PM #24Web Hosting Master
- Join Date
- Sep 2001
- Location
- Vienna, Austria
- Posts
- 1,074
i believe HRbrendan gave one of the major reasons.
Originally posted by HRBrendan
.....I think a big reason they do it is to test the cards to see if they are good before they take them somewhere to try to card actual merchandise.
-Brendan
-
07-12-2002, 01:41 PM #25Registered User
- Join Date
- May 2002
- Posts
- 604
Oops, missed that.