Fraudster Information

Status
Not open for further replies.

CrazyTech

Yellow Belt
Just thought I'd pass this along to the other hosts here. This was taken from a post over at WHT by RWH.
--------------------------------------------------------------------------------------------------------------------------
Hi to all,

We have been dealing with a issue with a guy/gal that loves to signup with fraudulent orders. Since Jan 2003 this same person has made over 30 attempts to signup with us using stolen credit cards. Of those, he has been successful 3 times. This person has signed up with orders ranging from $10.00 to $600.00 over this time period. Starting in March of 2004, the person got really active sometimes trying 5 or 6 times a night.

The first week in May we finally decided to try and track this guy down. At that time, we found him on a host that we will not name. A that time we contacted this host and found out that the person had used the same ips and the same credit cards with this company. At the time he was with them, we were told he was a reseller and the abuse department at this company terminated quickly.

After this happened we did not here from this criminal until last week when he started again.

Since last Thursday he has attempted approximately 11 times. Our fraud software has stopped all but one time, and we manually voided the credit charge.

So far we have been able to see that this guy has had at least 14 different stolen credit cards. We have been able to contact 11 of them and inform them their credit card had been stolen.
Some people could not believe it, but some were very happy that we had called them and informed them of the issue. Only one of the eleven had any knowledge of the credit card being stolen.

We also got 3 legit accounts from them.

This person is very good at what they do, they have used over 20 different ips during this time and numerous domain names.
We are posting the ips and domains below. We feel it would be a good thing for all hosting companies to check their records for this guy because he probably has sites all over the place.

We really feel that he is from Vietnam based on early information we received. His main domain name account seems to be thecolor.org, and yes it is hosted now. We sent information about this guy to the hosting company last night.

Hope this helps all who reads it.

Here are the domain names:

thecolor.org
baccoto.net
pisupipi.com
thomasfly.us
tinhmaixanh.com
tcf-unihockey.com
nguoixuquang.com
nguyenduyhieu.biz
b3tranphu.com
misterius-line.org
vietnamisp.net
hostingofvn.com
boz-calvin.com
trituetre.biz
medistarhlthplan.com
elsene-atlanta.com
bagamiash.net
tructhanh.com
tructhanh.biz
tructhanh.net
minhee.info
tinhmaixanh.com
hn-lequydon.net
qpalz.net
bcchuyenngoaingu.org



We are sure there are others.

Here is a list of ips so far that he has used:

66.197.156.53
203.162.37.159
63.73.24.2
212.135.170.98
64.108.190.118
212.116.167.134
203.210.154.66
203.162.113.38
200.41.4.3
203.162.3.145
68.196.94.190
68.45.208.199
12.23.66.121
64.166.74.200
64.179.28.210
63.75.47.66
216.104.196.225
64.139.138.106
24.13.238.36
64.252.191.36

Any questions you can post here or email us at admin@realwebhost.net
 

CrazyTech

Yellow Belt
I don't typically pass along these type things, but this guy is someone to look out for. That's why I don't plan to have a credit card either at this point.
 

Moondancer

Yellow Belt
well, it's all in being careful where you use them, too... and what you allow your computer to save on the system too ... I don't let my computer do the .net Passport stuff.. that's like inviting somebody in.

@#&* virii are killing us today... 160 alerts already this morning, :-(  ... that's another thing I don't understand.. what's the point of them? you just end up in jail for it and you aren't doing anything good with them. not that they hurt us as far as actually doing any damage it's just the pain in the butt filtering them, sending off all the stupid emails and junk that weigh down the server load.. and for what? so we can hear about somebody getting arrested for it in a week or so?
 
O

ovi

Maybe I will give you some utile information but some of the name of the domains is in Romanian language, trust me. Maybe the criminal is from Romania and he is connecting trough proxy from vietnam, taiwan, Asia (this country has several vunerable servers). Maybe he left this impresion that is from Asia, but trust me that some domains from your list is in Romanian language.
Maybe will be better to speak with the autorities.

Best Regards,
Ovi
 
Status
Not open for further replies.
Top