[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] Someone to watch out for (cc'd to security and users)
- Subject: [cobalt-security] Someone to watch out for (cc'd to security and users)
- From: "Carrie Bartkowiak" <ravencarrie@xxxxxxxx>
- Date: Mon, 28 May 2001 02:42:43 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Heads up to those of you offering web hosting.
I caught a person trying to do who-knows-what with a fraudulent credit
card.
Dunno if he was looking for accounts to set up all over the place to
continue his fraudulent spree, or if he was looking for accounts to
break into a server. Either way, if you see him, boot him.
Info is below.
CarrieB
I have a list of 5 attempted transactions in my third-party payment
system database, with
the 5th one being confirmed. Each time the person used a different
physical address
and zip code, but the same email and fake name.
He put his email as pempek@xxxxxxxxxx and his name as Douglas
Struthers.
Tracing down temona.com gives me a name of Agus Pempek, with the
email
address of pempek@xxxxxxxxxx This person, once his 5th transaction
was
verified, signed up for my services with the username of 'Agus'.
The address for this Agus Pempek is:
jl. orde baru no.20
Jakarta, JKT 30127
India 7802708.
He registered the domain cowok-bandel.com with my services.
Tracing this down gives me an owner of Ragnar Schneider
34410 La Raye Drive
Yucaipa, CA 92399
phone: 128-321-0786 with an email address of agus@xxxxxxxxxxx
Going further, p3mp3k.com turns up as being owned by
Agus Budaya
jl. orde baru no.20
Jakarta, JKT 30127
India
with an email address of pempek@xxxxxxxxxxxxxxxx
Sayang-uwel.com turns up the same owner and address, fake phone
number,
and email address of pempek@xxxxxxxxx
Uwel.org turns up the same owner and address, and leads back to the
original email of pempek@xxxxxxxxxxx
Full circle.