Nothing new here, just three forums used to scam stupid people like carders.
It's always the same method: advertising via spam and to view the content you must pay a fee.
Our first forum is a phpbb with fake statistic.
• dns: 1 ›› ip: 50.7.199.110 - adresse: FORUMSCC.COM
Forum look's huge:
Users are charged a $0.5 LR fee to view forums:
Fake online users:
Second example, fake carding shop:
• dns: 1 ›› ip: 96.125.170.142 - adresse: MARALIMACLASSIC.COM.BR
The captcha is iframed:
When you complete the name field and click login you are redirected always to register.html
The site index is defaced by a random lammer:
register.html
When you click to register you are redirected on a fake Liberty Reserve page:
• dns: 1 ›› ip: 198.24.144.50 - adresse: SCI.LIBIRTYRESERVES.COM
Another fake site, probably do by the same guys:
Mailer:
Some other files found on the compromised server, cPanel bruteforcer:
Another cPanel bruteforcer:
Ac1db1tch3z x86/x64 Linux kernel exploit (EXP/Linux.Small.AU):
The mail lead here:
• dns: 1 ›› ip: 199.79.62.93 - adresse: ZCB.CO.IN
And when you click on register...
• dns: 1 ›› ip: 50.28.73.7 - adresse: SCII.LIBERTYERESERVE.COM
PHP stuff can be found here: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2410&p=19111#p19111
EXP/Linux.Small.AU here: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2697#p19112
complementing xilibox, some hackers station having fun because email accounts and lr these scammers have been hacked, and he cocerteza website owner forumscc.com, mtfucker scammer,
ReplyDeletethis website forumscc.com and vulnerable to DOS attacks and SQLinjection, verify,,
ReplyDeletehttp://prntscr.com/12rehb
http://prntscr.com/12rgrz