User is tricked with a fake Paypal login asking for details, here in German:
Once infos are transmitted the datas are sent to the panel.
Login:
Main:
Log manager:
Showing posts with label phishing. Show all posts
Showing posts with label phishing. Show all posts
Tuesday, 13 January 2015
Captain Barbarossa
Captain Barbarossa, is used for Paypal phishing and sold as phishing kit, the kit include an admin panel.
User is tricked with a fake Paypal login asking for details, here in German:
Once infos are transmitted the datas are sent to the panel.
Login:
Main:
Log manager:
User is tricked with a fake Paypal login asking for details, here in German:
Once infos are transmitted the datas are sent to the panel.
Login:
Main:
Log manager:
Saturday, 18 May 2013
Liberty Reserve Curl Scam script
Since i started to speak about fake carding shops and LR phishing, many requested me the scam script who start to become popular for an unknown reason.
Alright... let's make it public.
http://temari.fr/LRcurlScamScript.zip
Thanks for the Evangelion gift @unixfreakjp, appreciated :D
Alright... let's make it public.
http://temari.fr/LRcurlScamScript.zip
Friday, 10 May 2013
Cardingmaster.com carding shop
• dns: 1 ›› ip: 174.136.55.117 - adresse: CARDINGMASTER.COM
Mail:
Let's destroy another shop...
/home/cardingm/.lastlogin: 41.225.221.30
Admin IP used on shop: 41.227.48.25
Admin login:
Dashboard:
Edit news:
Ads manager:
Categories:
Edit category:
View cards:
Edit card:
Import card:
Export card:
Paypal:
Accounts:
Users:
Deposit history:
Order history:
Search card:
Send PM:
User edit:
Add user:
Send email to users:
Group manager:
Shop statistic:
Seller statistic:
Upgrade history:
Deposit history:
Order history:
Check history:
Shop settings:
Bonus manager:
Tools manager:
Spam tool:
The server was also used for phishing:
In 'normal' mode the shop look like this:
And yes it's déjà vu all over again, they use the Vampire.Vn Shop
Want a dump ? sure.
http://temari.fr/cardingmaster.com.zip
As this shop is new they have not alot of users, so i've included the php and shit to compensate.
credit card details are not included.
Mail:
Let's destroy another shop...
/home/cardingm/.lastlogin: 41.225.221.30
Admin IP used on shop: 41.227.48.25
Admin login:
Dashboard:
Edit news:
Ads manager:
Categories:
Edit category:
View cards:
Edit card:
Import card:
Export card:
Paypal:
Accounts:
Users:
Deposit history:
Order history:
Search card:
Send PM:
User edit:
Add user:
Send email to users:
Group manager:
Shop statistic:
Seller statistic:
Upgrade history:
Deposit history:
Order history:
Check history:
Shop settings:
Bonus manager:
Tools manager:
Spam tool:
The server was also used for phishing:
In 'normal' mode the shop look like this:
Want a dump ? sure.
http://temari.fr/cardingmaster.com.zip
As this shop is new they have not alot of users, so i've included the php and shit to compensate.
credit card details are not included.
Monday, 29 April 2013
Fake carding shops
Nothing new here, just three forums used to scam stupid people like carders.
It's always the same method: advertising via spam and to view the content you must pay a fee.
Our first forum is a phpbb with fake statistic.
• dns: 1 ›› ip: 50.7.199.110 - adresse: FORUMSCC.COM
Forum look's huge:
Users are charged a $0.5 LR fee to view forums:
Fake online users:
Second example, fake carding shop:
• dns: 1 ›› ip: 96.125.170.142 - adresse: MARALIMACLASSIC.COM.BR
The captcha is iframed:
When you complete the name field and click login you are redirected always to register.html
The site index is defaced by a random lammer:
register.html
When you click to register you are redirected on a fake Liberty Reserve page:
• dns: 1 ›› ip: 198.24.144.50 - adresse: SCI.LIBIRTYRESERVES.COM
Another fake site, probably do by the same guys:
Mailer:
Some other files found on the compromised server, cPanel bruteforcer:
Another cPanel bruteforcer:
Ac1db1tch3z x86/x64 Linux kernel exploit (EXP/Linux.Small.AU):
The mail lead here:
• dns: 1 ›› ip: 199.79.62.93 - adresse: ZCB.CO.IN
And when you click on register...
• dns: 1 ›› ip: 50.28.73.7 - adresse: SCII.LIBERTYERESERVE.COM
PHP stuff can be found here: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2410&p=19111#p19111
EXP/Linux.Small.AU here: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2697#p19112
It's always the same method: advertising via spam and to view the content you must pay a fee.
Our first forum is a phpbb with fake statistic.
• dns: 1 ›› ip: 50.7.199.110 - adresse: FORUMSCC.COM
Forum look's huge:
Users are charged a $0.5 LR fee to view forums:
Fake online users:
Second example, fake carding shop:
• dns: 1 ›› ip: 96.125.170.142 - adresse: MARALIMACLASSIC.COM.BR
The captcha is iframed:
When you complete the name field and click login you are redirected always to register.html
The site index is defaced by a random lammer:
register.html
When you click to register you are redirected on a fake Liberty Reserve page:
• dns: 1 ›› ip: 198.24.144.50 - adresse: SCI.LIBIRTYRESERVES.COM
Another fake site, probably do by the same guys:
The mail lead here:
• dns: 1 ›› ip: 199.79.62.93 - adresse: ZCB.CO.IN
• dns: 1 ›› ip: 50.28.73.7 - adresse: SCII.LIBERTYERESERVE.COM
PHP stuff can be found here: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2410&p=19111#p19111
EXP/Linux.Small.AU here: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2697#p19112
Subscribe to:
Comments (Atom)