Our team has detected another what-appears-to-be Chinese scam, most probably another phishing site. You can get this link from the spam email with the link to http://i93g534lcopnl.blogspot.com. The Blog contains a Javascript that automatically redirects you to Putboth.com, where the Canadian Pharmacy fake is located. Apparently, the spammers use blogspot (Blogger) to hide the Phishing site, and it's a surprise that they managed to create fake Blogger accounts; this could only mean that the alleged master idiots had defeated Blogger's anti-spam protection. What can I say? Brilliant yet stupid!
Unfortunately, this idiotic trick pulled off by the so-called spammers (lowlifes) did not prevent them from being traced by our team.. So, where is the Phishing site hosted? It's China.. again!
Here are the complete details..
Status: ok
Registrar: XIN NET TECHNOLOGY CORPORATION
Referral URL: http://www.xinnet.com
Expiration Date: 2009-03-27
Creation Date: 2008-03-27
Last Update Date: 2008-03-28
Name Servers:
ns.xinnet.cn
ns.xinnetdns.com
ns2.xinnet.cn
ns2.xinnetdns.com
=============================
IP Address: 218.61.22.245
IP Location: China
Website Status: active
Server Type: nginx/0.5.35
Cache Date: 2008-04-03 12:14:23 MST
=============================
Domain Name:putboth.com
Registrant:
Haiwei Sun
NO.13,Zhongshan street,Guiyang City GuiZhou Province
550001
Administrative Contact:
SunHaiwei
Haiwei Sun
NO.13,Zhongshan street,Guiyang City GuiZhou Province
Guiyang Guizhou 550001
CN
tel: 851 4355128
fax: 851 4355128
Technical Contact:
SunHaiwei
Haiwei Sun
NO.13,Zhongshan street,Guiyang City GuiZhou Province
Guiyang Guizhou 550001
CN
tel: 4355128
fax: 4355128
Billing Contact:
SunHaiwei
Haiwei Sun
NO.13,Zhongshan street,Guiyang City GuiZhou Province
Guiyang Guizhou 550001
CN
tel: 4355128
fax: 4355128
Registration Date: 2008-03-27
Update Date: 2008-03-28
Expiration Date: 2009-03-27
Primary DNS: ns.xinnet.cn 210.51.171.209
Secondary DNS: ns.xinnetdns.com 210.51.170.66
Who are they?
WouldMillion.com and Putboth.com are hosted on the same host Xinnet.com. We cannot verify who the real people behind the dirty tricks, but we highly suspect that they could be of the same hacker group. There's doubt if they are really Chinese, but one thing's for sure, they are hiding behind proxies.
Thursday, April 3, 2008
Putboth.com: Another Chinese Scam?
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment