About a week ago I had the following transactions show up on my Visa Debit Card:
1.) 08/16/2007 Pos Debit IP-7STARSALES.COM $160.00
2.) 08/16/2007 Pos Debit IP-7STARSALES.COM $160.00
3.) 08/16/2007 Pos Debit IP-7STARSALES.COM $160.00
4.) 08/16/2007 Pos Debit IP-7STARSALES.COM $160.00
5.) 08/16/2007 Pos Debit IP-7STARSALES.COM $160.00
6.) 08/16/2007 Pos Debit IP-7STARSALES.COM $160.00
7.) 08/16/2007 Pos Debit IP-7STARSALES.COM $160.00
8.) 08/16/2007 Pos Debit IP-7STARSALES.COM $160.00
I couldn’t recall making a $160.00 purchase on August 16th, let alone eight purchases for that amount. Initially there were only two transactions on my account under the ‘pending’ section. I figured that I would keep my eye on the activity to see if it was just some erroneous error that would go away. When I checked my account less than an hour later.. there were five transactions. It was at that point that I phoned my bank’s 1-800 number. The bank representative informed me that since the transactions hadn’t completely gone through there wasn’t much the bank could do for me aside from cancel my card right away. I told that bank that I would wait until the next day and speak with a representative face-to-face at the local branch. The following morning I was informed that there actually 10 transactions, but the last two were denied. My banks policies are in question on their lack of a quick response to this activity, but that is another story. Later that evening there was another attempt at sending 10 transactions through for the same amount at the same website.
I cancelled my card, filled out the required paperwork to get my money back and open an investigation into the activity. A total of $3200.00 was attempted on my account, $2560.00 actually went through. Needless to say, I was a little irate.
When I got home I figured I’d try to find out a little more information about the website attached to the transactions. Sure enough.. the website is of shoddy construction and has ‘shady’ written all over it. They even prompt you to enter your credit card information to look up the questionable transactions and then try to use scare tactics to prevent you from going to your bank and deny the charges. I ran PING, WHOIS, TRACEROUTE, etc… which gave me the following info:
jon@lanai:~$ whois 205.214.216.112
Cable & Wireless (Barbados) Limited BDS-NET1 (NET-205-214-192-0-1)
205.214.192.0 - 205.214.223.255
St. Kitts & Nevis Telecommunications NET-SKB-SURF (NET-205-214-215-0-1)
205.214.215.0 - 205.214.216.255
# Enter ? for additional hints on searching ARIN's WHOIS database.
jonschroeder@lanai:~$ whois ip-7starsales.com
Registrar: INTERCOSMOS MEDIA GROUP, INC. D/B/A DIRECTNIC.COM
Whois Server: whois.directnic.com
Referral URL: http://www.directnic.com
Name Server: NS0.STKITTSDNS.COM
Name Server: NS1.STKITTSDNS.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 13-jul-2007
Creation Date: 12-jul-2007
Expiration Date: 12-jul-2008
>>> Last update of whois database: Sat, 18 Aug 2007 22:42:43 UTC <<<
Registrant:
Sys Admin
1058 The Amory Building
Victoria Road
Basseterre, Basseterre 0000
KN
12063392680
Fax:12063392680
Domain Name: IP-7STARSALES.COM
Joseph, Jason josephcorp@gmail.com
1058 The Amory Building
Victoria Road
Basseterre, Basseterre 0000
KN
12063392680
Fax:12063392680
Joseph, Jason josephcorp@gmail.com
1058 The Amory Building
Victoria Road
Basseterre, Basseterre 0000
KN
12063392680
Fax:12063392680
Record created on 07-12-2007
NS0.STKITTSDNS.COM 205.214.216.112
NS1.STKITTSDNS.COM 205.214.216.112
jonschroeder@lanai:~$ traceroute 205.214.216.112
traceroute to 205.214.216.112 (205.214.216.112), 30 hops max, 40 byte packets
1 192.168.0.1 (192.168.0.1) 0.891 ms 0.511 ms 0.458 ms
2 ??????????????????????????????com (1.1.1.1) 8.752 ms 9.156 ms 9.334 ms
3 //////////////////////////////// 8.662 ms 7.752 ms 8.581 ms
4 ge-2-2-0-ycr1.mcr.cw.net (208.175.252.105) 9.135 ms ge-1-2-0-ycr1.mcr.cw.net (208.175.252.9) 8.831 ms ge-2-2-0-ycr1.mcr.cw.net (208.175.252.105) 9.245 ms
5 so-2-0-0-bcr1.lnd.cw.net (166.63.163.225) 15.262 ms 15.930 ms 15.193 ms
6 ge-5-0-0-dcr2.lnd.cw.net (195.2.9.90) 15.300 ms 15.381 ms 15.697 ms
7 so-0-0-0-dcr2.nyk.cw.net (195.2.10.113) 85.844 ms 85.921 ms 85.892 ms
8 so-5-0-0-dcr1.nyk.cw.net (195.2.10.241) 86.278 ms 119.404 ms 85.925 ms
9 so-0-0-0-1-ecr1.mna.cw.net (195.2.10.206) 116.569 ms so-0-0-0-2-ecr1.mna.cw.net (195.2.17.2) 122.696 ms so-0-0-0-0-ecr1.mna.cw.net (195.2.3.22) 116.309 ms
10 cw-barbados-gw.mna.cw.net (195.2.6.198) 154.516 ms 154.826 ms 154.465 ms
11 cwgate1.caribsurf.com (205.214.192.10) 167.324 ms 166.643 ms 167.232 ms
12 bgi-skb.caribsurf.com (200.50.76.38) 156.986 ms 157.004 ms 155.648 ms
13 206.48.56.66 (206.48.56.66) 157.712 ms 157.545 ms 158.862 ms
14 205.214.216.26 (205.214.216.26) 159.886 ms 159.022 ms 159.339 ms
15 205.214.216.112 (205.214.216.112) 161.802 ms !C 159.798 ms !C 160.089 ms !C
I also discovered some other websites attached to the same IP ADDRESS (http://bestdeal4rx.com/cart.php) . More shady business store fronts for prescription type drugs, etc. Where is this Basseterre place? Quick check at Wikipedia revealed that it is down in the Caribbean. Also started doing some Google searches using the data from above and came across some other information. A blog called ‘Around The Crux’ discusses another fraudulent website (IP-MYSTORE.COM) with the same contact details as listed for IP-7STARSALES.COM. Another Google search for josephcorp@gmail.com reveals that other people have had similar problems over at the BingoPlayersUnion.com and still more information located here: 800Notes. It appears that quite a few sites starting with ‘IP-‘are fraudulent and connected with ‘The Armory Building’ down in Basseterre. I wonder if that building even exists. Their ISP, Cable & Wireless, should shut them down.
16 comments:
Hey, they should really be shutdown. if you have any information on how to do that you can send it to me at: zeaky65@yahoo.com
Today(9/10/2007) I got an email from my credit card(CHASE VISA) stating my available credit limit went below 40% so i QUICKLY checked it. there I saw 3 transactions for $200 paid to "IP-7STARSALES.COM" I IMMEDIATELY called my VISA and they fixed it but they also told me that a purchase of $3,210 was attempted in a yahoo store but was denied.
LETS TAKE EM DOWN!
There are some useful tools available here: http://www.remote-exploit.org/backtrack.html
Who are these people, and how did they get my debit card number? A transaction went through yesterday on my account for $200. Thankfully I have OCD and check the account daily. I canceled my card, and I got my money back. I have never used my card online for anything.
I have an idea. We can fly to their location and beat some ass. If we can't find them, we can have a great vacation.
I found your blog through a search on IP-7staresales.com. I checked my account this morning to find a $200 charge from them! My bank also can do nothing until it has posted, but suggested I call the company. When I called them, they said calls were answered between 8:30&5:00 in an Australian time zone.
If they're making fraudulent charges that are being successfully challenged, why are they still up and running? This is so frustrating.
I have recently been nailed by these Idiots on my Wife's Check card, for $200 once.
It was pending for 2 days and then I was able to dispute it and get the Money Credited back.
How the heck do they get the Card Info anyway?????
This stinks.
Have any of you ever purchased from Medsmex.com using the same credit card that was stolen from?
I've never heard of Medsmex.com. I went and checked out the website which claims, "MedsMex.com is the Official website of Medicine Mexico." I don't think I would use it to purchase anything. It does look a bit more 'official' than all the other websites that have been mentioned.
Yes- I did purchase something from Medsmex previously with the card. I'm thinking their site might not have been secure. That seems to be a common thread on http://800notes.com/Phone.aspx/1-605-413-4728 as well- online/international pharmacy sites.
MedsMex lists Todays Business Corp. as their administrative contact. But this company does not exist. The reason why I suspect MedsMex is because they manually key in credit cards just as the thief did that stole from my account. I mailed my information to the address they have listed for Todays Business Corp. I also couldn't find a record of MedsMex on whois.net. This all seems fishy to me. MedsMex may be legitimate, but I'm having a hard time believing they don't have something to do with it. With my new debit card I am going to purchase something again from Medsmex. If the same thing happens I am going to point the blame at them.
My Chase visa account was charged for $200 and $220 by the names IP-SALESBYWEB.COM and IP-7STARSALES.COM.
Both of which were fraud, I cncelled the card and asked for a dispute.
I checked my account this morning and found a $200 charge from these people at "IP-7STARSALES.COM" I called my bank (Wells Fargo) and they have canceled my card and I caqnnot use it now. I will have to wait 5 to 10 days for a new one but if I need it bad enough I can go into the bank and they will give me a temporary ATM card that will only work at thier ATM's.
I suspect that they are getting the card numbers one of 2 ways. Either we all have keyloggers on our computers and they are getting them that way or we all visited the same online merchant who's data has been violated. In the last month I have made online purchases at stamps.com, Amazon.com and 1800flowers.com. Has anyone else made purchases at these places prior to getting these fraudulent charges?
I think that I remember using my card at 1800flowers.com prior to my info being compromised. Will have to see if there is any information out there on 1800flowers.com customer data being hacked/compromised.
Hmmmmm..I think my Wife had used the card on Amazon.com...but about 6 months ago.
I wonder though if that could be it..or maybe an Intermediate vendor that they are going through.
Found your site searching the net..I too have a $200 charge on my card. I am MAD!!! I am calling the bank in the AM! How do they get those numbers????
Hello,
It is easy to travel with a Federation passport often without a Visa and if a Visa is required it is easily obtained.
john
Post a Comment