home/login page.

I came across this site being spammed on many forums, and I wanted to look into this further. What kind of criminal spams his illegal website on a public forum that is probably monitored by the respective authorities? Probably not a smart one so I wanted to see what I could dig up just from the website and free tools, usable by anyone.

IP Lookup
Well the first thing I did was use a Firefox plugin called FlagFox. All I have to do is click the flag in the URL bar (which already shows the hosting country) and I get redirected to a site which shows a map, and the following details.

You can confirm these yourself by checking here:

So for starters, at least it’s not hosted in the US….so he’s safe…right?

So the next thing I did was look up the IP of the server hosting the content and were presented with the following information. So we can clearly see is the host. We’ve also got the contact information for their abuse & support departments should we require them. Next step? Let’s visit the FDCServers AUP (Acceptable Use Policy Website.)

Uh oh…FDC Servers do NOT support illegal activities. ( ) FDC servers are also hosted in the US, so that means we have a hacker / vendor who is selling credit card and financial data on a US hosted smart…either we have a honeypot, someone very desperate or an idiot.

What else can we do? Let’s check out the domain registrar. Finally, we’re seeing SOME sense. He’s enabled domain WHOIS privacy. Must be impossible to get busted from this right….

Well…let’s go and ask what they think;

Nope…Gossimer isn’t having any of that either. So we have a vendor, who is selling the financial data, which is illegal and has a domain that is from a US based site which strictly prohibits the use of their services for such activities…and is hosted on a US based site.

Honeypot / It’s a tarp!
Desperate individual who cannot afford off-shore hosting?
An idiot.

You decide.

If you’re going to enter the online cyber-crime world….at least do it properly.