Suncoastscam
•Download as TXT, PDF•
0 likes•492 views
The document discusses a text scam involving Suncoast Schools Federal Credit Union. It provides details of a text message received requesting the recipient to call an 813 phone number. The sender of the text is traced to an IP address in Germany. Further investigation reveals the server hosting the website for the phone number is located in Germany and vulnerable to exploits, allowing remote access. Contact information is given for the domain registrar and hosting provider for the IP address and website.
![http://www.nbc-2.com/story/22240525/text-scam-involves-suncoast-schools-fcu
I seen you posted this^^
I tried to contact fcu and they was not open on Sunday and the lady that I did
get in touch with could only say they working on it..
I figure they would want the valuable intel behind who is doing this. Below this
email is a report of the computer/server that is making such calls/text messages
it is however located in Germany
I do not know which agency the FCU is working with to resolve such matter, I
also don’t know if there is a reward for information leading to the arrest of
whoever.
I will be tracing the server information details down (owner of server, ip
addresses of users logging into the server and such)
But so far the server has blocked my scans so I will haft to take a more
technical route.
Here is the information on the criminal behind such scam:
3:37pm sunday 8/4/2012 24 hour banking account center
suncoast fedreal credit union
http://www.suncoastfcu.org/Default.aspx?tabid=348
^^wrong number: Example: Please call us immediately at 866-515-0597.Verification
needed on your debit/ATM card. Thank You.
866-515-0597 goes to locksmith
Also their IIS server(webserver) is vulnerable to about 9 exploits I found which
allows remote access to the server.
I received a text message from 18132175090@tonline.com//Suncoast Schools FCU
alert. It was a text requesting me to call customer service at 813-217-5090.
Tracing route to tonline.com [217.6.164.164]
over a maximum of 30 hops:
1
2 ms
1 ms
1 ms 192.168.1.1
2
39 ms
22 ms
28 ms 71.196.112.1
3
10 ms
10 ms
9 ms xe-7-2-0-32767sur03.pompanobeach.fl.pompano.comcast.net [68.85.83.209]
4
16 ms
14 ms
14 ms te-0-7-0-5-ar03.northdade.fl.pompano.comcast.net
[162.151.2.221]
5
12 ms
14 ms
14 ms he-2-6-0-0-cr01.miami.fl.ibone.comcast.net
[68.86.95.217]
6
26 ms
30 ms
29 ms 68.86.88.217
7
40 ms
41 ms
42 ms he-0-4-0-0-cr01.ashburn.va.ibone.comcast.net
[68.86.89.153]
8
41 ms
42 ms
42 ms pos-0-1-0-0-pe01.ashburn.va.ibone.comcast.net
[68.86.86.30]
9
46 ms
46 ms
45 ms 80.150.169.197
10
130 ms
134 ms
133 ms f-eb9-i.F.DE.NET.DTAG.DE [62.154.16.114]
11
126 ms
128 ms
127 ms 80.156.161.230
12
*
*
*
Request timed out.
13
129 ms
128 ms
135 ms www.t-online.de [217.6.164.164]
Trace complete.
domain: tonline.com
registrant-hdl: RDT-DTA404
admin-c: RDT-DA550
tech-c: RDT-HTO1
zone-c: RDT-HTO1
nserver: dns00.sda.t-online.de](https://image.slidesharecdn.com/suncoastscam-140102155341-phpapp02/85/Suncoastscam-1-320.jpg)
Recommended
More Related Content
Viewers also liked
Viewers also liked (18)
More from Gregory Hanis
More from Gregory Hanis (14)
Recently uploaded
Recently uploaded (20)
Suncoastscam
- 1. http://www.nbc-2.com/story/22240525/text-scam-involves-suncoast-schools-fcu I seen you posted this^^ I tried to contact fcu and they was not open on Sunday and the lady that I did get in touch with could only say they working on it.. I figure they would want the valuable intel behind who is doing this. Below this email is a report of the computer/server that is making such calls/text messages it is however located in Germany I do not know which agency the FCU is working with to resolve such matter, I also don’t know if there is a reward for information leading to the arrest of whoever. I will be tracing the server information details down (owner of server, ip addresses of users logging into the server and such) But so far the server has blocked my scans so I will haft to take a more technical route. Here is the information on the criminal behind such scam: 3:37pm sunday 8/4/2012 24 hour banking account center suncoast fedreal credit union http://www.suncoastfcu.org/Default.aspx?tabid=348 ^^wrong number: Example: Please call us immediately at 866-515-0597.Verification needed on your debit/ATM card. Thank You. 866-515-0597 goes to locksmith Also their IIS server(webserver) is vulnerable to about 9 exploits I found which allows remote access to the server. I received a text message from 18132175090@tonline.com//Suncoast Schools FCU alert. It was a text requesting me to call customer service at 813-217-5090. Tracing route to tonline.com [217.6.164.164] over a maximum of 30 hops: 1 2 ms 1 ms 1 ms 192.168.1.1 2 39 ms 22 ms 28 ms 71.196.112.1 3 10 ms 10 ms 9 ms xe-7-2-0-32767sur03.pompanobeach.fl.pompano.comcast.net [68.85.83.209] 4 16 ms 14 ms 14 ms te-0-7-0-5-ar03.northdade.fl.pompano.comcast.net [162.151.2.221] 5 12 ms 14 ms 14 ms he-2-6-0-0-cr01.miami.fl.ibone.comcast.net [68.86.95.217] 6 26 ms 30 ms 29 ms 68.86.88.217 7 40 ms 41 ms 42 ms he-0-4-0-0-cr01.ashburn.va.ibone.comcast.net [68.86.89.153] 8 41 ms 42 ms 42 ms pos-0-1-0-0-pe01.ashburn.va.ibone.comcast.net [68.86.86.30] 9 46 ms 46 ms 45 ms 80.150.169.197 10 130 ms 134 ms 133 ms f-eb9-i.F.DE.NET.DTAG.DE [62.154.16.114] 11 126 ms 128 ms 127 ms 80.156.161.230 12 * * * Request timed out. 13 129 ms 128 ms 135 ms www.t-online.de [217.6.164.164] Trace complete. domain: tonline.com registrant-hdl: RDT-DTA404 admin-c: RDT-DA550 tech-c: RDT-HTO1 zone-c: RDT-HTO1 nserver: dns00.sda.t-online.de
- 2. nserver: dns01.sda.t-online.de nserver: dns00.sul.t-online.de nserver: dns01.sul.t-online.de status: connected changed: 2013-03-13 created: 2002-12-14 expires: 2013-12-14 source: DEUTSCHE TELEKOM AG nic-hdl: RDT-DTA404 type: org name of the organisation: Deutsche Telekom AG, Domainmanagement address: Friedrich-Ebert-Allee 140 pcode: D-53113 city: Bonn country: DE e-mail: domain-admin.bonn@telekom.de phone: +49 228 181 94033 fax-no: +49 228 181 94402 changed: 2011-08-24 source: DEUTSCHE TELEKOM AG nic-hdl: RDT-DA550 type: person firstname: domain lastname: admin name of the organisation: Deutsche Telekom AG, Domainmanagement address: Friedrich-Ebert-Allee 140 pcode: D-53113 city: Bonn country: DE e-mail: domain-admin.bonn@telekom.de phone: +49 228 181 94033 fax-no: +49 228 181 94402 changed: 2011-08-24 source: DEUTSCHE TELEKOM AG nic-hdl: RDT-HTO1 type: person firstname: Hostmaster lastname: T-Online name of the organisation: Deutsche Telekom AG, T-Com (T-Online) address: T-Online Allee 1 pcode: D-64295 city: Darmstadt country: DE e-mail: hostmaster@t-online.net phone: +49 6151 680 5938 fax-no: +49 6151 680 519 changed: 2006-06-11 source: DEUTSCHE TELEKOM AG inetnum: netname: descr: descr: country: admin-c: tech-c: status: mnt-by: source: 217.6.164.0 - 217.6.167.255 TOIAG-FFM-001 Deutsche Telekom AG Products & Innovation DE DTIP DTST ASSIGNED PA DTAG-NIC RIPE #Filtered
- 3. person: address: address: address: phone: fax-no: nic-hdl: mnt-by: source: DTAG Global IP-Addressing Deutsche Telekom AG D-90492 Nuernberg Germany +49 180 2 33 1000 +49 6151 6809399 DTIP DTAG-NIC RIPE #Filtered person: address: address: phone: fax-no: nic-hdl: mnt-by: source: Security Team Deutsche Telekom AG Germany +49 180 2 33 1000 +49 6151 6809399 DTST DTAG-NIC RIPE #Filtered