Forum
Comments:
-
- on Wed 26 Aug 2009
- 07:07:59 PM UTC
....
WhoIs shows the owner has another site;
simianplay.com
Seems to be marketing related.
This particular site is hosted at 67.214.139.133, which is on the Invision network;
Invision.com, Inc. INVISION-NET-02 (NET-67-214-128-0-1)
67.214.128.0 - 67.214.143.255
The New York NOC, Inc. NYNOC-NET-01 (NET-67-214-139-0-1)
67.214.139.0 - 67.214.139.255http://hosts-file.net/?s=mmowned.com
In addition, one of the adverts on the mmowned.com forums sent NOD32 into a hissy fit;
hxxp://www.mmowned.com/adspot/adpeeps.php?bfunction=fetchad&uid=100000&cid=383830&aid=35&atype=2&bzone=left_bar_middle&bsize=160x600
Which loaded;
banner.adtrgt.com
Screenie:
http://hosts-file.net/misc/imgadtrgt.com_-_66.179....Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Wed 26 Aug 2009
- 07:19:07 PM UTC
Update ....
I've just spoken with Invision.com about this, and they've asked me to send them the information + evidence so they can take a look.
I'll post back if I hear back from them.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Wed 26 Aug 2009
- 07:36:31 PM UTC
Siteadvisor user comments
Siteadvisor user comments mentioned that the ad host used by this site performs browser exploits. I visited the site using a VM. I'd urge anyone else who visits to be cautious and, at the very least, use Firefox with NoScript installed.
-
- on Wed 26 Aug 2009
- 07:25:22 PM UTC
This is unfortunate if true,
This is unfortunate if true, as the rating is quite high...
-
- on Thu 27 Aug 2009
- 03:33:17 AM UTC
Scammers delight
You're right, the subforum ( www.mmowned.com/forums/wow-scams/ ) is kinda 'interesting'. At the top one can read this: "We do not condone scamming, this section is meant for people to read about scamming so they can prevent being scammed themselves.". Really..? Clicking 'WoW Scams' reveals this, as one of the subforums first stickies:
"Basically seen alot of Scamming team threads and the looking for a partner thread is kinda old so here is a new one that ALL you scammer people w/e can post in looking for/offering services.
Looking for a partner template to use:
How long have you been scamming:
What are your specialties and what fields do you have experience in (IE phishing, data mining, trade scamming, etc.)
What you have to offer in a partnership:
Your average weekly account intake:
Your average weekly gold intake:
What you hope to accomplish in a joint scamming effort:
Your MSN/AIM/Email whatever you want people to contact you by"
http://www.mmowned.com/forums/wow-scams-help/24018...There are plenty of replies to this thread, and none I read wanted to
"prevent being scammed themselves". Rather the opposite.This site looks like a scammers delight...
-
- on Fri 28 Aug 2009
- 08:48:59 PM UTC
You're an idiot, we were just moving ;)
I'm a moderator on the website, and no, you didn't have it killed lol
We were just moving hosts
http://mmowned.net has details on itAnd trust me, the scamming section is one of the most hated sections on the site, its full of noobish leechers... We delete keyloggers and the like, but the section really IS meant to protect you FROM scams x_x
Its kinda just blown up
And to the original poster, don't say we are a trading post for that sh*t. The site is devoted to exploits & cheats for mmos, not scamming.
-
- on Fri 28 Aug 2009
- 09:11:22 PM UTC
Just moving huh?
.... then explain why Invision informed me they'd shut off the hosting for the site, and further, explain why the sites owner sent me the following a few hours ago?
*********************************************************************************
Name: Roger Kipe
E-mail: [REMOVED]
How did you find us?: Other
... Other: I own mmowned.com
Site navigation: Very easy
Comments:Mr. Burn,
It is my understanding that you have instigated the shut down of one of my sites. This site is a large community that plays world of warcraft and they talk about it mostly. We have always removed anything that is malicious at the first site of it or at any complaint. If you have sent complaints to our host they have not forwarded them on to us. I take these things very seriously and would have resolved it immediately.
Do you have specific links to any malware or anything else that was on our site that I could take off when I get the sites up and running again. Also it should be noted that you claimed we develop and distribute
1. Exploits
2. Malware
3. Phishing packsThis is simply untrue. We are a community of users and while it is possible that someone posted a link to a URL that held a Malware program, it was certainly not developed or distributed by us. It would have harmed our users as well and we would have removed any such item as soon as we found out about it. We have several Moderators whos job it is to ensure these type of things do not take place.
Roger
*********************************************************************************Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Fri 28 Aug 2009
- 09:29:16 PM UTC
I can't explain that...
I can't explain that... But it is up http://mmowned.com/
-
- on Fri 28 Aug 2009
- 09:37:38 PM UTC
...
... as an addendum, I find your comment on the sites scorecard to be somewhat humerous;
"These people commenting on the site are mentioning something that 80% of the site feels wrongly about. But are being very extreme about it. They are against what is happening, but the site is NOT a scam. The admins of the site do not like the "scam" section, and is only there to increase the member count. None of the High ranked Forum members participate in discussing scamming methods."
If this was indeed the case, the forums admin/site owner, would NOT allow such content. Allowing it just to increase the member count makes the site just as guilty as the people posting the stuff.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Fri 28 Aug 2009
- 11:46:50 PM UTC
RE: Just moving huh?
Because their new office screwed up ;)
-
- on Fri 28 Aug 2009
- 11:52:25 PM UTC
....
Well fear not, we'll (myself, a contact at Invision, and several other people) be monitoring mmowned.com and .net, to see what type of content is presented, especially given the previous content, and rest assured, if it's the same as previously, I'll have the entire account closed, rather than just the content removed.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Sat 29 Aug 2009
- 12:02:52 AM UTC
.....
Given the .net site is related to the .com variant, the classification is actually valid.
Be sure to let me know which hosting company you move to, save me the 2 seconds to notice the IP change.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Fri 28 Aug 2009
- 11:57:49 PM UTC
Old office (NY) vs New
Old office (NY) vs New office (DC)
DC screwed up.
-
- on Sun 30 Aug 2009
- 05:38:38 AM UTC
response to Dragonshadow
I didn't imply that my evaluation of your entire site was exhaustive. But in my analysis, that particular forum served precisely that purpose.
That forum features, essentially, advertisements by phishing kit creators, followed by posts of praise and helpful suggestions by regular contributors. These kits do not exclusively comprise PE files, but some do, and I didn't see any attempt to moderate the discussion away from the distribution of files that can serve only the purpose of permitting those with malicious intent a clear path to engage in criminal conduct. In fact, the forum rules appear to solicit users to actively participate, and penalize those who register but fail to post useful messages, as "leechers."
There was extensive posting in that forum relating to current, ongoing attempted account-phishing schemes. For example, one very busy forum thread relates to a phishing scheme directed at gullible users, anxious to access the Cataclysm expansion pack. The scheme involves posting a video promising exclusive access to a "beta account" which requires users to provide account credentials to a web site. The phishing attempts, all of which use exactly the same video, but link to copies of the identical phish kit hosted on a multitude of free web hosting services, apparently continue to be posted to Youtube.
The source of the video, and exhaustive posting instructions from user "Jebus Fist" were packaged as a "how to phish for WoW accounts" step by step guide, not as a warning to others. Members of the forum were solicited to rate these "videos" highly on Youtube, and it appears that many of them did just that. The user received a lot of praise for his very accurate reproduction of Blizzard's branding and site design in the replica PHP page, as well as for the volume of accounts the scheme netted for participants.
Members also argued amongst themselves in another thread about "honor among thieves" when one of the members posted instructions to steal the text file containing stolen account details from unsophisticated phishers who failed to protect the file.
I was able to download about eight of the more comprehensive HTML and PHP phish kits, including this Jebus Fist one, as well as several PE phishers, and the source code to a phishing application written in Visual C++, links to which were all posted within topics in that forum. Of course, all of the files are hosted on free file sharing services like Rapidshare.
I have no problem with the vast majority of the site. Game botting is not my concern. But if the site does not condone this kind of activity, then why permit the forum to exist in the form it has taken at all? And if the forum really is designed as a "here's how not to get scammed" guide, why not strictly enforce the forum's own rules about not posting content that facilitates exactly that?
Yes, a small portion of your users appear to be engaged in criminal conduct, and their actions tarnish the reputation of your entire site. There's no way to separate the two groups through the mechanism of WOT, and it is somewhat of a blunt instrument. A good start would be to clean up that forum, and demonstrate your honest desire to prohibit this kind of behavior on your forums with strict controls.
-
- on Tue 01 Sep 2009
- 12:11:25 PM UTC
Understandable
Yay someone who actually knows how to talk to other people! *glares at steven*
Yea I agree with this, the section is stupid and phishers are retarded. In fact if I remember correctly Jebus' post was deleted 3? times. I myself do not have moderation powers over the scams section (that might change? I dunno) and as such can't hit it with the hammer I'd like to.
The section itself brings in alot of traffic and would hurt the site if we were to simple delete it. I would like to revamp the section (as do pretty much all of the staff) but that will have to be discussed at the next staff meeting (when? I have no idea). Until then we do what we can (deleting the hiiiighly illegal stuff like keyloggers, fraud, and hacking tutorials)
I think I was going to add another paragraph but I can't remember what I was going to say.
-
- on Sat 29 Aug 2009
- 12:01:24 AM UTC
Malware is not acceptable
Your comments are ok, but malware is not acceptable and will be dealt with. If that means the closing of the account, via MysteryFCM, then accept it.
~DragonMaster Jay, malware researcher,
Admin, helpmyos.com -
- on Sat 29 Aug 2009
- 12:04:06 AM UTC
I'm not the one running the
I'm not the one running the site, so I'm just saying its unfair to ding my site for the same reasons.
-
- on Sat 29 Aug 2009
- 12:06:57 AM UTC
Since you...
Directly support it....and it has the same name, just different extension (.com versus .net).
~DragonMaster Jay, malware researcher,
Admin, helpmyos.com -
- on Sat 29 Aug 2009
- 12:13:45 AM UTC
I bought the domain because
I bought the domain because mmowned.com gets alot of traffic and was then asked to put up a blog for the upcoming move >_>
And comments like what? The ones laughing at this page?
Edit: I can't even send a message to hphosts because my ip (that I just got a few days ago) is blacklisted? I move from .189.x to .190.x and suddenly everything thinks I'm a spammer.
-
- on Sat 29 Aug 2009
- 12:15:13 AM UTC
....
Given hpHosts is owned by me, you'd get the same response as I've given already.
As far as your IP being blacklisted, you can check the following to see which blacklist it's on;
http://temerc.com/Check_Spammers/
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Sat 29 Aug 2009
- 12:19:35 AM UTC
Yea its on fspamlist for
Yea its on fspamlist for both email and IP... I've never spammed from my email, granted I get alot of spam to it. My IP on the other hand, I have no idea whats up with it.
-
- on Sat 29 Aug 2009
- 12:23:46 AM UTC
....
Given you've said you just got the IP, chances are it was blacklisted due to whoever had it previously. You'd need to get in touch with the DNSBL that's black;listed it to find out when and why.
The IP DNSBL result will be displayed on the results page under "Checking DNS Blacklists".
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Sat 29 Aug 2009
- 01:44:02 AM UTC
....
Just a warning folks. mmowned.com is back online (and at the same IP address - moved host huh? I don't think so). NOD is still going nuts at the advert it did previously, due to the exploit present.
Ref:
http://hosts-file.net/?s=mmowned.comI've already fired off an e-mail to the hosting company, but anyone else that would like to send in an abuse report, you'll find the contact details for the hosting company in the Net-block information.
Regards
Steven Burn
Ur I.T. Mate Group / hpHosts
it-mate.co.uk / hosts-file.net -
- on Sat 29 Aug 2009
- 01:50:24 AM UTC
We had to come back online
We had to come back online to change hosts I guess? Dunno.
mmowned.com -- distributes "phish kits" but is green-lit
I've spent a little time browsing around this web forum. It is essentially a trading post for "phish kits" which can be used to defraud gamers.
The subforum http://www.mmowned.com/forums/wow-scams/ is of particular interest, because its members and the people who post messages there appear to have no qualms about the purpose of their creations: They are creating tools and webpage forgeries expressly for the purpose of committing fraud.
Please take a look at the site and rate accordingly, if you agree.