All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
New Scam?
randvegeta
Member, Host Rep
**WARNING: BEWARE OF ALL LINKS BELOW. **
Got a new kind of scam.
Got some guy trying to get me to open an executable.
'Name' = Dakd
E-Mail = [email protected]
(Bare in mind the supplied E-Mail is probably not real given it's just what's been supplied at our live chat)
IP Address: 45.77.30.197 (a vultr IP in Japan)
Guy comes on to online chat, claims he needs 130 VPS. Says the requirements is too long to list either in a ticket or via live chat. Then proceeds to provide a link to: https://www.summerland.com.tw/upload/vps-104/vps.html
Domain / Website is likely compromised.
Clicking on that link attempts to download a .zip file.
The zip file contains a .dll .dat and .exe file.
Obviously I did not open it, but I did a little more digging.
If you go to https://www.summerland.com.tw/upload/vps-104/, you'll see a couple of other files, and if you click on the .html file (linked above) you'll see that your IP gets added to the ip.txt file.
Anyone else see this kind of scam? This is a first for me.
Anyone know what the executable does? Presumably it's some sort of trojan for remote control, or remote access... file system access probably. And they log the IPs so they know where they can connect to.
The guy is still on my live chat trying to convince me he's trying to buy 130 VMs... Are hosts really so desperate?
Comments
And now the files are gone.
This isn't a scam. This is script kiddy trying to be edgy by using social engineering. I would call it dumb hack attempt.
now you clicked on the link .. now you must dance.
btw, thank you.
Scam is the wrong word, but pretty sure people know what I mean given my rather lengthy description.
I've been doing this for like... 17 years and mostly these kinds of 'hack' attempts come in the form of a ticket with an attachment. But this guy is pushing the 'social engineering' thing pretty hard. He spent a good long while trying to convince me that the file was legit... Does it work?
Why do I care if he knows my IP? He can't do anything with that info...
You're welcome?
Well, he can ddos you.
Unless he's just finding IP's to DDoS. Seems odd that he would send you to an HTML file for his requirements. Clearly fishing for IPs.
"summerland" ... lol
I'd rather he ddos my home IP than my server's. Seems like a pointless undertaking though.
This guy tried with us several times, he said needs multiple VPS and all specs are in file and I should download and open it. Never downloaded and opened anything.
Can confirm, that used Japan IP from Vultr.
Edit " He spent a good long while trying to convince me that the file was legit "
Yes, the same here, even I asked to paste file information to pastebin.com . He told, that he can't
LOL
Is there any hope beyond the summerland?
Probably the same guy. Makes me wonder how many people actually fall for this. It's so obvious that I can't imagine it actually works on anyone.
Just send him a link to LEB next time. A good culling is needed for some of the hosts on there.
Clearly Social Scamgineering, don't get
fooledscammed.Tell him https://mzunguhosting.ml offers the best VPS with great speed & their network is fast!
You should have played it straight to confuse him.
"Looked at your file, and I think we can help you. We have services in all the locations listed there. You mention DDOS, and there is a small upcharge for that. We don't have E5s but can offer E3s at the same price. What other questions do you have?"
So, he's a LET reader.
That's fucking brilliant!
very fast my man!