Fake carding shops

Nothing new here, just three forums used to scam stupid people like carders.
It's always the same method: advertising via spam and to view the content you must pay a fee.

Our first forum is a phpbb with fake statistic.
• dns: 1 ›› ip: 50.7.199.110 - adresse: FORUMSCC.COM

Forum look's huge:

Users are charged a $0.5 LR fee to view forums:

Fake online users:

Second example, fake carding shop:
• dns: 1 ›› ip: 96.125.170.142 - adresse: MARALIMACLASSIC.COM.BR

The captcha is iframed:

When you complete the name field and click login you are redirected always to register.html

The site index is defaced by a random lammer:

register.html

When you click to register you are redirected on a fake Liberty Reserve page:
• dns: 1 ›› ip: 198.24.144.50 - adresse: SCI.LIBIRTYRESERVES.COM

Another fake site, probably do by the same guys:
Mailer:
Some other files found on the compromised server, cPanel bruteforcer:
Another cPanel bruteforcer:
Ac1db1tch3z x86/x64 Linux kernel exploit (EXP/Linux.Small.AU):

The mail lead here:
• dns: 1 ›› ip: 199.79.62.93 - adresse: ZCB.CO.IN
And when you click on register...
• dns: 1 ›› ip: 50.28.73.7 - adresse: SCII.LIBERTYERESERVE.COM

PHP stuff can be found here: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2410&p=19111#p19111
EXP/Linux.Small.AU here: http://www.kernelmode.info/forum/viewtopic.php?f=16&t=2697#p19112