Sunday, 11 July 2010
Evil network: Pegashosting Network / pegashosting.com 178.162.135.0/24 (AS28753)
This summary is not available. Please
click here to view the post.
Labels:
Black Hat,
Evil Network,
Ukraine
hiring-westunion.com scam email
This scam email is recruiting people for money laundering and other criminal activities using the fraudulent domain hiring-westunion.com:
Domain name: hiring-westunion.com
Registrant Contact:
PBsoft, inc
Harry Bishop Harry.PBishop@yahoo.com
818372-9865 fax: 818372-9865
2850 Luna Pl
Granada Hills CA 91344-1644
us
Administrative Contact:
Harry Bishop Harry.PBishop@yahoo.com
818372-9865 fax: 818372-9865
2850 Luna Pl
Granada Hills CA 91344-1644
us
Technical Contact:
Harry Bishop Harry.PBishop@yahoo.com
818372-9865 fax: 818372-9865
2850 Luna Pl
Granada Hills CA 91344-1644
us
Billing Contact:
Harry Bishop Harry.PBishop@yahoo.com
818372-9865 fax: 818372-9865
2850 Luna Pl
Granada Hills CA 91344-1644
us
DNS:
ns1.pegas-dns.org
ns2.pegas-dns.org
Created: 2010-06-22
Expires: 2011-06-22
The registrar is the scammer's favourite, BIZCN.com of China. The web server and mail is hosted on 178.162.135.108 on PegasHosting Network in the Ukraine. Email originated from 201.246.77.170, an ADSL subscriber in Chile.
This is not a real job, anything that they offer is likely to be some sort of criminal activity such as money laundering, parcel reshipping and other fraudulent back office functions.
Update 19/7/10: the spam is being sent out again, now hosted on 79.119.213.2 in Romania along with Westunionhiring.com - if you get this, send an abuse complain to the host at abuse -at- rcs-rds.ro
From: Molly LearyThis domain attempts to pass itself off as the legitimate Western Union company, it was registered a few days ago to what appears to be a real address but is almost definitely fake too:
Date: 11 July 2010 01:23
subject: Open Positions
Greetings
I’m addressing you on behalf of the HR department of a large company. Our company covers a wide range of businesses:
- real estate
– accounts opening
– undertaking services
– etc.
We need a person to fill the vacancy of a regional manager in Europe:
- salary 2.400 euro + bonus
- 2–3 working hours per day
- flexible work time
If you are ready to work as a regional manager in Europe send us the below information on email:
c v @ h i r i n g - w e s t u n i o n . c o m [please delete spaces before sending]
Full name:
Country:
E-mail:
Mobile phone-number:
Note! We are searching Europeans only!
Please, write your name and Telephone Number so that our manager could contact you and conduct an interview.
Domain name: hiring-westunion.com
Registrant Contact:
PBsoft, inc
Harry Bishop Harry.PBishop@yahoo.com
818372-9865 fax: 818372-9865
2850 Luna Pl
Granada Hills CA 91344-1644
us
Administrative Contact:
Harry Bishop Harry.PBishop@yahoo.com
818372-9865 fax: 818372-9865
2850 Luna Pl
Granada Hills CA 91344-1644
us
Technical Contact:
Harry Bishop Harry.PBishop@yahoo.com
818372-9865 fax: 818372-9865
2850 Luna Pl
Granada Hills CA 91344-1644
us
Billing Contact:
Harry Bishop Harry.PBishop@yahoo.com
818372-9865 fax: 818372-9865
2850 Luna Pl
Granada Hills CA 91344-1644
us
DNS:
ns1.pegas-dns.org
ns2.pegas-dns.org
Created: 2010-06-22
Expires: 2011-06-22
The registrar is the scammer's favourite, BIZCN.com of China. The web server and mail is hosted on 178.162.135.108 on PegasHosting Network in the Ukraine. Email originated from 201.246.77.170, an ADSL subscriber in Chile.
This is not a real job, anything that they offer is likely to be some sort of criminal activity such as money laundering, parcel reshipping and other fraudulent back office functions.
Update 19/7/10: the spam is being sent out again, now hosted on 79.119.213.2 in Romania along with Westunionhiring.com - if you get this, send an abuse complain to the host at abuse -at- rcs-rds.ro
Labels:
Job Offer Scams,
Lapatasker,
Money Mule,
Scams,
Spam,
Ukraine
Wednesday, 7 July 2010
Evil network: AS29106 (91.213.174.0/24) / VOLGAHOST
This summary is not available. Please
click here to view the post.
Labels:
Evil Network,
Malware,
Trojans
Tuesday, 6 July 2010
"Blackberry Storm Promotion" scam email
is fake email appears to have been created to flood an innocent party's mailbox with spam and generate unwanted phone calls (the number may well be a real one belonging to RIM in South Africa). BlackBerry / Research In Motion are nothing to do with this email, it is a hoax.. please ignore it and do not try to contact "Amanda". More on this scam here.
Subject: Blackberry Storm Promotion.
Dear All,
Blackberry is giving away free phones as part of their promotional drive.
All you need to do is send a copy of this email to 8 people; and you will receive your phone in less than 24 hrs.
Please note that if you send to more than 20 people you will receive two phones.
Please do not forget to send a copy to: amanda.lee@blackberry.com
With Regards,
Amanda Lee (Marketing Manager)
Office Number: 0027 11 7838512
Evil network: AS49544 (195.78.108.0/23) / GlobalRouting.eu
AS49544 is a network with IP addresses ranging from 195.78.108.1 - 195.78.109.255 which claims to be in the Netherlands, but may actually be in the Ukraine. The WHOIS details for the range are suspect as they refer to a domain globalrouting.eu which actually appears to be a legitimate weather forecasting service. Everything about the domain registration details smells of a hijack.. I would strongly suggest that contacting ipadmin@globalrouting.eu would be counter-productive in this instance, it may even be dangerous.
Out of the /23 there seem to be exactly zero legitimate sites, many of them are involved in malware distribution. It is probably worth blocking the entire IP address range. Google's safe browsing diagnostic for the AS is damning:
Sites hosted on the range include:
8porn-tube-free.info
All-tube-porn.biz
All-tube-porn.com
All-tube-porn.info
All-tube-porn.net
All-tube-porn.org
Free-checker-spyware.com
Free-checker-spyware.net
Free-checker-spyware.org
Free-download-host.info
Free-porn-tube8.biz
Free-spyware-checker.biz
Free-tube-adult.com
Free-tube-porn.net
Hot-porn-online.com
Hot-porn-tube.biz
Hot-porn-tube.info
Hot-porn-tube.net
Hot-porn-tube.org
Hot-tube-porn.com
Jeasoftware.info
My-adult-tube.com
My-free-tube.com
Now-download-host.com
Now-download-host.info
Now-download-host.net
Now-download-host.org
Now-download-hosting.biz
Now-download-hosting.com
Now-download-hosting.info
Now-download-hosting.net
Now-download-hosting.org
Online-porn-tube.com
Online-tube-porn.com
Pohsoft.info
Porn-tube-adult.com
Porn-tube-free.com
Porn-tube-free.info
Porn-tube-free.net
Porn-tube-free.org
Porn-tube8-free.biz
Porn-tube8-free.com
Porn-tube8-free.info
Porn-tube8-free.net
Porn-tube8-free.org
Retdownload.info
Riupdate.info
Spyware-checker.org
Spyware-free-checker.biz
Spyware-free-checker.com
Spyware-free-checker.info
Spyware-free-checker.net
Spyware-free-checker.org
Tmclean.info
Turboshare.biz
Goodelizrl.info
Kenyeiiaiqmyrick.info
Ligiaglrrandi.info
Milionarybook.info
Mynewgf.biz
Newgetpayday.com
Nyrmurrayriaci.info
Peierqqvangelena.info
Shopiping.com
Thissdomainwassoldd.com
Enrierrarell.info
Ath8net.com
Messorg.com
Adskape.biz
Adskape.com
Adskape.info
Adskape.net
Adskape.ru
Iner.kz
Misa.kz
Zragore.info
Afran.org
Augami.net
Otilard.com
Btgwert.net
Download-host-free.biz
Download-host-free.com
Download-host-free.org
Download-host-now.biz
Free-checker-malware.com
Free-checker-malware.net
Free-checker-malware.org
Free-checker-spyware.biz
Free-checker-spyware.info
Free-malware-checker.info
Free-malware-checker.net
Free-porn-tube8.info
Free-porn-tube8.net
Free-tube8-porn.com
Free-tube8-porn.info
Jkeowq.in
Kterot.in
Ktoewp.in
Kyjoer.in
Kypync.in
Kyuorr.in
Kyuwew.in
Leotpu.in
Lkctjo.in
Malware-checker-free.org
Malware-free-checker.com
Malware-free-checker.net
Malware-free-checker.org
Uwfjti.in
Myitunesclub.com
Mytunesclubs.com
Camption.com
Icpa-network.com
Matsion.com
Newitunesclub.com
Bogleanalytics.net
Pop-under.ru
Popunder.ru
4vodka.ru
Bastion.in
Bestgoldshow.com
Favarote.com
Freeodnoklassniki.info
Fullgsmcontrol.com
Goldsdirect.com
Homeinteriorview.com
Lastingviewestates.com
Mobiread.info
Myodnoklassniki.info
Odspy.com
Odspy.net
Odspy.org
Oknolens.info
Phonereader.ru
Proguard.in
Secretodnoklassniki.com
Sexsekret.com
Shpionodnoklassniki.com
Shpionvkontakte.com
Spy-odnoklassniki.com
Spy-vkontakte.com
Spyod.com
Spyvkontakte.info
Syserror.ru
Theodnoklassniki.info
V2kontakte.info
Viewbarworld.com
Vkontaktespy.info
Vkontaktus.ru
1000-ga.ru
1000-gektar.ru
1000g.ru
1001-ga.ru
1designs.ru
5vn.ru
B2b-site.ru
Chudomira.ru
Diplom-vam.ru
G1000.ru
Gek1000.ru
Gotovki77.ru
Hombrus.ru
Images-web.ru
Imagesweb.ru
Karkas-2900.ru
Karkas4dom.ru
Kredit-russia.info
Logvian.ru
M505.net
Mnogo-vakansii.ru
Mnogvak.ru
Netpost.su
Nsvp.ru
Prdomen.mobi
Prestiged.ru
Rabota-dlya-vas.ru
Royalmall.ru
Seminartut.ru
Uznaiseo.ru
Vam-pismo.su
Vip-osobnyak.ru
Yandex-top10.ru
Yandextop10.com
Z303.net
Liveinjamaika.info
Looking4reserve.com
Antivirus-on-line.net
Updates-online.net
Widnow-scanning-online.net
Golivnik.com
Ndnsgw.net
2u-panama.com
Big-push2010.com
Digitalway10.net
Drain-brain2.com
Foxcox555.com
Grainstudy.com
Kexpex123.com
Realdream4me.com
Admikasdom.com
Formgrabb.com
Kislota2010.com
Msmsmm.com
Noloader.com
Nowm32.com
Se-code.net
Secbanking.com
The-goodlike.com
Wstat.cn
Your best bet is to block the entire IP range and/or monitor for client traffic going to it.
Out of the /23 there seem to be exactly zero legitimate sites, many of them are involved in malware distribution. It is probably worth blocking the entire IP address range. Google's safe browsing diagnostic for the AS is damning:
What happened when Google visited sites hosted on this network?The suspect WHOIS details for the range are:
Of the 4157 site(s) we tested on this network over the past 90 days, 96 site(s), including, for example, stimulus.nu/, turisticki-aranzmani.com/, webconsulenti.net/, served content that resulted in malicious software being downloaded and installed without user consent.
The last time Google tested a site on this network was on 2010-07-05, and the last time suspicious content was found was on 2010-07-05.
Has this network hosted sites acting as intermediaries for further malware distribution?
Over the past 90 days, we found 73 site(s) on this network, including, for example, skottles.com/, baidustatz.com/, pinalbal.com/, that appeared to function as intermediaries for the infection of 9529 other site(s) including, for example, managerz.nl/, 189ppc.com/, czonline.net/.
Has this network hosted sites that have distributed malware?
Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 182 site(s), including, for example, convart.com/, skottles.com/, augami.net/, that infected 11610 other site(s), including, for example, managerz.nl/, forosdz.com/, 189ppc.com/.
inetnum: 195.78.108.0 - 195.78.109.255
netname: GlobalRouting-NL-NET
mnt-routes: SERVERBOOST-MNT
remarks: Global Routing
remarks: i3d rotterdam route
remarks: for abuse please contact ipadmin@globalrouting.eu
org: ORG-POIS1-RIPE
country: EU
admin-c: greu
tech-c: greu
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: globalrouting
mnt-lower: RIPE-NCC-END-MNT
mnt-routes: globalrouting
mnt-domains: globalrouting
source: RIPE # Filtered
descr: PI Obodovsky Ivan Sergeevich
organisation: ORG-POIS1-RIPE
org-name: Global Routing
org-type: OTHER
address: Piet Paaltjensplein 70, 3030 TZ Rotterdam, The Netherlands
e-mail: ipadmin@globalrouting.eu
mnt-ref: globalrouting
mnt-by: globalrouting
source: RIPE # Filtered
role: GlobalRouting contact role
address: Piet Paaltjensplein 70, 3030 TZ Rotterdam, The Netherlands
mnt-by: globalrouting
e-mail: ipadmin@globalrouting.eu
admin-c: rkgr
tech-c: rkgr
nic-hdl: greu
source: RIPE # Filtered
route: 195.78.108.0/23
descr: GLOBALROUTING
origin: AS49544
mnt-by: SERVERBOOST-MNT
source: RIPE # Filtered
netname: GlobalRouting-NL-NET
mnt-routes: SERVERBOOST-MNT
remarks: Global Routing
remarks: i3d rotterdam route
remarks: for abuse please contact ipadmin@globalrouting.eu
org: ORG-POIS1-RIPE
country: EU
admin-c: greu
tech-c: greu
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-by: globalrouting
mnt-lower: RIPE-NCC-END-MNT
mnt-routes: globalrouting
mnt-domains: globalrouting
source: RIPE # Filtered
descr: PI Obodovsky Ivan Sergeevich
organisation: ORG-POIS1-RIPE
org-name: Global Routing
org-type: OTHER
address: Piet Paaltjensplein 70, 3030 TZ Rotterdam, The Netherlands
e-mail: ipadmin@globalrouting.eu
mnt-ref: globalrouting
mnt-by: globalrouting
source: RIPE # Filtered
role: GlobalRouting contact role
address: Piet Paaltjensplein 70, 3030 TZ Rotterdam, The Netherlands
mnt-by: globalrouting
e-mail: ipadmin@globalrouting.eu
admin-c: rkgr
tech-c: rkgr
nic-hdl: greu
source: RIPE # Filtered
route: 195.78.108.0/23
descr: GLOBALROUTING
origin: AS49544
mnt-by: SERVERBOOST-MNT
source: RIPE # Filtered
Sites hosted on the range include:
8porn-tube-free.info
All-tube-porn.biz
All-tube-porn.com
All-tube-porn.info
All-tube-porn.net
All-tube-porn.org
Free-checker-spyware.com
Free-checker-spyware.net
Free-checker-spyware.org
Free-download-host.info
Free-porn-tube8.biz
Free-spyware-checker.biz
Free-tube-adult.com
Free-tube-porn.net
Hot-porn-online.com
Hot-porn-tube.biz
Hot-porn-tube.info
Hot-porn-tube.net
Hot-porn-tube.org
Hot-tube-porn.com
Jeasoftware.info
My-adult-tube.com
My-free-tube.com
Now-download-host.com
Now-download-host.info
Now-download-host.net
Now-download-host.org
Now-download-hosting.biz
Now-download-hosting.com
Now-download-hosting.info
Now-download-hosting.net
Now-download-hosting.org
Online-porn-tube.com
Online-tube-porn.com
Pohsoft.info
Porn-tube-adult.com
Porn-tube-free.com
Porn-tube-free.info
Porn-tube-free.net
Porn-tube-free.org
Porn-tube8-free.biz
Porn-tube8-free.com
Porn-tube8-free.info
Porn-tube8-free.net
Porn-tube8-free.org
Retdownload.info
Riupdate.info
Spyware-checker.org
Spyware-free-checker.biz
Spyware-free-checker.com
Spyware-free-checker.info
Spyware-free-checker.net
Spyware-free-checker.org
Tmclean.info
Turboshare.biz
Goodelizrl.info
Kenyeiiaiqmyrick.info
Ligiaglrrandi.info
Milionarybook.info
Mynewgf.biz
Newgetpayday.com
Nyrmurrayriaci.info
Peierqqvangelena.info
Shopiping.com
Thissdomainwassoldd.com
Enrierrarell.info
Ath8net.com
Messorg.com
Adskape.biz
Adskape.com
Adskape.info
Adskape.net
Adskape.ru
Iner.kz
Misa.kz
Zragore.info
Afran.org
Augami.net
Otilard.com
Btgwert.net
Download-host-free.biz
Download-host-free.com
Download-host-free.org
Download-host-now.biz
Free-checker-malware.com
Free-checker-malware.net
Free-checker-malware.org
Free-checker-spyware.biz
Free-checker-spyware.info
Free-malware-checker.info
Free-malware-checker.net
Free-porn-tube8.info
Free-porn-tube8.net
Free-tube8-porn.com
Free-tube8-porn.info
Jkeowq.in
Kterot.in
Ktoewp.in
Kyjoer.in
Kypync.in
Kyuorr.in
Kyuwew.in
Leotpu.in
Lkctjo.in
Malware-checker-free.org
Malware-free-checker.com
Malware-free-checker.net
Malware-free-checker.org
Uwfjti.in
Myitunesclub.com
Mytunesclubs.com
Camption.com
Icpa-network.com
Matsion.com
Newitunesclub.com
Bogleanalytics.net
Pop-under.ru
Popunder.ru
4vodka.ru
Bastion.in
Bestgoldshow.com
Favarote.com
Freeodnoklassniki.info
Fullgsmcontrol.com
Goldsdirect.com
Homeinteriorview.com
Lastingviewestates.com
Mobiread.info
Myodnoklassniki.info
Odspy.com
Odspy.net
Odspy.org
Oknolens.info
Phonereader.ru
Proguard.in
Secretodnoklassniki.com
Sexsekret.com
Shpionodnoklassniki.com
Shpionvkontakte.com
Spy-odnoklassniki.com
Spy-vkontakte.com
Spyod.com
Spyvkontakte.info
Syserror.ru
Theodnoklassniki.info
V2kontakte.info
Viewbarworld.com
Vkontaktespy.info
Vkontaktus.ru
1000-ga.ru
1000-gektar.ru
1000g.ru
1001-ga.ru
1designs.ru
5vn.ru
B2b-site.ru
Chudomira.ru
Diplom-vam.ru
G1000.ru
Gek1000.ru
Gotovki77.ru
Hombrus.ru
Images-web.ru
Imagesweb.ru
Karkas-2900.ru
Karkas4dom.ru
Kredit-russia.info
Logvian.ru
M505.net
Mnogo-vakansii.ru
Mnogvak.ru
Netpost.su
Nsvp.ru
Prdomen.mobi
Prestiged.ru
Rabota-dlya-vas.ru
Royalmall.ru
Seminartut.ru
Uznaiseo.ru
Vam-pismo.su
Vip-osobnyak.ru
Yandex-top10.ru
Yandextop10.com
Z303.net
Liveinjamaika.info
Looking4reserve.com
Antivirus-on-line.net
Updates-online.net
Widnow-scanning-online.net
Golivnik.com
Ndnsgw.net
2u-panama.com
Big-push2010.com
Digitalway10.net
Drain-brain2.com
Foxcox555.com
Grainstudy.com
Kexpex123.com
Realdream4me.com
Admikasdom.com
Formgrabb.com
Kislota2010.com
Msmsmm.com
Noloader.com
Nowm32.com
Se-code.net
Secbanking.com
The-goodlike.com
Wstat.cn
Your best bet is to block the entire IP range and/or monitor for client traffic going to it.
Labels:
.SU,
Evil Network,
Malware,
Trojans
Thursday, 1 July 2010
ultrasantifa.blogspot.com apparent Joe Job
This strange looking email plopped into my mailbox:
ultrasantifa.blogspot.com is (or rather was) a blog entitled "Antifa Ultras and Hooligans". Antifa means "anti-fascist", and this Russian language blog featured radical anti-fascist ideas and football, usually both at the same time. The blog linked to some other sites that might well be advocating violence, but there was certainly no way that this was a pro-fascist blog.
So, this appears to be a Joe Job and it also appears to have been successful as ultrasantifa.blogspot.com is currently 404ing. So, presumably neither Google (who hosted the blog) nor the people complaining about the spam actually checked the site..
Just for the record the email originated from 41.145.224.130, an IP address in South Africa, but I guess it's just part of a botnet-for-hire.
Date: 1 July 2010 07:31Given that fascists rarely seem to advertise themselves via spam and the whole language seems over the top I thought it looked a but suspect and worth of some further investigation.
subject: hola
We are european fascists ! Fight for racial purity ! Our time begins! We are strong and can build new Reich! Join to us! We call on all people visit out sites. On them you will find information about war against system! Sieg heil fascist, nordic nazi! Adresses of our sites you can see below: http://ultrasantifa.blogspot.com
ultrasantifa.blogspot.com is (or rather was) a blog entitled "Antifa Ultras and Hooligans". Antifa means "anti-fascist", and this Russian language blog featured radical anti-fascist ideas and football, usually both at the same time. The blog linked to some other sites that might well be advocating violence, but there was certainly no way that this was a pro-fascist blog.
So, this appears to be a Joe Job and it also appears to have been successful as ultrasantifa.blogspot.com is currently 404ing. So, presumably neither Google (who hosted the blog) nor the people complaining about the spam actually checked the site..
Just for the record the email originated from 41.145.224.130, an IP address in South Africa, but I guess it's just part of a botnet-for-hire.
Sagade Ltd is still evil
I blogged about AS6851 / Sagade Ltd / ATECH-SAGADE a little while ago. A Java-based drive-by download from one of their servers brought them to my attention again.
Basically, 91.188.59.0 - 91.188.59.255 is completely evil and has no legitimate use as far as I can see. Block this range if you can. At the moment the following sites are hosted, none of which appear to be good:
AS6851
1zabslwvn538n4i5tcjl.com
Urodinam.net
A-fast.com
Td0.ru
Fgavno.ru
Kerrimckeetq.info
Marguriiexyhamlin.info
Privatetechnology.biz
Systemcodec.net
Traffcash.biz
Maiamaribeihlv.info
Fastglobosearch.com
Kimirleonarda.info
Fastprosearch.com
Nitrosearch.info
Syscodec.net
System-codec.com
Mokato.com
Viasot.com
Brenz.pl
Chura.pl
Ghura.pl
Lometr.pl
Trenz.pl
Zief.pl
Best-web-365.com
Better-web-247.com
Better-web-365.com
Better-web-777.com
My-best-web.com
Pakwer.com
Facebook-hacking.com
Hack-vk.ru
Hacked-facebook.com
Hacks-centre.com
Icq-hk.com
Icq-lom.ru
Message-history.ru
Myspace-hk.com
Polomali.ru
Twitter-hk.com
Vk-lom.ru
Vzlomaem-kontakt.ru
Vzlomaem-vk.ru
Hitstable.com
Macromediasetup.com
Dewesan.cn
Domen-zaibisya.com
Get-money-now.net
Webgetsmart.com
Webmovedesigns.com
Mediagotech.com
Networkget.com
Webgetwisdom.com
Websitecoolgo.com
Edscorpor.com
Edsctrum.com
Edsletter.com
Edsnewter.com
Edsogos.com
Edsprofit.com
Edsrise.com
Edsspectr.com
Edstofee.com
Engduates.com
Blogslivehost.in
Freeblogshost.in
Mysuperblogs.in
Freeliveblog.in
Blogs4free.in
Host4blogs.in
Freehomeblogs.in
Myhomeblog.in
Webblog4you.in
Getfreeblog.in
Blogservice.in
Freejournal.in
Billsolutions.net
Fastsecurebilling.com
Fast-payments.com
Easypayments-online.com
Billingonline.net
Manytis.com
Winepsy.com
Yourprofitclub.net
Yourerolive.com
Bombastats.com
Happyinstalls.com
Pornowars.info
Superspuperporn.com
Pornopeace.info
Smackmybitch.info
Hnarmettis.com
Mnuyetsgrr.com
Nuvolokijj.com
Smackbybitch.com
Videosite1.com
Fuck-studies.com
Ns00ns11.com
Sys-mesage.com
Syssmessage.com
Sysstem-mesage.com
Traffic-server1.org
Traffic-source.org
Traffic-source1.org
Trafficserver1.org
Trafic-source.org
Traficserver.org
Viiistifor1.com
Visiocarii1l.net
Skachivay.com
Eupharmacie.eu
Propeciacheappills.com
Allforyouplus.net
Asianrapemovies.com
Hotfilesfordownload.com
Hotquickiefuck.com
Rape-rape-rape.com
Rapepornrape.com
Sasha-blonde.com
You-porn-movies.com
Youfoundporn.com
Youpornfiles.com
Allforil1i.com
Alltubeforfree.com
Allxtubevids.net
Downloadfreenow.in
Freeanalsextubemovies.com
Freetube06.com
Freeviewgogo.com
Homeamateurclips.com
Hotxtube.in
Hotxxxtubevideo.com
Iil10oil0.com
Ilio01ili1.com
Illinoli1l.in
Porn-tube-video.com
Porntube2000.com
Porntubefast.com
Viewnowfast.com
Viewxxxfreegall.net
Xhuilil1ii.com
Youvideoxxx.com
Cern-a.com
Xbasex.com
Asspuc.com
Bux.kz
Kinorik.com
Pussylover.in
Conikor.com
Igottrafa.in
Life-dvd.ru
Maydaydom1.in
Magnabent.com
Gillestmh.com
Gillestmh.info
Indyvettes.info
Perviewguide.com
Perviewguide.info
Tesmundo.info
Todostes.info
Allhomeinfo.com
Allhomeinfo.net
Cheapsoftware.cc
Deswelt.com
Deswelt.net
Rodfirst.com
Solaruploaderz.com
Kdjkfjskdfjlskdjf.com
Stablednsstuff.com
These sites are either involved in illegal activities or malware distribution, avoid them.
Basically, 91.188.59.0 - 91.188.59.255 is completely evil and has no legitimate use as far as I can see. Block this range if you can. At the moment the following sites are hosted, none of which appear to be good:
AS6851
1zabslwvn538n4i5tcjl.com
Urodinam.net
A-fast.com
Td0.ru
Fgavno.ru
Kerrimckeetq.info
Marguriiexyhamlin.info
Privatetechnology.biz
Systemcodec.net
Traffcash.biz
Maiamaribeihlv.info
Fastglobosearch.com
Kimirleonarda.info
Fastprosearch.com
Nitrosearch.info
Syscodec.net
System-codec.com
Mokato.com
Viasot.com
Brenz.pl
Chura.pl
Ghura.pl
Lometr.pl
Trenz.pl
Zief.pl
Best-web-365.com
Better-web-247.com
Better-web-365.com
Better-web-777.com
My-best-web.com
Pakwer.com
Facebook-hacking.com
Hack-vk.ru
Hacked-facebook.com
Hacks-centre.com
Icq-hk.com
Icq-lom.ru
Message-history.ru
Myspace-hk.com
Polomali.ru
Twitter-hk.com
Vk-lom.ru
Vzlomaem-kontakt.ru
Vzlomaem-vk.ru
Hitstable.com
Macromediasetup.com
Dewesan.cn
Domen-zaibisya.com
Get-money-now.net
Webgetsmart.com
Webmovedesigns.com
Mediagotech.com
Networkget.com
Webgetwisdom.com
Websitecoolgo.com
Edscorpor.com
Edsctrum.com
Edsletter.com
Edsnewter.com
Edsogos.com
Edsprofit.com
Edsrise.com
Edsspectr.com
Edstofee.com
Engduates.com
Blogslivehost.in
Freeblogshost.in
Mysuperblogs.in
Freeliveblog.in
Blogs4free.in
Host4blogs.in
Freehomeblogs.in
Myhomeblog.in
Webblog4you.in
Getfreeblog.in
Blogservice.in
Freejournal.in
Billsolutions.net
Fastsecurebilling.com
Fast-payments.com
Easypayments-online.com
Billingonline.net
Manytis.com
Winepsy.com
Yourprofitclub.net
Yourerolive.com
Bombastats.com
Happyinstalls.com
Pornowars.info
Superspuperporn.com
Pornopeace.info
Smackmybitch.info
Hnarmettis.com
Mnuyetsgrr.com
Nuvolokijj.com
Smackbybitch.com
Videosite1.com
Fuck-studies.com
Ns00ns11.com
Sys-mesage.com
Syssmessage.com
Sysstem-mesage.com
Traffic-server1.org
Traffic-source.org
Traffic-source1.org
Trafficserver1.org
Trafic-source.org
Traficserver.org
Viiistifor1.com
Visiocarii1l.net
Skachivay.com
Eupharmacie.eu
Propeciacheappills.com
Allforyouplus.net
Asianrapemovies.com
Hotfilesfordownload.com
Hotquickiefuck.com
Rape-rape-rape.com
Rapepornrape.com
Sasha-blonde.com
You-porn-movies.com
Youfoundporn.com
Youpornfiles.com
Allforil1i.com
Alltubeforfree.com
Allxtubevids.net
Downloadfreenow.in
Freeanalsextubemovies.com
Freetube06.com
Freeviewgogo.com
Homeamateurclips.com
Hotxtube.in
Hotxxxtubevideo.com
Iil10oil0.com
Ilio01ili1.com
Illinoli1l.in
Porn-tube-video.com
Porntube2000.com
Porntubefast.com
Viewnowfast.com
Viewxxxfreegall.net
Xhuilil1ii.com
Youvideoxxx.com
Cern-a.com
Xbasex.com
Asspuc.com
Bux.kz
Kinorik.com
Pussylover.in
Conikor.com
Igottrafa.in
Life-dvd.ru
Maydaydom1.in
Magnabent.com
Gillestmh.com
Gillestmh.info
Indyvettes.info
Perviewguide.com
Perviewguide.info
Tesmundo.info
Todostes.info
Allhomeinfo.com
Allhomeinfo.net
Cheapsoftware.cc
Deswelt.com
Deswelt.net
Rodfirst.com
Solaruploaderz.com
Kdjkfjskdfjlskdjf.com
Stablednsstuff.com
These sites are either involved in illegal activities or malware distribution, avoid them.
Labels:
Evil Network,
Latvia,
Malware,
Sagade Ltd
FIVE STARS GOLD MINING CO. LTD
Sometimes the dangers of fraud are worse than just losing money. This particular scam email seems to be designed to tempt you to travel to Ghana, where there's a fair chance that you might be kidnapped (as happened in this case). Although Nigeria has the worst reputation for fraud and kidnap in Africa, Ghana is not far behind.
A couple of other telltale signs that this particular spam is not legitimate are that it was sent to a nonexistant email address from a computer in Japan that had been compromised with a virus.
Gold costs about $40,000 per kilo, this scam email is offering 250 kg of quite pure gold for $24,000 when the true value would be closer to $10 million. Note that if you actually do travel to Ghana to inspect this "bargain gold" then you are also effectively saying that you have at least $24,000 in cash assets in the back.. you may as well write KIDNAP ME on your forehead!
A couple of other telltale signs that this particular spam is not legitimate are that it was sent to a nonexistant email address from a computer in Japan that had been compromised with a virus.
Gold costs about $40,000 per kilo, this scam email is offering 250 kg of quite pure gold for $24,000 when the true value would be closer to $10 million. Note that if you actually do travel to Ghana to inspect this "bargain gold" then you are also effectively saying that you have at least $24,000 in cash assets in the back.. you may as well write KIDNAP ME on your forehead!
From: FROM: FIVE STARS GOLD MINING CO. LTD.)
Reply-To: 5xminingoldaccra@discuz.org
Date: 30 June 2010 19:42
Subject: FROM: FIVE STARS GOLD MINING CO. LTD.)
Attention:
we are agent to FIVE STARS GOLD MINING CO. LTD. We are located in Accra, the Capital city of Ghana. We are a certified and duly registered agent dealing with a Gold Company in the Republic of Ghana. They have mining concessions in the Kumasi region and Western Regions of Ghana.
Their monthly product is between 275kgs to 325kgs. They have over 1000MT of Gold in our Storage.
At Present, we have Commodity: Gold (AU) Nuggets in GhanaOrigin: GhanaQuantity: 250kgsQuality: 23+ caratPurity: 98% ++Price: $24,000USDDelivery: Buyers destination.
we write to inform you that in other to proceed with our offer, we need the following information for necessary legal documentation.
1: Your Full Names.2: Your Mailing Address3: A scan copy of your international passport.4: Your Direct Mobile Number.
However, you will be require to make a contingent trip to Ghana to see the Gold. Kindly let us know how many kilos you are willing to buy at this time.
We will be happy to hear your desire to doing business with us. We can assure you that we will give you an appreciable offer. your passport this week. Hope to hear from you soon.Attach is a copy of the pictures.
Have a good day.
Mrs Joyce Kate.
Wednesday, 30 June 2010
German language money mule email
Money mule (money laundering) emails are pretty common in English, but this one is in German. It is really no different from any other scam job offer and should be avoided at all costs. In this case, the message solicits replies to a free email address at net.hr.
which translates roughly as:
Date: Wed, 30 Jun 2010 21:28:14 +0100
From: "Pauline wurth"
Subject: HI
Sehr geehrte Damen und Herren,
wir suchen zur Zeit aktive Mitarbeiter fuer lang und kurzfristige Arbeit in den Bereich Testeinkaufer und Kurier landesweit. Die Stellen sind ab sofort frei und sofort zu belegen.
Sie fragen sich bestimmt wie wir auf Sie aufmerksam geworden sind. Die Bundesagentur fur Arbeit hat uns Ihre Personaldaten ubermittelt, damit wir selbst mit Ihnen in den Kontakt treten konnten. Leider konnen wir auf der Etappe noch nicht eine personalisierte Anwerbung vornehmen und bitten Sie hoflichst um eine Entschuldigung und um Ihr Verstandnis fur die Tatsache, dass wir Sie nicht angerufen haben oder Sie noch nicht bei Ihrem Namen nennen.
Voraussetzungen die Sie mitbringen sollten:
- Computer-Grundkenntnisse Internet, Email, Drucken
- Puenktlichkeit und Genauigkeit
- telefonische erreichbarkeit
- Volljaehrig
Was wir Ihnen bieten:
- Abwechslungsreiche Taetigkeit
- Flexible Arbeitszeiten auch in Teilzeit
- Fortlaufendes Training durch verschiedene Aufgaben
- 5 Tage-Woche
- Urlaubsgeld / Weihnachtsgeld
Die Arbeitszeit betraegt 2-3 Stunden 5 Tage die Woche. Der Verdienst betraegt 1150 Euro pro monat netto. Sie koennen die Taetigkeit auch als Zweit-Beruf ausfuehren. Fuer Rentner sind die Stellen besonders gut geeignet. Ein Firmenfahrzeug stellen wir Ihnen auf Wunsch zur Verfuegung. Weitere Informationen gibt es nach einer kurzen Bewerbung.
Wenn wir Ihr Interesse geweckt haben, dann freuen wir uns auf Ihre Antwort mit kurzen Bewerbungen an unsere Bewerbung-Stelle: denispred@net.hr
which translates roughly as:
Ladies and Gentlemen,
We are currently looking for active employees for long and short-term work in the area of test purchasing and nationwide couriers. The positions are now free to be filled immediately.
You may wonder why you have heard from us. The Federal Agency for Labour has given us your personal data so that we could contact you directly. Unfortunately we can not at the stage yet to make a personalized recruitment message and ask politely for you to forgive us and for your understanding for the fact that we can not yet address you by name.
You should fulfill the following requirements:
- Basic computer skills Internet, Email, Printing
- Punctuality and precision
- Telephone accessibility
- Age of majority
What we offer:
- Varied activity
- Flexible working hours and part-time
- Ongoing training through various tasks
- 5 day week
- Holiday / Christmas money
The working time is 2-3 hours 5 days a week. The reward is €1150 per month net. You can choose the activity as a second job. Pensioners are particularly well suited to our jobs. A company car can be found on request. Further information is available after a short job application.
If we have aroused your interest, we look forward to your reply with short resumes to our application address: denispred@net.hr
Labels:
Germany,
Job Offer Scams,
Money Mule,
Scams
netmps.com scam job offer
Another scam email from a fake company calling itself NetTemps Inc (there are several legitimate companies with similar names though). The job itself is likely to be money laundering or some other illegal activity.
Plus a few related evil domains to avoid
Date: Wed, 30 Jun 2010 14:28:47 -0300WHOIS details are the usual rubbish:
From: "Crowell1924"
Subject: hiring
Looking for a job? My name is Juliette Barnes, I am a recruiting manager of NetTemps Inc, a recruiting agency for direct-hire, contract, and freelance professionals within various professions.
Today I would like introduce some part-time and virtual office vacancies in the spheres of Advertising, Education, Engineering, Finance, Health care, Information technology, Media, Real estate and Transportation.
If you are interested to learn more about the jobs offered, please get back to me, providing your name and contact number.
We are eager to help you find a better job and improve your career!
If you have questions, please do not hesitate to e-mail me on:
e u r o p e @ n e t m p s . c o m [please delete spaces in the email address before sending it to us]
Yours sincerely,
Juliette Barnes
NetTemps Inc
Registrant Name: Maria Varshavskaya
Registrant Organization: NA
Registrant Street1: ul. Elninskaya d.14 k.1 kv.10
Registrant Street2:
Registrant City: Moskva
Registrant State/Province: Moskva
Registrant Postal Code: 121615
Registrant Country: RU
Registrant Phone: 7.4959219347
Registrant Phone Ext.:
Registrant FAX: 7.4959219347
Registrant Email: rabid@fastermail.ru
Admin Name: Maria Varshavskaya
Admin Organization: NA
Admin Street1: ul. Elninskaya d.14 k.1 kv.10
Admin Street2:
Admin City: Moskva
Admin State/Province: Moskva
Admin Postal Code: 121615
Admin Country: RU
Admin Phone: 7.4959219347
Admin Phone Ext.:
Admin FAX: 7.4959219347
Admin Email: rabid@fastermail.ru
Billing Name: Maria Varshavskaya
Billing Organization: NA
Billing Street1: ul. Elninskaya d.14 k.1 kv.10
Billing Street2:
Billing City: Moskva
Billing State/Province: Moskva
Billing Postal Code: 121615
Billing Country: RU
Billing Phone: 7.4959219347
Billing Phone Ext.:
Billing FAX: 7.4959219347
Billing Email: rabid@fastermail.ru
Tech Name: Maria Varshavskaya
Tech Organization: NA
Tech Street1: ul. Elninskaya d.14 k.1 kv.10
Tech Street2:
Tech City: Moskva
Tech State/Province: Moskva
Tech Postal Code: 121615
Tech Country: RU
Tech Phone: 7.4959219347
Tech Phone Ext.:
Tech FAX: 7.4959219347
Tech Email: rabid@fastermail.ru
Name Servers:
ns1.loopcool.net
ns1.growthire.com
Registrant Organization: NA
Registrant Street1: ul. Elninskaya d.14 k.1 kv.10
Registrant Street2:
Registrant City: Moskva
Registrant State/Province: Moskva
Registrant Postal Code: 121615
Registrant Country: RU
Registrant Phone: 7.4959219347
Registrant Phone Ext.:
Registrant FAX: 7.4959219347
Registrant Email: rabid@fastermail.ru
Admin Name: Maria Varshavskaya
Admin Organization: NA
Admin Street1: ul. Elninskaya d.14 k.1 kv.10
Admin Street2:
Admin City: Moskva
Admin State/Province: Moskva
Admin Postal Code: 121615
Admin Country: RU
Admin Phone: 7.4959219347
Admin Phone Ext.:
Admin FAX: 7.4959219347
Admin Email: rabid@fastermail.ru
Billing Name: Maria Varshavskaya
Billing Organization: NA
Billing Street1: ul. Elninskaya d.14 k.1 kv.10
Billing Street2:
Billing City: Moskva
Billing State/Province: Moskva
Billing Postal Code: 121615
Billing Country: RU
Billing Phone: 7.4959219347
Billing Phone Ext.:
Billing FAX: 7.4959219347
Billing Email: rabid@fastermail.ru
Tech Name: Maria Varshavskaya
Tech Organization: NA
Tech Street1: ul. Elninskaya d.14 k.1 kv.10
Tech Street2:
Tech City: Moskva
Tech State/Province: Moskva
Tech Postal Code: 121615
Tech Country: RU
Tech Phone: 7.4959219347
Tech Phone Ext.:
Tech FAX: 7.4959219347
Tech Email: rabid@fastermail.ru
Name Servers:
ns1.loopcool.net
ns1.growthire.com
Plus a few related evil domains to avoid
- loopcool.net
- netmps.com
- netpts.org
- nettempsin.co.uk
- nettes.org
- nettms.eu
- nettms.net
- nettps.net
- growthire.com
Labels:
Job Offer Scams,
Lapatasker,
Money Mule,
NetTemps Inc
Tuesday, 22 June 2010
Virus / Malware on Nokia.com / miisolutions.net
Nokia.com appears to have been compromised through a third-party script:
europe.nokia.com (e.g. hxxp:||europe.nokia.com/support/download-software/nokia-pc-suite) ->
nokia.tt.omtrdc.net ->
omniture-nokia.secure.miisolutions.net ->
oploya.fancountblogger.com:8080
Details on the general attack can be found here. It appears that miisolutions.net has had malicious code injected into the script, rather than it being Nokia.com itself that has been hacked.At the time of writing the malicious code is still present.
Update: the infected page at miisolutions.net has been taken down.
europe.nokia.com (e.g. hxxp:||europe.nokia.com/support/download-software/nokia-pc-suite) ->
nokia.tt.omtrdc.net ->
omniture-nokia.secure.miisolutions.net ->
oploya.fancountblogger.com:8080
Details on the general attack can be found here. It appears that miisolutions.net has had malicious code injected into the script, rather than it being Nokia.com itself that has been hacked.At the time of writing the malicious code is still present.
Update: the infected page at miisolutions.net has been taken down.
Labels:
Injection Attacks,
Nokia,
Trojans,
Viruses
Wednesday, 16 June 2010
"OFFICIAL WARNING FROM FBI" scam
An old scam, pretty much the flipside of the usual Advanced Fee Fraud. This one preys upon innocent victims by accusing them of money laundering, but the details don't pan out. Quite apart from the ridiculous proposition and free email addresses used, phrases like "shady", "waded in", "graft" and exclamation marks are something you would never expect to see in an official communication from law enforcement. Besides, I really don't think that the FBI email you if they suspect you are up to terrorist activities..
From: Anti Graft.
Reply-to: antiterrorist.crimesdiv.2010@megafastmail.com
date 16 June 2010 09:37
subject OFFICIAL WARNING FROM FBI.
ANTI-TERRORIST AND MONETARY CRIMES DIVISION
FBI HEADQUARTERS IN WASHINGTON, D.C.
Federal Bureau Of Investigation.
FBI-Washington Field Office
601 4th Street, NW
Washington, DC 20535
Website: www.fbi.gov
Phone: 202-595-1344
DATE:15/06/2010
It has been discovered that your contract/inheritance/winning FUND was about being transferred to an unknown account under your name. This attempt was perpetrated by someone who claims to be working for you, and that you have given him due authority to have the FUND moved to the account specified below:
SOUTHWESTERN FEDERAL CREDIT UNION
WESCORP 924 OVERLAND COURT
SAN DIMAS, CA 91772. USA.
ACCOUNT NUMBER: 322079133
ABA/ROUTING NUMBER: 1220-41-21-9
SHARETYPE NO.: 25
FINAL CREDIT HABIB FENZI AND CO. (Beneficiary).
The Federal Bureau of Investigation (F.B.I.) waded in after being alerted by the supposed bank. We investigated and found that there is a possible money laundering activity in play.The FUND US$10,500,000.00(Ten Million Five Hundred Thousand United States Dollars) was found to be deposited in Bank of America in your name pending your consent to have it transferred to the new account indicated above. It was further revealed that initial FUND transfer originated from Nigeria to England and now here in Bank of America in USA.
These transfers did not follow due process in line with the international FUND transfer rules and regulation.Consequently,we suspect this be a terrorism funding, drug related fund deposit and/or money laundering. As stated above, the FUND has your name on it; and you must have it cleared of any connection with any of these illegal activities.Be informed that FAILURE to have this cleared out will attract a JAIL TERM.We will not hesitate to visit the full weight of the law upon you if you do not clear this fund.There is every indication that you are involved in this shady deal.
Finally, you are expected to have the CLEARANCE DOCUMENT obtain from where the FUND originated from to have you and your fund cleared. Only then shall we release your FUND as clean money devoid of any illegality, and you will be free of any involvement. To this end, you are to contact Mr. Peter Anderson of the Anti Graft Department of Economic and Financial Crimes Commission (E.F.C.C.) Nigeria and have the DIPLOMATIC IMMUNITY SEAL of TRANSFER (DIST) CLEARANCE DOCUMENT obtained. Contact him through this direct email address:efccantigraft.nigeria@megafastmail.com,Direct Line:+234 8028493286 Note that you have 72hrs to obtain this crucial Documentation.
This has to be cleared!
You are warned!
Faithfully Yours
Robert S. Mueller III
FBI Director
Federal Bureau Of Investigation.
FBI-Washington Field Office
601 4th Street, NW
Washington, DC 20535
www.fbi.gov
Tuesday, 15 June 2010
west-vacancy.com scam
This email from a wholly fake company called west-vacancy.com is really recruiting for a money laundering job or something very similar. The domain itself was registered just a few days ago to a no-doubt fake registrant. Mail is handled by Google, there is no website but in this case the email originated from 188.16.123.52 in Russia.
Domain name: west-vacancy.com
Name servers:
ns1.nameself.com
ns2.nameself.com
Registrant:
Aleksandr Lapatau
Email: lapatasker@earthling.net
Organization: Private person
Address: Lenina, 34, 8
City: Minsk
State: Minskaya
ZIP: 456123
Country: BY
For what it is worth, these are the registrant details of the fake domain:
Date: 15 June 2010 12:32
Subject: vacancy number 358
I introduce a large multinational enterprise the co-worker of the HR department of which I am. Our company has been working in different fields, such as:
- companies setting-up
- companies winding-up
- opening accounts in Europe
- etc.
We need employees in Europe:
- salary 2.400 euro + bonus
- 1 - 2 working hours per day
- free timetable
If you are interested in this job, please, send us your contact information: Cornell@west-vacancy.com
Name:
Surname:
Country:
E-mail:
Mobile phone-number:
Be informed! Candidates from Europe are needed only
Please, write your Telephone Number and our manager will contact you to conduct an interview.
Domain name: west-vacancy.com
Name servers:
ns1.nameself.com
ns2.nameself.com
Registrant:
Aleksandr Lapatau
Email: lapatasker@earthling.net
Organization: Private person
Address: Lenina, 34, 8
City: Minsk
State: Minskaya
ZIP: 456123
Country: BY
Labels:
Money Mule,
Scams,
Spam
Monday, 14 June 2010
Terminally confused 419er
This is just a straight advanced fee fraud scam, but the scammer seems to want to through in the names of Yahoo, Nokia AND Microsoft into the same fraudulent pitch. Just to add overkill, it's from a "Reverend" too, which a bunch of email addresses which are frankly all over the shop. Oh yes, the originating IP is Argentina of all places.
From: CONGRATULATION FROM YAHOO COMPANY THAILAND <lotto_officethai2@btinternet.com>
Reply-to: revralphdelahay@w.cn
Date: 14 June 2010 13:28
Subject: CONGRATULATION FROM YAHOO COMPANY THAILAND
Microsoft Award Team.
ADDRESS: NOKIA THAILAND OFFICE
105/33 BANGKOK THAI TWR.,
108 SIAM ROAD.,
BANGKOK, 10400,
KINGDOM OF THAILAND.
Batch: 12/25/0340
Dear Winner
This is to inform you that you have won a prize money of $2,000,000,00 (Two Million United state dollars) for the Edition 2010 Lottery promotion which is organized by YAHOO LOTTERY INC & WINDOWS LIVE.YAHOO & MICROSOFT WINDOWS, collects all the email addresses of people that are active online, among the millions that subscribed to Yahoo and Hotmail we only select ten people every Month as our winners through electronic balloting System without the winner applying, we Congratulate you for being one of the people selected.
PAYMENT OF PRIZE AND CLAIM
You are to contact your Claims Agent with immediate effect to facilitate the protocol of your winning prize before the expiry date of Claim; Winners shall be paid in accordance with his/her Settlement Centre. Prize must be claimed not later than 15 days from date of Draw Notification after the Draw date in which Prize has won. Any prize not claimed within this period will be forfeited. These are your identification numbers:
Batch number....................12/25/0340
Ref number.......................Ref: MSN-L/200-26937
Winning number...................YM09788
You are therefore advised to send the following information to to this office so that we facilitate the claims of your prize to you.
1. Full name.............
2. Country..............
3. Contact Address........
4. Telephone Number.....
5. Marital Status........
6. Occupation.............
7. Company...............
8. Age.....................
Please Note:
Your Lottery Prize must be claimed not later than 15 days from date of Draw Notification after the Draw date in which Prize has won. Any prize not claimed within this period will be forfeited.
Congratulations!! Once again.
Yours in service,
REV.RALPH DELAHAY
(Operation Manager)
Yahoo International Promotion Center
Email: thailand.lotto@yahoo.com
Bangkok 10400
Kingdom of Thailand
Labels:
419,
Advanced Fee Fraud,
Scams,
Spam
Phishtank FAIL: hsbcnet.com / hsbc.net
hsbcnet.com is a valid and legitimate website belonging to HSBC. Traffic is redirected to this site from hsbc.net. The site itself is hosted on AS26381 63.111.163.110 which is delegated to an HSBC subsiduary called Household International from Verizon. The hsbcnet.com was registered in 1998 to a registrant with an hsbc.com web address:
Registrant:
HSBC
One HSBC Center
Floor 21 - HTS eBusiness
Buffalo, NY 14203
US
Domain Name: HSBCNET.COM
Administrative Contact, Technical Contact:
Fischer, Chuck charles.fischer -at- us.hsbc.com
HSBC Bank USA
One HSBC Bank
eBusiness, 21st Floor
Buffalo,, NY 14203
US
(716) 841-2075 fax: (716) 841-5022
Record expires on 04-Dec-2010.
Record created on 04-Dec-1998.
Database last updated on 14-Jun-2010 04:41:11 EDT.
Domain servers in listed order:
NS3.HSBC.COM
NS4.HSBC.COM
It's clearly not a phishing site, and yet Phishtank say that it is.
Now, Phishtank does just allow any old user to mark a site as phishing. In this case, the site was submitted by a user called dvk01 and then verified by SEVEN other people as a phish - stuartgrant knack NotBuyingIt cybercrime marcoadfox Aminof theGeezer - although some people have said that it isn't. As a result of this faulty groupthink, 71% of reports say that this legitimate site is a phish.
This false positive has now filtered down to OpenDNS and a number of other blocking services (e.g. Sophos) that are now erroneously blocking access to HSBC.
Don't get me wrong, Phishtank and other similar service can be very useful. But in this case it shows that Phishtank's verification process really doesn't work.. as any actual examination of the web site in question would surely identify is as legitimate.
Registrant:
HSBC
One HSBC Center
Floor 21 - HTS eBusiness
Buffalo, NY 14203
US
Domain Name: HSBCNET.COM
Administrative Contact, Technical Contact:
Fischer, Chuck charles.fischer -at- us.hsbc.com
HSBC Bank USA
One HSBC Bank
eBusiness, 21st Floor
Buffalo,, NY 14203
US
(716) 841-2075 fax: (716) 841-5022
Record expires on 04-Dec-2010.
Record created on 04-Dec-1998.
Database last updated on 14-Jun-2010 04:41:11 EDT.
Domain servers in listed order:
NS3.HSBC.COM
NS4.HSBC.COM
It's clearly not a phishing site, and yet Phishtank say that it is.
Now, Phishtank does just allow any old user to mark a site as phishing. In this case, the site was submitted by a user called dvk01 and then verified by SEVEN other people as a phish - stuartgrant knack NotBuyingIt cybercrime marcoadfox Aminof theGeezer - although some people have said that it isn't. As a result of this faulty groupthink, 71% of reports say that this legitimate site is a phish.
This false positive has now filtered down to OpenDNS and a number of other blocking services (e.g. Sophos) that are now erroneously blocking access to HSBC.
Don't get me wrong, Phishtank and other similar service can be very useful. But in this case it shows that Phishtank's verification process really doesn't work.. as any actual examination of the web site in question would surely identify is as legitimate.
Wednesday, 2 June 2010
"llona Timofeeva" scam
There are probably lots of people called llona Timofeeva who are perfectly trustworthy, but this job offer from a "llona Timofeeva" is not.. and it is almost definitely a made up name. So if you are llona Timofeeva, then this is probably not about you.
From: Illona TimofeevaWhat is it? Well, it's a straightforward money laundering scam using the hook of cute, fluffy and defenceless animals to get you interested. Avoid.
Date: 2 June 2010 20:04
Subject: Part-time job
My name is Illona Timofeeva, I am Director of an EastEuropean humane society S_O_S.
We have organized an animal shelter providing veterinary services, management and sterilization.
A lot of our pets have been adopted and taken care of. But now we are facing difficulties
with acceptance of donations and contributions for our shelter in your region,
that is why we are looking for a manager of our corporate account in UK.
This is a part-time job offer which would not interfere with your day job.
You may earn as much as P3,000 per month or more. In case you are interested in this offer,
we look forward to receiving your CV or brief information about yourself to our email HumaneSociety_sos@lavabit.com
We shall write you back as soon as possible and state the terms of this job offer.
Sincerely yours,
Illona Timofeeva
Director
SOSHumane Society
Labels:
Job Offer Scams,
Money Mule,
Scams,
Spam
Tuesday, 1 June 2010
Another spam using BonBon.net for replies
There have been a stack of fake job offers soliciting replies to a BonBon.net email address lately. These emails don't actually come from BonBon.net, but they are seeking a reply to a mailbox using that domain.
I was unfamiliar with this mail service, but a bit of research shows that it belongs to HotPOP who have been around since 1998 and have a pretty good anti-spam policy and seem to be a pretty decent bunch.. so my advice is that if you get a spam trying to get you to reply to BonBon.net then forward a copy to abuse -at - hotpop.com.
I was unfamiliar with this mail service, but a bit of research shows that it belongs to HotPOP who have been around since 1998 and have a pretty good anti-spam policy and seem to be a pretty decent bunch.. so my advice is that if you get a spam trying to get you to reply to BonBon.net then forward a copy to abuse -at - hotpop.com.
From: Emilio RichardsonThis really is just another Money Mule operation or similar, avoid at all costs.
Date: 1 June 2010 02:40
Subject: Vacancy
Req'd Education: High School
Citizenship or Work-Visa: YES
Base Pay: 72,000/year
Employee Type: Part-Time/Home-Based
Bonus: Yes
Description:
If you want to work in a strong developing team, in which you can feel like in your family, this position is for you! Our company is looking for local customer service managers. You will have good career opportunities and will enjoy friendly working atmosphere of our team.
Requirements:
High School required. PC and Internet, MS Office or compatible. Must have strong writing and communication skills.
To Apply:
Forward your contact details back ONLY to our e-mail: manager03ltd@BonBon.net
and wait for response next 24h - 48h. Resume-containing only.
Labels:
Job Offer Scams,
Money Mule,
Scams,
Spam
Tuesday, 25 May 2010
job4-us.com fake job offer
Run by the same crew as this scam, this fake job offer is a "money mule" operation laundering stolen funds, under the guise of payment processor for a car sales company. The entire job4-us.com domain is fake, any email purporting to be from that address are bogus.
As before, the site is hosted on 195.206.246.210 in Moldova, on the same server as europjob.com, with the same registrant details which are probably fake:
Registrant:
Maksim Rodkin
Email: roddsn@post.com
Organization: Private person
Address: Miichurinskij prospekt, d.10-2, kv. 144
City: Moskva
State: Moskovskaya
ZIP: 178234
Country: RU
Phone: +7.4956783214
Date: 25 May 2010 11:22
Subject: A car store is looking for remote employees. (US)
My name is Lisa and our company is looking to fulfill several part time positions in your region. We are one of the largest internet solutions resellers on the market and are looking to build strong support team in United States to provide the best Customer Care.
Title of the current position available is “Payment Processing Assistant” and we have seven openings.
An ideal applicant for this position must meet the following requirements:
* At least 22 years of age
* Resident of United States of America
* Very observant and able to focus on details
* Patient
* Trustworthy
* Practical
* Loves to learn
* Explains well in writing
* Handles deadlines
* Bank account
* Full internet access (at home or at work)
Benefits:
* 50% of the monthly cell phone bill is covered by the company
* Monthly salary starting at $2000(after a month evaluation period)
* 5% commission for every processed transfer
* Banking, Western Union and Money Gram fees is be covered by the company
If you are interested please reply to: Kaitlin@job4-us.com
As before, the site is hosted on 195.206.246.210 in Moldova, on the same server as europjob.com, with the same registrant details which are probably fake:
Registrant:
Maksim Rodkin
Email: roddsn@post.com
Organization: Private person
Address: Miichurinskij prospekt, d.10-2, kv. 144
City: Moskva
State: Moskovskaya
ZIP: 178234
Country: RU
Phone: +7.4956783214
Labels:
Job Offer Scams,
Lapatasker,
Money Mule,
Scams,
Spam
Evil Network: Maximus Hosting Services, Bosnia 77.78.239.0 - 77.78.240.255
A bunch of sites in the IP range 77.78.239.0 - 77.78.240.255 look all evil and appear to be serving up bad PDFs and other nastiness. IPs are allocated to Maximus Hosting Services, Bosnia and honestly I cannot see a single domain that looks legitimate.. I would suggest that you block the entire range.
1iii.org
2iii.org
Poteriapoter.com
Dwnld0020.com
Hyporesist.com
Newsbosnia.org
Search-static.org
Spmfb2299.com
Spmfb3309.com
Crowledarmor.com
Statxonline.com
Xsbot.net
Exfxreporting.com
Planopetroleumteam.com
Acunetxweb.net
Macuysinstall.net
1-aa.com
Caucasus-a.com
Pa-2.net
G000ggle.com
Zettapetta.net
Google-server14.info
Top-teen-porn.info
Google-server11.info
Kalashmalash.org
Ruslan7777.com
Bazavaza233.net
Shalalopdns.com
Vstils.ru
Tygolev.com
Hostingpanelavg.com
Homesiteuk.com
Vk-socks.net
Lrstat.com
Statistics-of-world.org
Eu-analytics.com
1iii.org
2iii.org
Poteriapoter.com
Dwnld0020.com
Hyporesist.com
Newsbosnia.org
Search-static.org
Spmfb2299.com
Spmfb3309.com
Crowledarmor.com
Statxonline.com
Xsbot.net
Exfxreporting.com
Planopetroleumteam.com
Acunetxweb.net
Macuysinstall.net
1-aa.com
Caucasus-a.com
Pa-2.net
G000ggle.com
Zettapetta.net
Google-server14.info
Top-teen-porn.info
Google-server11.info
Kalashmalash.org
Ruslan7777.com
Bazavaza233.net
Shalalopdns.com
Vstils.ru
Tygolev.com
Hostingpanelavg.com
Homesiteuk.com
Vk-socks.net
Lrstat.com
Statistics-of-world.org
Eu-analytics.com
Labels:
Bosnia,
Evil Network,
Malware,
Viruses
Wednesday, 19 May 2010
"Re: Intercepted Over Due Fund Transfer!!!" scam
This isn't the first time that we've seen a scam email pretending to be from the UN, but they are often slightly amusing in their pitch. The idea here is that the scammers are targeting people who have already been ripped off with the promise of compensation. Presumably the success rate with this approach makes it worth doing.
Unsurprisingly, the telephone number listed is in Nigeria. Avoid.
Unsurprisingly, the telephone number listed is in Nigeria. Avoid.
From: United Nations <info@un.org>
Reply-to: cenbankng@ml1.net
Date: 19 May 2010 02:40
Subject: Re: Intercepted Over Due Fund Transfer!!!
United Nations
Palais des Nations,
1211 Geneva 10,
Switzerland
Subject: Re: Intercepted Over Due Fund Transfer
Attention: Beneficiary,
In the last meeting between the United Nations OCHA and UNDP hold Copenhagen, 19 Febraury 2010-After a marathon all night session, talks aimed at injecting new and more wide-ranging momentum into the international effort to combat climate change, global recession and scam ended with a positive outcome.
The United Nations and U.S department for Homeland security has meet with delegate from Africa, Asia, Australia, Antarctica, North America, South America and Europe has agreed to Pay scam victims around the world the sum $10.8Million USD as compensation so the money could be use to combat unemployment and help people like you make the world a better place. The United States Department of Homeland Security (DHS), with the help of the FBI and Interpol Has screened through various Monitoring Networks and has been confirmed and notified that the transaction is Legal and you have the Lawful Right to claim your due fund.
To effect and carry out the directives given, you are advised to contact Dr David Wills
Dr David Wills.
International Claims Officer
Telephone: +234 8039393143
E-Mail: cenbankng@ml1.net
You have been instructed on what to do next you are strictly advice to follow his instruction so as to follow into the hands of fraudster,
Yours Faithfully,
Yvette Morris (UN)
Public Relation officer
Tuesday, 18 May 2010
europjob.com fake job offer
This fake job offer comes with a Moldovan and Russian connection.
Registrant:
Maksim Rodkin
Email: roddsn@post.com
Organization: Private person
Address: Miichurinskij prospekt, d.10-2, kv. 144
City: Moskva
State: Moskovskaya
ZIP: 178234
Country: RU
Phone: +7.4956783214
It's not clear what the job is, probably money laundering or some other criminal back office service. Avoid.
Date: 18 May 2010 20:52The europjob.com domain was registered just yesterday and is hosted on 195.206.246.210 at Starnet in Moldova. The WHOIS details show the infamous "Private Person" as a registrant with an email address frequently connected with scams.
Subject: good day!
International Real Estate Consulting Company seeking local representation
Countries of interest: Austria, Belgium, Bulgaria, Hungary ,Greece, Denmark, Ireland, Cyprus, Lithuania, France, Sweden
Luxembourg, Malta, Netherlands, Poland, Slovakia, Slovenia, Portugal, Romania, Finland, Czech, Estonia
Tasks of the representation to consist of liaison and intermediation in financial transactions.
Good and prolonged relations history with local financial institutions is strongly recommended
(references will be asked).
If you would like to be a regional manager in Europe send us your contact information: Full name:
Country:
City:
E-mail:
Telephone Number:
Our contacts: Denver@europjob.com
Registrant:
Maksim Rodkin
Email: roddsn@post.com
Organization: Private person
Address: Miichurinskij prospekt, d.10-2, kv. 144
City: Moskva
State: Moskovskaya
ZIP: 178234
Country: RU
Phone: +7.4956783214
It's not clear what the job is, probably money laundering or some other criminal back office service. Avoid.
Labels:
Job Offer Scams,
Lapatasker,
Money Mule,
Scams,
Spam
Fake "NetTemps Inc" domains
These domains and IPs seem to be associated with this company masquerading as "Net Temps Inc" (there are legitimate companies with a very similar name though), you can see examples of the scam email being used here and here.
82.243.193.235- Proxad, France
nettms.eu
nextspend.biz
95.64.133.205 - MultyKabelnie Seti Balashihi, Russia
nettms.net
nettps.net
eddpiii.com.pl
74.63.228.139 - Limestone Networks, Texas
ns1.loopcool.net
ns1.seerdanee.com
87.117.245.9 - JSHosts, UK
lokiou.eu
ns1.globalistory.net
ns1.hourscanine.com
ns1.limeteablack.net
ns1.skcstaff.com
ns1.skcstaffing.com
ns1.socialworc.net
204.12.229.89 - Hosting Ventures LLC, USA [Mostly suspended, some now deleted]
mx.nettempsin.co.uk
mx.nettms.net
ns1.availname.net
ns1.disksilver.net
ns1.girlfrendsboy.com
ns1.nodefront.net
ns1.pdsproperties.net
ns1.sorbauto.com
ns1.whiskybrend.net
availname.net
ddeasaeq.vc
edfa4.com.vc
edfa7.com.vc
efasqca.com.pl
ewasza.co.uk
ewasze.co.uk
ewasze.me.uk
ewaszi.co.uk
ewaszu.co.uk
girlfrendsboy.com
iurseda.com.vc
nodefront.net
pdsproperties.net
sorbauto.com
whiskybrend.net
79.170.40.4 - Heart Internet, UK
netpts.org
nettes.org
77.25.179.23 - Vodafone, Germany
ns2.loopcool.net
ns2.rakusolutions.com
Fast Flux (IP varies)
nettempsin.co.uk
Registered but no website
hourscanine.com
juverds.info
skcstaffing.com
Suspended / On hold
nttempinc.com
santroperz.net
assewya.co.uk
limeteablack.net
skcstaff.com
82.243.193.235- Proxad, France
nettms.eu
nextspend.biz
95.64.133.205 - MultyKabelnie Seti Balashihi, Russia
nettms.net
nettps.net
eddpiii.com.pl
74.63.228.139 - Limestone Networks, Texas
ns1.loopcool.net
ns1.seerdanee.com
87.117.245.9 - JSHosts, UK
lokiou.eu
ns1.globalistory.net
ns1.hourscanine.com
ns1.limeteablack.net
ns1.skcstaff.com
ns1.skcstaffing.com
ns1.socialworc.net
204.12.229.89 - Hosting Ventures LLC, USA [Mostly suspended, some now deleted]
mx.nettempsin.co.uk
mx.nettms.net
ns1.availname.net
ns1.disksilver.net
ns1.girlfrendsboy.com
ns1.nodefront.net
ns1.pdsproperties.net
ns1.sorbauto.com
ns1.whiskybrend.net
availname.net
ddeasaeq.vc
edfa4.com.vc
edfa7.com.vc
efasqca.com.pl
ewasza.co.uk
ewasze.co.uk
ewasze.me.uk
ewaszi.co.uk
ewaszu.co.uk
girlfrendsboy.com
iurseda.com.vc
nodefront.net
pdsproperties.net
sorbauto.com
whiskybrend.net
79.170.40.4 - Heart Internet, UK
netpts.org
nettes.org
77.25.179.23 - Vodafone, Germany
ns2.loopcool.net
ns2.rakusolutions.com
Fast Flux (IP varies)
nettempsin.co.uk
Registered but no website
hourscanine.com
juverds.info
skcstaffing.com
Suspended / On hold
nttempinc.com
santroperz.net
assewya.co.uk
limeteablack.net
skcstaff.com
Labels:
Job Offer Scams,
Money Mule,
NetTemps Inc,
Scams,
Spam
Monday, 17 May 2010
Nettms.net / Nettps.net "NetTemps Inc" scam
This fraudulent job offer solicits replies to an email address of cv@nettms.net and it pretends to be from "NetTemps Inc". There is a legitimate firm in the US of a similar name, but this job offer is not from them.
Anyway, this job offer is probably laundering stolen money or some other criminal activity and should be avoided at all costs.
Subject: part-time job in EuropeIt's the same scam as this one, but in this case the back-end servers are different.. the mailed replies go to 204.12.229.89 [Hosting Ventures LLC, US] with a web site hosted at 95.64.133.205 in Russia along with another similar domain of Nettps.net.
Date: Mon, 17 May 2010 16:05:37 +0100
Looking for a job? My name is Juliette Barnes, I am a recruiting manager of NetTemps Inc, a recruiting agency for direct-hire, contract, and freelance professionals within various professions.
Today I would like introduce some part-time and virtual office vacancies in the spheres of Advertising, Education, Engineering, Finance, Health care, Information technology, Media, Real estate and Transportation.
If you are interested to learn more about the jobs offered, please get back to me, providing your name and contact number.
We are eager to help you find a better job and improve your career!
If you have questions, please do not hesitate to e-mail me on:
c v @ n e t t m s . n e t [please delete spaces in the email address before sending it to us]
Yours sincerely,
Juliette Barnes
NetTemps Inc
Anyway, this job offer is probably laundering stolen money or some other criminal activity and should be avoided at all costs.
Labels:
Job Offer Scams,
Money Mule,
NetTemps Inc,
Scams,
Spam
Friday, 14 May 2010
"Delivery LCI" job scam
This is a fraudulent job offer, which appears to be a reshipping scam and possibly some other "back office" functions for organised criminals. The is no company registered in the UK called Delivery LCI or LCI Delivery.
Despite there being no company of this name in the UK, there are two probably related websites of deliverylci.com and lcidelivery.com. At the moment, only deliverylci.com is running, registered to a fake address in the US:
but claiming to be based in the UK from their website:
Digging further shows that the deliverylci.com website is hosted at 89.248.162.136 [Ecatel, Netherlands]. The following sites are hosted on the same server:
From: Timmy Bliss
Date: 14 May 2010 01:49
Subject: Job opening
Hello,
I'm Mary, writing on behalf of Delivery LCI about your job
search, would like to invite you to learn more about the job
opportunity that we are offering right now for people like you.
First of all you need no prior experience, but we will provide all
necessary training when you will join us.
Now let's take a look at what Delivery LCI offers you:
Shipping Regional Manager
Requirements:
- Resident of the United States;
- Fluent English;
- Basic knowledge of Microsoft Word and Microsoft Excel;
- Home Computer with e-mail account and ability to check your e-mail
box at least twice a day
- Adults only accepted (we cannot hire underage people)
Job description:
- Receive correspondence from our company and its clients at his/her
residential address;
- Report to our manager (every candidate will be included in a
manager's lists)
- Forward received items according to instructions of our manager
- Fill in the forms and papers as indicated in our manager's
instructions (you will receive an e-mail with instructions for each
box).
- Ship packages out
Personal qualities:
- honesty
- decency
- sociability
- ability to work in team
Salary
- 30$ per package processed for trial period 1 month
- 50$ per package processed \ by the end of trial period\
- The salary is credited to your account once a month
If you are interested in our position, reply back to us
with your short resume at:
KathrynKnowlton@BonBon.net
Thank you for reading.
+44.20 3286 9579
Despite there being no company of this name in the UK, there are two probably related websites of deliverylci.com and lcidelivery.com. At the moment, only deliverylci.com is running, registered to a fake address in the US:
Registrant: Dennis Oneal Email: support@deliverylci.com Organization: Delivery LCI Address: 1938 Woodland Terrace City: Orangevale State: CA ZIP: 95662 Country: US Phone: +1.9169879747 Fax: +1.9169879747
but claiming to be based in the UK from their website:
Your calls are received by the phone: +44.20 3286 95795 North Street, Hailsham does exist and is the office of a firm of accountants, there are many companies registered at this address. The telephone number is a London one though, not one for Hailsham.
E-mail: lcidelivery@lcidelivery.com
Our Office:
5 NORTH STREET, HAILSHAM, EAST SUSSEX, BN27 1DQ, United Kingdom
Digging further shows that the deliverylci.com website is hosted at 89.248.162.136 [Ecatel, Netherlands]. The following sites are hosted on the same server:
- Dealcomltd.com
- Deliverylci.com
- Idealogisticservices.com
- Todaylogisticservices.com
- ns1.taxreturnsworld.com
- ns1.worldtaxreturns.com
- ns2.itadvancedservices.com
- s1.oilhost.eu
Labels:
Job Offer Scams,
Money Mule,
Scams,
Spam
Thursday, 13 May 2010
Dating scam: "I will be glad to get to know you"
There have been quite a few dating scams soliciting replies to BonBon.net lately, and coming with an attached photo. This one is meant to be "Anete".. what do you mean, you don't remember Anete? Anyway, it's probaly some fat sweaty Russian bloke trying to part you from your cash, so avoid this one.
Subject: I will be glad to get to know you
Hello! How are you? I hope you are ok. I am Anete.
You remember, we have got acquainted with you at dating site?
You have given me your email and today I write to you.
I think, now we can begin our acquaintance. I will be glad! Hope you too.
I am 30 years old. I want to find the man and to create serious relationship.
I want, that you have answered me if you still want to know me.
I send you my photos, and I want, that you do the same.
I will be glad to get to know you more close.
Please reply only to my personal e-mail: utinanete@BonBon.net
I look forward your answer. With the best regards, Anete...
Labels:
Dating Scams,
Scams,
Spam
Monday, 10 May 2010
Evil network: Sagade Ltd / ATECH-SAGADE
There's been an awful lot of badness from Latvia recently, with several fake AV apps and other Very Bad Things hosted in the range 91.188.59.0 - 91.188.59.255, which appears to be a wholly bad subnet of pure evil. It looks like a similar setup to Real Host Ltd which was shut down last year.
inetnum: 91.188.59.0 - 91.188.59.255
netname: ATECH-SAGADE
descr: Sagade Ltd.
descr: Latvia, Rezekne, Darzu 21
descr: +371 20034981
remarks: abuse-mailbox: piotrek89@gmail.com
country: LV
admin-c: JS1449-RIPE
tech-c: JS1449-RIPE
status: ASSIGNED PA
mnt-by: AS6851-MNT
source: RIPE # Filtered
person: Juris Sahurovs
remarks: Sagade Ltd.
address: Latvia, Rezekne, Darzu 21
phone: +371 20034981
abuse-mailbox: piotrek89@gmail.com
nic-hdl: JS1449-RIPE
mnt-by: ATECH-MNT
source: RIPE # Filtered
% Information related to '91.188.32.0/19AS6851'
route: 91.188.32.0/19
descr: BKCNET Autonomous System
descr: IZZI SIA
descr: Ieriku 67a, Riga, LATVIA
origin: AS6851
mnt-by: AS6851-MNT
source: RIPE # Filtered
All these websites appear to be malicious, I cannot find a single site that I can identify as being legitimate. Most have obviously fake WHOIS details too. I would recommend blocking access to the whole IP block.
1zabslwvn538n4i5tcjl.com
Urodinam.net
A-fast.com
00g00.ru
Odnotraxniki.ru
Td0.ru
Kerrimckeetq.info
Maiamaribeihlv.info
Marguriiexyhamlin.info
Privatetechnology.biz
Syscodec.com
Systemcodec.net
Traffcash.biz
Kimirleonarda.info
Nitrosearch.info
Fastglobosearch.com
Likinto.com
Mcml1.com
Trol0l0.com
Mokato.com
Ziko.in
Viasot.com
Billsolutions.net
Fastsecurebilling.com
Fast-payments.com
Easypayments-online.com
Billingonline.net
Lotise.com
Manytis.com
Membernameserver.com
Ossarix.com
Soterpo.com
Stepil.com
Winepsy.com
Zingis.com
Bombastats.com
Pornowars.info
Superspuperporn.com
Pornopeace.info
Smackmybitch.info
Belleplaceurl.com
Christophecoinurl.com
Coinurlredirect.com
Coinurlredirection.com
Endroiturlredirect.com
Glossipfd.com
Goldcoinurl.com
Gork.in
Gulk.in
Hnarmettis.com
Hotelplaceurl.com
Lieuurlredirect.com
Mnuyetsgrr.com
My654bestsite.com
Nuvolokijj.com
Parkplaceurl.com
Polk.in
Rozg.in
Samk.in
Sekmoon.net
Silvercoinurl.com
Sumk.in
Vvven.in
Worldplaceurl.com
Zoid.in
Smackbybitch.com
Videosite1.com
Beeape.com
Supercrazynight.com
Supersporns.com
Sys-force.ru
Firsttunesclub.in
Viiistifor1.com
Visiocarii1l.net
Skachivay.com
Allforyouplus.net
Hotfilesfordownload.com
Allforil1i.com
Alltubeforfree.com
Allxtubevids.net
Freeanalsextubemovies.com
Freetube06.com
Freeviewgogo.com
Homeamateurclips.com
Hotxtube.in
Hotxxxtubevideo.com
Iil10oil0.com
Ilio01ili1.com
Illinoli1l.in
Porn-tube-video.com
Porntube2000.com
Porntubefast.com
Viewnowfast.com
Viewxxxfreegall.net
Xhuilil1ii.com
Yourbestway.cn
Youvideoxxx.com
Cern-a.com
Xbasex.com
Rowfirst.com
Autouploaders.net
Poafirst.com
Rodfirst.com
Solaruploader.com
Noafirst.com
My-best-web.com
Pakwer.com
Kdjkfjskdfjlskdjf.com
Stablednsstuff.com
Oklahomacitycom.com
inetnum: 91.188.59.0 - 91.188.59.255
netname: ATECH-SAGADE
descr: Sagade Ltd.
descr: Latvia, Rezekne, Darzu 21
descr: +371 20034981
remarks: abuse-mailbox: piotrek89@gmail.com
country: LV
admin-c: JS1449-RIPE
tech-c: JS1449-RIPE
status: ASSIGNED PA
mnt-by: AS6851-MNT
source: RIPE # Filtered
person: Juris Sahurovs
remarks: Sagade Ltd.
address: Latvia, Rezekne, Darzu 21
phone: +371 20034981
abuse-mailbox: piotrek89@gmail.com
nic-hdl: JS1449-RIPE
mnt-by: ATECH-MNT
source: RIPE # Filtered
% Information related to '91.188.32.0/19AS6851'
route: 91.188.32.0/19
descr: BKCNET Autonomous System
descr: IZZI SIA
descr: Ieriku 67a, Riga, LATVIA
origin: AS6851
mnt-by: AS6851-MNT
source: RIPE # Filtered
All these websites appear to be malicious, I cannot find a single site that I can identify as being legitimate. Most have obviously fake WHOIS details too. I would recommend blocking access to the whole IP block.
1zabslwvn538n4i5tcjl.com
Urodinam.net
A-fast.com
00g00.ru
Odnotraxniki.ru
Td0.ru
Kerrimckeetq.info
Maiamaribeihlv.info
Marguriiexyhamlin.info
Privatetechnology.biz
Syscodec.com
Systemcodec.net
Traffcash.biz
Kimirleonarda.info
Nitrosearch.info
Fastglobosearch.com
Likinto.com
Mcml1.com
Trol0l0.com
Mokato.com
Ziko.in
Viasot.com
Billsolutions.net
Fastsecurebilling.com
Fast-payments.com
Easypayments-online.com
Billingonline.net
Lotise.com
Manytis.com
Membernameserver.com
Ossarix.com
Soterpo.com
Stepil.com
Winepsy.com
Zingis.com
Bombastats.com
Pornowars.info
Superspuperporn.com
Pornopeace.info
Smackmybitch.info
Belleplaceurl.com
Christophecoinurl.com
Coinurlredirect.com
Coinurlredirection.com
Endroiturlredirect.com
Glossipfd.com
Goldcoinurl.com
Gork.in
Gulk.in
Hnarmettis.com
Hotelplaceurl.com
Lieuurlredirect.com
Mnuyetsgrr.com
My654bestsite.com
Nuvolokijj.com
Parkplaceurl.com
Polk.in
Rozg.in
Samk.in
Sekmoon.net
Silvercoinurl.com
Sumk.in
Vvven.in
Worldplaceurl.com
Zoid.in
Smackbybitch.com
Videosite1.com
Beeape.com
Supercrazynight.com
Supersporns.com
Sys-force.ru
Firsttunesclub.in
Viiistifor1.com
Visiocarii1l.net
Skachivay.com
Allforyouplus.net
Hotfilesfordownload.com
Allforil1i.com
Alltubeforfree.com
Allxtubevids.net
Freeanalsextubemovies.com
Freetube06.com
Freeviewgogo.com
Homeamateurclips.com
Hotxtube.in
Hotxxxtubevideo.com
Iil10oil0.com
Ilio01ili1.com
Illinoli1l.in
Porn-tube-video.com
Porntube2000.com
Porntubefast.com
Viewnowfast.com
Viewxxxfreegall.net
Xhuilil1ii.com
Yourbestway.cn
Youvideoxxx.com
Cern-a.com
Xbasex.com
Rowfirst.com
Autouploaders.net
Poafirst.com
Rodfirst.com
Solaruploader.com
Noafirst.com
My-best-web.com
Pakwer.com
Kdjkfjskdfjlskdjf.com
Stablednsstuff.com
Oklahomacitycom.com
Labels:
Black Hat,
Evil Network,
Hosting,
Latvia,
Malware,
Sagade Ltd
Subscribe to:
Posts (Atom)