Day: December 24, 2012

ftigroupltd.com

Leave a comment

The Purpose of this post is to ALERT you that the job you are about to apply for or may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT.

These job postings are an attempt to lure you into cashing counterfeit checks and have you wire funds via Western Union or MoneyGram. Essentially You Become A Money or RePackage Mule.

The identity of an individual or entity have been stolen along with fund from their bank accounts. You are being recruited to wire transfer these funds either by WESTERN UNION, MONEYGRAM, into your bank, a DOMESTIC BANK or FOREIGN BANK ACCOUNT

  1. Understanding The Cyber Theft Ring
  2. Money Mule Explained
  3. Protecting Yourself Against Money Mule
  4. Washingtonpost.com by Brian Kerbs
  5. Interview With A Money Mule
  6. Bobbear.co.UK ~ Historical Money Mule Sites

Address lookup
lookup failed ftigroupltd.com
Could not find an IP address for this domain name
Domain Whois record

Queried whois.internic.net with “dom ftigroupltd.com

Domain Name: FTIGROUPLTD.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: http://www.melbourneit.com
Name Server: YNS1.YAHOO.COM
Name Server: YNS2.YAHOO.COM
Status: ok
Updated Date: 23-dec-2012
Creation Date: 13-dec-2012
Expiration Date: 13-dec-2013

Last update of whois database: Mon, 24 Dec 2012 19:06:54 UTC
Queried whois.melbourneit.com with “ftigroupltd.com

Domain Name………. ftigroupltd.com
Creation Date…….. 2012-12-13
Registration Date…. 2012-12-13
Expiry Date………. 2013-12-13
Tracking Number…… 1766054993_DOMAIN_COM-VRSN
Organisation Name…. Jeffrey Hatcher
Organisation Address. 1023 Drainer Avenue
Organisation Address.
Organisation Address.
Organisation Address. Tallahassee
Organisation Address. 32301
Organisation Address. FL
Organisation Address. UNITED STATES

Admin Name……….. Jeffrey Hatcher
Admin Address…….. 1023 Drainer Avenue
Admin Address……..
Admin Address……..
Admin Address. Tallahassee
Admin Address…….. 32301
Admin Address…….. FL
Admin Address…….. UNITED STATES
Admin Email………. jeffreyshatcher@yahoo.com
Admin Phone………. +1.8506178004
Admin Fax…………

Tech Name………… YahooDomains TechContact
Tech Address……… 701 First Ave.
Tech Address………
Tech Address………
Tech Address……… Sunnyvale
Tech Address……… 94089
Tech Address……… CA
Tech Address……… UNITED STATES
Tech Email……….. domain.tech@yahoo-inc.com
Tech Phone……….. +1.4089162124
Tech Fax………….
Name Server………. yns2.yahoo.com
Name Server………. yns1.yahoo.com

Network Whois record

Don’t have an IP address for which to get a record
DNS records

DNS query for ftigroupltd.com returned an error from the server: ServerFailure

No records to display

— end —

Advertisement

Budapest, Hungary Spam Capital

Leave a comment

scamFRAUDalert see it fitting to make this declaration that Budapest, Hungary is another  SPAM CAPITAL for online pharmacy spamming.
Trace Email – Track Email

Email Header Analysis

IP Address:  91.120.21.207 (hirlevel2smtp.habostorta.hu)
IP Address Country:  Hungary
IP Continent:  Europe
IP Address City Location:  Budapest
IP Address Region:  Budapest
IP Address Latitude:  47.5,
IP Address Longtitude:  19.0833
Organization:  GTS Hungary Telecommunications Limited Liability C

Email Lookup Map (show/hide)

vacationanddeals.com

1 Comment

scamFRAUDalert see it necessary to issue this ALERT as scammers have embarked upon bulk mailing contacting consumers informing them that they have WON a round trip tickets from American Airlines or US Airlines. Enclosed in the mail is a Travel Check Voucher and the recipient is instructed to call a 1-800-xxx-xxxx number.

On other instances, a telemarketer will contact you explaining that you’ve WON. According to reports online, the website www.vacationanddeals.com appears to be senders of these bulk mails and telemarketing tactics.

It is a voucher that can be used with Delta, Southwest, JetBlue, or American Airlines. When you leave the presentation, you will have the vouchers and information to set up your trip.

This slideshow requires JavaScript.

Dear scamFRAUDalert,

Enclosed is your Travel Check Voucher. This Travel Check Voucher can be redeemed for for a certificate for two round trip airline tickets to anywhere in the continental US from any major international US airport. Certain restrictions may apply. Vacation Getaways and Cruises are available for a limited time.

We have attempted to contacting you on several occasions. This will be your last chance to respond.

Note that this check voucher must be redeemed by December 5, 2012. If you do not claim your award, it will be transferred to the alternate. This is a limited time offer and may be withdrawn at any time. Flights will fill quickly.

Pleas reference your check voucher number OR-55309. This travel check must be certified to be valid.

Call – 866-949- 7188 This is not a timeshare or land sales offer.

Sincerely,

Cathy Ryan
Stacy Lane VP
Vice President

  1. 1-866-937-7121
  2. 1-866-753-0092
  3. 1-866-949-1701
  4. 1-855-879-8217
  5. 1-866-949-3847
  6. 1-866-949-1805
  7. 1-866-949-1807
  8. 1-866-357-1991
  9. 1-866-357-1991
  10. 1-866-381-4674
  11. 1-866-937-7123
  12. 1-866-381-4675
  13. 1-866-353-3192
  14. 1-866-937-7118
  15. 1-866-937-7124
  16. 1-866-937-7121
  17. 1-866-937-0954
  18. 1-866-320-8335
  19. 1-866-937-7118
  20. 1-866-754-9186
  21. 1-866-754-9185
  22. 1-866-754-9246
  23. 1-866-345-9856
  24. 1-866-754-5039
  25. 1-866-753-5875
  26. 1-866-753-5083
  27. 1-866-381-9944
  28. 1-866-753-5083
  29. 1-866-673-3911
  30. 1-866-752-8964
  31. 1-866-353-3192
  32. 1-866-752-9066
  33. 1-866-753-0092
  34. 1-866-753-8004
  35. 1-866-753-0975
  36. 1-866-673-4910
  37. 1-866-949-5037
  38. 1-866 949-1805
  39. 1-866-949-1811
  40. 1-866-949-1802
  41. 1-866-949-3882
  42. 1-866-949-1805
  43. 1-855-879-8217

Address lookup
canonical name vacationanddeals.com
aliases
addresses 70.40.220.101
Domain Whois record

Queried whois.internic.net with “dom vacationanddeals.com

Domain Name: VACATIONANDDEALS.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.BLUEHOST.COM
Name Server: NS2.BLUEHOST.COM
Status: clientTransferProhibited
Updated Date: 03-aug-2012
Creation Date: 03-aug-2012
Expiration Date: 03-aug-2013

Last update of whois database: Sat, 22 Dec 2012 20:04:55 UTC

Queried whois.enom.com with “vacationanddeals.com
Registration Service Provided By: Namecheap.com

Domain name: vacationanddeals.com
Registrant Contact:
WhoisGuard
WhoisGuard Protected ()

Fax:
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US

Administrative Contact:
WhoisGuard
WhoisGuard Protected 668742a9f3cd4143988623f02c52b0f7.protect@whoisguard.com
+1.6613102107
Fax: +1.6613102107
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US

Technical Contact:
WhoisGuard
WhoisGuard Protected (668742a9f3cd4143988623f02c52b0f7.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US

Status: Locked

Name Servers:
ns1.bluehost.com
ns2.bluehost.com

Creation date: 03 Aug 2012 06:11:00
Expiration date: 02 Aug 2013 22:11:00

Network Whois record

Queried rwhois.unifiedlayer.com with “70.40.220.101”…

%rwhois V-1.5:000080:00 rwhois.unifiedlayer.com (by Unified Layer, V-1.5.0)
network:Class-Name:network
network:ID: NETBLK-UL.70.40.192.0/19
network:Auth-Area: 70.40.192.0/19
network:Network-Name: UL-70.40.192.0/19
network:IP-Network: 70.40.192.0/19
network:Organization: Unified Layer
network:Tech-Contact: netops@unifiedlayer.com
network:Admin-Contact: netops@unifiedlayer.com
network:Abuse-Contact: abuse@unifiedlayer.com
network:Created: 20121119
network:Updated: 20121119
network:Updated-By: netops@unifiedlayer.com

ok

Queried whois.arin.net with “n 70.40.220.101″…

NetRange: 70.40.192.0 – 70.40.223.255
CIDR: 70.40.192.0/19
OriginAS: AS46606
NetName: UNIFIEDLAYER-NETWORK-5
NetHandle: NET-70-40-192-0-1
Parent: NET-70-0-0-0-0
NetType: Direct Allocation
RegDate: 2008-10-03
Updated: 2012-11-14
Ref: http://whois.arin.net/rest/net/NET-70-40-192-0-1

OrgName: Unified Layer
OrgId: BLUEH-2
Address: 1958 South 950 East
City: Provo
StateProv: UT
PostalCode: 84606
Country: US
RegDate: 2006-08-08
Updated: 2012-11-26
Ref: http://whois.arin.net/rest/org/BLUEH-2

ReferralServer: rwhois://rwhois.unifiedlayer.com:4321

OrgAbuseHandle: ABUSE3581-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-888-401-4678
OrgAbuseEmail: abuse@unifiedlayer.com
OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3581-ARIN

OrgTechHandle: NETWO5508-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-888-401-4678
OrgTechEmail: netops@unifiedlayer.com
OrgTechRef: http://whois.arin.net/rest/poc/NETWO5508-ARIN

OrgNOCHandle: NETWO5508-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-888-401-4678
OrgNOCEmail: netops@unifiedlayer.com
OrgNOCRef: http://whois.arin.net/rest/poc/NETWO5508-ARIN

RTechHandle: NETWO2081-ARIN
RTechName: Network Operations
RTechPhone: +1-801-765-9400
RTechEmail: netops@bluehost.com
RTechRef: http://whois.arin.net/rest/poc/NETWO2081-ARIN

RNOCHandle: TECHN497-ARIN
RNOCName: Technical Operations
RNOCPhone: +1-801-765-9400
RNOCEmail: support@bluehost.com
RNOCRef: http://whois.arin.net/rest/poc/TECHN497-ARIN

RAbuseHandle: NOC2320-ARIN
RAbuseName: Network Operations Center
RAbusePhone: +1-801-765-9400
RAbuseEmail: abuse@bluehost.com
RAbuseRef: http://whois.arin.net/rest/poc/NOC2320-ARIN

Reading,United Kingdom Spam Capital

Leave a comment

scamFRAUDalert see it fitting to make this declaration that Reading, United Kingdom ~ Great Britain is the SPAM CAPITAL of THE WORLD for online pharmacy spamming.
Trace Email – Track Email

Email Header Analysis

IP Address:  213.199.154.61 (213.199.154.61)
IP Address Country:  United Kingdom
IP Continent:  Europe
IP Address City Location:  Reading
IP Address Region:  Reading
IP Address Latitude:  51.4333,
IP Address Longtitude:  -1
Organization:  Microsoft London Internet Data Center

Email Lookup Map (show/hide)

Reading UK

viagra-online-7.com

Leave a comment

Buying Prescription Drugs Online May Be Dangerous Says
Drug Enforcement Administration

DEA Logo - Buying Proscription Drugs

National Association of Boards of Pharmacy (NABP)

Warning

The Canadian Pharmacy, Canadian/European Pharmacy”, “Canadian Healthcare” and “US Drugstore” are brands of one of the most disgusting illegal online pharmacy group well organized CRIMINAL OPERATION of all times. “GREED” is the driving force behind this operation. Don’t let them fool you. They will never send you any genuine drugs. If they ever send anything at all, it may consist of literally anything from sugar to wall plaster, and they certainly don’t care that you will endanger your health by taking those dangerous counterfeit drugs.

Who’s Behind Online Pharmacy

Today a shadowy, transnational network of illicit drug manufacturers, traders, doctors, Web site operators, spammers and criminals makes up the online pharmacy world.

Buying Medication Online Can Be Safe

There are many options out there when it comes to buying medication online. We have looked at websites after websites. Some sites feature offshore pharmacies that do not require a prior prescription. Others feature licensed pharmacies that do require a prescription from your doctor.

Before making a purchase that can affect your health, we strongly recommend that you consult your physician & DO NOT self-medicate.

Ordering medication online can be a safe, money-saving experience. When done through licensed online pharmacies that require a prescription, you can be assured that the medication you get is exactly what you need to treat your ailments.

viagra-online-7


Address lookup
canonical name:viagra-online-7.com
aliases
addresses 108.166.165.22
Domain Whois record

Queried whois.internic.net with “dom viagra-online-7.com

Domain Name: VIAGRA-ONLINE-7.COM
Registrar: INTERNET.BS CORP.
Whois Server: whois.internet.bs
Referral URL: http://www.internet.bs
Name Server: NS1.GIGAPROS.COM
Name Server: NS2.GIGAPROS.COM
Status: clientTransferProhibited
Updated Date: 12-dec-2012
Creation Date: 12-dec-2012
Expiration Date: 12-dec-2013

Last update of whois database: Mon, 24 Dec 2012 07:48:01 UTC
Queried whois.internet.bs with “viagra-online-7.com

Domain viagra-online-7.com

Date Registered: 2012-12-12
Date Modified: 2012-12-12
Expiry Date: 2013-12-12

DNS1: ns1.gigapros.com
DNS2: ns2.gigapros.com

Registrant
Fundacion Private Whois
Domain Administrator
Email:50c8c2d79pahsc9o@t02cduv4f7f99a255f64.privatewhois.net
Attn: viagra-online-7.com
Aptds. 0850-00056
Zona 15 Panama
Panama
Tel: +507.65995877

Administrative Contact
Fundacion Private Whois
Domain Administrator
Email:50c8c2d7xhdxst8b@t02cduv4f7f99a255f64.privatewhois.net
Attn: viagra-online-7.com
Aptds. 0850-00056
Zona 15 Panama
Panama
Tel: +507.65995877

Technical Contact
Fundacion Private Whois
Domain Administrator
Email:50c8c2d7et2dvb37@t02cduv4f7f99a255f64.privatewhois.net
Attn: viagra-online-7.com
Aptds. 0850-00056
Zona 15 Panama
Panama
Tel: +507.65995877

Registrar: Internet.bs Corp.
Registrar’s Website :
http://www.internetbs.net

Network Whois record

Queried rwhois.corexchange.com with “108.166.165.22”…

%rwhois V-1.5:003eff:00 rwhois.corexchange.com (by Network Solutions, Inc. V-1.5.9.5)
network:Class-Name:network
network:ID:NETBLK-COREXCHANGE.108.166.160.0/19
network:Auth-Area:108.166.160.0/19
network:Network-Name:BLK-GIGAPROSCOMLLC-108.166.165.0/27
network:IP-Network:108.166.165.0/27
network:IP-Network-Block:108.166.165.0 – 108.166.165.31
network:Organization-Name;I:GigaPros.com LLC
network:Organization-City:Long Beach
network:Organization-State:CA
network:Organization-Country:US
network:Description-Usage:Customer
network:Tech-Contact;I:hostmaster@corexchange.com
network:Admin-Contact;I:IPENG7-ARIN
network:Created:20120201
network:Updated:20120425
network:Updated-By:rwhois@corexchange.com

network:Class-Name:network
network:ID:NETBLK-COREXCHANGE.108.166.160.0/19
network:Auth-Area:108.166.160.0/19
network:Network-Name:BLK-COREXCHANGE-108.166.160.0/19
network:IP-Network:108.166.160.0/19
network:IP-Network-Block:108.166.160.0 – 108.60.191.255
network:Organization-Name;I:CoreXchange
network:Organization-City:Dallas
network:Organization-State:TX
network:Organization-Country:US
network:Description-Usage:Customer
network:Tech-Contact;I:hostmaster@corexchange.com
network:Admin-Contact;I:IPENG7-ARIN
network:Created:20110105
network:Updated:20110603
network:Updated-By:rwhois@corexchange.com

referral rwhois://root.rwhois.net:4321/auth-area=.
ok

Queried whois.arin.net with “n 108.166.165.22
NetRange: 108.166.160.0 – 108.166.191.255
CIDR: 108.166.160.0/19
OriginAS: AS13354
NetName: COREXCHANGE-08
NetHandle: NET-108-166-160-0-1
Parent: NET-108-0-0-0-0
NetType: Direct Allocation
RegDate: 2012-01-25
Updated: 2012-01-25
Ref: http://whois.arin.net/rest/net/NET-108-166-160-0-1

OrgName: EBL Global Networks, Inc.
OrgId: EGN-1
Address: 1950 Stemmons Freeway – Suite 4006
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US
RegDate: 2007-03-02
Updated: 2011-11-28
Ref: http://whois.arin.net/rest/org/EGN-1

ReferralServer: rwhois://rwhois.corexchange.com:4321

OrgTechHandle: IPENG7-ARIN
OrgTechName: IP Engineering
OrgTechPhone: +1-214-442-1111
OrgTechEmail: ipeng@corexchange.com
OrgTechRef: http://whois.arin.net/rest/poc/IPENG7-ARIN

OrgAbuseHandle: AOC9-ARIN
OrgAbuseName: Abuse Operations Center
OrgAbusePhone: +1-214-442-1111
OrgAbuseEmail: abuse@corexchange.com
OrgAbuseRef: http://whois.arin.net/rest/poc/AOC9-ARIN

DNS records
name class type data time to live
viagra-online-7.com IN TXT v=spf1 +a +mx +ip4:108.166.188.210 ?all 3600s (01:00:00)
viagra-online-7.com IN MX
preference: 0
exchange: viagra-online-7.com
3600s (01:00:00)
viagra-online-7.com IN SOA
server: ns1.gigapros.com
email: server-alerts@gigapros.com
serial: 2012121203
refresh: 1200
retry: 120
expire: 86400
minimum ttl: 3600
3600s (01:00:00)
viagra-online-7.com IN NS ns1.gigapros.com 3600s (01:00:00)
viagra-online-7.com IN NS ns2.gigapros.com 3600s (01:00:00)
viagra-online-7.com IN A 108.166.165.22 3600s (01:00:00)
22.165.166.108.in-addr.arpa IN PTR cust-108-166-165-22.corexchange.com 86400s (1.00:00:00)
165.166.108.in-addr.arpa IN SOA
server: ns1.corexchange.com
email: root@165.166.108.in-addr.arpa
serial: 2012092800
refresh: 10800
retry: 900
expire: 604800
minimum ttl: 86400
86400s (1.00:00:00)
165.166.108.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 10800 (03:00:00)
signature expiration: 2013-01-03 01:00:10Z
signature inception: 2012-12-24 01:00:10Z
key tag: 29729
signer’s name: 108.in-addr.arpa
signature:
(1024 bits)

10800s (03:00:00)
165.166.108.in-addr.arpa IN NSEC
next domain name: 166.166.108.in-addr.arpa
record types: NS RRSIG NSEC
10800s (03:00:00)
165.166.108.in-addr.arpa IN NS ns2.corexchange.com 86400s (1.00:00:00)
165.166.108.in-addr.arpa IN NS ns1.corexchange.com 86400s (1.00:00:00)

— end —

The following A records are set to 108.166.165.22:

  1. 513real.com
  2. alfredtay.com
  3. armageddonoutfitter.com
  4. auctioneerchannel.com
  5. buy-cialis-tabs.com
  6. cialis-20mg-on.com
  7. cialispillswithoutpresc.com
  8. cialisprofessional4all.com
  9. comohagopara.info
  10. edxtgv.com
  11. eggyi.com
  12. forsale-viagrasamples.com
  13. frsd-office.com
  14. genericviagrafreeships.com
  15. gourdier.com
  16. iputa.com
  17. iunui.com
  18. kazantzis.com
  19. magicpillonlinee.com
  20. only-vimaxpills.com
  21. paydayloansfastt.com
  22. phen375dieta.com
  23. photawesome.com
  24. pinkelephantcreations.com
  25. piratecru.com
  26. powerupspa.com
  27. presencearchive.com
  28. profjonas.com
  29. propecia4men.com
  30. pursuingorigins.com
  31. randysclub.org
  32. rchengineering.com
  33. recreationresale.com
  34. red-ebiz.com
  35. rhombus-tek.com
  36. rtprimo.com
  37. saichel.com
  38. scandlas2011.com
  39. scanrighthere.com
  40. seeside.ca
  41. sharmelsheikhpropertyfinder.com
  42. shyalf.com
  43. shyanneli.com sicorp.us
  44. silviamulet.com
  45. sinchoros.org
  46. smddance.com
  47. sojairemedies.com
  48. spanish-legal-translation.com
  49. sperio.com, spiralmind4.org
  50. stevemitchellcontractor.com
  51. tadalafil-tabs.com, taivo.net
  52. tasmena.com, tasmena.org
  53. tenpennyjoke.com
  54. tfzsoft.com
  55. theauctioneerchannel.com
  56. theorycomplete.com
  57. tinypak.com
  58. up-online-pharmacy.com
  59. viagra-online-7.com
  60. viagrageneric123.com
  61. viagragold800mg.com
  62. viagraonline-ed5.com
  63. viagraonlinefreeships.com
  64. viagraprofessional4all.com
  65. zuigeling.com