Day: August 30, 2017

WhoIs tweetiz.com – Malware Infestation

Leave a comment

tweetiz

tweetiz.png

79.137.105.126 resolves to ip126.ip-79-137-105.eu.
The following A records are set to 79.137.105.126:

  1. ns1.tweetiz.com
  2. ns2.tweetiz.com
  3. tweetiz.com

Address lookup
canonical name:tweetiz.com
aliases
addresses:79.137.105.126
Domain Whois record

Queried whois.internic.net with “dom tweetiz.com”…

Domain Name: TWEETIZ.COM
Registry Domain ID: 2125549765_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.isimtescil.net
Registrar URL: http://www.isimtescil.net

Updated Date: 2017-05-20T14:53:40Z
Creation Date: 2017-05-18T16:05:53Z

Registry Expiry Date: 2018-05-18T16:05:53Z
Registrar: FBS Inc.
Registrar IANA ID: 1110
Registrar Abuse Contact Email: abuse@domaintime.biz
Registrar Abuse Contact Phone: 90.8502000444
Domain Status: clientTransferProhibited

Name Server: NS1.TWEETIZ.COM
Name Server: NS2.TWEETIZ.COM

DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint
Last update of whois database: 2017-08-31T04:39:33Z
Queried whois.isimtescil.net with “tweetiz.com

Domain Name: TWEETIZ.COM
Registry Domain ID: 2125549765_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.isimtescil.net
Registrar URL: http://www.isimtescil.net

Updated Date: 2017-07-18T02:29:54Z
Creation Date: 2017-05-18T16:05:53Z

Registrar Registration Expiration Date: 2018-05-18T16:05:53Z
Registrar: FBS Inc.
Registrar IANA ID: 1110
Domain Status: clientTransferProhibited

Registry Registrant ID: Not Available From Registry
Registrant Name: Domain Admin ContactID 3577497
Registrant Organization: FBS INC / Whoisprotection biz
Registrant Street: Atasehir Goztepe Nida Kule Is Merkezi Bora Sokak N
Registrant City: Istanbul
Registrant State/Province: Istanbul
Registrant Postal Code: 34704
Registrant Country: TR
Registrant Phone: +90.8502000444
Registrant Email: 3577497@whoisprotection.biz

Registry Admin ID: Not Available From Registry
Admin Name: Domain Admin ContactID 3577497
Admin Organization: FBS INC / Whoisprotection biz
Admin Street: Atasehir Goztepe Nida Kule Is Merkezi Bora Sokak N
Admin City: Istanbul
Admin State/Province: Istanbul
Admin Postal Code: 34704
Admin Country: TR
Admin Phone: +90.8502000444
Admin Email: 3577497@whoisprotection.biz

Registry Tech ID: Not Available From Registry
Tech Name: Domain Admin ContactID 3577497
Tech Organization: FBS INC / Whoisprotection biz
Tech Street: Atasehir Goztepe Nida Kule Is Merkezi Bora Sokak N
Tech City: Istanbul
Tech State/Province: Istanbul
Tech Postal Code: 34704
Tech Country: TR
Tech Phone: +90.8502000444
Tech Email: 3577497@whoisprotection.biz

Name Server: ns1.tweetiz.com
Name Server: ns2.tweetiz.com

DNSSEC:Unsigned
Registrar Abuse Contact Email: abuse@domaintime.biz
Registrar Abuse Contact Phone: +90.8502000444
URL of the ICANN WHOIS Data

>>> Last update of WHOIS database: 2017-08-31T04:39:45Z <<<
Network Whois record

Queried whois.ripe.net with “-B 79.137.105.126″…

Information related to ‘79.137.105.0 – 79.137.105.255’

Abuse contact for ‘79.137.105.0 – 79.137.105.255’ is ‘abuse@ovh.net’

inetnum: 79.137.105.0 – 79.137.105.255
netname: OVH-DEDICATED-FO
country: FR
descr: Failover IPs
org: ORG-OS3-RIPE
admin-c: OTC2-RIPE
tech-c: OTC2-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
created: 2017-01-11T11:00:00Z
last-modified: 2017-01-11T11:00:00Z
source: RIPE

organisation: ORG-OS3-RIPE
org-name: OVH SAS
org-type: LIR
address: 2 rue Kellermann
address: 59100
address: Roubaix
address: FRANCE
phone: +33972101007
abuse-c: AR15333-RIPE
admin-c: OTC2-RIPE
admin-c: OK217-RIPE
admin-c: GM84-RIPE
mnt-ref: OVH-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
mnt-by: OVH-MNT
abuse-mailbox: abuse@ovh.net
created: 2004-04-17T11:23:17Z
last-modified: 2017-05-30T07:24:52Z
source: RIPE
e-mail: lir@ovh.net

role: OVH Technical Contact
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
e-mail: noc@ovh.net
admin-c: OK217-RIPE
tech-c: GM84-RIPE
tech-c: SL10162-RIPE
nic-hdl: OTC2-RIPE
notify: noc@ovh.net
abuse-mailbox: abuse@ovh.net
mnt-by: OVH-MNT
created: 2004-01-28T17:42:29Z
last-modified: 2014-09-05T10:47:15Z
source: RIPE

% Information related to ‘79.137.64.0/18AS16276’

route: 79.137.64.0/18
origin: AS16276
mnt-by: OVH-MNT
created: 2017-01-09T09:27:47Z
last-modified: 2017-01-09T09:27:47Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.89.2 (ANGUS)
DNS records

name class type data time to live
tweetiz.com IN SOA
server: ns1.tweetiz.com
email: salla@salla.com
serial: 2017062702
refresh: 3600
retry: 7200
expire: 1209600
minimum ttl: 86400
86400s (1.00:00:00)
tweetiz.com IN NS ns2.tweetiz.com 86400s (1.00:00:00)
tweetiz.com IN NS ns1.tweetiz.com 86400s (1.00:00:00)
tweetiz.com IN A 79.137.105.126 14400s (04:00:00)
tweetiz.com IN MX
preference: 0
exchange: tweetiz.com
14400s (04:00:00)
126.105.137.79.in-addr.arpa IN PTR ip126.ip-79-137-105.eu 86400s (1.00:00:00)
105.137.79.in-addr.arpa IN SOA
server: dns109.ovh.net
email: tech@ovh.net
serial: 2017082902
refresh: 43200
retry: 4320
expire: 2419200
minimum ttl: 86400
86400s (1.00:00:00)
105.137.79.in-addr.arpa IN NS dns109.ovh.net 86400s (1.00:00:00)
105.137.79.in-addr.arpa IN NS ns109.ovh.net 86400s (1.00:00:00)
105.137.79.in-addr.arpa IN TXT v=spf1 include:mx.ovh.com ~all 600s (00:10:00)
— end —

Advertisement

WhoIs Elly’s World Professional Steam Hair Straightener ~ ellysworld.com

Leave a comment

scamFRAUDalert see it appropriate to issue this ALERT as consumers online have complained that they saw a Facebook advertisement offering hair straightener and ordered the product paying $49.97. The product was never delivered.

Based on what we are seeing, this is the same operation as Jody’s Adjustable Bra scam. We strongly recommend that you IMMEDIATELY file a complaint with

Internet Crime Complaint Center IC3

 
elyworld coupon

elly’s steam hair straightener
elly’s steam straightener reviews
elly’s professional steam hair straightener review
remington steam straightener review
ellys professional steam hair straightener reviews
elly’s steam hair straightener reviews
elly’s world reviews
ellys professional steam straightener reviews

Address lookup
canonical name:ellysworld.com
aliases
addresses: 23.227.38.32
Domain Whois record

Queried whois.internic.net with “dom Ellysworld.com

Domain Name: ELLYSWORLD.COM
Registry Domain ID: 2144574100_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2017-07-18T22:19:32Z
Creation Date: 2017-07-18T22:17:54Z
Registry Expiry Date: 2018-07-18T22:17:54Z
Registrar: NameCheap Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited
Name Server: PDNS1.REGISTRAR-SERVERS.COM
Name Server: PDNS2.REGISTRAR-SERVERS.COM
DNSSEC: unsigned

URL of the ICANN Whois Inaccuracy

Last update of whois database: 2017-08-30T17:31:04Z
Queried whois.namecheap.com with “Ellysworld.com

Domain name: Ellysworld.com
Registry Domain ID: 2144574100_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com

Updated Date: 2017-07-18T22:19:32.00Z
Creation Date: 2017-07-18T22:17:54.00Z

Registrar Registration Expiration Date: 2018-07-18T22:17:54.00Z
Registrar: NAMECHEAP INC
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Reseller: NAMECHEAP INC
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: addPeriod https://icann.org/epp#addPeriod

Registry Registrant ID:
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code:
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Fax: +51.17057182
Registrant Email: 3e28a08302c344f98fcd3046494925d1.protect@whoisguard.com

Registry Admin ID:
Admin Name: WhoisGuard Protected
Admin Organization: WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin City: Panama
Admin State/Province: Panama
Admin Postal Code:
Admin Country: PA
Admin Phone: +507.8365503
Admin Fax: +51.17057182
Admin Email: 3e28a08302c344f98fcd3046494925d1.protect@whoisguard.com

Registry Tech ID:
Tech Name: WhoisGuard Protected
Tech Organization: WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech City: Panama
Tech State/Province: Panama
Tech Postal Code:
Tech Country: PA
Tech Phone: +507.8365503
Tech Fax: +51.17057182

TTech Email: 3e28a08302c344f98fcd3046494925d1.protect@whoisguard.com

Name Server: pdns1.registrar-servers.com
Name Server: pdns2.registrar-servers.com
DNSSEC: unsigned

URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2017-08-30T11:31:20.81Z <<<

WhoIs ScamExperts.com

Leave a comment

scamFRAUDalert see it appropriate to issue this ALERT as consumers have reported that Alert_logo.pngthey have been contacted by phone by individuals with foreign accents regarding complaints online removal service being offered. The caller requested that consumers immediately contact them to remove complaints.

We visited the website scamexperts.com and see that they recommended consumer filed complaints on ScamGuard.com.

The WhoIs information below says the Registrant Name: Boris Razmiki.
ScamExperts.com and ScamGuard as well as Angrycitizen.com and reportscam.com all share the same Google Publisher ID:6306449039720879.
They are all own by Marketing Space LLC a timeshare marketing group whose addresses are below:
340 S Lemon Ave Walnut, CA 91789
2007 E Robinson St Orlando, FL 32803

scamexperts
screencapture-scamexperts-about-1504108037393

Address lookup
canonical name :scamexperts.com
aliases
addresses :2400:cb00:2048:1::6819:f163
2400:cb00:2048:1::6819:f263
104.25.242.99
104.25.241.99
Domain Whois record

Queried whois.internic.net with “dom scamexperts.com

Domain Name: SCAMEXPERTS.COM
Registry Domain ID: 1426508589_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Updated Date: 2017-04-26T07:28:22Z
Creation Date: 2008-03-19T03:53:38Z
Registry Expiry Date: 2018-03-19T03:53:38Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: 480-624-2505
Domain Status: ok https://icann.org/epp#ok
Name Server: DAWN.NS.CLOUDFLARE.COM
Name Server: MAX.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2017-08-30T15:40:57Z <<<
Queried whois.godaddy.com with “scamexperts.com”…

Domain Name: scamexperts.com
Registrar URL: http://www.godaddy.com
Registrant Name: Boris Razmiki
Registrant Organization:

Name Server: DAWN.NS.CLOUDFLARE.COM
Name Server: MAX.NS.CLOUDFLARE.COM

DNSSEC: unsigned

For complete domain details go to:
http://who.godaddy.com/whoischeck.aspx?domain=scamexperts.com
Network Whois record

Queried whois.arin.net with “n 104.25.242.99″…

NetRange: 104.16.0.0 – 104.31.255.255
CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS13335
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2014-03-28
Updated: 2017-02-17
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1

OrgName: Cloudflare, Inc.
OrgId: CLOUD14
Address: 101 Townsend Street
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2017-02-17
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref: https://whois.arin.net/rest/org/CLOUD14

OrgNOCHandle: NOC11962-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-650-319-8930
OrgNOCEmail: noc@cloudflare.com
OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN

OrgTechHandle: ADMIN2521-ARIN
OrgTechName: Admin
OrgTechPhone: +1-650-319-8930
OrgTechEmail: admin@cloudflare.com
OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN

OrgAbuseHandle: ABUSE2916-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-319-8930
OrgAbuseEmail: abuse@cloudflare.com
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN

RNOCHandle: NOC11962-ARIN
RNOCName: NOC
RNOCPhone: +1-650-319-8930
RNOCEmail: noc@cloudflare.com
RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN

RAbuseHandle: ABUSE2916-ARIN
RAbuseName: Abuse
RAbusePhone: +1-650-319-8930
RAbuseEmail: abuse@cloudflare.com
RAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN

RTechHandle: ADMIN2521-ARIN
RTechName: Admin
RTechPhone: +1-650-319-8930
RTechEmail: admin@cloudflare.com
RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN

  1. 855-550-3722
  2. 937-660-4045
  3. 636-224-3292
  4. 805-681-4986

 

scamFRAUDalert.ORG cybersquatting WARNING

7 Comments

A Cybercriminal has registered one of our domain name scamFRAUDalert.org and isshutterstock_344117816-1 hijacking indexed urls  of ours and redirecting traffic. Essentially what this CRIMINAL (samirnet2@gmail.com) is doing is to hijack scamFRAUDaler.org urls and  twitter URLs redirecting traffic

scamFRAUDalert.org
REDIRECT WEB TRAFFIC
To MALWARE INFESTATION sites

sfa-for sale.png

whoismark_

We were able to identify the criminal publisher ID as Pub-2955686772232536. This practice is known as cybersquatting.

Cybersquatting is a common practice online. Stealing brand names via registering domains or hijacking links or urls and redirecting traffics.

scamFRAUDalert is no exception. What is increasing becoming annoying is the amount of interest in our domain name. Dozens of so called scam ALERT sites have emerged. A cyber criminal has purchased the domain name scamfraudalert.org and is actively attempting to infect as many computers as possible.

SCAMMERS  have reinvented themselves to now providing ALERTS in all world to confused, muddy and discredit legitimate scam sites as ours.

Cybersquatting is a practice of registering, selling or using a domain name with the intent of profiting from the goodwill of someone else’s trademark. It generally refers to the practice of buying up domain names that use the names of existing businesses with the intent to sell the names for a profit to those businesses.

Below is the latest attempt of this squatter – URL discarded t.co / iB1oliNuVY
SFA_org_T.co Squatter
You get redirected to a Malware Infested Site
SFA_org_T.co Squatter2

Read About the Phishing and Malware Expedition with domain scamFRAUDalert.org (screenshot below)

SFA_phishinggoogle-translate-1504195331710
SFA_Google_For SALE

screencapture-google-search-1507908626744
t.co_ibolinuvy=malware3
t.co_ibolinuvy=malware2

Domain Whois record
Queried whois.internic.net with “dom scamfraudalerts.com”…

Domain Name: SCAMFRAUDALERTS.COM
Registry Domain ID: 2096067633_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namebright.com
Registrar URL: http://www.NameBright.com
Updated Date: 2017-02-08T13:08:54Z
Creation Date: 2017-02-07T19:14:41Z
Registry Expiry Date: 2018-02-07T19:14:41Z
Registrar: DropCatch.com 808 LLC
Registrar IANA ID: 2567
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NSG1.NAMEBRIGHTDNS.COM
Name Server: NSG2.NAMEBRIGHTDNS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2017-08-30T08:44:49Z <<<

Address lookup
canonical name:scamfraudalert.org
aliases
addresses:192.184.12.62
Domain Whois record

Queried whois.publicinterestregistry.net with “scamfraudalert.org”…

Domain Name: SCAMFRAUDALERT.ORG
Registry Domain ID: D402200000001715160-LROR
Registrar WHOIS Server:
Registrar URL: http://www.sitename.com
Updated Date: 2017-05-04T03:46:53Z
Creation Date: 2017-03-04T14:30:24Z
Registry Expiry Date: 2018-03-04T14:30:24Z
Registrar Registration Expiration Date:
Registrar: SiteName Ltd.
Registrar IANA ID: 437
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Registry Registrant ID: C136922651-LROR
Registrant Name: Domain Manager
Registrant Organization: samirnet -domain names for sale
Registrant Street: Flat No. 48 Cunningham Apts Edward Road
Registrant City: Bangalore
Registrant State/Province:
Registrant Postal Code: 560052
Registrant Country: IN
Registrant Phone: +91.802260640
Registrant Email: samirnet2@gmail.com

Registry Admin ID: C136922651-LROR
Admin Name: Domain Manager
Admin Organization: samirnet -domain names for sale
Admin Street: Flat No. 48 Cunningham Apts Edward Road
Admin City: Bangalore
Admin State/Province:
Admin Postal Code: 560052
Admin Country: IN
Admin Phone: +91.802260640
Admin Email: samirnet2@gmail.com

Registry Tech ID: C136922651-LROR
Tech Name: Domain Manager
Tech Organization: samirnet -domain names for sale
Tech Street: Flat No. 48 Cunningham Apts Edward Road
Tech City: Bangalore
Tech State/Province:
Tech Postal Code: 560052
Tech Country: IN
Tech Phone: +91.802260640

Tech Email: samirnet2@gmail.com
Name Server: NS15.ABOVE.COM
Name Server: NS16.ABOVE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2017-08-30T08:45:24Z

from: James Ashmore [abuse@trellian.com]
to: scamFRAUDalert [scamfraudalert@gmail.com]
______________________________________
Hello,

Thank you for your message.

Acknowledgement that written correspondence has been received.

Above.com Monetization AutoPilot is a routing/redirection service only; we do not host any of the content of the domain/s or IP addresses in question. As this is the case, we dispute any claim of hosting any copyrighted content.

As we are not the governing body for these disputes, any cancellation of services will be done in accordance to the outcome of a UDRP from WIPO.

Kind regards,
James Ashmore
__________________________
Trellian.com Abuse Team :abuse@trellian.com
USA: +1 310-736-4230
Australia::+61- 3-9589-7946
http://www.above.com
http://www.above.com

AUSTRALIA

Office Hours:
M-F 9:00 am to 5:00 pm
Australian Eastern Std Time

Phone: + 61-3-9589-7946
Fax: + 61-3-9589-7951

USA Office
Trellian Direct Search Network
Above.com
5220 Pacific Concourse Dr
Suite 100
Los Angeles, CA 90045