Patricia Madden

From: Patricia Madden
Sent: Tuesday, January 1, 2019 12:58
Subject: Re: to Dick Johnson
To: Dick Johnson

On Tuesday, January 01, 2019 10:51 AM, Patricia Madden wrote:
I was thinking this could be interesting to you

Advertisements

WhoIs VCharges.com aka Complaintsboard.com

Adsense publisher IDs
pub-7643816519439245
pub-0908409732572457


We know that the Adsense publisher ID pub-7643816519439245 belongs to http://www.complaintsboard.com aka http://www.SUDZIBAS.LV. The same pub ID is listed on Vcharges.com
A search of the server IP Address listed the following domains.
Vcharges_ip lookupVcharges

The following A records are set to 185.61.150.9:

  1. callerfinder.com
  2. http://complimentworld.com,
  3. http://consumermotion.com
  4. funkido.com
  5. guideblock.com
  6. icontacter.com
  7. http://iformative.com
  8. numtracker.com
  9. phonemoz.com
  10. phonexy.com
  11. http://reviewstalk.com
  12. slotleader.com
  13. http://spamcaution.com
  14. http://spaminform.com
  15. ucharges.com
  16. vcharges.com
  17. http://voteanddate.com
  18. xbetslots.com

Address lookup
canonical name:www.vcharges.com
aliases
addresses :185.61.150.9
Domain Whois record

Queried whois.internic.net with “dom vcharges.com”…

Domain Name: VCHARGES.COM
Registry Domain ID: 1801192127_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.PublicDomainRegistry.com
Registrar URL: http://www.publicdomainregistry.com
Updated Date: 2017-03-08T11:31:48Z
Creation Date: 2013-05-14T10:44:46Z
Registry Expiry Date: 2018-05-14T10:44:46Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1.2013775952
Domain Status: clientTransferProhibited

Name Server: NS-13.AWSDNS-01.COM
Name Server: NS-1523.AWSDNS-62.ORG
Name Server: NS-1689.AWSDNS-19.CO.UK
Name Server: NS-781.AWSDNS-33.NET
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form:

Last update of whois database: 2017-11-11T21:56:07Z

Queried whois.publicdomainregistry.com with “vcharges.com”…

Domain Name: VCHARGES.COM
Registry Domain ID: 1801192127_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.publicdomainregistry.com
Registrar URL: http://www.publicdomainregistry.com
Updated Date: 2017-03-08T11:31:49Z
Creation Date: 2013-05-14T10:44:46Z
Registrar Registration Expiration Date: 2018-05-14T10:44:46Z
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com
Registrar IANA ID: 303
Domain Status: clientTransferProhibited

Registry Registrant ID: Not Available From Registry
Registrant Name: Daniel
Registrant Organization:
Registrant Street: Quai du Mont-Blanc 17
Registrant City: Geneve
Registrant State/Province: Genève(fr)
Registrant Postal Code: 1201
Registrant Country: CH
Registrant Phone: +41.229065555
Registrant Email: welcomeinbox@gmail.com

Registry Admin ID: Not Available From Registry
Admin Name: Daniel
Admin Organization:
Admin Street: Quai du Mont-Blanc 17
Admin City: Geneve
Admin State/Province: Genève(fr)
Admin Postal Code: 1201
Admin Country: CH
Admin Phone: +41.229065555
Admin Email: welcomeinbox@gmail.com

Registry Tech ID: Not Available From Registry
Tech Name: Daniel
Tech Organization:
Tech Street: Quai du Mont-Blanc 17
Tech City: Geneve
Tech State/Province: Genève(fr)
Tech Postal Code: 1201
Tech Country: CH
Tech Phone: +41.229065555
Tech Email: welcomeinbox@gmail.com

Name Server: ns-13.awsdns-01.com
Name Server: ns-1523.awsdns-62.org
Name Server: ns-1689.awsdns-19.co.uk
Name Server: ns-781.awsdns-33.net
DNSSEC:Unsigned
Registrar Abuse Contact Email: abuse-contact@publicdomainregistry.com
Registrar Abuse Contact Phone: +1.2013775952
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

Last update of WHOIS database: 2017-11-11T21:56:20Z
Network Whois record

Queried whois.ripe.net with “-B 185.61.150.9″…
% Information related to ‘185.61.150.0 – 185.61.150.255’
% Abuse contact for ‘185.61.150.0 – 185.61.150.255’ is ‘abuse@yourserver.se’

inetnum: 185.61.150.0 – 185.61.150.255
netname: Makonix
descr: Makonix SIA
country: LV
admin-c: MTC62-RIPE
tech-c: MTC62-RIPE
status: ASSIGNED PA
mnt-by: Makonix
created: 2015-09-14T14:35:02Z
last-modified: 2015-09-14T14:35:02Z
source: RIPE

role: Makonix Technical Contact
address: Riga, Latvia
e-mail: info@makonix.com
abuse-mailbox: abuse@makonix.com
remarks: ***********************************************
remarks: * Spam / Abuse issues please send to *
remarks: * abuse@makonix.com *
remarks: ***********************************************
admin-c: MB20680-RIPE
tech-c: MB20680-RIPE
nic-hdl: MTC62-RIPE
mnt-by: Makonix
created: 2011-04-20T18:32:40Z
last-modified: 2011-04-20T18:40:15Z
source: RIPE

% Information related to ‘185.61.150.0/24AS52173’

route: 185.61.150.0/24
descr: Makonix
origin: AS52173
mnt-by: Makonix
created: 2015-02-12T16:11:46Z
last-modified: 2015-02-12T16:11:46Z
source: RIPE

% This query was served by the RIPE Database Query Service version 1.90 (WAGYU)

WhoIs insurancefly.org ~ w3lookup.net ~ pageadviser.org

We have been researching the buyer of the domain name scamfraudalert.org and his/her associates. We have been identifying all stats sites that have listed scamfraudalert stats and have adsense publisher ID listed. Below ARE some of our findings.

pub-7225191233201787 | pub-6992611019353651

 

  1. w3lookup.net
  2. pageadviser.org -Farshad Hemmati/Berkeley, California
  3. insurancefly.org -Farshad Hemmati/Berkeley, California
  4. ~


screencapture-spyonweb-pub-6992611019353651-1509981979469
Insurancefly
pageadviser
screencapture-pageadviser-org-1509981593102
screencapture-w3lookup-net-1509981506998

Playoninflatables.com Network Compromised

scamFRAUDalert see it appropriate to issue this ALERT as the network for PlayOn Alert_logoInflatables is being compromised sending out malicious attacks on computers.
WordAd_SFA2.PNG
Category: Intrusion Prevention
Date & Time,Risk,Activity,Status,Recommended Action,IPS Alert Name,Default Action,Action Taken,Attacking Computer,Attacker URL,Destination Address,Source Address,Traffic Description
10/14/2017 12:26:45 PM,High,An intrusion attempt by playoninflatables.com was blocked.,
Blocked,
No Action Required,
Web Attack: JSCoinminer Download 6,
No Action Required,
No Action Required,
“playoninflatables.com (23.229.148.192, 80)”,
playoninflatables.com/,”DESKTOP-8UGRPC2 (192.168.0.14, 57225)”,
playoninflatables.com (23.229.148.192),”TCP, www-http”
Network traffic from playoninflatables.com/ matches the signature of a known attack.

AL SHIHI FINANCE COMPANY

The identity of AL SHIHI FINANCE COMPANY STOLEN


from: Elias Hamed – hamed.elias11@outlook.comLogo_Fraudalert
to: scamFRAUDalert@gmail.com
date: Fri, Sep 22, 2017 at 6:27 AM
subject: AL SHIHI FINANCE COMPANY
mailed-by: outlook.com
signed-by: outlook.com
security: Standard encryption (TLS) Learn more


Assalamualaikum,

Al Shihi Finance Company established in 2002, is a lender and leading investment company having interests across various sectors including healthcare, education, infrastructure, retail, real estate, financial services, communication, power & energy and technology.A successful business needs a committed ownership, a strong business concept, and a financing strategy to help the business grow and thrive. Using your own money to finance a business is obviously the easiest approach, but this may not always be a viable option. This is where Al Shihi Finance Company comes in. For more than a decade, Al Shihi Finance Company has been providing innovative business loan products to individuals and companies. In today’s rapidly changing business environment a loan from Al Shihi Finance Company can be an invaluable injection for you to expand your operations and further your company’s ambitions.

We give easy and censored loan. We have a flexible and pragmatic loan offering tailored specifically to individuals, business, entrepreneurs, private and public companies’ investment project, taxes and bills etc. Get back to us if you want to participate for more funding details.

Best Regards
Elias Hamed
AL SHIHI FINANCE COMPANY
#600 11th Floor,
Al Habtoor Business Tower, Al Sufouh Road,
Opposite Habtoor Grand Resort & Spa Hotel, Dubai Marina
United Arab Emirates

Who is ePharmacies.com?

Drug Enforcement Agency

United States of America

The Ryan Haight Act Known as
Online Pharmacy Consumer Protection Act of 2008
Sec. 2. Requirement of a valid prescription for
controlled substances dispensed by means of the Internet.

Who’s Behind These Online Pharmacies

SUMMARY: The Ryan Haight Online Pharmacy Consumer Protection Act,
which was enacted on October 15, 2008,amended the Controlled Substances Act and Controlled Substances Import and Export Act by adding several new provisions to prevent the illegal distribution and dispensing of controlled substances by means of the Internet.
_________________________________

ePharmacies.com is committed to helping customers find safe, high-quality, and affordable medications through reputable online pharmacies. We seek to raise awareness about rising medication costs, empowering consumers so they can increase their health and well-being.

epharamies

  1. vimaxpills.shop
  2. planetdrugsdirect.com
  3. CheapRXmeds.com
  4. canadadrugs.com
  5. canadadrugcenter.com
  6. discountdrugsfromcanada.com
  7. ivfprescriptions.com
  8. medicationdiscountcard.com
  9. drugswww.com
  10. doctorsolve.com
  11. planetdrugsdirect.com
  12. goodrx.com
  13. topmedonlinestore.com
  14. http://www.asomf.org
  15. epharmacies.com
  16. edrugsearch.com
  17. drugs-med.com
  18. herbalsupplementshealth.com
  19. Prescriptiongiant.com
  20. topiramate365.com
  21. bestvito.eu

Address lookup
canonical name:epharmacies.com
aliases
addresses:2400:cb00:2048:1::681b:bc2c
2400:cb00:2048:1::681b:bd2c

104.27.188.44
104.27.189.44
Domain Whois record

Queried whois.internic.net with “dom epharmacies.com

Domain Name: EPHARMACIES.COM
Registry Domain ID: 63385079_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.domain.com
Registrar URL: http://www.domain.com
Updated Date: 2016-01-29T14:35:05Z
Creation Date: 2001-02-22T11:44:37Z
Registry Expiry Date: 2019-02-22T11:44:35Z

Registrar: Domain.com, LLC
Registrar IANA ID: 886
Registrar Abuse Contact Email: compliance@domain-inc.net
Registrar Abuse Contact Phone: 602-226-2389

Domain Status: clientTransferProhibited
Domain Status: clientUpdateProhibited

Name Server: MARY.NS.CLOUDFLARE.COM
Name Server: PHIL.NS.CLOUDFLARE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2017-09-22T14:06:22Z <> Last update of WHOIS database: 2016-01-29T14:35:05Z <<<
Network Whois record

Queried whois.arin.net with “n 104.27.188.44″…

NetRange: 104.16.0.0 – 104.31.255.255
CIDR: 104.16.0.0/12
NetName: CLOUDFLARENET
NetHandle: NET-104-16-0-0-1
Parent: NET104 (NET-104-0-0-0-0)
NetType: Direct Assignment
OriginAS: AS13335
Organization: Cloudflare, Inc. (CLOUD14)
RegDate: 2014-03-28
Updated: 2017-02-17
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref: https://whois.arin.net/rest/net/NET-104-16-0-0-1

OrgName: Cloudflare, Inc.
OrgId: CLOUD14
Address: 101 Townsend Street
City: San Francisco
StateProv: CA
PostalCode: 94107
Country: US
RegDate: 2010-07-09
Updated: 2017-02-17
Comment: All Cloudflare abuse reporting can be done via https://www.cloudflare.com/abuse
Ref: https://whois.arin.net/rest/org/CLOUD14

OrgNOCHandle: NOC11962-ARIN
OrgNOCName: NOC
OrgNOCPhone: +1-650-319-8930
OrgNOCEmail: noc@cloudflare.com
OrgNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN

OrgTechHandle: ADMIN2521-ARIN
OrgTechName: Admin
OrgTechPhone: +1-650-319-8930
OrgTechEmail: admin@cloudflare.com
OrgTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN

OrgAbuseHandle: ABUSE2916-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-650-319-8930
OrgAbuseEmail: abuse@cloudflare.com
OrgAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN

RNOCHandle: NOC11962-ARIN
RNOCName: NOC
RNOCPhone: +1-650-319-8930
RNOCEmail: noc@cloudflare.com
RNOCRef: https://whois.arin.net/rest/poc/NOC11962-ARIN

RAbuseHandle: ABUSE2916-ARIN
RAbuseName: Abuse
RAbusePhone: +1-650-319-8930
RAbuseEmail: abuse@cloudflare.com
RAbuseRef: https://whois.arin.net/rest/poc/ABUSE2916-ARIN

RTechHandle: ADMIN2521-ARIN
RTechName: Admin
RTechPhone: +1-650-319-8930
RTechEmail: admin@cloudflare.com
RTechRef: https://whois.arin.net/rest/poc/ADMIN2521-ARIN

scamFRAUDalert.ORG cybersquatting WARNING

A Cybercriminal has registered the domain name scamFRAUDalert.org and is hijaching indexed urls redirecting clicks. Essentially what this CRIMINAL (samirnet2@gmail.com) is doing is to hijack scamFRAUDaler.org urls and  twitter URLs redirecting traffic
scamFRAUDalert.org to MALWARE INFESTATION sites.shutterstock_344117816-1

We were able to identify the criminal publisher ID as Pub-2955686772232536. This practice is known as cybersquatting.

Cybersquatting is a common practice online. Stealing brand names via registering domains or hijacking links or urls and redirecting traffics.

scamFRAUDalert is no exception. What is increasing becoming annoying is the amount of interest in our domain name. Dozens of so called scam ALERT sites have emerged. A cyber criminal has purchased the domain name scamfraudalert.org and is actively attempting to infect as many computers as possible.

SCAMMERS  have reinvented themselves to now providing ALERTS in all world to confused, muddy and discredit legitimate scam sites as ours.

Cybersquatting is a practice of registering, selling or using a domain name with the intent of profiting from the goodwill of someone else’s trademark. It generally refers to the practice of buying up domain names that use the names of existing businesses with the intent to sell the names for a profit to those businesses.

Below is the latest attempt of this squatter – URL discarded t.co / iB1oliNuVY
SFA_org_T.co Squatter
You get redirected to a Malware Infested Site
SFA_org_T.co Squatter2
scamfraudalert_org
scamfraudalerts_com.png

SFA_Google_For SALE

Read About the Phishing and Malware Expedition with domain scamFRAUDalert.org (screenshot below)

SFA_phishinggoogle-translate-1504195331710
SFA_Google_For SALE


screencapture-google-search-1507908626744
t.co_ibolinuvy=malware3
t.co_ibolinuvy=malware2


Domain Whois record
Queried whois.internic.net with “dom scamfraudalerts.com”…

Domain Name: SCAMFRAUDALERTS.COM
Registry Domain ID: 2096067633_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namebright.com
Registrar URL: http://www.NameBright.com
Updated Date: 2017-02-08T13:08:54Z
Creation Date: 2017-02-07T19:14:41Z
Registry Expiry Date: 2018-02-07T19:14:41Z
Registrar: DropCatch.com 808 LLC
Registrar IANA ID: 2567
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Name Server: NSG1.NAMEBRIGHTDNS.COM
Name Server: NSG2.NAMEBRIGHTDNS.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2017-08-30T08:44:49Z <<<


Address lookup
canonical name:scamfraudalert.org

aliases
addresses:192.184.12.62
Domain Whois record

Queried whois.publicinterestregistry.net with “scamfraudalert.org”…

Domain Name: SCAMFRAUDALERT.ORG
Registry Domain ID: D402200000001715160-LROR
Registrar WHOIS Server:
Registrar URL: http://www.sitename.com
Updated Date: 2017-05-04T03:46:53Z
Creation Date: 2017-03-04T14:30:24Z
Registry Expiry Date: 2018-03-04T14:30:24Z
Registrar Registration Expiration Date:
Registrar: SiteName Ltd.
Registrar IANA ID: 437
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone:
Reseller:
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited

Registry Registrant ID: C136922651-LROR
Registrant Name: Domain Manager
Registrant Organization: samirnet -domain names for sale
Registrant Street: Flat No. 48 Cunningham Apts Edward Road
Registrant City: Bangalore
Registrant State/Province:
Registrant Postal Code: 560052
Registrant Country: IN
Registrant Phone: +91.802260640
Registrant Email: samirnet2@gmail.com

Registry Admin ID: C136922651-LROR
Admin Name: Domain Manager
Admin Organization: samirnet -domain names for sale
Admin Street: Flat No. 48 Cunningham Apts Edward Road
Admin City: Bangalore
Admin State/Province:
Admin Postal Code: 560052
Admin Country: IN
Admin Phone: +91.802260640
Admin Email: samirnet2@gmail.com

Registry Tech ID: C136922651-LROR
Tech Name: Domain Manager
Tech Organization: samirnet -domain names for sale
Tech Street: Flat No. 48 Cunningham Apts Edward Road
Tech City: Bangalore
Tech State/Province:
Tech Postal Code: 560052
Tech Country: IN
Tech Phone: +91.802260640

Tech Email: samirnet2@gmail.com
Name Server: NS15.ABOVE.COM
Name Server: NS16.ABOVE.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2017-08-30T08:45:24Z


from: James Ashmore [abuse@trellian.com]
to: scamFRAUDalert [scamfraudalert@gmail.com]
______________________________________
Hello,

Thank you for your message.

Acknowledgement that written correspondence has been received.

Above.com Monetization AutoPilot is a routing/redirection service only; we do not host any of the content of the domain/s or IP addresses in question. As this is the case, we dispute any claim of hosting any copyrighted content.

As we are not the governing body for these disputes, any cancellation of services will be done in accordance to the outcome of a UDRP from WIPO.

Kind regards,
James Ashmore
__________________________
Trellian.com Abuse Team :abuse@trellian.com
USA: +1 310-736-4230
Australia::+61- 3-9589-7946
http://www.above.com
http://www.above.com


AUSTRALIA

Office Hours:
M-F 9:00 am to 5:00 pm
Australian Eastern Std Time

Phone: + 61-3-9589-7946
Fax: + 61-3-9589-7951

USA Office
Trellian Direct Search Network
Above.com
5220 Pacific Concourse Dr
Suite 100
Los Angeles, CA 90045