Ransomware Hackers Demand $70 Million In Bitcoin

There is nothing glorious about this story. This is all too common. We believe the FBI and NSA should pay close attention to the operators of Complaintsboard.com. They are not an innocent bystander nor are their activities online scrupulously clean. UA-6753034-2 | pub-7643816519439245 .

A group of Russian-speaking hackers have claimed responsibility for a massive ransomware attack over the holiday weekend that hit 200 U.S. firms and hundreds more worldwide, with the group demanding $70 million in bitcoin to restore the companies’ data in the latest debilitating cyberattack to hit the U.S. this year. 

Source: Forbes

United Technologies Corporation~ united-technologiesusa.com

The Purpose of this post is to ALERT you that the job you are about to apply for orscamalert may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of an individual or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK  or OFFSHORE BANK ACCOUNT.

 Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained 
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

Fear not! Those are all long dead.
What is remarkable is the number of them using the .CN TLD

Current list of similar sites

Artable Ltd http://artable.biz
Artable Ltd http://artable-ltd.com
Artable Ltd http://artable-uk.net
Artcolors Ltd http://artcolors-ltd.com
Artcolors Ltd http://artcolors-ltd.net
Artcolors Ltd http://artcolors-ltd.org
Art Yard Limited http://art-yard-uk.com
Capital-One Outsourcing Inc http://usacapital-oneoutsourcing.biz
Capital-One Outsourcing Inc http://usa-capital-one-outsourcing.com
Clientspec USA Inc http://client-spec-usa.biz
Clientspec USA Inc http://client-specusa-inc.net
Clientspec USA Inc http://usa-clientspec-inc.com
Consolidated Holdings Limited http://consolidated-holdingsuk.biz
Consolidated Holdings Limited http://consolidated-holdingsuk.net
Equity Technology Partners Inc http://equitytech-partners.cc
Equity Technology Partners Inc http://equity-techpartners.com
Equity Technology Partners Inc http://equitytech-partners.net
Feature Solutions Limited http://feature-solutionuk.org
Feature Solutions Limited http://ukfeature-solutions.com
Financeheads Ltd http://financeheads.com
Fintech Innovation Program Ltd http://fintech-inprogram.net
Fintech Innovation Program Ltd http://fintechin-program.com
Fintech Innovation Program Ltd http://fintechin-program.org
Financial Trust Inc http://fin-trustinc.com
Financial Trust Inc http://usa-financialtrust.net
Financial Trust Inc http://usa-financial-trust.biz
Finance Counts Ltd http://fincounts-ltd.com
Finance Counts Ltd http://finance-counts-uk.org
Finance Counts Ltd http://uk-financecounts.net
1st Consultants Inc http://1st-consultansinc.net
1st Consultants Inc http://first-consultansinc.biz
1st Consultants Inc http://first-consultansinc-usa.com
Global United Services Inc http://globalus-united.net
Group Holdings Ltd http://groupholdings-ltd.biz
Group Holdings Ltd http://groupholdings-ltd.com
Group Holdings Ltd http://groupholdings-ltd.net
Highland Holdings Limited http://highland-holdingsltd.biz
Highland Holdings Limited http://highland-holdings-ltd.net
Innovation and Technology Services Limited http://inn-technology.biz
Innovation and Technology Services Limited http://inn-technology.com
Innovation and Technology Services Limited http://inn-technology.net
Inter Pro Finance Limited http://interprolimited.biz
Inter Pro Finance Limited http://interprofinance.com
Information Technology Alliance Ltd http://it-alliance-ltd.com
IT-Global Services Limited http://itglobalserv-ltd.biz
IT-Global Services Limited http://itglobalserv-ltd.com
IT-Global Services Limited http://itglobalserv-ltd.net
ITG Solutions Limited http://itg-solutions-ltd.com
ITG Solutions Limited http://itg-solutions-uk.net
Meridian International Inc http://meridianus-int.biz
Meridian International Inc http://meridian-international.net
Meridian International Inc http://meridianus-inc.com
National Express Holdings Ltd http://national-express-holdingsuk.com
Neopro Inc http://neopro-inc.com
Neopro Inc http://neopro-inc.net
Five Company http://new-source-unlimited.biz
Novatex Finanze S.r.l. http://novatex-finanze.biz
Novatex Finanze S.r.l. http://novatex-finanze.com
Novatex Finanze S.r.l. http://novatex-finanze.net
Outsource Consulting Inc http://outsource-consultingus.biz
Outsource Consulting Inc http://outsource-consultingus.com
Outsource Consulting Inc http://outsource-consultingus.net
IT-Outsource Marketing Inc http://outsourcemarketing-us.biz
IT-Outsource Marketing Inc http://outsource-marketing-us.com
IT-Outsource Marketing Inc http://outsourcemarketing-us.net
Partner Financial Group Inc http://partner-financialgroup.com
Partner Financial Group Inc http://partner-fingroup-inc.biz
Partner Financial Group Inc http://usa-partnerfin-group.net
Primary International Holdings Ltd http://primary-internationalltd.biz
Primary International Holdings Ltd http://primary-internationalltd.net
Sabi-Consulting S.r.l. http://sa-consulting.biz
Sabi-Consulting S.r.l. http://sa-consulting.cc
Sabi-Consulting S.r.l. http://sabi-consulting.com
Sky-Edge IT Solutions Inc http://sky-edgeitsolutions.cc
Sky-Edge IT Solutions Inc http://sky-edgeitsolutions.com
Sky-Edge IT Solutions Inc http://sky-edgeitsolutions.net
UK Access Group Ltd http://uk-accessgroup.com
UK Access Group Ltd http://uk-accessgroup.net
UK Access Group Ltd http://uk-accessgroup.org
UK-Power Limited http://ukpower-ltd.com
UK-Power Limited http://ukpower-ltd.org
United Technologies Corporation http://united-technologiesusa.net
United Technologies Corporation http://united-technologiesusa.com
Avid Technical Resources Inc http://avid-techresources.cc
Avid Technical Resources Inc http://avid-techresources.com
Avid Technical Resources Inc http://avid-techresources.net
Enterprise Holdings Limited http://enterprise-holdingsuk.com
Enterprise Holdings Limited http://enterprise-holdingsuk.net
InterPride-Limited http://interpride-ltd.com
InterPride-Limited http://interpride-ltd.net
InterPride-Limited http://interpride-ltd.org
Integrated Technology Inc http://inttechus.com
Integrated Technology Inc http://inttechus.biz
Integrated Technology Inc http://technology-inc.net
Finmurano S.r.l. http://finmurano.biz

archive.org/viagra

Drug Enforcement Agency

United States of America

The Ryan Haight Act Known as
Online Pharmacy Consumer Protection Act of 2008
Sec. 2. Requirement of a valid prescription for
controlled substances dispensed by means of the Internet.

Who's Behind These Online Pharmacies 

SUMMARY: The Ryan Haight Online Pharmacy Consumer Protection Act,
which was enacted on October 15, 2008,amended the Controlled Substances Act and Controlled Substances Import and Export Act by adding several new provisions to prevent the illegal distribution and dispensing of controlled substances by means of the Internet.
_________________________________

compromise ~ hijacked ~ cybercriminals ~ mobsters

Internet Archive Search: mediatype:software AND subject:”cheap viagra cialis online”
archive.org
BUY CHEAP Cialis – CLICK HERE! Order Cialis Online! – Lowest Prices Guaranteed! cheap viagra cialis online, cialis professional 20 mg best time to …

  1. http://www.oblatos.com/viagra
  2. http://www.ecoluffa.uz/viagra
  3. http://www.thesewingsourceinc.com/viagra
  4. azienda-casalino.com/viagra
  5. jakobskirken.dk/viagra
  6. selvedge-game.com/viagra
  7. auracentermexico.com/viagra
  8. actupinsask.org/viagra
  9. oblatos.com/viagra
  10. actupinsask.org/viagra
  11. ptxgaming.com/viagra
  12. laryngologiabialystok.pl/viagra
  13. cateringbonillo.com/viagra
  14. bluerivermedia.ca/viagra
  15. archive.org/viagra
  16. eteglobal.com/viagra
  17. expgames.net/viagra
  18. laryngologiabialystok.pl/viagra
  19. actupinsask.org/viagra
  20. h-engineering.net/estrogens

archive

madisonmft.com/VIAGRA

Drug Enforcement Agency

United States of America

The Ryan Haight Act Known as
Online Pharmacy Consumer Protection Act of 2008
Sec. 2. Requirement of a valid prescription for
controlled substances dispensed by means of the Internet.

Who's Behind These Online Pharmacies 

SUMMARY: The Ryan Haight Online Pharmacy Consumer Protection Act,
which was enacted on October 15, 2008,amended the Controlled Substances Act and Controlled Substances Import and Export Act by adding several new provisions to prevent the illegal distribution and dispensing of controlled substances by means of the Internet.
_________________________________

Compromised website ~ cyber-criminals ~ spammers
madisonmft.com/VIAGRA

Fastest Shipping : Buy Viagra Online Cheap – Madison Marriage and Family Therapy
madisonmft.com
Buy viagra online cheap. Order Viagra online now! Full Certified. Certified pharmacy online. Buy Genuine FDA-approved Viagra, Cialis, and Levitra at …
madisonmft

WhoIs ~ quicktextalerts.com

quicktextalerts.comFraud Alert

Address lookup
canonical name quicktextalerts.com

aliases
addresses: 111.68.1.1
Domain Whois record

Queried whois.internic.net with “dom quicktextalerts.com

Domain Name: QUICKTEXTALERTS.COM
Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Whois Server: whois.dns.com.cn
Referral URL: http://www.dns.com.cn
Name Server: NS13.DNS.COM.CN
Name Server: NS14.DNS.COM.CN
Status: clientTransferProhibited
Updated Date: 14-mar-2014
Creation Date: 14-mar-2014
Expiration Date: 14-mar-2015

Last update of whois database: Sat, 19 Apr 2014 12:09:23 UTC
Queried whois.dns.com.cn with “quicktextalerts.com

Domain name: quicktextalerts.com
Registry Domain ID:
Registrar WHOIS Server: whois.dns.com.cn
Registrar URL: http://www.dns.com.cn
Updated Date: 2014-03-15T08:39:56Z
Creation Date: 2014-03-15T08:39:56Z

Registrar Registration Expiration Date: 2015-03-15T08:39:56Z
Registrar: Beijing Innovative Linkage Technology Ltd.
Registrar IANA ID: 633
Registrar Abuse Contact Email: abuse@dns.com.cn
Registrar Abuse Contact Phone: +86.1082151122
Domain Status: clientTransferProhibited

Registry Registrant ID:
Registrant Name: canggao
Registrant Organization: cang gao
Registrant Street: xianshichangbeishalu98hao
Registrant City: xian
Registrant State/Province: SN
Registrant Postal Code: 363115
Registrant Country: CN
Registrant Phone: +86.75583763772
Registrant Fax: +86.75583763772
Registrant Email: dfhcsdfs@126.com

Registry Admin ID:
Admin Name: canggao
Admin Organization: cang gao
Admin Street: xianshichangbeishalu98hao
Admin City: xian
Admin State/Province: SN
Admin Postal Code: 363115
Admin Country: CN
Admin Phone: +86.75583763772
Admin Fax: +86.75583763772
Admin Email: dfhcsdfs@126.com

Registry Tech ID:
Tech Name: canggao
Tech Organization: cang gao
Tech Street: xianshichangbeishalu98hao
Tech City: xian
Tech State/Province: SN
Tech Postal Code: 363115
Tech Country: CN
Tech Phone: +86.75583763772
Tech Fax: +86.75583763772
Tech Email: dfhcsdfs@126.com

Name Server: ns14.dns.com.cn
Name Server: ns13.dns.com.cn

DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: Sat Apr 19 20:09:53 2014 +0800

Network Whois record

Queried whois.apnic.net with “111.68.1.1”…

% Information related to ‘111.68.0.0 – 111.68.15.255’

inetnum: 111.68.0.0 – 111.68.15.255
netname: APACSERVER-HK
descr: Hollywood Plaza, 610 Nathan Road
country: HK
admin-c: APSC1-AP
tech-c: APSC1-AP
status: ALLOCATED PORTABLE
remarks: Used for service-hosting
mnt-by: APNIC-HM
mnt-lower: MAINT-APACSERVER-HK
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation’s account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20090609
source: APNIC

role: ASIA PACIFIC SERVER COMPANY – network administrato
address: Hollywood Plaza, 610 Nathan Road, Mong Kong, KLN
country: HK
phone: +85263419611
e-mail: network@apacserver.com
admin-c: APSC1-AP
tech-c: APSC1-AP
nic-hdl: APSC1-AP
mnt-by: MAINT-APACSERVER-HK
changed: hm-changed@apnic.net 20090609
source: APNIC
changed: hm-changed@apnic.net 20090609

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (WHOIS2)

Arrest of Revenge Porn Operator in Oklahoma

Attorney General Kamala D. Harris Announces Arrest of Revenge Porn Operator in Oklahoma

Friday, February 14, 2014
Contact: (415) 703-5837

LOS ANGELES — Attorney General Kamala D. Harris today announced the arrest of the alleged owner and operator of a revenge porn website who facilitated the posting of more than 400 sexually explicit photos of Californians and extorted victims for as much as $250 each to remove the illicit content.

Casey E. Meyering, 28, of Tulsa, Oklahoma was arrested yesterday in Tulsa by agents with the California Attorney General’s eCrime Unit, the Rohnert Park Department of Public Safety and the Tulsa Police Department. The Attorney General’s Office is seeking a Governor’s warrant for Meyering’s extradition to California, and he remains in custody pending the extradition hearing. According to documents filed in Napa County Superior Court, Meyering has been charged with 5 felony extortion counts.

“This behavior is the very definition of predatory and this website made a game out of humiliating victims for profit,” Attorney General Harris said. “These actions at their core are about one individual exploiting the privacy and trust of others for financial gain. We will continue to investigate and prosecute those who participate in these deplorable and illegal activities.”

Court documents allege that in 2013, Meyering owned and administered the website WinByState.com, which solicits the anonymous, public posting of private photographs containing nude and explicit images of individuals without their permission. Commonly known as revenge porn, the photos maybe obtained consensually by the poster during a prior relationship, or are stolen or hacked.

The investigation into WinByState.com began when a Northern California hacking victim discovered nude photos of herself on this site that had been stolen from her computer, according to court documents. Described as “a user supported website where you can trade your ex-girlfriend, your current girlfriend, or any other girl that you might know,” WinByState.com solicited uploaders to identify their “wins” according to city and state, sometimes using the victim’s complete or partial name. There were over 400 postings in the California forum, and at least one victim was under 18 at the time the photographs were taken, according to court documents.

Court documents also allege that WinbyState.com required victims to pay $250 via a Google Wallet account to remove posted photographs. The account was named TakeDownHammer, and was registered to Meyering at a non-existent Beverley Hills storefront. Law enforcement agents purchased a “takedown” for one the victims in Napa, and traced the funds to Meyering’s bank account in Tulsa, where surveillance footage from the bank identified him withdrawing money from the account.

The California Attorney General’s Office is currently working with GoDaddy.com to suspend the website pending the investigation and identification of additional victims.

In December of last year, Attorney General Harris announced the arrest of Kevin Christopher Bollaert, 27, of San Diego, who operated the revenge porn website ugotposted.com. He was charged with 31 felony counts of conspiracy, identity theft and extortion and is currently awaiting trial.

Attorney General Harris created the eCrime Unit in 2011 to identify and prosecute identity theft crimes, cybercrimes and other crimes involving the use of technology.

Individuals who feel they are victims of WinByState.com or other revenge porn websites should file a complaint with the California Attorney General’s office here: https://oag.ca.gov/contact/consumer-complaint-against-business-or-company.

Please note that a complaint contains only allegations against a person and, as with all defendants, Casey E. Meyering, must be presumed innocent unless and until proven guilty.

# # #

We are offering a distant job

The Purpose of this post is to ALERT you that the job you are about to apply for orscamalert may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of an individual or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK or OFFSHORE BANK ACCOUNT.

Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

Email header analysis report
All valid IP Addresses found in the header.
Ip Address 3rd Party Info Provider City Flag Country
* 115.160.3.100 Check 115.160.3.100 at Senderbase.org Check 115.160.3.100 at Reputationauthority.org Seokyung Cable Television Co..ltd. Jinju Korea, Republic of
98.138.197.221 Check 98.138.197.221 at Senderbase.org Check 98.138.197.221 at Reputationauthority.org Yahoo Sunnyvale United States

*Probable originating IP address

Message-Id: <8AFA5DAAF52D0D0272D5227DA5858AFA@F7QIUSK3A>

  • job@jobusagov.com
  • info@jobusagov.com
  • offer@jobusagov.com
  • cv@jobusagov.com

We are offering a shipping manager assistant position.
We are offering a distant job.

The job routine will take 2-3 hours per day and requires absolutely no investment.
You will work with big shops, suppliers, factories all around the States.
The communication line will flow between you and your personal manager, you will receive orders via email and phone,
and our trained manager will be with you while every step to help you to work out first orders and answer any questions which may appear.
The starting salary is about ~2800 USD per month + bonuses.

You will receive first salary in 30 days after you will successfully complete your first task.
When the first working month will be over you will have a right to receive salary every 2 weeks.
The bonuses are calculated on the very last working day of each month,
and paying out during a first week of the next month.

We will accept applications this week only!
To proceed to the next step we should register you in HR system so we will need a small piece of your personal information.

Please fill in the fields:
Full_name:
Phone_number:
Email_address:
City_of_residence:

We need your personal information to create HR file only,
it will stay secure on the separate server till the moment it will be deleted (which take place every 2 days),
and only HR people will have access to it.

Please send your answer to my secured email job@jobusagov.com
I will reply you personally as soon as possible.

Sincerely,
Bert

Advanced Tech Inc~ advanced-techinc.cc
Advanced Tech Inc~ advanced-techinc.net/company/manage
Advanced Tech Inc~ advanced-techinc.org/company/manage
Art Yard Limited~ art-yard-ltd.net/company/manage
Art Yard Limited~ art-yard-uk.com/company/manage
Art Yard Limited~ art-yard-ltd.org/company/manage
Artari Ltd artari-uk.com/company/manage
Artcolors Ltdartcolors-ltd.com/company/manage
Artcolors Ltd artcolors-ltd.net/company/manage
Artcolors Ltd artcolors-ltd.org/company/manage
Benkroft Italia S.r.l.~ benkroft-italia.biz/company/manage
Benkroft Italia S.r.l~ benkroft-italia.com/company/manage
Benkroft Italia S.r.l.~ benkroft-italia.net/company/manage
Bestway Solutions Limited bestway-solutions.com/company/manage
Bestway Solutions Limited bestway-solutions.net/company/manage
Capital Business Systems Inc capital-business-systems.biz/company/manage
Capital Business Systems Inc http://capitalbusiness-systems.com/company/manage
Capital Business Systems Inc http://us-capital-business.net/company/manage
Capital-One Outsourcing Inc http://capitalone-outsourcing.net/company/manage
Capital-One Outsourcing Inc http://usacapital-oneoutsourcing.biz/company/manage
Capital-One Outsourcing Inc http://usa-capital-one-outsourcing.com/company/manage
Countrywide Financial Inc http://countrywide-financial-usa.biz/company/manage
Countrywide Financial Inc http://country-wide-financialusa.com/company/manage
Countrywide Financial Inc http://usa-countrywide-financial.net/company/manage
Equity Technology Partners Inc http://equitytech-partners.cc/company/manage
Equity Technology Partners Inc http://equity-techpartners.com/company/manage
Equity Technology Partners Inc http://equitytech-partners.net/company/manage
FBF Services Inc http://fbf-services.org/company/manage
FBF Services Inc http://fbf-services.net/company/manage
Feature Solutions Limited http://feature-solutionuk.org/company/manage
Feature Solutions Limited http://ukfeature-solutions.com/company/manage
Financeheads Ltd http://financeheads.com/company/manage
Financial-Futures Limited http://finacial-futures.net/company/manage
Finmar International Limited http://finmarintltd.cc/company/manage
Finmar International Limited http://finmarint-ltd.com/company/manage
Finmar International Limited http://finmarint-ltd.net/company/manage
Fintech Innovation Program Ltd http://fintech-inprogram.net/company/manage
Fintech Innovation Program Ltd http://fintechin-program.com/company/manage
Fintech Innovation Program Ltd http://fintechin-program.org/company/manage
Five Company http://new-source-unlimited.biz/company/manage
Fuelsave Solutions Ltd (stolen identity) http://fuelsave-solutionuk.org/company/manage
Fuelsave Solutions Ltd (stolen identity) http://ukfuelsave-solution.biz/company/manage
Fuelsave Solutions Ltd (stolen identity) http://ukfuelsave-solution.com/company/manage
Global-Tech Solutions Inc http://global-techsolution.net/company/manage
Global-Tech Solutions Inc http://global-techsolution.biz/company/manage
Group Holdings Ltd http://groupholdings-ltd.biz/company/manage
Group Holdings Ltd http://groupholdings-ltd.com/company/manage
Group Holdings Ltd http://groupholdings-ltd.net/company/manage
Information Technology Made Easy Limited http://it-made-easy-limited.com/company/manage
Information Technology Made Easy Limited http://it-made-easy-ltd.net/company/manage
International Group Inc http://us-internationalgroup.biz/company/manage
International Group Inc http://us-internationalgroup.com/company/manage
Internet Resources Inc http://internetresources-us.biz/company/manage
Internet Resources Inc http://internetresources-us.com/company/manage
Internet Resources Inc http://internetresources-us.net/company/manage
IT Genies Limited http://it-genies-limited.com/company/manage
IT Genies Limited http://it-genies.net/company/manage
IT-Global Services Limited http://itglobalserv-ltd.biz/company/manage
IT-Global Services Limited http://itglobalserv-ltd.com/company/manage
IT-Global Services Limited http://itglobalserv-ltd.net/company/manage
IT-Merge Ltd http://it-merge-ltd.com/company/manage
IT-Merge Ltd http://it-merge.net/company/manage
IT-Outsource Marketing Inc http://outsourcemarketing-us.biz/company/manage
IT-Outsource Marketing Inc http://outsource-marketing-us.com/company/manage
IT-Outsource Marketing Inc http://outsourcemarketing-us.net/company/manage
IT-Professionals Group Inc http://itprofessionals-group.com/company/manage
IT-Professionals Group Inc http://itprofessionals-group.net/company/manage
IT-Solutions Inc http://it-solutions-inc.net/company/manage
IT-Solutions Inc http://it-solutions-inc.biz/company/manage
IT-System Italia S.r.l. http://itsystemitalia.com/company/manage
IT-System Italia S.r.l. http://itsystemitalia.biz/company/manage
IT-System Italia S.r.l. http://itsystemitalia.cc/company/manage
IT-Systems and Communications Inc http://systems-and-communications.com/company/manage
IT-Systems and Communications Inc http://systems-and-communications.net/company/manage
JT Solutions Inc http://jtsolutionsinc.biz/company/manage
JT Solutions Inc http://jtsolutions-inc.com/company/manage
JT Solutions Inc http://jtsolutionsinc.net/company/manage
Labbarra Holdings Limited http://labbarra-holdings.com/company/manage
Labbarra Holdings Limited http://labbarra-holdingsuk.net/company/manage
Legal & General Group Plc http://legalgeneralgroup-plc.com/company/manage
Legal & General Group Plc http://legalgeneralgroup-plc.net/company/manage
Mabcom Limited http://mabcomuk.com/company/manage
Media Finance Limited http://media-finance-uk.biz/company/manage
National Express Holdings Ltd http://national-express-holdings.biz/company/manage
National Express Holdings Ltd http://national-express-holdingsuk.com/company/manage
National Express Holdings Ltd http://national-express-holdingsuk.net/company/manage
Neopro Inc http://neopro-inc.biz/company/manage
Neopro Inc http://neopro-inc.com/company/manage
Neopro Inc http://neopro-inc.net/company/manage
New Outsourcing Italia S.r.l. http://new-outsourcing-italia.org/company/manage
New Outsourcing Italia S.r.l. http://new-outsourcing-italia.com/company/manage
New Outsourcing Italia S.r.l. http://new-outsourcing-italia.biz/company/manage
Next Age Italia S.r.l. http://nextage-italia.org/company/manage
Next Age Italia S.r.l. http://nextage-italia.com/company/manage
Next Age Italia S.r.l. http://nextage-italia.biz/company/manage
Novatex Finanze S.r.l. http://novatex-finanze.biz/company/manage
Novatex Finanze S.r.l. http://novatex-finanze.com/company/manage
Novatex Finanze S.r.l. http://novatex-finanze.net/company/manage
Outsource Consulting Inc http://outsource-consultingus.biz/company/manage
Outsource Consulting Inc http://outsource-consultingus.com/company/manage
Outsource Consulting Inc http://outsource-consultingus.net/company/manage
Personal Touch Inc http://personaltouch-us.com/company/manage
Personal Touch Inc http://personaltouch-us.net/company/manage
Premier IT Group Limited http://premier-group-ltd.com/company/manage
Premier IT Group Limited http://premier-group-ltd.net/company/manage
Premier IT Group Limited http://premier-group-ltd.org/company/manage
Primary International Holdings Ltd http://primary-internationalltd.biz/company/manage
Primary International Holdings Ltd http://primary-international.com/company/manage
Primary International Holdings Ltd http://primary-internationalltd.net/company/manage
Primetech Global Limited http://primetech-global.cc/company/manage
Primetech Global Limited http://primetech-global.net/company/manage
Rightech Limited http://rightech-uk.com/company/manage
Sabi-Consulting S.r.l. http://sa-consulting.biz/company/manage
Sabi-Consulting S.r.l. http://sa-consulting.cc/company/manage
Sabi-Consulting S.r.l. http://sabi-consulting.com/company/manage
Seico Servizi S.r.l. http://seicoservizi.biz/company/manage
Seico Servizi S.r.l. http://seicoservizi.com/company/manage
Seico Servizi S.r.l. http://seicoservizi.net/company/manage
Service Tech Inc http://servicetech-inc.org/company/manage
Terza Finanze S.r.l. http://terzafinanze.biz/company/manage
Terza Finanze S.r.l. http://terzafinanze.com/company/manage
Terza Finanze S.r.l. http://terzafinanze.net/company/manage
The Leveaux Group Inc http://leveauxgroupinc.biz/company/manage
The Leveaux Group Inc http://leveauxgroupinc.com/company/manage
Transaction Innovations Inc http://transaction-innovations.net/company/manage
Transaction Innovations Inc http://transaction-innovations.org/company/manage
UK Access Group Ltd http://uk-accessgroup.com/company/manage
UK Access Group Ltd http://uk-accessgroup.net/company/manage
UK Access Group Ltd http://uk-accessgroup.org/company/manage
Wireless Generation Inc http://wirelessgenerationinc.biz/company/manage
Wireless Generation Inc http://wirelessgenerationinc.net/company/manage
Zero Consulting S.r.l. http://zeroconsultingsrl.biz/company/manage
Zero Consulting S.r.l. http://zeroconsultingsrl.cc/company/manage
Zero Consulting S.r.l. http://zeroconsultingsrl.com/company/manage
italia-lavorare.com
lavoro-it.com
trade-outsource.com
warszawapraca.com
usa-findjob.com
medshorediet.com
hotalibre.com
wickedpl.com
eventlore.net
elcacareo.net
washin-factory.net
australia-attractions.net
conawaystrickler.net
myjapanjob.com
karrierede.com
seekcousa.com or
seekconz.com
JOBINHUNGARY.COM
googleapps-works.com
googleapps-work.com
googleapps-career.com
googleapps-consult.com
googleapps-jobs.com
googleapps-offer.com
googleapps-cz.com
googleapps-espana.com
googleapps-euro.com
googleapps-us.com
googleapps-usa.com
googleapps-pl.com
googleapps-work.com
googleapps-japan.com
googleapps-italy.com
googleapps-ro.com
googleapps-nl.com
googleapps-spain.com
googleapps-gb.com
googleapps-greece.com
googleapps-group.com
googleapps-japan.com
googleapps-nz.com
googleapps-offer.com
googleapp-consult.com
carrer-trade.com
us-trades.com
worlds-trade.com
google-trade.com
trades-consult.com
googletrade-usa.com
google-usatrade.com
careerin-google.com
google-lavorare.com
works-google.com
consult-google.com
consulting-google.com
apple-praca.com
careerin-mac.com‎
apple-euro.com
job-in-apple.com
jobin-apple.com
jobin-usa.com
jobin-za.com
jobin-google.com
jobin-yahoo.com
job-italia.com
job-newzealand.com
job-greece.com
arbeiten-de.com
munca-bucuresti.com
romania-work.com
outsourcing-lavoro.com
outsourcing-consult.com
jobs-consult.com
germanysjob.com
jobmark-eu.com
worlds-diploms.com
quarter.su
consolidated-holdingsuk.biz
consolidated-holdingsuk.com
consolidated-holdingsuk.net
itg-solutions-ltd.com
itg-solutions-ltd.org
itg-solutions-uk.net

WhoIs SECURETHOUGHT.NET

The Purpose of this post is to ALERT you that the job you are about to apply for orscamalert may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of an individual or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK  or OFFSHORE BANK ACCOUNT.

 Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained 
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

  1. italia-lavorare.com
  2. lavoro-it.com
  3. trade-outsource.com
  4. warszawapraca.com
  5. usa-findjob.com
  6. medshorediet.com
  7. hotalibre.com
  8. wickedpl.com
  9. eventlore.net
  10. elcacareo.net
  11. washin-factory.net
  12. australia-attractions.net
  13. conawaystrickler.net
  14. myjapanjob.com
  15. karrierede.com
  16. seekcousa.com or
  17. seekconz.com
  18. JOBINHUNGARY.COM
  19. googleapps-works.com
  20. googleapps-work.com
  21. googleapps-career.com
  22. googleapps-consult.com
  23. googleapps-jobs.com
  24. googleapps-offer.com
  25. googleapps-cz.com
  26. googleapps-espana.com
  27. googleapps-euro.com
  28. googleapps-us.com
  29. googleapps-usa.com
  30. googleapps-pl.com
  31. googleapps-work.com
  32. googleapps-japan.com
  33. googleapps-italy.com
  34. googleapps-ro.com
  35. googleapps-nl.com
  36. googleapps-spain.com
  37. googleapps-gb.com
  38. googleapps-greece.com
  39. googleapps-group.com
  40. googleapps-japan.com
  41. googleapps-nz.com
  42. googleapps-offer.com
  43. googleapp-consult.com
  44. carrer-trade.com
  45. us-trades.com
  46. worlds-trade.com
  47. google-trade.com
  48. trades-consult.com
  49. googletrade-usa.com
  50. google-usatrade.com
  51. careerin-google.com
  52. google-lavorare.com
  53. works-google.com
  54. consult-google.com
  55. consulting-google.com
  56. apple-praca.com
  57. careerin-mac.com‎
  58. apple-euro.com
  59. job-in-apple.com
  60. jobin-apple.com
  61. jobin-usa.com
  62. jobin-za.com
  63. jobin-google.com
  64. jobin-yahoo.com
  65. job-italia.com
  66. job-newzealand.com
  67. job-greece.com
  68. arbeiten-de.com
  69. munca-bucuresti.com
  70. romania-work.com
  71. outsourcing-lavoro.com
  72. outsourcing-consult.com
  73. jobs-consult.com
  74. germanysjob.com
  75. jobmark-eu.com
  76. worlds-diploms.com
  77. quarter.su
  78. airnavrace.net
SECURETHOUGHT.NET – Domain Informationnew
Domain SECURETHOUGHT.NET   [ Site Info  Traceroute  RBL/DNSBL lookup ]
Registrar TUCOWS DOMAINS INC.
Registrar URL http://domainhelp.opensrs.net
Whois server whois.tucows.com
Created 28-Feb-2014
Updated 28-Feb-2014
Expires 28-Feb-2015
Time Left 331 days 16 hours 51 minutes
Status ok
DNS servers NS1.SECURETHOUGHT.NET   165.98.133.60
NS2.SECURETHOUGHT.NET   221.20.31.154
SECURETHOUGHT.NET – Whois Information
Domain Name: SECURETHOUGHT.NET
Registry Domain ID: 1848556733_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2014-02-28 06:40:36
Creation Date: 2014-02-28 10:06:08
Registrar Registration Expiration Date: 2015-02-28 10:06:08
Registrar: TUCOWS, INC.
Registrar IANA ID: 69
Registrar Abuse Contact Email: domainabuse@tucows.com
Registrar Abuse Contact Phone: +1.416-535-0123
Domain Status: ok
Registry Registrant ID: 
Registrant Name: Donna Duffin
Registrant Organization: Donna Duffin
Registrant Street: 12994 Spring Lake Dr
Registrant City: COOPER CITY
Registrant State/Province: FL
Registrant Postal Code: 33330-2749
Registrant Country: US
Registrant Phone: +1.954-434-9033
registrant Email: haveacupoft@gmx.us

Registry Admin ID: 
Admin Name: Donna Duffin
Admin Organization: Donna Duffin
Admin Street: 12994 Spring Lake Dr
Admin City: COOPER CITY
Admin State/Province: FL
Admin Postal Code: 33330-2749
Admin Country: US
Admin Phone: +1.9544349033
Admin Email: haveacupoft@gmx.us

Registry Tech ID: 
Tech Name: System Administrator
Tech Organization: Lunarpages
Tech Street: 1360 N. Hancock St.
Tech City: Anaheim
Tech State/Province: CA
Tech Postal Code: 92807
Tech Country: US
Tech Phone: +1.714-521-8150
Tech Email: hostmaster@lunarpages.com

Name Server: NS1.SECURETHOUGHT.NET
Name Server: NS2.SECURETHOUGHT.NET
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2014-02-28 06:40:36

WhoIs (AS34109) cb3rob.net aka CYBERBUNKER?

Based on the recent comment posted below, it is compelling to provide some perspectives as to how we dotted the lines to Cyberbunker.com.

To begin with, the website http://potentialpredators.com caught our attention and we begun an investigative online monitoring and reporting of site.

http://scamfraudalert.org/2012/09/20/whois-potential-predators-www-potentialpredators-com/

The site operators immediately engaged in a series of scam tactics including name changes

http://PredatorsWatch.com The Leading Predators Watch Site on the Net and movement of sites to various hosts.
Below are some of the sites erected to discredit scamFRAUDalert and detract online vistors.

  1. https://www.youtube.com/watch?v=qUvqoM9ZDTY
  2. Better Business Bureau – Disconnected Phone number: A 866 number SFA perviously owned and had disconnected:
  3. A site we are suspicious of is the DatingJudge.com
  4. Isiah Factor – FOX NEWS REPORTER

Cyberbunker ended up hosting site. Based on researched work we done online, we had knowledge of cyberbunker operations. This web host provide a SAFE HAVEN FOR CYBERCRIMINALS.

This is a very powerful and dangerous group of individuals and in our opinion, they should not be taken lightly.

predatorswatch

cyberbunker

cyberbunker2

AS34109
AS51787
CB3ROB LTD.
CB3ROB LTD. & Co. KG
CyberBunker and affiliates

Address lookup
lookup failed http://www.cb3rob.net

Could not find an IP address for this domain name.
Domain Whois record

Queried whois.internic.net with “dom cb3rob.net”…

Domain Name: CB3ROB.NET
Registrar: CSL COMPUTER SERVICE LANGENBACH GMBH D/B/A JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com

Name Server: NS1.CB3ROB.NET
Name Server: NS2.CB3ROB.NET

Status: clientHold
Updated Date: 21-mar-2013
Creation Date: 04-jan-1999
Expiration Date: 04-jan-2016

Last update of whois database: Fri, 07 Mar 2014 15:27:56 UTC
Queried whois.joker.com with “cb3rob.net”…

Domain Name: cb3rob.net
Registry Domain ID: 5161181_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.joker.com
Registrar URL: http://joker.com/

Updated Date: 2013-03-21T08:35:20Z
Creation Date: 1999-01-04T00:00:00Z

Registrar Registration Expiration Date: 2016-01-04T05:00:00Z
Registrar: CSL Computer Service Langenbach GmbH d/b/a joker.com
Registrar IANA ID: 113
Registrar Abuse Contact Email: abuse@joker.com
Registrar Abuse Contact Phone: +49.21186767447
Domain Status: clientHold

Registry Registrant ID: CNET-584239
Registrant Name: CB3ROB Hostmaster
Registrant Organization: CB3ROB Ltd. & Co. KG
Registrant Street: Koloniestrasse 34
Registrant City: BERLIN
Registrant Postal Code: D-13359
Registrant Country: DE
Registrant Phone: +31.878747479
Registrant Email: hostmaster@cb3rob.net

Registry Admin ID: CNET-73324
Admin Name: CB3ROB Hostmaster
Admin Organization: CB3ROB Ltd. & Co. KG
Admin Street: Koloniestrasse 34
Admin City: BERLIN
Admin Postal Code: D-13359
Admin Country: DE
Admin Phone: +31.878747479
Admin Email: hostmaster@cb3rob.net

Registry Tech ID: CNET-73324
Tech Name: CB3ROB Hostmaster
Tech Organization: CB3ROB Ltd. & Co. KG
Tech Street: Koloniestrasse 34
Tech City: BERLIN
Tech Postal Code: D-13359
Tech Country: DE
Tech Phone: +31.878747479
Tech Email: hostmaster@cb3rob.net

Name Server: ns1.cb3rob.net 84.22.96.10 2a02:880:0:a::1337
Name Server: ns2.cb3rob.net 84.22.97.10 2a02:880:0:b::1337
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2014-03-07T15:28:29Z <<<
Query Time: 0.012433
Query Source: 64.79.168.170
WHOIS Source: joker.com live whois service

Related Article:

  1. KrebsnonSccurity – Cyberbunker.com
  2. Dynamoo’s Blog – A Champion of Free Speech or A Spammer?

Neiman Marcus Data Hacked

Reports online says Neiman Marcus Data Hacked. This is the second cyber data hacked we’ve heard about in recent days. Target was hacked over the Thanksgivings Day weekend so we now know Texas base Neiman.

This is a growing problem as we witnessed in the 1980’s and 1990’s, terrorism. Governments around the world need to DECLARE WAR on cybercrime and aggressive prosecute those who are engage in such activities.

Related Articles:

WhoIs archierichardson.com

In their campaign to discredit their adversaries and Fraud Alertcritics, cyber-criminals have embarked on a campaign of populating the internet with FALSE information.
A Growing Threat To The Global Internet Infrastructure

_______________________

The sad and unfortunate part of this saga, reputable companies are aiding these activities. Godaddy.com which is own by Kohlberg Kravis Roberts (KKR), Silver Godaddy2Lake and Technology Crossover Ventures appears to turn a blind eye.

from: contentcomplaints@godaddy.com
to: scamfraudalert@gmail.com
date: Tue, Feb 19, 2013 at 12:18 PM
subject: RE: ArchieRichardson.com
mailed-by: godaddy.com
: Important mainly because of the people in the conversation.

On Tue, Feb 19, 2013 at 12:18 PM, <contentcomplaints@godaddy.com> wrote:

Dear scamFRAUDalert,

Thank you for contacting GoDaddy.com.
GoDaddy.com does not allow illegal content on our customer’s websites. However, as a hosting provider, it is not our place to determine if the site you have mentioned is actually engaging in illegal activities.
GoDaddy.com regularly works with courts and law enforcement from the local to the international level. If you suspect any of our customers are using their website to engage in any illegal activities, please help us by contacting your local law enforcement agency, and request them to investigate this situation.
Law enforcement can contact us at Abuse@GoDaddy.com if they need the website(s) taken down, or if they need more information pursuant to an investigation. We have a long-standing history of cooperation with law enforcement and the courts.
If you find that you are unable to contact the registrant because the contact information given on the Whois database is invalid, please write to invalidwhois@secureserver.net and let them know.
Regards,
Content Abuse Team
GoDaddy.com
complaint_________________________

Address lookup
canonical name archierichardson.com

aliases
addresses 97.74.141.128
Domain Whois record

Queried whois.internic.net with “dom archierichardson.com”…

Domain Name: ARCHIERICHARDSON.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS37.DOMAINCONTROL.COM
Name Server: NS38.DOMAINCONTROL.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 24-dec-2013
Creation Date: 23-dec-2012
Expiration Date: 23-dec-2014

Last update of whois database: Tue, 31 Dec 2013 21:46:05 UTC
Queried whois.godaddy.com with “archierichardson.com”…

UK Redstation – Complaint

Money Mules/Malwares Hosting Provider A sanctuary For Cybercriminals

This  hosting company (data center) is hosting several of the money mule  and malwares sites we are encountering.scamalert
IP 109.73.77.82 = AS35662 = REDSTATION Redstation Limited

Postal address:
Redstation Limited
2 Frater Gate Business Park
Aerodrome Road
Gosport
Hampshire
PO13 0GW
UNITED KINGDOM

Telephone:
Enquiries: 0800 622 6655
24/7 Support: 0800 987 5640
International Enquiries: +44 1329 828224
International Support: +44 1329 243123

Name Server: NS1.MERXS.SU
Name Server: NS2.WERMO.SU
Name Server: NS3.MARSO.CC

This slideshow requires JavaScript.

Calling from abroad

From overseas please call us on +44 1329 828224 or for technical support call +44 1329 243123

To discuss your requirements call us on: 0800 622 6655 or email sales@redstation.com

Address lookup

canonical name http://www.redstation.com

aliases
addresses 149.3.142.10

Domain Whois record
Queried whois.internic.net with “dom redstation.com

Domain Name: REDSTATION.COM
Registrar: TUCOWS DOMAINS INC.

Whois Server: whois.tucows.com

Referral URL: http://domainhelp.opensrs.net
Name Server: DNS1.REDSTATION.CO.UK
Name Server: DNS2.REDSTATION.CO.UK

Status: clientTransferProhibited
Status: clientUpdateProhibited

Updated Date: 15-oct-2010
Creation Date: 21-sep-1999
Expiration Date: 21-sep-2020

Last update of whois database: Sat, 15 Jun 2013 00:45:19 UTC
Queried whois.tucows.com with “redstation.com”…

Registrant:
RACKCENTRE LIMITED
Wentworth House
4400 Parkway
Whiteley, Hampshire PO15 7FJ
GB

Domain name: REDSTATION.COM
Administrative Contact:
Admin, DNS admin@redstation.com
2 Frater Gate Business Park
Aerodrome Road
Gosport, Hampshire PO13 0GW
GB
+44.1329828224

Technical Contact:
Administrator, DNS admin@redstation.com
2 Frater Gate Business Park
Aerodrome Road
Gosport, Hampshire PO13 0GW
GB
+44.1329828224

Registration Service Provider:
Redstation Limited, admin@redstation.com
+44 1329 828224
http://www.redstation.com
Registrar of Record: TUCOWS, INC.
Record last updated on 12-Jun-2013

Record expires on 21-Sep-2020
Record created on 21-Sep-1999

Registrar Domain Name Help Center:
http://tucowsdomains.com

Domain servers in listed order:
DNS1.REDSTATION.CO.UK
DNS2.REDSTATION.CO.UK

Domain status: clientTransferProhibited

clientUpdateProhibited

Network Whois record
Queried whois.ripe.net with “-B 149.3.142.10″…

Information related to ‘149.3.142.8 – 149.3.142.11’

Abuse contact for ‘149.3.142.8 – 149.3.142.11’ is ‘abuse@redstation.com’

inetnum: 149.3.142.8 – 149.3.142.11

netname: REDSTATIONWEB
descr: Redstation Limited
descr: Web Server Network

country: GB
admin-c: RA1415-RIPE
tech-c: RA1415-RIPE
status: ASSIGNED PA
remarks: ABUSE REPORTS: abuse@redstation.com

mnt-by: REDSTATION-MNT
mnt-domains: REDSTATION-MNT
mnt-routes: REDSTATION-MNT

changed: ripe-admin@redstation.com 20110928
source: RIPE

role: Redstation Admin Role
address: Redstation Limited
address: 2 Frater Gate Business Park
address: Aerodrome Road
address: Gosport
address: Hampshire
address: PO13 0GW
address: UNITED KINGDOM

abuse-mailbox: abuse@redstation.com
e-mail: ripe-admin@redstation.com

admin-c: KMAC-RIPE
tech-c: PA5242-RIPE
nic-hdl: RA1415-RIPE
mnt-by: REDSTATION-MNT
changed: ripe-admin@redstation.com 20080625
source: RIPE

Information related to ‘149.3.140.0/22AS35662
route: 149.3.140.0/22

descr: FTIP002960302 Redstation Limited
origin: AS35662

mnt-by: REDSTATION-MNT
changed: kevinmcardle@redstation.com 20110725
source: RIPE

% This query was served by the RIPE Database Query Service version 1.66.3 (WHOIS3)

DNS records
name class type data time to live
http://www.redstation.com IN A 149.3.142.10 60s (00:01:00)
redstation.com IN A 149.3.142.10 60s (00:01:00)
redstation.com IN NS dns2.redstation.co.uk 60s (00:01:00)
redstation.com IN NS dns1.redstation.co.uk 60s (00:01:00)
redstation.com IN SOA

server: dns1.redstation.co.uk
email: admin@redstation.co.uk
serial: 158
refresh: 300
retry: 600
expire: 600
minimum ttl: 60
60s (00:01:00)
redstation.com IN MX
preference: 5
exchange: mail.redstation.com
60s (00:01:00)

redstation.com IN TXT v=spf1 ip4:80.84.48.0/23 a mx include:redstationmail.co.uk -all 60s (00:01:00)

10.142.3.149.in-addr.arpa IN PTR http://www.redstation.com 3600s (01:00:00)
142.3.149.in-addr.arpa IN SOA

server: dns3.redstation.co.uk
email: admin@redstation.co.uk

serial: 2007071361
refresh: 1200
retry: 600
expire: 1728000
minimum ttl: 3600
3600s (01:00:00)
142.3.149.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 10800 (03:00:00)
signature expiration: 2013-06-24 20:00:12Z
signature inception: 2013-06-14 20:00:12Z
key tag: 3017
signer’s name: 149.in-addr.arpa
signature:
(1024 bits)

382516B2216BDE33D981DCEDA76B87DD
1974F44B93E982D05DE48AAE9F5C72F8
766283F9AE625E7F88073A23F55201BD
23BB04DF6B49F068A74F989095785E57
90C88856976CD6DC3E926624FF522AF4
4DD68AE7CF785FB5600F7C0B05273B2B
BBDDD9712CDB6AB79C74862B2044AF8E
306AF43B46176656953F00F1210E8C7D

10800s (03:00:00)
142.3.149.in-addr.arpa IN NSEC
next domain name: 143.3.149.in-addr.arpa
record types: NS RRSIG NSEC
10800s (03:00:00)
142.3.149.in-addr.arpa IN NS dns3.redstation.co.uk 3600s (01:00:00)
142.3.149.in-addr.arpa IN NS dns2.redstation.co.uk 3600s (01:00:00)

Traceroute
Tracing route to http://www.redstation.com [149.3.142.10]
hop rtt rtt rtt ip address fully qualified domain name
1 1 1 1 70.84.211.97 61.d3.5446.static.theplanet.com
2 1 0 0 70.87.254.5 po101.dsr02.dllstx5.networklayer.com
3 122 3 1 70.85.127.109 po52.dsr02.dllstx3.networklayer.com
4 0 0 0 173.192.18.230 ae17.bbr02.eq01.dal03.networklayer.com
5 20 20 20 173.192.18.135 ae1.bbr01.tl01.atl01.networklayer.com
6 33 33 33 173.192.18.152 ae0.bbr01.eq01.wdc02.networklayer.com
7 34 38 53 173.192.18.195 ae7.bbr02.eq01.wdc02.networklayer.com
8 113 113 113 50.97.18.215 ae0.bbr01.eq01.ams02.networklayer.com
9 189 222 211 195.69.147.48
10 114 114 114 109.200.17.234 34-17-200-109.rackcentre.redstation.net.uk
11 120 119 120 109.200.17.250 50-17-200-109.rackcentre.redstation.net.uk
12 114 114 114 149.3.142.10 http://www.redstation.com
Trace complete

— end —

Related Article:

Wells Fargo Phishing Email

From WELLS FARGO Mon Nov 11 13:59:58 2013
X-Apparently-To: scamFRAUDalert via 98.138.213.179; Mon, 11 Nov 2013 wells fargo222:00:00 +0000
Return-Path: info@bankvrn.ru
X-YahooFilteredBulk: 120.151.242.178
Received-SPF: fail (domain of bankvrn.ru does not designate 120.151.242.178 as permitted sender)
X-YMailISG: 1Yep.lEWLDsXgrOpSEKUf5OEnWDJEFSDrmEsJ09aBSDZnGMd
sMABUzaicqE0asp.MQL1KH78J2ySaSVU31._sTn9ijwxl3uQco_bgVIP.oGY
3neQ7FUtHr4ZkNEX64FOIsb2oVDYpF4N9L4cBIcIzqh_zSyShbjXTqzgxIsQ
wTxhHfy2V9O5AYJS4wh0fjoflJ5a0ue57FB9IMJCLKxbRT2KOJrum3GrQcTO
QeZoWTeXceZC1jSd3h_hB5tkekUMa7G3b5Jfxlrez9E6gCHl1MGpQFkeQvHe
Zk8oBK0ru5ac7ySDIGRDhtqLWXyrUvOUF4h5ct3Wtn9mR9Z1mZicypYgJxrB
i_yoz53CQxeAZ235sAZ2jaWwX9euRo6Q2FpPvTyqa72JxErtnnwDw8uXY.ao
c4wyEWNYDw36R08OugbQLt6wx7DBx1wYrCeTS.bGWbm4lXUCYqQRnTDENOut
r00pewFTZLoeL1_MfzNxOIga6_nUDMd8vM9mqLo9__aH8esKw8r6oCQcF4SX
ro56umVscC1IhMeYVOlxO2h0m6IepKU5ni6Tl3pGFiKUUmOiS6lEGhnm.sfr
cch1NhGKU8LZcAW9fJn7JoiZwzA.XEi5GTMppVoC6NPEBj__EYJ_b0v5MtOS
EnG2KdotDqaKGw2OUVCasyHzAKj_9vN4wqB3eU1FJL4yk0YrgS_qM33WUuur
35PCUvmxm5wxA_ymix5CFZkTj0yob885JJyfmsAcHsZEJNm_1MShxMg.ImqL
ObrxBZpgbkj1NUoMgRsn7ydD5UAjaoMfmLhCz92_8ZHL72OtdAYXIt0WMIec
2UWhgaLvJvgyEPAHM4ZRbvUox.NuIbrmWTgKFOkj7wxRlZLkL_iYiQGLYOXL
i.XxV.porBI8pCPQTs4GJFZuNFLhMRyMXVH1OKZ47lC2loY3O6sbQ4aPahVD
K1LiRZX3MfZT3rGvTciMxQPZUOZIT5JNbnowgrO5yO1htfAAwM1tf6LThF5d
9tElzcGg0WLWN6UqN1WSXAeLqpKJlgukusBJnhD0YQ5fwYWYyIMmuqk3CubZ
qJiTegdLNEPs0kaUplcIE6tB_GjgCfUIbsn9clcJrIlr3c.BS10OiK2Gto5j
KoPDFhjup61yTVp6KtmU3Yp5IChmICG89EQ8r9fg6vIBqtLtIzBagPxNzOYA
zM11EJaQ8t6nFqqZrghOQC1LSctVsudvxCND69SEzWsml0tlLBWE.A6W_EEB
n3oNAVGCJYX63t1y.OWWKGYmlMjz_Lqps.4iUb8o3uOS.qFl6p6S2vSoKSnh
.qaQzI3k3lajbbC4pDJcIm6GXd3A
X-Originating-IP: [120.151.242.178]
Authentication-Results: mta1079.sbc.mail.ne1.yahoo.com from=; domainkeys=neutral (no sig); from=bankvrn.ru; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO velvet3.lnk.telstra.net) (120.151.242.178)
by mta1079.sbc.mail.ne1.yahoo.com with SMTP; Mon, 11 Nov 2013 22:00:00 +0000
Received: from [94.33.186.5] (account autokredit@gmail.com HELO rqpagecng.xxwjecxmscvirdr.biz)
by velvet3.lnk.telstra.net (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 382842493 for xxxxxxx; Tue, 12 Nov 2013 07:59:58 +1000
Date: Tue, 12 Nov 2013 07:59:58 +1000
From: “WELLS FARGO” info@bankvrn.ru
X-Mailer: The Bat! (v3.0.1.33) Educational
X-Priority: 3 (Normal)
Message-ID:8583197384.NL7UZE5A940258@vebnr.cdxzpwl.tv
To: scamFRAUDalert
Subject: Wells Fargo Advisors
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary=”———-A09F4B5FBB5ED1A”
Content-Length: 25084

Email header analysis report
All valid IP Addresses found in the header.
Ip Address 3rd Party Info Provider City Flag Country
* 3.0.1.33 Check 3.0.1.33 at Senderbase.org Check 3.0.1.33 at Reputationauthority.org General Electric Company Fairfield United States
94.33.186.5 Check 94.33.186.5 at Senderbase.org Check 94.33.186.5 at Reputationauthority.org Tiscali Spa n/a Italy
120.151.242.178 Check 120.151.242.178 at Senderbase.org Check 120.151.242.178 at Reputationauthority.org Telstra Internet Brisbane Australia
98.138.213.179 Check 98.138.213.179 at Senderbase.org Check 98.138.213.179 at Reputationauthority.org Yahoo Sunnyvale United States

*Probable originating IP address

Please review attached documents.

Chloe_Milson
Wells Fargo Advisors
817-559-4662 office
817-358-9011 cell Chloe_Milson@wellsfargo.com

Investments in securities and insurance products are:
NOT FDIC-INSURED/NO BANK-GUARANTEES/MAY LOSE VALUE Wells Fargo Advisors, LLC is a nonbank affiliate of Wells Fargo & Company, Member FINRA/SIPC.
1 North Jefferson, St. Louis, MO 63103

CONFIDENTIAL NOTICE: The contents of this message, including any attachments, are confidential and are intended solely for the use of the person or entity to whom the message was addressed. If you are not the intended recipient of this message, please be advised that any dissemination, distribution, or use of the contents of this message is strictly prohibited. If you received this message in error, please notify the sender. Please also permanently delete all copies of the original message and any attached documentation. Thank you.

WhoIs ~ www1.clicksensational.com

Money Mule eco-system 1
Money Mule eco-system 2
190.120.229.99 www1.clicksensational.com

outscourcing-planet

Announced By
Origin AS Announcement Description
AS26272 190.120.224.0/20 Infolink Panama Corp
AS26272 190.120.228.0/22 Infolink Panama Corp

Address has 29 hosts associated with it.

https://route.robtex.com/190.120.229.0-24.html#netmap

190.120.229.0/24

We have 206 A records and 119 PTR records in this network. Six percent of the A records have corresponding PTR records and ten percent of the PTR records have corresponding A records.

Network Map
0.0.0.0/0
Network
IANA-BLK The whole IPv4 address space
admin-c: IANA1-AFRINIC
country: EU # Country is really world wide
descr: The whole IPv4 address space
inetnum: 0.0.0.0 – 255.255.255.255
mnt-by: AFRINIC-HM-MNT
mnt-lower: AFRINIC-HM-MNT
netname: IANA-BLK
org: ORG-IANA1-AFRINIC
remarks: The country is really worldwide.
This address space is assigned at various other places in
the world and might therefore not be in the RIPE database.
data has been transferred from RIPE Whois Database 20050221
source: AFRINIC # Filtered
status: ALLOCATED UNSPECIFIED
tech-c: IANA1-AFRINIC
BGP announced by
128.0.0.0/2
BGP announced by
190.120.224.0/20 Infolink_190-120-224-0-BLOCK
BGP announced by
Registered route from

Location Panama

190.120.228.0/22

Network

PA-IPCO3-LACNIC Infolink Panama Corp.
abuse-c: MIA17
address: APDO 0832-2745, –, Suite 152, World Trade C
0832-2745 – Panama – PA
changed: 20120321
country: PA
created: 20120321
inetnum: 190.120.228/22
inetnum-up: 190.120.224/20
inetrev: 190.120.228/22
nserver: NS3.FORTATRUST.COM
nslastaa: 20130727
nsstat: 20130727 AA
owner: Infolink Panama Corp.
owner-c: MIA17
ownerid: PA-IPCO3-LACNIC
phone: +507 3176046 []
responsible: Miguel Abood
status: reallocated
tech-c: MIA17

BGP announced by

Type  Hostname 
190.120.229.0 PTR mta24.wilinkmail3.net
190.120.229.1 PTR mta25.wilinkmail3.net
190.120.229.2 PTR server01.caffoartes.com.br
A webb.net.br
190.120.229.4 PTR mail.shivas01.co.cc
190.120.229.5 A besttabs-solution.com
edtabs-selection.com
perfect-onlinepharmacy.com
reliable-tablets.com
rxtabs-online.com
safe-edpills.com
trustedtablets-online.com
ultimate-pill-store.com
your-excellent-tablets.com
your-perfect-generics.com
ns1.extendedlv.com
*.trustedtablets-online.com
www.trustedtablets-online.com
190.120.229.6 PTR mail10.emktprime.com.br
190.120.229.8 PTR mail3.propaganews.com.br
190.120.229.9 PTR mail4.propaganews.com.br
190.120.229.10 PTR mail5.propaganews.com.br
190.120.229.11 A+PTR mail6.propaganews.com.br
190.120.229.12 PTR mail7.propaganews.com.br
190.120.229.13 PTR mail8.propaganews.com.br
190.120.229.16 A+PTR apcprofession.com
A jeunes-femmes-sexe.com
190.120.229.42 A femme-enculee-profond.com
190.120.229.43 PTR mail9.propaganews.com.br
A belle-gothique.com
esposa-follada-profunda.com
190.120.229.44 PTR mail10.propaganews.com.br
A cazzo-nel-culo.com
cock-in-ass.com
cock-in-the-ass.com
kogut-w-dupe.com
ns2.jorpoint.com
190.120.229.45 PTR mail11.propaganews.com.br
190.120.229.49 PTR dealsnoticedaily.com.229.120.190.in-addr.arpa
190.120.229.51 PTR dealsparktoday.com
190.120.229.52 A jetstar-airlines.com
190.120.229.56 A ns2.kikbac.com
190.120.229.61 PTR great-dating-specials.com
A azureapple.info
190.120.229.64 A+PTR shell.networkjunkies.com
190.120.229.65 PTR mail13.propaganews.com.br
190.120.229.67 PTR mktdescontos.com.br
190.120.229.68 A mail.offwhite.net
190.120.229.70 PTR smail01.textlandiamanager.com
190.120.229.71 PTR app.networksexperts.com
190.120.229.74 PTR serv74.mktdescontos.com.br
190.120.229.75 A+PTR juanin.com
190.120.229.77 A+PTR ntkernel.com
A ntndis.com
*.ntkernel.com
mail.ntkernel.com
190.120.229.78 PTR serv78.mktdescontos.com.br
190.120.229.79 PTR ns1877.hospedagemdesites.net.br
190.120.229.80 PTR www2.rewardsshere4u.com
A foreclosureangelfoundation.com
www.foreclosureangelfoundation.com
190.120.229.81 PTR pty13186.webhost10.net
190.120.229.82 PTR www.prizeshere4u.com
190.120.229.83 PTR www1.prizeshere4u.com
190.120.229.84 PTR rev1.webhost10.net
190.120.229.85 A+PTR rev2.webhost10.net
190.120.229.86 A+PTR rev3.webhost10.net
190.120.229.87 A+PTR rev4.webhost10.net
190.120.229.88 PTR mail14.propaganews.com.br
190.120.229.89 A link-building-guide.com
freakasaur.us
190.120.229.90 PTR www2.linkhere4u.com
190.120.229.91 PTR www3.linkhere4u.com
190.120.229.92 PTR www.gohere4u.com
190.120.229.93 A+PTR mail.talemail.net
A talemail.net
190.120.229.94 PTR netvalueorbiter.com
190.120.229.95 PTR mail6.marktbrasil.com.br
190.120.229.96 PTR mail11.emktprime.com.br
190.120.229.97 PTR mail7.marktbrasil.com.br
A gohonline.net
190.120.229.98 PTR www.clicksensational.com
190.120.229.99 PTR www1.clicksensational.com
A beyond-atlantis.biz
freelancersltd.biz
fundstransferalliance.biz
accounting-plus-uk.com
andromeda-uk.com
business-solution-partnerltd.com
dynamite-solutions.com
fin-advice-centre.com
accounting-plus-ltd.org
andromeda-ltd.org
bestsolutions-usa.org
business-solutionpartner-ltd.org
consult-compass-us.org
fundstransferalliance-us.org
galaxy-software-sol.org
holdings-solution.org
190.120.229.100 PTR www2.clicksensational.com
190.120.229.101 PTR mail17.propaganews.com.br
A galaxy-software-sol.cc
best-n-saveltd.com
bmc-outsourcing-inc.com
business-sol-spec.com
careerbestltd.com
corpdenhouse.com
financedrive-uk.com
freelancersltd.com
inc-londonltd.com
ramejkis.com
business-solution-spec.net
financial-advice-cen.net
financedrive-ltd.org
190.120.229.102 PTR serv102.mktdescontos.com.br
190.120.229.103 A asap-us.biz
bestsolutions-usa.biz
consult-compass-ltd.biz
biz-software.cc
infoace-ltd.com
dynamitesolutions-ltd.net
asap-us.org
beyond-atlantis-ltd.org
biz-software.org
careerbestltd.org
denhouseltd.org
incorp-london-ltd.org
incorplondonltd.org
190.120.229.104 PTR f1.servbb.com
190.120.229.106 PTR f2.servbb.com
A buffspiral.info
190.120.229.107 PTR mail3.emktprime.com.br
A coralrope.info
190.120.229.108 PTR mail4.emktprime.com.br
A forestroof.info
190.120.229.109 A+PTR f3.servbb.com
A forkspice.info
ns1.dattellix.net.ve
190.120.229.110 PTR mail5.emktprime.com.br
A gamemagnet.info
190.120.229.111 PTR www3.4utogohere.com
A rateyourcrack.com
rateyourrack.com
rateyourrear.com
rateyourrod.com
rateyoursex.com
rateyourtat.com
you-are-the-boss.com
rategateway.net
rateyourpiercing.net
rateyourrack.net
new.rateyourrack.com
www.rateyourrack.com
www.rateyourrod.com
www.rateyoursex.com
www.you-are-the-boss.com
pics.rategateway.net
190.120.229.112 PTR nosy.topdeliverysite.com
A pubtronic.com
pubtronic.net
190.120.229.113 PTR big.topdeliverysite.com
190.120.229.114 PTR angry.topdeliverysite.com
190.120.229.115 PTR cuddly.topdeliverysite.com
190.120.229.116 PTR naughty.topdeliverysite.com
190.120.229.118 PTR www.greatersuperdeals.com
190.120.229.119 PTR www1.greatersuperdeals.com
190.120.229.120 PTR www2.greatersuperdeals.com
190.120.229.121 PTR f4.servbb.com
A gehadel.com
190.120.229.122 PTR www.suprduproffer.com
190.120.229.123 PTR f5.servbb.com
190.120.229.124 A+PTR backup0.ontolo.com
190.120.229.125 PTR www3.suprduproffer.com
190.120.229.126 PTR api0.ontolo.com
190.120.229.128 PTR mail28.propaganews.com.br
190.120.229.132 PTR mail29.propaganews.com.br
190.120.229.135 PTR smail01.mobiletoolsuite.com
190.120.229.136 PTR smail52.trumpia.com
190.120.229.137 PTR ip137.soapvalues.com
190.120.229.138 PTR crunchbox1.ontolo.com
190.120.229.139 PTR mail30.propaganews.com.br
190.120.229.140 PTR host.ebillboardsinc.com
190.120.229.142 PTR smail01.mobilemarketiser.com
190.120.229.145 PTR smail35.trumpia.com
190.120.229.146 PTR www.radiodancefloor.it
190.120.229.148 A+PTR foxienet.com
190.120.229.150 A airhighnews.com
murraystore.com
promerta.com
acceddeal.info
acresfriends.info
auraraw.info
barticoupon.info
blenddeals.info
cattretail.info
cheuri.info
coneyfriends.info
crassrewards.info
culpaonline.info
cyproj.info
datedcenter.info
dunnics.info
ethicawards.info
ezgovplace.info
forteawards.info
galagiftcard.info
hazelprizes.info
hidenews.info
latersports.info
loadsinstitute.info
mayorcard.info
medalday.info
pegascoupon.info
perkyawards.info
phoenixtable.info
pottycard.info
proawards.info
quiretail.info
reelcentre.info
rivalinstitute.info
saxonawards.info
seedynews.info
shitgifts.info
redconsumers.org
straithost.org
190.120.229.151 PTR mail31.propaganews.com.br
A daveschultheis.com
frevycnulqe.com
hearthfund.org
190.120.229.152 PTR mail30.propaganews.com.br
A mail.caprxpharmacy.ru
190.120.229.153 PTR mail33.propaganews.com.br
190.120.229.154 PTR mail34.propaganews.com.br
190.120.229.155 A wearysloth.com
mail.aveleyman.com
www.aveleyman.com
190.120.229.159 PTR serv159.mktdescontos.com.br
A consolacionsda.org
190.120.229.162 A roidspharma.com
190.120.229.163 PTR crunchbox0.ontolo.com
190.120.229.164 A 656.cc
190.120.229.166 A venustv.com
*.venustv.com
com.venustv.com
ns1.venustv.com
ns2.venustv.com
root.venustv.com
ww.venustv.com
www.venustv.com
*.com.venustv.com
venustv.com.venustv.com
2242112411142222222.189.9155.in-addr.arpa
*.venustv.com.venustv.com
ns1.venustv.com.venustv.com
ns2.venustv.com.venustv.com
190.120.229.167 A moncler-doudoune-online.com
190.120.229.168 A b-p.md
190.120.229.185 PTR one.hitkill.com
190.120.229.186 PTR mail33.propaganews.com.br
mail61.server3wilink.com.br
190.120.229.187 PTR ip187.soapvalues.com
190.120.229.188 PTR ip188.soapvalues.com
190.120.229.190 A brucegaster.com
190.120.229.196 PTR sp-host3.redseal.net
190.120.229.204 PTR 204-229-120-190.aytta.com
190.120.229.207 A disarq.com
*.disarq.com
ns.disarq.com
nsbackup.disarq.com
190.120.229.208 PTR rocktopia.co.uk
A transistor.ltd.uk
ns1.transistor.ltd.uk
190.120.229.209 A ns2.transistor.ltd.uk
190.120.229.212 PTR emporioborgesbebidas.com.br
A ns3.nascomhosting.com.br
190.120.229.216 PTR serv216.mktdescontos.com.br
190.120.229.224 A asiatique-salope-nue.com
190.120.229.225 PTR us.athos.ro
190.120.229.229 PTR nascomhosting.com.br
A w8motors.com
mail.nascom.com.br
mail.nascomhosting.com.br
190.120.229.230 PTR nascomhosting.com.br
190.120.229.231 PTR dealstartertoday.com
190.120.229.232 PTR ultradailydeals.com
190.120.229.233 PTR dailydeals2you.com
190.120.229.234 A cecibubble.com
190.120.229.235 PTR depressed.makehostingsimple.com
190.120.229.236 PTR serv236.mktdescontos.com.br
190.120.229.237 PTR dirty.makehostingsimple.com
190.120.229.238 PTR envious.makehostingsimple.com
190.120.229.239 PTR two.hitkill.com
190.120.229.240 PTR naughty.makehostingsimple.com
A casting-porno-auvergne.com
chattes-rasee.com
enculer-une-femme.com
femme-gothique-sexe.com
foder-uma-mulher.com
fuck-woman-ass.com
190.120.229.241 PTR breezy.makehostingsimple.com
190.120.229.242 PTR spotty.makehostingsimple.com
190.120.229.243 PTR frightened.makehostingsimple.com
190.120.229.244 A+PTR rocktopia.co.uk
A ns1.rocktopia.co.uk
www.rocktopia.co.uk
190.120.229.245 PTR rocktopia.co.uk
A rocktopia.net
www.rocktopia.net
ns2.rocktopia.co.uk
190.120.229.246 PTR host6.supersenderbr.com
190.120.229.247 PTR host5.supersenderbr.com
190.120.229.255 PTR mail6.enviodigital1.info