Friday, October 11, 2013

YWCA India site hacked by scammers

YWCA India hacked by scammers.
The YWCA site:
http://www.ywcaindia.org/
is currently being used by scammers in conjunction with a Pay Pal phishing attempt. A re-direct file is located in the Admin/Album/dolly/ folder and directs intended victims to a specific folder on a site:
http://www.gnoxis.com/
Pay Pal has been notified.


qrcode


Leia Mais…

Tuesday, October 8, 2013

Have A Coke And A Scam

ccawardza.net
http://whois.domaintools.com/ccawardza.net

The fake domain is registered to a fictitious person at a fake address:
2888 SLANDERING DRIVE   FREMONT, CA 94555
https://www.google.com/search?hl=en&as_q=&as_epq=2888+SLANDERING+DRIVE&as_oq=&as_eq=&as_nlo=&as_nhi=&lr=&cr=&as_qdr=all&as_sitesearch=&as_occt=any&safe=images&tbs=&as_filetype=&as_rights=#as_qdr=all&hl=en&lr=&q=%222888+SLANDERING+DRIVE%22

The scammer is contacting intended victims using Skype and text messages to cell phones.
Here is a message he sent to an intended victim:

Your Cell # has won $900,000 USD in the Coca Cola Awards SA,To claim visit www.ccawardza.net & click claim enter Ref#
'CCA4839' For Info call +27749950788         

If you go to the fake site and enter the promo code, here is what you see:
Congratulations!!! You have won the Coca Cola Promo
Winning details for CCA4839
Reference Summary
Batch Number: 73/12/90
Serial number: CCA/EN/91
Winning Numbers: 4, 10, 17, 21, 30, 41 Bonus Ball 28
Winning Amount: $900,000.00 USD

The winners have to contact the scammer and he will ask you for your bank account information in an attempt to clean out your account.

This scammer has had numerous previous scams including:
http://www.whoismind.com/email/fjrasile@yahoo.com.html
The email fjrasile@yahoo.com is related to these domains :
1.  cawardrsa.net
 2.  cokerewards.net
 3.  glfswww.com
 4.  samsungawards.net
http://www.whoismind.com/email/latorcorpdesign@gmail.com.html
The email latorcorpdesign@gmail.com is related to these domains :
1.  absa-online.com
2.  absarsa.com
3.  ccokepromo.com
4.  cocacolap.com
5.  cokecolap.com
6.  cokemobilep.com
7.  cokemtn.com
8.  cokepromo.net
9.  denrawjewelries.com
10.  gfsrsa.com
11.  gfsww.com
12.  glfsww.com
13.  interlinkdelivery.com
14.  peterhomeofantiques.com
15.  princewillokachi.com
16.  rbi-in.com

The aa419 database contains this information on scam sites by this same scammer:
http://www.samsungawards.net  Samsung  dead  2013-09-17 17:37  2013-09-19 17:24
http://www.standard-b.com  Standard Bank  dead  2013-09-17 17:35  2013-09-19 17:24
http://www.glfsww.com  Global Logistics Freight Services  dead  2013-09-17 17:32  2013-09-24 08:02
http://www.interlinkdelivery.com  Interlink Direct  dead  2013-08-13 03:13  2013-09-24 08:03
http://www.cokecolasa.com  Coca-Cola  dead  2013-08-13 03:11  2013-08-15 17:55
http://www.cokemobilep.com  Coca-Cola  dead  2013-08-13 03:05  2013-08-19 17:13
http://www.rbi-in.com  Reserve Bank of India  dead  2013-08-12 14:25  2013-08-13 17:54
http://www.gfsrsa.com  Global Financial Solution  dead  2013-02-01 19:55  2013-02-05 09:50
http://www.glfservice.com  GLFS group  dead  2013-01-31 09:53  2013-02-02 18:11

To find out more about scams involving Coke or Coca Cola visit their site:
http://www.coca-colacompany.com/contact-us/coca-cola-rumors-facts

Leia Mais…

Sunday, August 11, 2013

aa419.org Under Sporadic DDoS Attack

Can't access www.aa419.org?
Recent post indicates sporadic DDoS  attacks:
aa419 is once again under intermittent DDoS attacks.
 As per usual, if we disappear off the net, relax, we will be back. This naturally does not apply to the scam killers who are hard at work in the background.
 Some stats on the current attack: http://aa419.blogspot.com/2013/08/aa419-ddos-aug-2013-breakdown.html



qrcode

Leia Mais…

Tuesday, August 6, 2013

AKC (American Kennel Club) Face Book Account Hacked Spammers Use Fake BBC site

qrcode

A post was made yesterday by someone using the AKC Face Book Page:
American Kennel Club
You Should See This http://tinyurl.com/koe2kqu
Here is an image of the post:


The shortened URL directs people to the site:
http://www.bbc.com-592.net/?874456
The spammers are pretending to be the "BBC", they are not.
Here is an image of the fake BBC site:

That domain is a sub-domain of the site:
com-592.net
That site is registered to this person:
Address lookup
canonical name com-592.net.
aliases
addresses 46.251.237.100

Domain Whois record
Queried whois.internic.net with "dom com-592.net"...
Domain Name: COM-592.NET
Registrar: MONIKER ONLINE SERVICES LLC
Whois Server: whois.moniker.com
Referral URL: http://www.moniker.com/
Name Server: NS1.MONIKERDNS.NET
Name Server: NS2.MONIKERDNS.NET
Name Server: NS3.MONIKERDNS.NET
Name Server: NS4.MONIKERDNS.NET
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 01-aug-2013
Creation Date: 01-aug-2013
Expiration Date: 01-aug-2014
>>> Last update of whois database: Tue, 06 Aug 2013 02:13:50 UTC <<<

Queried whois.moniker.com with "com-592.net"...
Domain Name: COM-592.NET
Registrar: MONIKER
Registrant [4285516]:
Walter White walterwhitebb1@live.com
9142 Las Vegas Blvd
Las Vegas
NV
89165
US

Administrative Contact [4285516]:
Walter White walterwhitebb1@live.com
9142 Las Vegas Blvd
Las Vegas
NV
89165
US
Phone: +1.9491515295

Billing Contact [4285516]:
Walter White walterwhitebb1@live.com
9142 Las Vegas Blvd
Las Vegas
NV
89165
US
Phone: +1.9491515295

Technical Contact [4285516]:
Walter White walterwhitebb1@live.com
9142 Las Vegas Blvd
Las Vegas
NV
89165
US
Phone: +1.9491515295

Domain servers in listed order:
NS1.MONIKERDNS.NET 207.189.109.117
NS2.MONIKERDNS.NET 63.149.176.25
NS3.MONIKERDNS.NET 207.189.109.118
NS4.MONIKERDNS.NET 63.149.176.26
Record created on: 2013-08-01 12:41:07.0
Database last updated on: 2013-08-01 12:40:55.12
Domain Expires on: 2014-08-01 12:41:09.0

Network Whois record
Queried whois.ripe.net with "-B 46.251.237.100"...
% Information related to '46.251.237.0 - 46.251.237.255'
% Abuse contact for '46.251.237.0 - 46.251.237.255' is 'abuse@optimate-server.de'
inetnum: 46.251.237.0 - 46.251.237.255
netname: EXETEL-DE
descr: EXETEL ISP
country: DE
admin-c: TJ1504-RIPE
tech-c: TJ1504-RIPE
status: ASSIGNED PA
mnt-by: MNT-WHITE
mnt-lower: MNT-WHITE
mnt-routes: MNT-WHITE
changed: medler@optimate-server.de 20110321
source: RIPE
person: Tim Joe
address: Krantzstr 7
address: DE-52070 Aachen
phone: +49 2415380891
mnt-by: MNT-WHITE
e-mail: abuse@exetel.de
nic-hdl: TJ1504-RIPE
changed: medler@optimate-server.de 20110122
source: RIPE
% Information related to '46.251.224.0/20AS197043'
route: 46.251.224.0/20
descr: Webtraffic
origin: AS197043
mnt-by: MNT-WHITE
changed: medler@optimate-server.de 20100429
source: RIPE
% This query was served by the RIPE Database Query Service version 1.66.3 (WHOIS1)

DNS records
DNS query for 100.237.251.46.in-addr.arpa returned an error from the server: NameError
name class type data time to live
com-592.net IN A 46.251.237.100 7200s (02:00:00)
com-592.net IN NS ns3.monikerdns.net 7200s (02:00:00)
com-592.net IN NS ns1.monikerdns.net 7200s (02:00:00)
com-592.net IN NS ns2.monikerdns.net 7200s (02:00:00)
com-592.net IN NS ns4.monikerdns.net 7200s (02:00:00)
com-592.net IN SOA
server: ns1.monikerdns.net
email: dnsadmin@moniker.com
serial: 2013080100
refresh: 10800
retry: 3600
expire: 604800
minimum ttl: 21600
7200s (02:00:00)

Leia Mais…

Sunday, August 4, 2013

qrcode

Attention friends from Belarus and Russia.
The site
www.csa-trans-ltd.co.uk
is fraud.
Do not send money, report the seller of the vehicle.
He is a scammer from Romania.
... He is using the fake identities of:
Igor Novikov
Justin Mohney
Charles Turner
Mike Guillerm

Leia Mais…