Blog for hpHosts, and whatever else I feel like writing about ....

Thursday, 24 June 2010

Scam Alert: www-career-digest.com, gulfcoastnews9.com, gulfinquirer.com, crisot.info

Remember this?, well now there's more.

URL: www-career-digest.com/?tr=adbrcpc&wz=1277421813.1275&tr2=www.ethical-hackers.org&tr3=468-r&kw=&tr9= (ethical-hackers.org is where the advert was found)
Host: www-career-digest.com - registered via 1 & 1 (Schlund)
IP: who
IP PTR: Resolution failed
ASN: 33070 174.143.0.0/16 RMH-14 - Rackspace Hosting

OrgName: Rackspace Hosting
OrgID: RACKS-8
Address: 5000 Walzem Road
City: San Antonio
StateProv: TX
PostalCode: 78218
Country: US

NetRange: 174.143.0.0 - 174.143.255.255
CIDR: 174.143.0.0/16
OriginAS: AS10532, AS19994, AS27357, AS33070
NetName: RSCP-NET-4
NetHandle: NET-174-143-0-0-1
Parent: NET-174-0-0-0-0
NetType: Direct Allocation
NameServer: NS.RACKSPACE.COM
NameServer: NS2.RACKSPACE.COM
Comment:
RegDate: 2009-01-20
Updated: 2010-05-14

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-210-892-4000
OrgAbuseEmail: abuse@rackspace.com

OrgTechHandle: IPADM17-ARIN
OrgTechName: IPADMIN
OrgTechPhone: +1-210-892-4000
OrgTechEmail: ipadmin@rackspace.com

CustName: Mosso
Address: 9725 Datapoint Drive, Suite 100
City: San Antonio
StateProv: TX
PostalCode: 78229
Country: US
RegDate: 2009-04-09
Updated: 2009-04-09

NetRange: 174.143.45.96 - 174.143.45.127
CIDR: 174.143.45.96/27
NetName: RSPC-1239301932877153
NetHandle: NET-174-143-45-96-1
Parent: NET-174-143-0-0-1
NetType: Reassigned
Comment:
RegDate: 2009-04-09
Updated: 2009-04-09

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-210-892-4000
OrgAbuseEmail: abuse@rackspace.com

OrgTechHandle: IPADM17-ARIN
OrgTechName: IPADMIN
OrgTechPhone: +1-210-892-4000
OrgTechEmail: ipadmin@rackspace.com




Which I found via this lovely little advert, courtesy of AdBrite (b1.adbrite.com/iads/476126.gif);



Then there's this one, which a friend pointed me to (he was redirected to it from a bit.ly URL, which went via gulfinquirer.com, which is running a different scam at the time of writing this);

Host: gulfcoastnews9.com - registered via NameCheap
IP: 220.112.35.82
IP PTR: Resolution failed
ASN: 17623 220.112.0.0/18 CNCGROUP-SZ CNCGROUP IP network of ShenZhen region MAN network

inetnum: 220.112.0.0 - 220.112.63.255
netname: GWBN-SHENZHEN
country: CN
descr: FOR GREAT WALL BROADBAND NETWORK SERVICE ACCESS IN SHENZHEN
admin-c: YL1108-AP
tech-c: YL1108-AP
status: ASSIGNED NON-PORTABLE
changed: lyz@gwbn.net.cn 20080316
mnt-by: MAINT-CN-CNNIC-GWBN
source: APNIC
mnt-routes: MAINT-CNCGROUP-RR

person: Yanzhong Li
nic-hdl: YL1108-AP
e-mail: speed0822@sina.com
address: 5F Greatwall Bldg., A38 Xueyuan Road Haidian District,Beijing
phone: +86-10-62367487
fax-no: +86-10-62379709
country: CN
changed: ipas@cnnic.cn 20090213
mnt-by: MAINT-CNNIC-AP
source: APNIC




Which you'll notice from it's title, points us to;

Host: crisot.info - Registered via eNom
IP: 66.7.222.50
IP PTR: whiskey.made2own.com
ASN: 33182 66.7.192.0/19 DIMENOC---HOSTDIME - HostDime.com, Inc.

OrgName: HostDime.com, Inc.
OrgID: DIMEN-6
Address: 189 South Orange Avenue
Address: Suite 1500S
City: Orlando
StateProv: FL
PostalCode: 32801
Country: US

ReferralServer: rwhois://rwhois.dimenoc.com:4321

NetRange: 66.7.192.0 - 66.7.223.255
CIDR: 66.7.192.0/19
NetName: DIMECNET
NetHandle: NET-66-7-192-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: PTR1.DIMENOC.COM
NameServer: PTR2.DIMENOC.COM
Comment:
RegDate: 2006-05-18
Updated: 2007-07-24

OrgAbuseHandle: ABUSE796-ARIN
OrgAbuseName: Abuse Group
OrgAbusePhone: +1-407-756-1126
OrgAbuseEmail: abuse@dimenoc.com

OrgTechHandle: NETWO742-ARIN
OrgTechName: Network Engineers
OrgTechPhone: 407-756-1126
OrgTechEmail: network@dimenoc.com




gulfcoastnews9.com leads to;

http://dankcash.go2jump.org/aff_c?offer_id=198&aff_id=314

But this URL isn't producing any content at present.

www-career-digest.com is leading to;

http://wealthwayz1uk.com/?publisher=CD1022&sub_id=510773

IP: 69.50.212.8
IP PTR: bluegill.tdnameservers.com
ASN: 18866 69.50.208.0/20 ATJEU - Atjeu Publishing LLC

OrgName: atjeu publishing, llc
OrgID: APL-37
Address: 1515 West Deer Valley Road
Address: C-103
City: Phoenix
StateProv: AZ
PostalCode: 85027
Country: US

NetRange: 69.50.192.0 - 69.50.223.255
CIDR: 69.50.192.0/19
NetName: ATJEU
NetHandle: NET-69-50-192-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.ATJEU.COM
NameServer: NS2.ATJEU.COM
Comment:
RegDate: 2003-06-04
Updated: 2010-02-25

OrgTechHandle: BV137-ARIN
OrgTechName: Vasilev, Boris
OrgTechPhone: +1-623-434-5294
OrgTechEmail: sales@atjeu.com


Which contains a lovely form that submits your data to;

http://leads.cewjrr.com/lead_gateway.php

Enter your info and this shows;



crisot.info takes you to;

http://www.incentaclick.com/click/g119914bd3/yeahson/

IP: 216.220.45.159
IP PTR: 159.45.220-216.q9.net
ASN: 12188 216.220.32.0/20 Q9-AS - Q9 Networks Inc.

OrgName: Q9 Networks Inc.
OrgID: Q9NT
Address: 77 King Street West Suite 4400
City: Toronto
StateProv: ON
PostalCode: M5K-1J3
Country: CA

ReferralServer: rwhois://rwhois.q9.net:4321/

NetRange: 216.220.32.0 - 216.220.63.255
CIDR: 216.220.32.0/19
NetName: Q9-NET1
NetHandle: NET-216-220-32-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
NameServer: NS1-AUTH.Q9.COM
NameServer: NS2-AUTH.Q9.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
Comment: Reassignment information for this block can be found at rwhois.q9.net port 4321
RegDate: 1999-04-19
Updated: 2009-06-22

RTechHandle: ZQ8-ARIN
RTechName: Q9 Networks Inc
RTechPhone: +1-416-362-7000
RTechEmail: IPadmin@q9.com

OrgTechHandle: ZQ8-ARIN
OrgTechName: Q9 Networks Inc
OrgTechPhone: +1-416-362-7000
OrgTechEmail: IPadmin@q9.com


Which takes you to;

https://www.myincomesuccessvault.com/osv022510au/Lead.aspx?B=203&A=152&SubAffiliateID=40663-yeahson

IP: 173.203.232.227
IP PTR: Resolution failed
ASN: 33070 173.203.192.0/18 RMH-14 - Rackspace Hosting

OrgName: Rackspace Hosting
OrgID: RACKS-8
Address: 5000 Walzem Road
City: San Antonio
StateProv: TX
PostalCode: 78218
Country: US

NetRange: 174.143.0.0 - 174.143.255.255
CIDR: 174.143.0.0/16
OriginAS: AS10532, AS19994, AS27357, AS33070
NetName: RSCP-NET-4
NetHandle: NET-174-143-0-0-1
Parent: NET-174-0-0-0-0
NetType: Direct Allocation
NameServer: NS.RACKSPACE.COM
NameServer: NS2.RACKSPACE.COM
Comment:
RegDate: 2009-01-20
Updated: 2010-05-14

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-210-892-4000
OrgAbuseEmail: abuse@rackspace.com

OrgTechHandle: IPADM17-ARIN
OrgTechName: IPADMIN
OrgTechPhone: +1-210-892-4000
OrgTechEmail: ipadmin@rackspace.com

CustName: Mosso
Address: 9725 Datapoint Drive, Suite 100
City: San Antonio
StateProv: TX
PostalCode: 78229
Country: US
RegDate: 2009-04-09
Updated: 2009-04-09

NetRange: 174.143.45.96 - 174.143.45.127
CIDR: 174.143.45.96/27
NetName: RSPC-1239301932877153
NetHandle: NET-174-143-45-96-1
Parent: NET-174-143-0-0-1
NetType: Reassigned
Comment:
RegDate: 2009-04-09
Updated: 2009-04-09

OrgAbuseHandle: ABUSE45-ARIN
OrgAbuseName: Abuse Desk
OrgAbusePhone: +1-210-892-4000
OrgAbuseEmail: abuse@rackspace.com

OrgTechHandle: IPADM17-ARIN
OrgTechName: IPADMIN
OrgTechPhone: +1-210-892-4000
OrgTechEmail: ipadmin@rackspace.com


Fill in your info and bam .....

No comments: