What We Know of Our Botnet Master - 89.106.39.239 - Page 4

Scrub · #76 03-22-08, 07:13 AM

New User at ScamFraudAlert
show details 3:25 AM (47 minutes ago)

There is a new user, powerwarlock at ScamFraudAlert

To view their profile, go here:
Email Address : sickmas@iname.com
Birthday : April 4, 1953
Referrer: N/A
IP Address: 212.91.96.202

Country Home : United States

Scrub · #77 03-22-08, 07:16 AM

New User at ScamFraudAlert
ScamFraudAlert

show details 12:18 PM (15 hours ago)
There is a new user, troopermike at ScamFraudAlert

To view their profile, go here:

Email Address : garetf@sanfranmail.com
Birthday : March 3, 1957
Referrer: N/A
IP Address: 84.255.240.220

Country Home : United States

Scrub · #78 03-24-08, 01:13 AM

Russian TV Chief Is Shot Dead in Dagestan Region, RIA Says

By William Mauldin

March 22 (Bloomberg) -- The chairman of a Dagestan television station was killed in the Russian regional capital of Makhachkala in a crime that may be connected with his work, RIA Novosti reported.

Gadzhi Abashilov, 58, the chairman of the television channel Dagestan, was shot at least 20 times yesterday with an automatic rifle, the state-run news agency reported, citing unidentified law enforcement officials. His driver was also injured in the attack.

The murder is being investigated on the federal level by the office of Russian Prosecutor General Yuri Chaika, RIA Novosti reported.

The slaying of Abashilov occurred on the same day that Ilyas Shurpayev, 32, a journalist with the national TV network Channel One, was found murdered in Moscow. Shurpayev moved to Moscow this year from Makhachkala, the capital of Dagestan in the North Caucasus, according to a statement from Channel One.

To contact the reporter on this story: William Mauldin in Moscow at wmauldin1@bloomberg.net.
Last Updated: March 22, 2008 08:33 EDT

Scrub · #79 03-25-08, 09:18 AM

Tips For Using An Online Pharmacy
Online Pharmacies: Safe Or Sorry
Verified Internet Pharmacy Practice Sites (VIPPS) -
National Association of Boards of Pharmacy
[From Carol & Richard Eustice, Your Guide to Arthritis.
FREE Newsletter. Sign Up Now
Facts To Consider Before Buying Prescriptions Online
Rick's spam digest :: Classic spam: Prescription drug sales
Is Internet Terrorism really Organized Crime? - HiddenMysteries Conspiracy Archive
DEA Warning--Buying drugs online may be illegal and dangerous!

Federal law prohibits buying controlled substances such as narcotic pain relievers (e.g., OxyContin®, Vicodin ®), sedatives (e.g., Valium®, Xanax®, Ambien®), stimulants (e.g., phentermine, phendimetrazine, Adderall®, Ritalin®) and anabolic steroids (e.g., Winstrol®, Equipoise®) without a valid prescription from your doctor. This means there must be a real doctor-patient relationship, which by most state laws requires a physical examination. Prescriptions written by "cyber doctors" relying on online questionnaires are not legitimate under the law.

Buying controlled substances online without a valid prescription may be punishable by imprisonment under Federal law. Often drugs ordered from rogue websites come from foreign countries. It is a felony to import drugs into the United States and ship to a non-DEA registrant.

Buying drugs online may not be only illegal, but dangerous. The American Medical Association and state boards of medicine and pharmacy have all condemned the practice of cyber doctors issuing online prescriptions as unacceptable medical care. Drugs delivered by rogue websites may be the wrong drugs, adulterated or expired, the wrong dosage strength, or have no dosage directions or warnings.

DEA is targeting rogue online pharmacies for prosecution and shutting down these illegal websites. See the results of one such investigation, Operation Cyber Chase, at www.usdoj.gov/dea/pubs/pressrel/pr.html.

How to spot a rogue pharmacy: Dispensing and Purchasing Drugs On-line, Oxycodone, Oxycontin, Pain Meds

To report illegal prescription drug sales and/or rogue pharmacies operating on the Internet call the anonymous Pharmaceutical Drug Abuse Hotline: 1-877-RxAbuse )

Consumer Alert! Buying controlled substances prescription drugs on-line may be illegal.
The National Association of Boards of Pharmacy (NABP) NABP <> National Association of Boards of Pharmacy
US Food & Drugs Administration FDA Buying Medicines and Medical Products Online

Discount Generic Viagra Volume Funny Picture Viagra Buy Cheapest Online Place Viagra Viagra Levitra Online Guestbk.htm Levitra Socio.ch Viagra Vs Avoid Fake Viagra Buy Cheap ...

Viagra - Buy Free Viagra On Internet - Best US Pharmacy Online

student.ircc.edu/?Buy-Free-Viagra-On-Internet

cheap online internet-pharmacy buy viagra. cheap online internet-pharmacy cheap cheap generic viagra. ... call us toll free: +1 (877) 355-2052

BUY VIAGRA.! CHEAP ONLINE INTERNET-PHARMACY CHEAP BUY VIAGRA.!

BUY VIAGRA.! CHEAP ONLINE INTERNET-PHARMACY CHEAP BUY VIAGRA.!

cheap online internet-pharmacy buy viagra. cheap online internet-pharmacy cheap cheap generic viagra. ... call us toll free: +1 (877) 355-2052

BUY VIAGRA.! CHEAP ONLINE INTERNET-PHARMACY CHEAP BUY VIAGRA.!

BUY VIAGRA.! CHEAP ONLINE INTERNET-PHARMACY CHEAP BUY VIAGRA.!

Service: get viagra on internet. Call us toll free: +1 (877) 355-2052 ... Be aware and always buy 100 mg authentic Pfizer Viagra in the US. ... Our online medical questionnaire is ...

Buy-Internet-Viagra-v : buy internet viagra

groups.yahoo.com/group/Buy-Internet-Viagra-v

Scrub · #80 03-26-08, 09:44 AM

Blogspot_redirection_Herbal_Express_spam146495.html

www.trudystohrkm954.blogspot.com
www.nolahulburttt127.blogspot.com
www.ellenmcnabbkr530.blogspot.com
www.blanchebenwayft471.blogspot.com
www.isabellawhittencf601.blogspot.com
www.stefanieprachtm479.blogspot.com
www.gailhagad999.blogspot.com
www.marisaprinsgu759.blogspot.com
www.jennyantosgg263.blogspot.com
lottieburroughqg312.blogspot.com
dalemaclinxr150.blogspot.com
rosellaloronase582.blogspot.com
lizzierealod325.blogspot.com
nataliehaasegg945.blogspot.com
hollymcclentonsu923.blogspot.com
reginadoziercd935.blogspot.com
peggybentks113.blogspot.com
marionforgeycs407.blogspot.com
murielbelmontq780.blogspot.com
normaburbridgekg920.blogspot.com
olivianatolire483.blogspot.com
priscillakrokgo993.blogspot.com
katherinestearnsg705.blogspot.com
wendyheapsqm800.blogspot.com
natalielucianogd135.blogspot.com
rosannemageseh798.blogspot.com
chelseamaglionehx241.blogspot.com
jocelyntolanpg976.blogspot.com
rosacastenedaer515.blogspot.com
magdalenahollismd882.blogspot.com
twilalozadd853.blogspot.com
petrawelschhm142.blogspot.com
hopekauppip958.blogspot.com
lavonnechatfieldss878.blogspot.com
raquelsimcoxno125.blogspot.com
bonniegribblegd605.blogspot.com
deannshulerqq542.blogspot.com
rochelleludolphf490.blogspot.com
carolcarstensenxq493.blogspot.com
deliacastanoncg945.blogspot.com
shirleyslovakgu752.blogspot.com
kaseyzollers173.blogspot.com
valarievolpems238.blogspot.com
ednaslavensfp270.blogspot.com
carmelawechslergp426.blogspot.com
daisycathcartod.blogspot.com
eileenallerscq.blogspot.com
hollygoldsberryfg576.blogspot.com
olastutzmanqg712.blogspot.com
katieworthrd378.blogspot.com
deloresmirzatd398.blogspot.com
inezdelagarzan.blogspot.com
merciinternational.blogspot.com
sashaclarkcd884.blogspot.com
manuelamorefieldhk343.blogspot.com
chasitypuffinbergerkd780.blogspot.com
johnniekapadiack167.blogspot.com
bohuricy15228.blogspot.com
donnabrothersdt.blogspot.com
francescakilleenms253.blogspot.com
sondradiricksongg512.blogspot.com
guadalupeh***ardmd342.blogspot.com
audreysuchanpf.blogspot.com
kellyfebleshg321.blogspot.com
roseannluisq702.blogspot.com
wilmaflinchbaughcd541.blogspot.com
gusunyhi63786.blogspot.com
billiemabexu188.blogspot.com
zymymata54807.blogspot.com
florencelanderte.blogspot.com
rapygode45112.blogspot.com
milliekoningdt.blogspot.com
gertrudewikoffdc.blogspot.com
minervaiglesiasxq788.blogspot.com
lauriewilliamgp404.blogspot.com
meganrichertpg684.blogspot.com
sarahhoriuchikm.blogspot.com
lucilletaulkc995.blogspot.com
millicentlowitzgx512.blogspot.com
lavonnemuenchcs488.blogspot.com
difinavu19984.blogspot.com
crystaloliveiragh295.blogspot.com
kaseycrossondf982.blogspot.com
katherinedaluzmt466.blogspot.com
redugyre78018.blogspot.com
cristinabellindk.blogspot.com
eulatownesq640.blogspot.com
sylviacharbonneaufd.blogspot.com
latonyatawneynu.blogspot.com
serenayagerqt765.blogspot.com
kristygrisehq.blogspot.com
carolinejanoskioe977.blogspot.com
janieguginous.blogspot.com
nosixima51408.blogspot.com
bateroba35307.blogspot.com
trinaestellcu834.blogspot.com
cathleenburttut.blogspot.com
jodiefreemanrp123.blogspot.com
gaxekebu77423.blogspot.com
feleciakettelkm151.blogspot.com
brandyzeiglered995.blogspot.com
jodydrinkwaterup230.blogspot.com
kerrisimekgt.blogspot.com
shawnacunningtongq830.blogspot.com
isabeldurfeeho.blogspot.com
cristinamoultonk.blogspot.com
sykapoli06394.blogspot.com
wiregowu23062.blogspot.com
elainecarreraso856.blogspot.com
lola****ersongs514.blogspot.com
rosalindahoehnge323.blogspot.com
sandrawilletteug398.blogspot.com
jodonatellid673.blogspot.com
tamisartinss293.blogspot.com
carleneholleyh824.blogspot.com
lizziecephasgo544.blogspot.com
kirstengalushaeg733.blogspot.com
magdalenadougalgc.blogspot.com
olatunstallnf782.blogspot.com
margiebranscomehs445.blogspot.com

Scrub · #81 03-29-08, 08:40 AM

ED Pill Store is another Alex Polyakov fake pharmacy scam, running hand in hand with his Exquisite Replica fake watch scam.

You can see this from the registrant names, which include Paul Gregoire and William Gregory, known aliases for Alex Polyakov

Sponsoring Registrars

1. Ace of Domains
2. Name IT
3. Beijing Innovative Linkage Technology
4. Xin Net
One sponsoring registrar providing the name server that guarantees access to this criminal's web sites is Ace of Domains. Their contact address for complaints is support@moniker.com. One domain that provides the name server is called "driedoutdns.com". It is quite similar to another domain that Polyakov uses to access his spam sites, "hairyolddns.com", also sponsored by Ace of Domains.

Other Polyakov scam sites supported by this registrar using this domain name server are seen at the link http://rss.uribl.com/ns/driedoutdns_com.html

Although Ace of Domains may have tried to remove access to web sites and mail servers defined under the name server domains, they have consistently failed. The method for removing the DNS service is well understood by experienced registrars. It is defined at Suspending_a_non-EPP_name_server_domain and Suspending_an_EPP_name_server_domain.

Alex Polyakov is the most wanted cyber criminal on the Internet today. His criminal record is listed at Spamhaus - The TOP 10 Spammers

ScamBuster · #82 03-29-08, 12:25 PM

Questionable IP Addresses

64.124.14.119

68.174.18.102

64.124.14.122

64.27.165.20

87.194.183.208

87.234.234.66

85.255.119.202

87.118.98.235

87.118.114.200

81.169.145.89

89.208.165.153

123.203.166.69

61.238.9.120

219.240.79.58

123.214.247.132

210.14.130.212

201.155.91.218

89.149.241.229

85.255.118.158

89.122.29.127

142.166.170.81

86.120.218.239

84.24.147.104

89.149.253.220

89.149.226.155

87.126.147.198

93.81.25.81

189.162.28.200

78.165.128.200

203.144.160.249

117.26.223.249

91.199.112.8

89.122.213.8

212.68.218.82

69.204.235.17

75.112.133.254

ScamBuster · #83 03-29-08, 12:44 PM

WhoIs Lookup performed by Karen's WhoIs
KarenWare - Home of Karen's Power Tools

Domain Name: AHLOI.COM
2007 967 Mostafa yahoo com hotmail com msn com, www freeonlinechess 8m com, accessorieshd com, xtube sahara, pxmethod com reviews ush1-mail, FP-pull-web-t kiwiteens com, www texasdepartmentofpublicsafety, www asianmassage com, 15 min free on moviemos
Registrar: ESTDOMAINS, INC.
Whois Server: whois.estdomains.com
Referral URL: Welcome to EstDomains
Name Server: NS1.AHLOI.COM
Name Server: NS2.AHLOI.COM
Status: clientTransferProhibited
Updated Date: 25-mar-2008
Creation Date: 25-mar-2008
Expiration Date: 25-mar-2009

Last update of whois database: Sat, 29 Mar 2008 09:58:29 UTC <<<

Domain Name: AHLOI.COM

Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Creation Date: 25-Mar-2008
Expiration Date: 25-Mar-2009

Domain servers in listed order:
ns2.ahloi.com
ns1.ahloi.com

Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Status:ACTIVE

ScamBuster · #84 03-29-08, 12:46 PM

Search Results for 72.232.207.138 [reverse DNS - 138.207.232.72.static.reverse.ltdomains.com]

49 Results for 72.232.207.138 (Ahloi.com)

Website DMOZ Wikipedia Yahoo
1. Amyhunt.com
2. Atmoc.com
3. Bethereink.com
4. Bowtrack.com
5. Boybluejay.com
6. Chasehunt.com
7. Dusau.com
8. Faysite.com
9. Greatsharp.com
10. Hipslick.com
11. Ibigred.com
12. Jiinz.com
13. Legeof.com
14. Nice-naked-girls.com
15. Njiko.com
16. Ordya.com
17. Ortar.com
18. Rapcool.com
19. Redponyinc.com
20. Redponypro.com
21. Searcheon.com
22. Searchithome.com
23. Seekcounty.com
24. Sjiun.com
25. Superponyride.com
26. Theherfir.com
27. Thelegant.com
28. Theponyboy.com
29. Thewebpony.com
30. Trackting.com
31. Werdq.com
32. Wtoet.com
33. Xjadu.com
34. Yourleg.com
35. Yourponyboy.com
36. Ywera.com
37. Citiesrio.com
38. Geaquia.com
39. Greatrio.com
40. Jessaperio.com
41. Real-nice-girls.com
42. Riobarguide.com
43. Seugea.com
44. Headn.com
45. Heaix.com 0
47. Kseva.com
48. Onlinegse.com
49. Urlse.com

ScamBuster · #85 03-29-08, 12:53 PM

Results for hping

Command: hping 138.207.232.72

HPING 138.207.232.72 (138:207:232:72): HEAD /
TIM response from 138:207:232:72: seq=1 time=5005.586
TIM response from 138:207:232:72: seq=2 time=5010.086
TIM response from 138:207:232:72: seq=3 time=5015.350
TIM response from 138:207:232:72: seq=4 time=5010.176
TIM response from 138:207:232:72: seq=5 time=5013.968
TIM response from 138:207:232:72: seq=6 time=5010.165
TIM response from 138:207:232:72: seq=7 time=5009.786
TIM response from 138:207:232:72: seq=8 time=5010.465
TIM response from 138:207:232:72: seq=9 time=5007.157
TIM response from 138:207:232:72: seq=10 time=5009.687
--- 138.207.232.72 hping statistics ---
10 requests transmitted, 10 requests received, 0% lost
round-trip min/avg/max = 5005.586/5010.243/5015.350 ms

Results for trace

Command: trace 138.207.232.72

traceroute to 138.207.232.72 (138.207.232.72), 64 hops max, 44 byte packets
1 192.220.127.193 (192.220.127.193) 0.400 ms 0.298 ms 0.296 ms
2 ge-1-1-0-154.r01.mlpsca01.us.wh.verio.net (128.121.131.25) 0.367 ms 0.491 ms 0.314 ms
3 vl-5.r03.mlpsca01.us.bb.gin.ntt.net (129.250.26.174) 187.405 ms 203.487 ms 1.393 ms
4 xe-0-2-0.r21.plalca01.us.bb.gin.ntt.net (129.250.3.51) 1.618 ms 2.029 ms 1.255 ms
5 0.so-5-1-0.BR1.SCL2.ALTER.NET (204.255.169.161) 2.740 ms 0.so-0-2-0.BR3.SCL2.ALTER.NET (204.255.169.181) 2.197 ms 1.925 ms
6 0.so-0-2-0.XT1.SCL2.ALTER.NET (152.63.49.2) 3.796 ms 2.111 ms 0.so-0-2-0.XT2.SCL2.ALTER.NET (152.63.49.6) 1.750 ms
7 0.so-7-0-0.CL2.MSP3.ALTER.NET (152.63.65.89) 69.997 ms 0.so-7-0-0.CL1.MSP3.ALTER.NET (152.63.65.81) 65.280 ms 66.620 ms
8 POS6-0.GW2.MSP3.ALTER.NET (152.63.66.57) 68.997 ms POS7-0.GW2.MSP3.ALTER.NET (152.63.66.61) 74.657 ms 69.432 ms
9 u163115-gw.customer.alter.net (63.65.16.42) 71.945 ms 68.187 ms 68.082 ms
10 66.84.254.114 (66.84.254.114) 80.997 ms 80.587 ms 82.710 ms
11 mag-gw.norlight.net (66.84.187.26) 86.168 ms 86.850 ms 86.082 ms
12 * * *
13 * * *

ScamBuster · #86 03-29-08, 12:57 PM

138.207.232.72

Server: 127.0.0.1
Address: 127.0.0.1#53

Non-authoritative answer:
72.232.207.138.in-addr.arpa name = 72.232.207.138-in-addr-arpa.magnetek.com.

Authoritative answers can be found from:
207.138.in-addr.arpa nameserver = ns2.magnetek.net.
207.138.in-addr.arpa nameserver = ns1.magnetek.net.
ns1.magnetek.net internet address = 138.207.5.155
ns2.magnetek.net internet address = 138.207.5.145

dagger.unt0uchable.net

ScamBuster · #87 03-29-08, 03:52 PM

These People Are Dangerous FOLKS
SEIZE ALL ASSOCIATION and DO NOT DO BUSINESS WITH THEM
THE WORLD AROUND THEM IS CLOSING AND THEY ARE BECOMING DESPERATE
(Definition of Internet Crime)Definition of Internet Crime

Rapcool.com on 2008-03-02 - Domain History

Domain: rapcool.com - Domain History
Cache Date: 2008-03-02
Registrar: ESTDOMAINS, INC.
Registrant Search: Click on an email address we found in this whois record
to see which other domains the registrant is associated with:
contact@privacyprotect.org

Registration Service Provided By: ESTDOMAINS INC
Contact: +1.3027224217
Website: Welcome to EstDomains

Domain Name: RAPCOOL.COM

Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Creation Date: 29-Feb-2008
Expiration Date: 28-Feb-2009

Domain servers in listed order:
ns2.rapcool.com
ns1.rapcool.com

Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676

Status:ACTIVE

ScamBuster · #88 03-29-08, 06:17 PM

3/28/08 5:14 PM 87.118.120.202 webadruwe adruweb2006@mail.ru Germany
3/28/08 1:33 PM 87.118.120.202 webadruwe adruweb2006@mail.ru Germany
3/25/08 7:25 PM 87.118.120.202 renoclubrur renoclub2@mail.ru Germany
3/25/08 4:48 PM 87.118.120.202 renoclubrur renoclub2@mail.ru Germany
2/13/08 3:33 AM 87.118.120.202 automobileseuro automobileseuro@mail.ru Germany
2/13/08 2:55 AM 87.118.120.202 avtositeru avtositeru@mail.ru Germany
2/13/08 2:02 AM 87.118.120.202 automobileseuro automobileseuro@mail.ru Germany
2/13/08 1:17 AM 87.118.120.202 automobileseuro automobileseuro@mail.ru Germany
2/13/08 1:17 AM 87.118.120.202 avtositeinfo avtositeinfo2@mail.ru Germany
2/12/08 10:14 PM 87.118.120.202 avtositeinfo avtositeinfo2@mail.ru Germany
2/12/08 7:48 PM 87.118.120.202 allavtotuning allavtotuning@mail.ru Germany
2/9/08 9:53 PM 87.118.120.202 rosttic rosttic2@mail.ru Germany
2/9/08 9:49 PM 87.118.120.202 evrooknapvh evrooknapvh@mail.ru Germany
2/8/08 10:16 PM 87.118.120.202 rostdohodov rostdohodov@mail.ru Germany
2/8/08 8:05 PM 87.118.120.202 rostpribyli rostpribyli@mail.ru Germany
2/7/08 5:43 AM 87.118.120.202 matreshkinsvet matreshkinsvet@mail.ru Germany

ScamBuster · #89 03-30-08, 08:15 AM

RBN - 365fastcash, Panama, and 1488 RU

As regular readers know the Russian Business Network (RBN) originally utilized an extensive virtual base in Panama (Nevacon), we can now report they are back. The new hive centers on AS26426 Optynex Telecom Sa, Calle 53, Piso 18, Panama City, Panama) Phone: 210-9900 and cybercastco.com name servers (special thanks to Jim McQuaid and Snort expertise).

There are numerous domains but to select a sample of domains, in this article we can focus on two, www.365fastcash.com and www.Jidov.net. It is also pleasing to show these are already encompassed within RBN Snort
Rules on Emerging Threats.net (bleeding-rbn-BLOCK.rules)

365fastcash has been delivering a truly blended threat by using an automated telephone dialing system to ask people for the last 4 digits of their social security number. This was flooding switchboards at a well known US charitable organization a few days ago, and was obviously the first of many.

Interestingly there are two sub-domains “back1.365fastcash” and “bavk1.365fastcash” both are similar structures to earlier reported 76service and 76team. The difference on this occasion the likely personal ID data storage is on direct links from the sub-domains to Level3 Communications; box(dot)net, a service that provides the ability to collaborate and share files online. No d