Advertisements

Category Archives: phishing

Seeking someone genuine ~ daterusxx.ru

Email header analysis report
All valid IP Addresses found in the header.
Ip Address 3rd Party Info Provider City Flag Countryscamalert
* 158.44.56.91 Check 158.44.56.91 at Senderbase.org Check 158.44.56.91 at Reputationauthority.org Trigem Computer, Inc. n/a Korea, Republic of
31.196.162.146 Check 31.196.162.146 at Senderbase.org Check 31.196.162.146 at Reputationauthority.org Telecom Italia Milan Italy
98.138.197.221 Check 98.138.197.221 at Senderbase.org Check 98.138.197.221 at Reputationauthority.org Yahoo Sunnyvale United States

*Probable originating IP address

_________________________
From agr2@sbcglobal.net Thu Jan 30 02:18:59 2014
X-Apparently-To: scamFRAUDalert via 98.138.197.221; Thu, 30 Jan 2014 10:18:58 +0000
Return-Path: <enclosurekjn2@google.com>
X-YahooFilteredBulk: 31.196.162.146
Received-SPF: softfail (transitioning domain of google.com does not designate 31.196.162.146 as permitted sender)
X-YMailISG: bPecwD8WLDtOtFacCdl_6XgL6BxD.QgIzcl.Zswdctz4zHbb
c6CkCtkAI_EJZZJU79.Vv53kF4Wp2zsnZfgeDJAT0cXIw1owgANTcIzSLDS1
9A0UbOLG4esZBeVLkNVwzcDi63zdG5b5APzCT6P3rS2UgeO9r1PKjF6ndmwr
C5N1qsf8ZcRGFBQ2bCsDEIHS_XCcYaFlMGXEdctSjEPLNuEYxHXQrOTY1I28
7iIlpZ34lQD__LaK5Gfi1J7EIH2o.hc5tVh6dYdKfXjyJlZxEXFx7nwtnWAO
Su_AITJK7cVkhpB9rWC8d0AlQdPhQC0z6k79b1ic0U07aV4FKqAxrYXLwJeC
sVGeF9SEptWqMOqHyXgl_e0MYwcNpmHg8f35QtZixAt5h_LXTjic_nfo6Scz
S.xNzoNILfSFZw53V8.5kOezm931f6gzViKeEe4TnsnOeEyTcM8jTxsdYVdO
PQh7MFiR6e0OpPov.q8hEd1SqjzhPy2RNzghhObsBCe4L5ErOVqSNYveWejx
4hCxfxdP7ycwBbHwkpdbhzqnODaOToBBxtOPwBbM8aIAVPWXZUtO9FXW4_uP
chd3cjzGYy700GBw918hTJ8wpS39C1WdvNbAXWOf3SgUN5AJtxjK9VKSVxqH
FdE7uoPGULKzDoyjBzdGoUMq9s8BttueOM4_9V1qF6GNrxouDzkdVnj2747G
KiWbmH__rDA4RlPUneUhfJ1r86j05bgPIGGNYGdjRC1z26Ve_QOt59ExdVWF
J0RAMVX5BnXJV877ptEZ__S2FgBabdrdAHi4f48zTK8TV9XJdwx1w3enB_70
C8BqWY1bZx1Ho_6VBADiw162fXKB0PkR46cB25p7cBUB6ZsZjA6q7MSN7wHt
hjq.6eyeYD3QFpPDUYRu2Dov6..RxKEIPxf4MA7u8gBglZ64Y0bFLE5qEtN1
R9ipT5QeR8ynSNPw2SVMCTQvfm5.s00SER9IXJEnwVaLAwEIKI1O4_3XFqRM
ZxmqEFGZty2giI72EiV2OyT65Py4ee.9rmcNriYJrrbv01iwHnC4k0HpARpX
wxgIpRZPVv5npX85qlTFbegv9fmf618HAFkvO93leux6Vx8Wzs_MY2Of7O8c
YWrPm2J8eIQ8v9nXEGtq0NskS1ULG0hck_h4AK0r0OMj0vozB5OzTgJtzDOu
bMEHsUxQxzJei.JlZDYTb9AMnQ–
X-Originating-IP: [31.196.162.146]
Authentication-Results: mta1040.sbc.mail.ne1.yahoo.com from=; domainkeys=neutral (no sig); from=sbcglobal.net; dkim=neutral (no sig)
Received: from 127.0.0.1 (EHLO host146-162-static.196-31-b.business.telecomitalia.it) (31.196.162.146)
by mta1040.sbc.mail.ne1.yahoo.com with SMTP; Thu, 30 Jan 2014 10:18:58 +0000
Received: from [158.44.56.91] (account indemnifyingjhb9@google.com HELO glgorjpg.txprswspuobv.su)
by host146-162-static.196-31-b.business.telecomitalia.it (CommuniGate Pro SMTP 5.2.3)
with ESMTPA id 136699912 for scamFRAUDalert; Thu, 30 Jan 2014 11:18:59 +0100
Date: Thu, 30 Jan 2014 11:18:59 +0100
From: scamFRAUDalert
X-Mailer: The Bat! (v3.71.14) Home
X-Priority: 3 (Normal)
Message-ID: <7974570973.2JKJGGGF024773@teejhyyucvnb.ddrsivstrtmcpk.biz>
To: scamFRAUDalert
Subject: Seeking someone genuine
MIME-Version: 1.0
Content-Type: text/plain;
charset=Windows-1252
Content-Transfer-Encoding: 7bit
Content-Length: 308
______________________________

hello my baby!

My name is Dyana, im really hot Russian girl I very like the virtual hot meeting.

If you are realy interesting to love chat, meeting, change photos, hot webcam (skype) talk with me (or with my girlfriends)
please go to my web paage: http://www.daterusxx.ru

my Gentleman, I am going now, see you

Advertisements

T Richards jtrichards@systempartnership.com

Email header analysis report
All valid IP Addresses found in the header.
Ip Address 3rd Party Info Provider City Flag Country
* 184.22.138.82 Check 184.22.138.82 at Senderbase.org Check 184.22.138.82 at Reputationauthority.org Network Operations Center Scranton United States

*Probable originating IP address

Hello,

As you are more then likely aware, you were recently selected
for inclusion in the new 2014 edition of the Who’s Who Among
Executives and Professionals.

Despite our efforts, we have not yet received confirmation of
your biographical profile, and are reaching out to you again
in an effort to do so.

Click here to verify and confirm your profile

The tradition of the Who’s Who reaches back more than
100 years to a time when the prestigious and accomplished
were featured in a yearly publication that defined high society.

Today, the Who’s Who provides a useful resource where business
professionals, academics, and Executives are both recognized for
their achievements and provided with an unparalleled networking
resource. Using our database, you can make global contacts,
discuss current events and happenings with your peers, and
establish yourself as either a mentor to aspiring professionals or
further your business network.

Our goal is to seek out the premier executives and professionals
throughout the world. There is absolutely no cost or obligation
for your biographical profile. Simply click this link to fill out
the appropriate biographical fields.

Sincerely,

JT Richards
Managing Director
Who’s Who Among Executives and Professionals

To change your communication options please click this link
or write to:

3635 S. Fort Apache Rd, Suite 200 – 637
Las Vegas, NV 89147
Invitation – Please Complete Your Profile

WhoIs review-pharmacy.net

The Purpose of this post is to ALERT you that the job you are about to apply for orscamalert may have applied FOR or is CONSIDERING APPLYING FOR is FRAUDULENT. The identities of an individual or a business entity have been stolen along with fund from their bank accounts.

These job postings are an attempt to lure you into accepting and cashing counterfeit checks into your bank accounts. You are being recruited to wire transfer these funds via WESTERN UNION or MONEYGRAM from your bank into a DOMESTIC BANK  or OFFSHORE BANK ACCOUNT.

 Essentially You Become A Money or Repackage Mule

  1. Money Mule Explained 
  2. Understanding The Cyber Theft Ring
  3. Protecting Yourself Against Money Mule
  4. KrebsOnSecurity – Cyberheist
  5. Washingtonpost.com by Brian Krebs
  6. Interview With A Money Mule
  7. Bobbear.co.UK ~ Historical Money Mule Sites

____________________

Address lookup
canonical name review-pharmacy.net

aliases
addresses 64.191.85.106
Domain Whois record

Queried whois.internic.net with “dom review-pharmacy.net”…

Domain Name: REVIEW-PHARMACY.NET
Registrar: BIZCN.COM, INC.
Whois Server: whois.bizcn.com
Referral URL: http://www.bizcn.com
Name Server: NS1.REVIEW-PHARMACY.NET
Name Server: NS2.REVIEW-PHARMACY.NET
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 02-apr-2013
Creation Date: 02-apr-2013
Expiration Date: 02-apr-2014

>>> Last update of whois database: Sat, 05 Oct 2013 16:31:57 UTC <<<

Queried whois.bizcn.com with "review-pharmacy.net"…

Domain name: review-pharmacy.net

Registrant Contact:
none
Mihail Medved mmmike2001@gmail.com
8125594917 fax: 8125594917
savushkina st. 148-1-19
St.Petersburg Leningradskaya oblast 194295
ru

Administrative Contact:
Mihail Medved mmmike2001@gmail.com
8125594917 fax: 8125594917
savushkina st. 148-1-19
St.Petersburg Leningradskaya oblast 194295
ru

Technical Contact:
Mihail Medved mmmike2001@gmail.com
8125594917 fax: 8125594917
savushkina st. 148-1-19
St.Petersburg Leningradskaya oblast 194295
ru

Billing Contact:
Mihail Medved mmmike2001@gmail.com
8125594917 fax: 8125594917
savushkina st. 148-1-19
St.Petersburg Leningradskaya oblast 194295
ru

DNS:
ns1.review-pharmacy.net
ns2.review-pharmacy.net

Created: 2013-04-02
Expires: 2014-04-02

Network Whois record

Queried rwhois.hostnoc.net with "64.191.85.106"…

%rwhois V-1.5:003fff:00 rwhois.hostnoc.net (by Network Solutions, Inc. V-1.5.9.5)
%error 230 No Objects Found

Queried whois.arin.net with "n 64.191.85.106"…

NetRange: 64.191.0.0 – 64.191.127.255
CIDR: 64.191.0.0/17
OriginAS:
NetName: HOSTNOC-3BLK
NetHandle: NET-64-191-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-05-31
Updated: 2012-03-02
Ref: http://whois.arin.net/rest/net/NET-64-191-0-0-1

OrgName: Network Operations Center Inc.
OrgId: NOC
Address: PO Box 591
City: Scranton
StateProv: PA
PostalCode: 18501-0591
Country: US
RegDate: 2001-04-04
Updated: 2011-09-24
Comment: Abuse Dept: abuse@hostnoc.net
Ref: http://whois.arin.net/rest/org/NOC

ReferralServer: rwhois://rwhois.hostnoc.net:4321

OrgTechHandle: SMA4-ARIN
OrgTechName: Arcus, S. Matthew
OrgTechPhone: +1-570-343-2200
OrgTechEmail: nic@hostnoc.net
OrgTechRef: http://whois.arin.net/rest/poc/SMA4-ARIN

OrgAbuseHandle: SMA4-ARIN
OrgAbuseName: Arcus, S. Matthew
OrgAbusePhone: +1-570-343-2200
OrgAbuseEmail: nic@hostnoc.net
OrgAbuseRef: http://whois.arin.net/rest/poc/SMA4-ARIN

RTechHandle: SMA4-ARIN
RTechName: Arcus, S. Matthew
RTechPhone: +1-570-343-2200
RTechEmail: nic@hostnoc.net
RTechRef: http://whois.arin.net/rest/poc/SMA4-ARIN

DNS records
name class type data time to live
review-pharmacy.net IN A 64.191.85.106 900s (00:15:00)
review-pharmacy.net IN SOA
server: ns1.review-pharmacy.net
email: admin@mail.review-pharmacy.net
serial: 2011081709
refresh: 86400
retry: 7200
expire: 2592000
minimum ttl: 345600
900s (00:15:00)
review-pharmacy.net IN NS ns2.review-pharmacy.net 900s (00:15:00)
review-pharmacy.net IN NS ns1.review-pharmacy.net 900s (00:15:00)
106.85.191.64.in-addr.arpa IN PTR 64-191-85-106.static.hostnoc.net 86400s (1.00:00:00)
85.191.64.in-addr.arpa IN SOA
server: dns.burst.net
email: root@dns.burst.net
serial: 2013092027
refresh: 28800
retry: 7200
expire: 3600000
minimum ttl: 86400
86400s (1.00:00:00)
85.191.64.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 10800 (03:00:00)
signature expiration: 2013-10-15 12:03:24Z
signature inception: 2013-10-05 12:03:24Z
key tag: 21392
signer's name: 64.in-addr.arpa
signature:
(1024 bits)

4027B30E8592EAF86697D3BE266C0B20
D05986ABA2CEC0E4F019FF6080A65F68
968DDFFD9AF8A3F86311B2AC054B0F96
4FB2236F006BE79EF2D4D6F8B03A971A
17B1218D7017D4F0E66D9DD2CC7BDD00
C2F4C58A0EF6D247970F7230165BD5E2
783D99CCBF12F750DEC7053B13FC220B
D7B24E3638F90FBB296B4FED9CEDF099

10800s (03:00:00)
85.191.64.in-addr.arpa IN NSEC
next domain name: 86.191.64.in-addr.arpa
record types: NS RRSIG NSEC
10800s (03:00:00)
85.191.64.in-addr.arpa IN NS dns1.burst.net 86399s (23:59:59)
85.191.64.in-addr.arpa IN NS ns2.hostnoc.net 86399s (23:59:59)
85.191.64.in-addr.arpa IN NS dns.burst.net 86399s (23:59:59)
85.191.64.in-addr.arpa IN NS ns1.hostnoc.net 86399s (23:59:59)

— end —

WhoIs ~ asia-consul.com

178.86.4.232 resolves to s30.hostia.namespam
The following A records are set to 178.86.4.232:

  1. agro-perspektiva.com
  2. asia-consul.com
  3. atect.us
  4. awages.com
  5. bestcodespoker.com
  6. bestpokercod.com
  7. bttracker.org
  8. cssbykot.com
  9. desantura.org
  10. elantsevgroup.com
  11. elenamangudulebart.com
  12. empbestcod.com
  13. evo-newmarketing.com
  14. firstbonuscod.com
  15. gotovkin.com
  16. increative.biz
  17. inlugansk.com
  18. it-1c.com
  19. jawa350.org
  20. kinoversia.com
  21. kokman.com
  22. maximovanatoly.com
  23. narodnaia-medicina.com
  24. obova.com, orel-avto.com
  25. pokerbestcodes.com
  26. promled.com
  27. razom.net
  28. sdgallery.org
  29. selilumselyn.com
  30. spieleband.com
  31. tolstoypope.net
  32. visanazdorovee.com
  33. wptbonus.com
  34. zakonipravo.net
  35. JobsExchangeSg.com

Address lookup
canonical name asia-consul.com

aliases
addresses: 178.86.4.232
Domain Whois record

Queried whois.internic.net with “dom asia-consul.com

Domain Name: ASIA-CONSUL.COM
Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM
Whois Server: whois.PublicDomainRegistry.com
Referral URL: http://www.PublicDomainRegistry.com
Name Server: NS61.HOSTIA.NAME
Name Server: NS62.HOSTIA.NAME
Status: clientTransferProhibited
Updated Date: 01-jul-2013
Creation Date: 29-jun-2012
Expiration Date: 29-jun-2014

Last update of whois database: Sat, 27 Jul 2013 16:25:58 UTC
Queried whois.publicdomainregistry.com with “asia-consul.com

Registration Service Provided By: HOSTIA.RU

Domain Name: ASIA-CONSUL.COM

Registration Date: 29-Jun-2012
Expiration Date: 29-Jun-2014

Status:LOCKED

Name Servers:
ns61.hostia.name
ns62.hostia.name

Registrant Contact Details:
asia
Sergei Turta asia84866@gmail.com
Geroev stalingrada 167g kv 21
Harkov
null,61000
UA
Tel. +380.637076009

Administrative Contact Details:
asia
Sergei Turta asia84866@gmail.com
Geroev stalingrada 167g kv 21
Harkov
null,61000
UA
Tel. +380.637076009

Technical Contact Details:
asia
Sergei Turta asia84866@gmail.com
Geroev stalingrada 167g kv 21
Harkov
null,61000
UA
Tel. +380.637076009

Billing Contact Details:
asia
Sergei Turta asia84866@gmail.com
Geroev stalingrada 167g kv 21
Harkov
null,61000
UA
Tel. +380.637076009

Network Whois record

Queried whois.ripe.net with “-B 178.86.4.232″…
Information related to ‘178.86.4.232 – 178.86.4.239’

inetnum: 178.86.4.232 – 178.86.4.239
netname: hostia30
descr: hostia30
country: UA
admin-c: TMUA1105-RIPE
tech-c: TMUA1105-RIPE
status: ASSIGNED PA
mnt-by: MNT-HOSTINGUA
changed: ripe@hosting.ua 20110426
source: RIPE

person: Private person
abuse-mailbox: admin@hostia.ru
address: 6, Mayakovskogo Lane, Odessa, Ukraine 65082
phone: +38 048 728 15 18
nic-hdl: TMUA1105-RIPE
mnt-by: MNT-HOSTINGUA
changed: ripe@hosting.ua 20120226
source: RIPE

Information related to ‘178.86.4.0/22AS41665’

route: 178.86.4.0/22
descr: Tehnologii Budushego LLC
origin: AS41665
mnt-by: MNT-HOSTINGUA
changed: sales@hosting.ua 20110502
source: RIPE

% This query was served by the RIPE Database Query Service version 1.66.3 (WHOIS3)

DNS records
name class type data time to live
asia-consul.com IN MX
preference: 10
exchange: mail.asia-consul.com
14400s (04:00:00)
asia-consul.com IN TXT v=spf1 a mx ip4:178.86.4.232 ~all 14400s (04:00:00)
asia-consul.com IN SOA
server: ns61.hostia.name
email: hostmaster@asia-consul.com
serial: 2013052800
refresh: 1202
retry: 800
expire: 120960
minimum ttl: 1206
1200s (00:20:00)
asia-consul.com IN NS ns61.hostia.name 14400s (04:00:00)
asia-consul.com IN NS ns62.hostia.name 14400s (04:00:00)
asia-consul.com IN A 178.86.4.232 1200s (00:20:00)
232.4.86.178.in-addr.arpa IN PTR s30.hostia.name 86400s (1.00:00:00)
4.86.178.in-addr.arpa IN SOA
server: ns1.hosting.ua
email: support@hosting.ua
serial: 2011021682
refresh: 28800
retry: 7200
expire: 1300000
minimum ttl: 86400
86400s (1.00:00:00)
4.86.178.in-addr.arpa IN NS ns1.hosting.ua 86400s (1.00:00:00)
4.86.178.in-addr.arpa IN NS ns2.hosting.ua 86400s (1.00:00:00)

— end —

linkremovalassistant.com

Email header analysis report
All valid IP Addresses found in the header.
Ip Address 3rd Party Info Provider City Flag Country
* 76.176.185.105 Check 76.176.185.105 at Senderbase.org Check 76.176.185.105 at Reputationauthority.org Road Runner Del Mar United States
198.23.150.132 Check 198.23.150.132 at Senderbase.org Check 198.23.150.132 at Reputationauthority.org Colocrossing Buffalo United States

*Probable originating IP address

Attention Webmaster,

Our investigation of the Terms of Service violation that Google has assigned to http://lcn.com leads us to believe that some harmful backlinks can be found on your website. These backlinks are:

* http://scamfraudalert.org/2012/12/04/
* http://scamfraudalert.org/2012/12/04/iphone5-giveaway-net/
* http://scamfraudalert.org/2013/02/09/
* http://scamfraudalert.org/2013/02/09/paydog-ltd-247logbookloans-com/
* http://scamfraudalert.org/2013/02/09/paydog-ltd-247logbookloans-com/comment-page-1/?replytocom=20022
* http://scamfraudalert.org/2013/02/page/10/
* http://scamfraudalert.org/category/bank-alert-2/page/7/
* http://scamfraudalert.org/category/complaints/consumer-complaint/page/7/
* http://scamfraudalert.org/category/complaints/corrupt-companies/page/2/
* http://scamfraudalert.org/category/consumer-alert/page/31/
* http://scamfraudalert.org/category/consumer-alert/page/32/
* http://scamfraudalert.org/page/44/

We would ask that you delete these backlinks at your earliest possible convenience so that we may resume full compliance with Google Webmaster, Google Penguin and Google Panda. It is important to us to be visible in Google searches and to have a high search engine ranking.

Thanks for removing these backlinks and allowing us to resume regular business operations.
___________________________________

Address lookup
canonical name linkremovalassistant.com.
aliases
addresses 198.23.150.132
Domain Whois record

Queried whois.internic.net with “dom linkremovalassistant.com”…

Domain Name: LINKREMOVALASSISTANT.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.LINKREMOVALASSISTANT.COM
Name Server: NS2.LINKREMOVALASSISTANT.COM
Status: clientTransferProhibited
Updated Date: 27-mar-2013
Creation Date: 27-mar-2013
Expiration Date: 27-mar-2014

Last update of whois database: Mon, 22 Jul 2013 13:35:05 UTC

Queried whois.enom.com with “linkremovalassistant.com”…

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com
Registered through: eNom, Inc.

Domain name: linkremovalassistant.com

Registrant Contact:
WhoisGuard, Inc.
WhoisGuard Protected ()

Fax:
P.O. Box 0823-03411
Panama, Panama NA
PA

Administrative Contact:
WhoisGuard, Inc.
WhoisGuard Protected (ead5b55b71a04557b0a475dcd95ccd78.protect@whoisguard.com)
+507.8365503
Fax: +51.17057182
P.O. Box 0823-03411
Panama, Panama NA
PA

Technical Contact:
WhoisGuard, Inc.
WhoisGuard Protected (ead5b55b71a04557b0a475dcd95ccd78.protect@whoisguard.com)
+507.8365503
Fax: +51.17057182
P.O. Box 0823-03411
Panama, Panama NA
PA

Status: Locked

Name Servers:
ns1.linkremovalassistant.com
ns2.linkremovalassistant.com

Creation date: 28 Mar 2013 04:25:00
Expiration date: 27 Mar 2014 20:25:00

Network Whois record

Queried whois.arin.net with “n ! NET-198-23-150-128-1″…

NetRange: 198.23.150.128 – 198.23.150.191
CIDR: 198.23.150.128/26
OriginAS: AS36352
NetName: CC-198-23-150-128-26
NetHandle: NET-198-23-150-128-1
Parent: NET-198-23-128-0-1
NetType: Reallocated
RegDate: 2012-10-25
Updated: 2012-10-25
Ref: http://whois.arin.net/rest/net/NET-198-23-150-128-1

OrgName: Hudson Valley Host
OrgId: HVH-3
Address: 610 Route 28
City: Kingston
StateProv: NY
PostalCode: 12401
Country: US
RegDate: 2012-10-25
Updated: 2012-10-26
Ref: http://whois.arin.net/rest/org/HVH-3

OrgAbuseHandle: HVHAT-ARIN
OrgAbuseName: Hudson Valley Host Abuse Team
OrgAbusePhone: +1-800-497-5377
OrgAbuseEmail: abuse@hudsonvalleyhost.com
OrgAbuseRef: http://whois.arin.net/rest/poc/HVHAT-ARIN

OrgTechHandle: HVHA-ARIN
OrgTechName: Hudson Valley Host Admin
OrgTechPhone: +1-800-497-5377
OrgTechEmail: admin@HudsonValleyHost.com
OrgTechRef: http://whois.arin.net/rest/poc/HVHA-ARIN

DNS records
name class type data time to live
linkremovalassistant.com IN A 198.23.150.132 14398s (03:59:58)
linkremovalassistant.com IN NS ns1.first367.org 86398s (23:59:58)
linkremovalassistant.com IN NS ns2.first367.org 86398s (23:59:58)
132.150.23.198.in-addr.arpa IN PTR host.colocrossing.com 86400s (1.00:00:00)
150.23.198.in-addr.arpa IN SOA
server: ns1.velocity-servers.net
email: gary@velocity-servers.net
serial: 2008110108
refresh: 3600
retry: 120
expire: 1209600
minimum ttl: 3600
3600s (01:00:00)
150.23.198.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 10800 (03:00:00)
signature expiration: 2013-08-01 12:00:36Z
signature inception: 2013-07-22 12:00:36Z
key tag: 31943
signer’s name: 198.in-addr.arpa
signature:
(1024 bits)

10800s (03:00:00)
150.23.198.in-addr.arpa IN NSEC
next domain name: 151.23.198.in-addr.arpa
record types: NS RRSIG NSEC
10800s (03:00:00)
150.23.198.in-addr.arpa IN NS ns2.colocrossing.com 86400s (1.00:00:00)
150.23.198.in-addr.arpa IN NS ns1.colocrossing.com 86400s (1.00:00:00)

— end —
______________________________

Address lookup
canonical name lcn.com

aliases
addresses 94.126.40.226
Domain Whois record

Queried whois.internic.net with “dom lcn.com

Domain Name: LCN.COM
Registrar: LCN.COM LTD.
Whois Server: whois.lcn.com
Referral URL: http://www.lcn.com
Name Server: NS0.AI270.NET
Name Server: NS1.AI270.NET
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 12-mar-2012
Creation Date: 10-feb-1996
Expiration Date: 11-feb-2019

Last update of whois database: Mon, 22 Jul 2013 13:37:52 UTC

domain: lcn.com
nameserver: ns0.ai270.net
nameserver: ns1.ai270.net

owner-contact: AI-677207
admin-contact: AI-677207
technical-contact: AI-300624
billing-contact: AI-300624

created: 1996-02-10 00:00:00
expires: 2019-02-11 00:00:00
changed: 2013-07-19 19:15:46.035847

contact-handle: AI-677207
contact: Mark Boost
organisation: LCN.com Ltd
address: Units H, J, K
address: Gateway 1000, Whittle Way
address:
address: SG1 2FP
address: GB
phone: +44.1438342490
email: mark.boost@lcn.com

contact-handle: AI-300624
contact: Hostmaster
address: Units H, J, K
address: Gateway 1000
address: Whittle Way
address: Stevenage
address: England
address: SG1 2FP
address: GB
phone: +44.1438342490
fax: +44.1438300137
email: support@lcn.com

Network Whois record

Queried whois.ripe.net with “-B 94.126.40.226
Information related to ‘94.126.40.224 – 94.126.40.255’

Abuse contact for ‘94.126.40.224 – 94.126.40.255′ is abuse@ai270.net’

inetnum: 94.126.40.224 – 94.126.40.255
netname: AI-NET
mnt-irt: IRT-ADVANTAGE-INTERACTIVE
descr: Advantage Interactive Infrastucture
org: ORG-AIL8-RIPE
country: GB
admin-c: HM2864-RIPE
tech-c: HM2864-RIPE
status: ASSIGNED PA
mnt-by: MNT-ADVANTAGE-INTERACTIVE
changed: robert.campbell@advantage-interactive.com 20100414
source: RIPE

organisation: ORG-AIL8-RIPE
org-name: Advantage Interactive Limited
org-type: LIR
address: Advantage Interactive Limited
address: Mark Boost
address: Units H, J, K Gateway 1000, Whittle Way
address: SG1 2FP
address: Stevenage
address: UNITED KINGDOM
phone: +441438342456
fax-no: +441992476416
e-mail: mark@advantage-interactive.com
admin-c: IB2410-RIPE
admin-c: RC5340-RIPE
admin-c: SUMO
admin-c: HM11434-RIPE
admin-c: CD4333-RIPE
admin-c: TW2338-RIPE
abuse-mailbox: abuse@ai270.net
mnt-ref: RIPE-NCC-HM-MNT
mnt-ref: MNT-ADVANTAGE-INTERACTIVE
mnt-by: RIPE-NCC-HM-MNT
changed: hostmaster@ripe.net 20080915
changed: bitbucket@ripe.net 20081014
changed: bitbucket@ripe.net 20100319
changed: bitbucket@ripe.net 20100414
changed: bitbucket@ripe.net 20100426
changed: bitbucket@ripe.net 20130122
changed: bit-bucket@ripe.net 20130521
changed: bit-bucket@ripe.net 20130627
changed: bit-bucket@ripe.net 20130627
abuse-c: AB28076-RIPE
source: RIPE

role: Adavantge Interactive Ltd
address: Units H, J, K Gateway 1000 Whittle Way Stevenage Hertfordshire SG1 2FP England
org: ORG-AIL8-RIPE
abuse-mailbox: abuse@ai270.net
e-mail: hostmaster@serverchoice.com
admin-c: RC5340-RIPE
tech-c: RC5340-RIPE
tech-c: IB2410-RIPE
nic-hdl: HM2864-RIPE
mnt-by: MNT-ADVANTAGE-INTERACTIVE
changed: robert.campbell@advantage-interactive.com 20080909
changed: robert.campbell@advantage-interactive.com 20080925
changed: robert.campbell@advantage-interactive.com 20100414
changed: steve.white@advantage-interactive.com 20100702
changed: steve.white@advantage-interactive.com 20100723
changed: ian.banks@advantage-interactive.com 20101130
changed: robert.campbell@serverchoice.com 20110419
changed: robert.campbell@serverchoice.com 20130521
source: RIPE

% Information related to ‘94.126.40.0/21AS2856’

route: 94.126.40.0/21
descr: Advantage Interactive Ltd
origin: AS2856
mnt-by: BTNET-MNT
mnt-by: MNT-ADVANTAGE-INTERACTIVE
changed: ipmaster@bt.com 20081024
changed: ipmaster@bt.com 20100326
source: RIPE

% Information related to ‘94.126.40.0/21AS50056’

route: 94.126.40.0/21
descr: Advantage Interactive Ltd
origin: AS50056
mnt-by: MNT-ADVANTAGE-INTERACTIVE
changed: ripe@netsumo.com 20100326
source: RIPE

% This query was served by the RIPE Database Query Service version 1.66.3 (WHOIS3)

DNS records
name class type data time to live
lcn.com IN MX
preference: 50
exchange: mx0.mailguard.com
3600s (01:00:00)
lcn.com IN MX
preference: 10
exchange: mx1.mailguard.com
3600s (01:00:00)
lcn.com IN SOA
server: ns0.ai270.net
email: hostmaster@ai270.net
serial: 2013060502
refresh: 28800
retry: 7200
expire: 604800
minimum ttl: 600
43200s (12:00:00)
lcn.com IN NS ns0.ai270.net 43200s (12:00:00)
lcn.com IN NS ns1.ai270.net 43200s (12:00:00)
lcn.com IN A 94.126.40.226 43200s (12:00:00)
lcn.com IN TXT v=spf1 a mx ptr ip4:94.126.40.0/24 include:ai270.net include:spf1.mmsystem.co.uk include:spf2.mmsystem.co.uk ~all 43200s (12:00:00)
226.40.126.94.in-addr.arpa IN PTR http://www.lcn.com 86400s (1.00:00:00)
40.126.94.in-addr.arpa IN RRSIG
type covered: NSEC (47)
algorithm: RSA/SHA-1 (5)
labels: 5
original ttl: 7200 (02:00:00)
signature expiration: 2013-08-21 13:21:52Z
signature inception: 2013-07-22 12:21:52Z
key tag: 22617
signer’s name: 94.in-addr.arpa
signature:
(1024 bits)

7199s (01:59:59)
40.126.94.in-addr.arpa IN NSEC
next domain name: 41.126.94.in-addr.arpa
record types: NS RRSIG NSEC
7199s (01:59:59)
40.126.94.in-addr.arpa IN NS ns0.ai270.net 86399s (23:59:59)
40.126.94.in-addr.arpa IN NS ns1.ai270.net 86399s (23:59:59)

— end —

Community 1st Credit Union

FRAUD ALERT: TEXT SCAM

Posted: Friday, June 28, 2013

Community 1st Credit Union has just been notified about a text message scam, the message comes from a 641 number and says:

“Bank Alert-your card has been deactivated-call 641-352-4322”.

This is a text phishing scam.  Please do not respond it.

 

http://www.c1stcu.com/news/text-scam.aspx

Beware of “Social Security” Facebook Phishing Scams

This article was posted on HELP NET SECURITY site and we thought it add tremendous value to our site since we’ve been seeing more and more of facebook scams lately.

Beware of “Social Security” Facebook Phishing Scams

Posted on 01 July 2013
Bookmark and Share

Hijacked Facebook Fan Pages are a great asset to online spammers and scammers, so it’s no wonder that at any given time there are a number of active phishing campaigns aimed at their administrators.

Symantec researchers shared a particularly well-executed one that tried to trick users into believing that a new, mandatory verification process for Fan Pages has been instituted by Facebook (click on the screenshot to enlarge it):

The phishing page – titled “Ensuring Social Security” and hosted on a server in the United States – claimed that any Fan Pages that are not verified before 30.05.2013. would be shut down.

When the victims submitted the asked for Fan Page name, email address, password, and security code, they would be informed that the Fan Page is being verified and they will be notified within 48 hours when the process is completed.

“The fake application site was designed to look like an official application site,” the researchers noted, adding that the phishers also took care to use SSL, so that the page would look legitimate and trustworthy.

This particular campaign was active in May, but users should do well to be on the lookout for similar ones all the time.