Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

A site with NOTHING on it - a promise to 'hide internet trax

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam
View previous topic :: View next topic  
Author Message
anartist
Junior Member


Joined: 25 Aug 2008
Last Visit: 13 Mar 2012
Posts: 41
Location: DC area

PostPosted: Wed Oct 08, 2008 3:08 am    Post subject: A site with NOTHING on it - a promise to 'hide internet trax Reply with quote

Internet Evidence Removal Services <BLC_Data@extenti.com>
This email smelled phishy so I saved it in my scam folder and looked up extenti on whois and got the following:

Current Registrar: REGISTER.COM, INC.
IP Address: 64.86.69.186 (ARIN & RIPE IP search)
IP Location: VE(VENEZUELA)-DISTRITO FEDERAL-CARACAS

and because I was trying out a new tracking widget
http://aruljohn.com/track.pl
I ran the IP address.
IP address 64.86.69.186
Hostname toolauthor.com
ISP Teleglobe Inc.
Country Canada Canada

the following TOTALLY BLANK site was at the end of the road
http://www.toolauthor.com/

What do you make of that?

Edited by admin to break live links.
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 20 Apr 2014
Posts: 850
Location: Tyne & Wear, UK

PostPosted: Wed Oct 08, 2008 4:23 am    Post subject: Reply with quote

Register.com are known supporters of and actively in, spamming.

http://hphosts.blogspot.com/2008/09/dear-registercom-stop-spamming-me.html

Can you post the entire e-mail? (including headers)
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
anartist
Junior Member


Joined: 25 Aug 2008
Last Visit: 13 Mar 2012
Posts: 41
Location: DC area

PostPosted: Wed Oct 08, 2008 4:32 am    Post subject: Are you aware that your computer is also a recording device? Reply with quote

from Internet Evidence Removal Services <BLC_Data@extenti.com>
to <removed by admin>@gmail.com
date Sat, Aug 9, 2008 at 1:49 PM
subject Don't get caught

Don't ever get caught looking at things on the Internet that you DO NOT want people to know you are looking at!

Press Here to Permanently DELETE your Internet surfing HISTORY and other tracks:
hxxp://extenti.com/tr.php?53692+<removed by admin>@gmail.com

PLEASE READ THIS IMPORTANT MESSAGE regarding the websites you visit, your chat conversations, and all of your Internet and other PC files:

Don't lose your job, get divorced, become embarrassed, or be sent to prison because of what you do on your home or office computer!

Are you aware that your computer is also a recording device? Almost every action you make is recorded and can be easily retrieved by anyone, not just by a computer geek but by an average computer user such as your spouse, boss, friend, or anyone who has access to the PC you use.

Press Here to Permanently DELETE your Internet surfing HISTORY and other tracks:
hxxp://extenti.com/tr.php?53692+<removed by admin>@gmail.com

For example, web browsers such as Internet Explorer and Firefox can save every image and every website you open. Windows might save every login name and password you type. Media players often keep records of every movie and video clip you watch.

If you visit ADULT/Porn websites, Dating Sites, Myspace, Chat rooms, or any site that you don't want anyone to discover that you've been visiting, then you need to seriously consider permanently deleting your Internet files and HISTORY with Evidence Nuker as soon as possible.

Press Here to Permanently DELETE your Internet surfing HISTORY and other tracks:
hxxp://extenti.com/tr.php?53692+<removed by admin>

Without Evidence Nuker your computer is as private as a diary left on a restaurant table for anyone to read, and thousands of people have been fired, divorced and even sent to prison over what was found on their PC! Do you want your loved ones, employers, or law enforcement agencies to know everything you do Online?

For no cost at all you can download Evidence Nuker today and run a FREE scan that will show you a listing of deleted files, emails, chat transcripts, audio and video files, temporary internet files, image files (all formats), search histories, clipboard data, passwords, internet history, stored cookies and so much more! After you see everything that has been easily recovered you can use Evidence Nuker to permanently delete everything you want erased!

Press Here to Scan your PC For No Cost:
hxxp://extenti.com/tr.php?53692+<email address removed>

Do you know the ???Recycle Bin" does not destroy data?

There are tools that can retrieve deleted files even if a new file has been written where the old one used to be. Not even formatting your hard drive is a guarantee of privacy! You should never give away an old computer before permanently deleting all of the personal information you have left on it.

Evidence Nuker gives you a choice of several deletion methods including the one approved by the Department of Defense (DOD 5220.22-M standard) and the one scientifically proven to be sufficient (Guttman).

Press Here to Scan your PC For No Cost:
hxxp://extenti.com/tr.php?53692+<email address removed>

-----

To not receive future offers/promotions from us please press on the below link and scroll to the bottom of the page:
hxxp://extenti.com/tr.php?53693+<removed by admin>

Or send us a letter at:

6965 El Camino Real
Suite 105 -698
La Costa, CA 92009

You will not get anymore of our emails if you go here
hxxp://extenti.com/unsub.php?client=BLC_Data&msgid=8080800083 and enter your email address<email address removed>

or write to:

126 E. Wing Street Suite 103
Arlington Heights, IL 60004


(Edited to make links inactive - Admin)
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 20 Apr 2014
Posts: 850
Location: Tyne & Wear, UK

PostPosted: Wed Oct 08, 2008 4:45 am    Post subject: Reply with quote

First and foremost, please replace the http in your post, with hxxp to prevent accidental clickity action.

Both of the domains you mentioned, whilst having a blank parent page, are valid if you add;

/tr.php?53692

This redirects you to a site peddling Evidence Nuker (rogue)

Quote:
Registrant:
TrekEight LLC
James Leasure
6965 El Camino Real Ste. 105-698
La Costa, CA 92009-4195
US
Email: hostmaster@trekdata.com

Registrar Name....: REGISTER.COM, INC.
Registrar Whois...: whois.register.com
Registrar Homepage: www.register.com

Domain Name: nukerdownloads.com

Created on..............: Tue, Apr 27, 2004
Expires on..............: Mon, Apr 27, 2009
Record last updated on..: Wed, Oct 17, 2007

Administrative Contact:
Nuker Downloads
James Leasure
6965 El Camino Real Ste. 105-698
San Diego, CA 92009
US
Phone: (760) 750 1978
Email: hostmaster@nukerdownloads.com

Technical Contact:
Nuker Downloads
James Leasure
6965 El Camino Real Ste. 105-698
San Diego, CA 92009
US
Phone: (760) 750 1978
Email: hostmaster@nukerdownloads.com

DNS Servers:

dns249.d.register.com
dns147.b.register.com
dns241.c.register.com
dns237.a.register.com


Ref:
http://hosts-file.net/?s=nukerdownloads.com
http://hosts-file.net/pest.asp?show=66.71.240.
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
anartist
Junior Member


Joined: 25 Aug 2008
Last Visit: 13 Mar 2012
Posts: 41
Location: DC area

PostPosted: Wed Oct 08, 2008 4:53 am    Post subject: Thanx, learning something new every day Reply with quote

By rogue, do you mean that they are harvesting information or something?
Back to top
View user's profile Send private message Visit poster's website
MysteryFCM
Malware Expert


Joined: 28 Aug 2004
Last Visit: 20 Apr 2014
Posts: 850
Location: Tyne & Wear, UK

PostPosted: Wed Oct 08, 2008 6:27 am    Post subject: Reply with quote

Nope, by rogue I mean - bogus (fake) application that is designed to do one thing - extract money from the victims that install it.
_________________
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net
Back to top
View user's profile Send private message Visit poster's website
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 24 Jul 2014
Posts: 10320
Location: sunny California

PostPosted: Wed Oct 08, 2008 3:32 pm    Post subject: Reply with quote

I've gotten similar emails from the same people, pushing other programs. They are indeed same people that were behind SpywareNuker -- scammers from way back imo.

http://whois.domaintools.com/nuker.com

Jamie Leasure, aka James Leasure, the old Trek8/TrekBlue group. Some history here:

http://www.spywareinfo.com/newsletter/archives/0804/4.php

http://spywarewarrior.com/viewtopic.php?p=22011

anartist, I removed your email address -- not a good idea to post it in public like that. Other spammers will get it if you do that.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
olliver
Expert Developer


Joined: 27 Jan 2006
Last Visit: 02 Dec 2010
Posts: 1157
Location: yes

PostPosted: Thu Oct 09, 2008 10:36 am    Post subject: Reply with quote

Wouldn't it be more appropriate to move the entire thread to the spam corner? I think that's where it belongs to and where people would go looking for in case they had similar spams.

And to remain on-topic:
Any incoming crap you did not ask for and that forcefully tries to get your attention for a service/product by a company you do not business with should be safe to get discarded. After all, no matter how sneaky a spammer is, he still has to mention the product/service he gets the commision for Wink.

O.
_________________
Petcord netlabel :: Synflict post-digital arts :: Leftob audio cast
Each click on any of the links above will save the life of a cute kitty somewhere in the universe.
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 24 Jul 2014
Posts: 10320
Location: sunny California

PostPosted: Thu Oct 09, 2008 7:48 pm    Post subject: Reply with quote

Good idea, topic moved accordingly.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
Nightmaretony
Warrior


Joined: 15 Mar 2005
Last Visit: 30 Jun 2011
Posts: 256
Location: Meadowbrook

PostPosted: Sat Oct 11, 2008 7:23 am    Post subject: Reply with quote

Speaking of rogue, can we get updated on the blog of the latest rogues and things? (hint hint)

had a nice lunchtime diversion, friend got a WebWebSearch thing in email going round. AdAware seemed to do the trick. Avast didnt catch it and was fighting his own Trend Micro. I alos installed up Firefox and will be teaching him safe computing practices.... Very Happy
_________________
For this is the place
where dreams
and nightmares
are birthed
and bred

Nightmare Park
Back to top
View user's profile Send private message Visit poster's website AIM Address
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Spam All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group