PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Any research, news or information regarding the wide variety of techniques criminals use to take over your computers or web servers.

PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Wed Feb 08, 2012 4:50 am

WOW! Sure hope it's OK to start putting this up here, I guess the moderator will know.....

WinHTTrack 3.44-4

TARGET: pastebin.com/PYKTsqV8
X-PASTEBIN EXTRACTIONS 02 FEB 2012:
[PRETTY-WELL DEEP INSIDE THEIR WEBSITE]

Quote:
Warnings and Errors reported for this mirror:
note: the hts-log.txt file, and hts-cache folder, may contain sensitive information, such as username/password authentication for websites mirrored in this project do not share these files/folders if you want these information to remain private10:17:21
Info:
engine:
transfer-status:
link updated: pastebin.com/PYKTsqV8 ->

X-PASTEBIN/www.pastebin.com/PYKTsqV8.html10:17:24 Info: engine: transfer-status: link updated: pastebin.com/tools -> X-PASTEBIN/pastebin.com/tools.html10:17:24 Info: engine: transfer-status: link updated: pastebin.com/ ->

X-PASTEBIN/pastebin.com/index.html10:17:24 Info: engine: transfer-status: link updated: pastebin.com/archive -> X-PASTEBIN/pastebin.com/archive.html10:17:25 Info: engine: transfer-status: link updated: pastebin.com/realtime ->

X-PASTEBIN/pastebin.com/realtime.html10:17:25 Info: engine: transfer-status: link updated: pastebin.com/faq -> X-PASTEBIN/pastebin.com/faq.html10:17:25 Warning: File has moved from pastebin.com/api to /login.php?ref=L2FwaQ==10:17:25 Info: engine: transfer-status: link updated: pastebin.com/trends ->

X-PASTEBIN/pastebin.com/trends.html10:17:26 Info: engine: transfer-status: link updated: pastebin.com/login -> X-PASTEBIN/pastebin.com/login.html10:17:26 Info: engine: transfer-status: link updated: pastebin.com/signup ->

X-PASTEBIN/pastebin.com/signup.html10:17:26 Info: engine: transfer-status: link added: pastebin.com/VF7bjzRM -> X-PASTEBIN/pastebin.com/VF7bjzRM.html10:17:26 Info: engine: transfer-status: link added: pastebin.com/D2f1ZXJv ->

X-PASTEBIN/pastebin.com/D2f1ZXJv.html10:17:27 Info: engine: transfer-status: link added: pastebin.com/NDqwAnuz -> X-PASTEBIN/pastebin.com/NDqwAnuz.html10:17:27 Info: engine: transfer-status: link added: pastebin.com/0d00c5Xb ->

X-PASTEBIN/pastebin.com/0d00c5Xb.html10:17:27 Info: engine: transfer-status: link added: pastebin.com/KrgaWFDz -> X-PASTEBIN/pastebin.com/KrgaWFDz.html10:17:27 Info: engine: transfer-status: link added: pastebin.com/KbgTbxm4 ->

X-PASTEBIN/pastebin.com/KbgTbxm4.html10:17:28 Info: engine: transfer-status: link added: pastebin.com/bbpNjFZV -> X-PASTEBIN/pastebin.com/bbpNjFZV.html10:17:28 Info: engine: transfer-status: link added: pastebin.com/LeiatGuv ->

X-PASTEBIN/pastebin.com/LeiatGuv.html10:17:28 Info: engine: transfer-status: link updated: pastebin.com/etc/ads/160x600_tribal.php ->

X-PASTEBIN/pastebin.com/etc/ads/160x600_tribal.html10:17:29 Info: engine: transfer-status: link updated: pastebin.com/share.php?i=PYKTsqV8 ->

X-PASTEBIN/pastebin.com/share3d53.html10:17:29 Info: engine: transfer-status: link updated: pastebin.com/archive/email ->

X-PASTEBIN/pastebin.com/archive/email.html10:17:29 Info: engine: transfer-status: link updated: pastebin.com/raw.php?i=PYKTsqV8 ->

X-PASTEBIN/pastebin.com/raw3d53.html10:17:29 Info: engine: transfer-status: link updated: pastebin.com/download.php?i=PYKTsqV8 ->

X-PASTEBIN/pastebin.com/download3d53.html10:17:29 Info: engine: transfer-status: link updated: pastebin.com/embed.php?i=PYKTsqV8 ->
V
V
V
[MUCH, MUCH MORE NOW IN OUR ARCHIVES]


hxxp:www.pastebin.com/raw.php?i=PYKTsqV8

hxxp:www.pastebin.com/download.php?i=PYKTsqV8

hxxp:www.pastebin.com/PYKTsqV8

hxxp:www.pastebin.com/VF7bjzRM

hxxp:www.pastebin.com/NDqwAnuz

hxxp:www.pastebin.com/D2f1ZXJv

hxxp:www.pastebin.com/0d00c5Xb

hxxp:www.pastebin.com/KrgaWFDz

hxxp:www.pastebin.com/KbgTbxm4

hxxp:www.pastebin.com/bbpNjFZV

hxxp:www.pastebin.com/LeiatGuv

hxxp:www.pastebin.com/LeiatGuv

hxxp:www.pastebin.com/embed3d53

hxxp:www.pastebin.com/archive/email

hxxp:www.pastebin.com/download3d53.html

hxxp:www.pastebin.com/download3d53

hxxp:www.pastebin.com/embed.php?i=PYKTsqV8

hxxp:www.pastebin.com/3MJvQjc2

hxxp:www.pastebin.com/WKnpyhvC

hxxp:www.pastebin.com/kfLWeSjb

hxxp:www.pastebin.com/GfT4ZyV5

hxxp:www.pastebin.com/wLPqNftE

hxxp:www.pastebin.com/dSyh0xCc

hxxp:www.pastebin.com/GfT4ZyV5

hxxp:www.pastebin.com/sMVkb3za

hxxp:www.pastebin.com/Cp2jLWR8

[AND EVEN MUCH, MUCH MORE]
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby AlphaCentauri » Wed Feb 08, 2012 9:24 am

You need to provide more explanation for what those links are before you expect us to enable javascript for them!
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Thu Feb 09, 2012 5:22 am

Those links come from where I have downloaded the last entire website at PASTEBIN. Looks like you can simply go to the links and read the stuff that they are drafting up. I'm not no expert at this but, so far, I've even pulled out an awful lot of pictures, photos, etc., and looks for certain that they all closely associated with the "STOP SOPA" and it all leads directly to the
"ANONYMOUS" hackers. They are now hitting me from another IP block..... fixing to post it next.....
JC
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Thu Feb 09, 2012 5:26 am

THE “CANADA HEALTH CARE MALL SCAM” IS NOW APPARENTLY OPERATING FROM:THE “CANADA HEALTH CARE MALL SCAM” IS NOW APPARENTLY OPERATING FROM:

ORIG IP: MM/DD REPLY TO EMAIL: TRACES TO:[abbreviated]
==================================================================================
209.85.128.0 - 209.85.255.255 [GOOGLE/GMAIL]

209.85.215.172 01/31 vivianwyfei@gmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM] ATLANTA GA Atlanta
hXXp://mikepankratz.com/ mail-ey0-f172.google.com
includes/i9bwyn.php?imsfsfv=86874

209.85.215.178 02/08 juancamilogiraldo@gmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM] ATLANTA GA
hXXp://www.mosgallery.com/ mail-ey0-f178.google.com
wp-content/plugins/wz7k_.php?jjprq=1874

X-Apparently-To: interpolator2006@sbcglobal.net via 67.195.8.102; Wed, 08 Feb 2012 13:50:46 -0800
Received-SPF: pass (domain of gmail.com designates 209.85.215.178 as permitted sender)
X-YMailISG: JyTQtqMWLDtdFZz2cvAo2hQSfMx1rMt89Yb0L2Qz7nlvjey6
jGlIZdr6bohYG97iAdvHsq.N0KheiwNA_JPjRAXPOiyKLxt0WtdvZcOIvxl3
GVLGUra2IumNHkrf_5xxEPL89ARCNzIRkoKlSnQhq_2JlSHGt8DANQLAAHqa
vQY1mVl3CLo44mj5IYgj9UU4D9n3fx3yIel57f2yje8hWRaBzRh23dpklMla
nWVERPR_QfDPPLzVyhDQBa9nvcBhVQtvhqdEXDPluvboep77hMErrEW56HrC
Y9ga6McsTLSkrKV8RhJF9WbOiHK7kvfQ0oltFrpygCyf60KkTfoES3D5mkmf
JS0n5.pcM_IkG_Nm5ARMI.zcRYQo1F__FepRXHsDmBkF4XaIypZx1c.qQCkU
.9yh3d4-
X-Originating-IP: [209.85.215.178]
Authentication-Results: mta1070.sbc.mail.sp1.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=pass (ok)
Received: from 207.115.36.49 (EHLO nlpi177.prodigy.net) (207.115.36.49)
by mta1070.sbc.mail.sp1.yahoo.com with SMTP; Wed, 08 Feb 2012 13:50:46 -0800
X-Originating-IP: [209.85.215.178]
Received: from mail-ey0-f178.google.com (mail-ey0-f178.google.com [209.85.215.178])
by nlpi177.prodigy.net (8.14.4 IN/8.14.4) with ESMTP id q18LohcF004898
for <interpolator2006@sbcglobal.net>; Wed, 8 Feb 2012 15:50:45 -0600
Received: by eaae1 with SMTP id e1so356514eaa.23
for <interpolator2006@sbcglobal.net>; Wed, 08 Feb 2012 13:50:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=message-id:date:content-type:from;
bh=rO4e1M40GLysisd3Vnk+eN2oyjHV/1CAR3TadFjUpbs=;
b=UPXoRG/7675QJgX3/RLGcqtOF0mWTFNrz+0M9zQ74je7AZ1IvcRZ4/a96YfzbHLJHj
/FNvTjaohjRdWQAbmppAe3j2gDMocnk2TGG9uIkSSPSb0D0WsXSLSP36ELjthIM81TIP
esC5zAbcLKwLmHi1D6agexIkoDl8HehYy6fHY=
Received: by 10.14.33.218 with SMTP id q66mr8889211eea.67.1328737843720;
Wed, 08 Feb 2012 13:50:43 -0800 (PST)
Received: from luna490 ([187.154.39.83])
by mx.google.com with ESMTPS id z47sm1796161eeh.9.2012.02.08.13.50.38
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 08 Feb 2012 13:50:43 -0800 (PST)
Message-ID: <4f32ee33.c77d0e0a.7414.4478@mx.google.com>
Date: Wed, 08 Feb 2012 13:50:43 -0800 (PST)
Content-Type: text/html
Bcc:
From: Quadrees wjfoa7u <juancamilogiraldo@gmail.com>

ORIG IP: MM/DD REPLY TO EMAIL: TRACES TO:[abbreviated]
==================================================================================
209.85.128.0 - 209.85.255.255 [GOOGLE/GMAIL]

209.85.215.172 01/31 vivianwyfei@gmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM] ATLANTA GA Atlanta
http://mikepankratz.com/ mail-ey0-f172.google.com
includes/i9bwyn.php?imsfsfv=86874

209.85.215.178 02/08 juancamilogiraldo@gmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM] ATLANTA GA
http://www.mosgallery.com/ mail-ey0-f178.google.com
wp-content/plugins/wz7k_.php?jjprq=1874

X-Apparently-To: interpolator2006@sbcglobal.net via 67.195.8.102; Wed, 08 Feb 2012 13:50:46 -0800
Received-SPF: pass (domain of gmail.com designates 209.85.215.178 as permitted sender)
X-YMailISG: JyTQtqMWLDtdFZz2cvAo2hQSfMx1rMt89Yb0L2Qz7nlvjey6
jGlIZdr6bohYG97iAdvHsq.N0KheiwNA_JPjRAXPOiyKLxt0WtdvZcOIvxl3
GVLGUra2IumNHkrf_5xxEPL89ARCNzIRkoKlSnQhq_2JlSHGt8DANQLAAHqa
vQY1mVl3CLo44mj5IYgj9UU4D9n3fx3yIel57f2yje8hWRaBzRh23dpklMla
nWVERPR_QfDPPLzVyhDQBa9nvcBhVQtvhqdEXDPluvboep77hMErrEW56HrC
Y9ga6McsTLSkrKV8RhJF9WbOiHK7kvfQ0oltFrpygCyf60KkTfoES3D5mkmf
JS0n5.pcM_IkG_Nm5ARMI.zcRYQo1F__FepRXHsDmBkF4XaIypZx1c.qQCkU
.9yh3d4-
X-Originating-IP: [209.85.215.178]
Authentication-Results: mta1070.sbc.mail.sp1.yahoo.com from=gmail.com; domainkeys=neutral (no sig); from=gmail.com; dkim=pass (ok)
Received: from 207.115.36.49 (EHLO nlpi177.prodigy.net) (207.115.36.49)
by mta1070.sbc.mail.sp1.yahoo.com with SMTP; Wed, 08 Feb 2012 13:50:46 -0800
X-Originating-IP: [209.85.215.178]
Received: from mail-ey0-f178.google.com (mail-ey0-f178.google.com [209.85.215.178])
by nlpi177.prodigy.net (8.14.4 IN/8.14.4) with ESMTP id q18LohcF004898
for <interpolator2006@sbcglobal.net>; Wed, 8 Feb 2012 15:50:45 -0600
Received: by eaae1 with SMTP id e1so356514eaa.23
for <interpolator2006@sbcglobal.net>; Wed, 08 Feb 2012 13:50:43 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=gamma;
h=message-id:date:content-type:from;
bh=rO4e1M40GLysisd3Vnk+eN2oyjHV/1CAR3TadFjUpbs=;
b=UPXoRG/7675QJgX3/RLGcqtOF0mWTFNrz+0M9zQ74je7AZ1IvcRZ4/a96YfzbHLJHj
/FNvTjaohjRdWQAbmppAe3j2gDMocnk2TGG9uIkSSPSb0D0WsXSLSP36ELjthIM81TIP
esC5zAbcLKwLmHi1D6agexIkoDl8HehYy6fHY=
Received: by 10.14.33.218 with SMTP id q66mr8889211eea.67.1328737843720;
Wed, 08 Feb 2012 13:50:43 -0800 (PST)
Received: from luna490 ([187.154.39.83])
by mx.google.com with ESMTPS id z47sm1796161eeh.9.2012.02.08.13.50.38
(version=TLSv1/SSLv3 cipher=OTHER);
Wed, 08 Feb 2012 13:50:43 -0800 (PST)
Message-ID: <4f32ee33.c77d0e0a.7414.4478@mx.google.com>
Date: Wed, 08 Feb 2012 13:50:43 -0800 (PST)
Content-Type: text/html
Bcc:
From: Quadrees wjfoa7u <juancamilogiraldo@gmail.com>
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Thu Feb 09, 2012 5:28 am

FBI Doesn't seem to be doing anything at all. I have long-since been calling them: Federal Bureau of Ignorance!
JC
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Thu Feb 09, 2012 6:10 am

HERE AS EXAMPLE: THEY DISCUSSING PHONE NUMBERS, CREDIT CARDS,
BLACKLISTED IP, FRAUD AND THE POLICE.....
hXXp://pastebin.com/ZmtPUnFN
1. Now online: Tuesday, February 7, 2012
2. You <click to change>
3. hi
4. Customer Service [agent]
5. We apologize for keeping you waiting. Our operators are busy at the moment,
6. please leave us a message with your email address and we'll get back to you shortly.
7. Now online: Support has joinedYou are currently being served by
8. Support
9. You <click to change>
10. i will wait here
11. Support [agent]
12. Hi, how can we help you today? =)
13. You <click to change>
14. hi
15. its me again ocblong@z1p.biz
16. Support [agent]
17. do you have any quesion?
18. You <click to change>
19. yes
20. some numbers are not valid any more
21. I wanted to check how the progress of my order goes on
22. checked some numbers
23. and many didnt work
24. why this ?
25. Support [agent]
26. how not work ?
27. You <click to change>
28. comes an error
29. do you have cashed in them all ?
30. Support [agent]
31. no
32. give me example please
33. You <click to change>
34. its in german
35. it means like
36. wrong number or/and password
37. Support [agent]
38. please give me card
39. You <click to change>
40. for example a random
41. 0576-4141-9401-5384
42. Support [agent]
43. moment
44. You <click to change>
45. many works
46. some not
47. dont know why
48. Support [agent]
49. are you got them form 1 client?
50. You <click to change>
51. yes something like this
52. they are not coming from myself I have to exchange for someone and I will get my %
53. Support [agent]
54. and this some one
55. he buy them from where?
56. You <click to change>
57. dont know this was never a question between us, he dont know where I exchange his money and I don't know from here get this - but look at the past orders, all paysafecards were without problems
58. I noticed now that my VPN is on - and that IP is blacklisted
59. so its my fault
60. I checked the numbers with on vpn and then they got instant blacklisted
61. all except these which were 0 €
62. sorry
63. Support [agent]
64. this is not the real problem
65. You <click to change>
66. what then ?
67. maybe all numbers are working - paysafecard is doing something at their site
68. but Im sure it is my fault with the blacklisted IP
69. Support [agent]
70. i checked last card now , it give error pin/pass
71. these paysafecards all reported to paysafecard.com as fraud
72. you or your client know the reason
73. You <click to change>
74. yes it can be so because my VPN is coming from ovpn.to and this vpns are all blacklisted everywhere, this time I forgot to put it off so the numbers got blocked. I checked the last number first and then the previous so they got all blacklisted
75. they are 100% not coming from fraud source
76. just look at the other orders
77. no such problems
78. this time it was my fault because of the blacklisted IP
79. Support [agent]
80. i cannt know the exact reason
81. but what i know now that
82. all these 60 cards reported at paysafecard.com
83. cards which used , will blocked at our merchant accounts
84. cards which still not used , they make it not work by making passwords
85. reason why it blocked, not a matter now , this is your work
86. You <click to change>
87. what do we do now ?
88. solutions ?
89. Support [agent]
90. we will check the cards more, if we see any card not used and still work
91. this means not all 60 cards blocked
92. even you can check them by your self
93. You <click to change>
94. what is with the cards which are allready cashed out ?
95. Support [agent]
96. if all blocked , so we will see how much we used , then your order will be put on hold
97. You <click to change>
98. will I get the money from the allready cashed out psc ?
99. Support [agent]
100. we used about 26-27 cards
101. of course not now at all
102. these cards should be put on hold for period of time , may be up to 3 months
103. so if we not received any fraud notificaions from police, we will send you your money for the cards which we used
104. You <click to change>
105. and if you receive ?
106. Support [agent]
107. this means , they will take these money back from our accounts or may be block all the account at all with more lost to us
108. You <click to change>
109. I dont know where this cards are coming from
110. Support [agent]
111. your clients know
112. now we are at risk of blocking our accounts, and this is not a joke
113. Fraud paysafcards if blocked , is <beep> for all
114. You <click to change>
115. do you cooperate with police ? I mean do you give them information you have ?
116. Support [agent]
117. of course, if they asked
118. if we not provide, this means we work with you to get fraud paysafecards
119. You <click to change>
120. yes I understand and I have nothing to fear because I use always VPN and open wifi to surf, and the other reason is the pscs are not coming from me
121. the only thing is
122. I have to delete my email account for security reasons, even if I did nothing
123. to protect my customer
124. but I hope it doesnt come to police
125. the pscs are 100% clean
126. Support [agent]
127. we hope too
128. this is the last thing
129. firstly= block these money from our account
130. secondly= block all our accounts
131. third= report to police
132. You <click to change>
133. ok
134. how we go on now ?
135. Support [agent]
136. I will see how much cards we used
137. then calculate its price
138. You <click to change>
139. 27
140. Support [agent]
141. put on hold for 3 months
create new paste | create new version of this paste RAW Paste Data
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Thu Feb 09, 2012 6:17 am

Just go to this link and have a look at it:
hXXp://www.pastebin.com/8w49B3nr
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Thu Feb 09, 2012 6:34 am

HOW ABOUT THIS ONE: “ONLY ON HACKED ACCOUNTS”
[as recent as 08 FEB 2012]
http://www.pastebin.com/7Yxfi8q6 (since removed, as well as http://onlyhackedaccounts.blogspot.com)

1. Real-Debird Premium Account 08 Feb 2012
2.
3. http://onlyhackedaccounts.blogspot.com/2012/02/free-real-debrid-premium-account.html
4.
5. Fast-Debird Premium Account 08 Feb 2012
6.
7. http://onlyhackedaccounts.blogspot.com/2012/02/free-fast-debrid-premium-account-07-feb.html
8.
9.
10. RAPIDHSARE Premium Account 08 Feb 2012
11.
12. http://onlyhackedaccounts.blogspot.COM/2012/02/new-fresh-premium-rapid*share-722012.html
13.
14. Filesonic Premium Account 08 Feb 2012
15.
16. http://onlyhackedaccounts.blogspot.com/2012/02/new-fresh-premium-account-filesonic_06.html
17.
18. Wupload Premium Account 08 Feb 2012
19.
20. http://onlyhackedaccounts.blogspot.com/2012/02/new-fresh-premium-account-wupload_06.html
21.
22. Hotfile Premium Account 08 Feb 2012
23.
24. http://onlyhackedaccounts.blogspot.com/2012/02/hotfile-premium-account-06022012.html
25.
26. Turbobit Premium Account 08 Feb 2012
27.
28. http://onlyhackedaccounts.blogspot.com/2012/02/free-turbobit-premium-account-07-feb.html
29.
30.
31. Fastdebird Premium Account 08 Feb 2012
32.
33. http://onlyhackedaccounts.blogspot.com/2012/02/new-fresh-premium-account-fast-debrid_06.html
34.
35. File Post Premium Account 08 Feb 2012
36.
37. http://onlyhackedaccounts.blogspot.com/2012/02/free-filepost-premium-accounts-06-feb.html
38.
39. Uploaded.to Premium Account 08 Feb 2012
40.
41.
42. http://onlyhackedaccounts.blogspot.com/2012/02/free-uploadedto-premium-cookie-06-feb.html
43.
44. Filemonster Premium Account 08 Feb 2012
45.
46. http://onlyhackedaccounts.blogspot.com/2012/02/free-filesmonster-premium-account-07.html
47.
48. FileFactory Premium Account 08 Feb 2012
49.
50. http://onlyhackedaccounts.blogspot.com/2012/02/free-filefactory-premium-accounts-06.html
51.
52. Oron Premium Account 08 Feb 2012
53.
54. http://onlyhackedaccounts.blogspot.com/2012/02/free-oron-premium-cookie-06-feb-2012.html
55.
56. AllDebrid Premium Account 08 Feb 2012
57.
58. http://onlyhackedaccounts.blogspot.com/2012/02/free-alldebrid-premium-account-06-02.html
59.
60. Share-online Premium Account 08 Feb 2012
61.
62. http://onlyhackedaccounts.blogspot.com/2012/02/free-share-online-premium-account-07.html
63.
64. Cheathappen Premium Account 08 Feb 2012
65.
66. http://onlyhackedaccounts.blogspot.com/2012/02/free-cheathappens-premium-account-06-02.html
67.
68. NetFlix Premium Premium Account 08 Feb 2012
69.
70. http://onlyhackedaccounts.blogspot.com/2012/02/netflix-premium-account-06-fabruary.html
71.
72.
73. Gigapeta.com Premium Account 08 Feb 2012
74.
75. http://onlyhackedaccounts.blogspot.com/2012/02/gigapetacom-premium-account-06-02-2012.html
76.
77.
78. UploadStation Premium Account 08 Feb 2012
79.
80. http://onlyhackedaccounts.blogspot.com/2012/02/free-uploadstation-premium-account_07.html
81.
82. Hotfile Premium Account 08 Feb 2012
83.
84. http://onlyhackedaccounts.blogspot.com/2012/02/new-fresh-premium-account-hotfile_06.html
85.
86. UseNext Premium Account 08 Feb 2012
87.
88. http://onlyhackedaccounts.blogspot.com/2012/02/free-usenext-premium-account-07-feb.html



edited to remove live links
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby AlphaCentauri » Thu Feb 09, 2012 1:46 pm

No live links, please!!

I'm still not clear what you're posting there. A copy of the spamvertised site? We've actually been seeing Canadian Health&Care Mall and its sister sites for several years now, and some of our members have analyzed it extensively.

It's not that the FBI is ignoring it -- it's one of their top targets. But the flow of information is one-way. They will collect information you submit, but they will not tip their hand about what they are doing with it. Their strategy is to build a case so ironclad that when there is an arrest, the accused has no choice but plead guilty. It's a Russian operation, but some of their associates are in the US, so they're quite interested.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Sat Feb 11, 2012 5:15 am

PASTEBIN Spamvertised site? Maybe I'm not understanding this..... According to what I'm seeing, this "PASTEBIN" is where "they" all get together to exchange their various "scripts," viruses, etc. There seems to be much more to this than just the "CANADA HEALTH CARE & MALL" scam, also "ONLINE PHARMACIES," and there seems to also be associated something called "ASIA PACIFIC," which has long-since been in the business of peddling drugs via telephone. I have repatedly emailed FBI and so far, the only response I've ever received was: "MESSAGE NOT READ."
[please see my next] JC
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Sat Feb 11, 2012 5:16 am

REF: PASTEBIN

According to Avira, PASTEBIN is a haven for VIRUS SCRIPTS.....

Avira AntiVir Personal
Report file date: Saturday, February 11, 2012 00:20

Scanning for 3317781 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Begin scan in 'G:\'
G:\PASTEBIN\PASTEBIN-2\hts-cache\old.zip
[0] Archive type: ZIP
--> http://pastebin.com/jkNS4iW7
[1] Archive type: GZ
--> object
[DETECTION] Contains recognition pattern of the BAT/KillAV.ssc batch virus
--> http://pastebin.com/YURpMLcZ
[1] Archive type: GZ
--> object
[DETECTION] Contains recognition pattern of the BAT/Agent.1275 batch virus
--> http://pastebin.com/AFWrKMJV
[1] Archive type: GZ
--> object
[DETECTION] Contains recognition pattern of the BAT/HackKas.A batch virus
--> http://pastebin.com/ue8VcSab
[1] Archive type: GZ
--> object
[DETECTION] Contains recognition pattern of the BAT/KillAV.ssc batch virus
--> http://pastebin.com/FzCqSfg6
[1] Archive type: GZ
--> object
[DETECTION] Contains recognition pattern of the PHP/Asxil.A PHP virus
--> http://pastebin.com/RLgsTerk
[1] Archive type: GZ
--> object
[DETECTION] Contains recognition pattern of the PHP/Spy.Ettu.D PHP virus
--> http://pastebin.com/raw.php?i=y03U3HVf
[1] Archive type: GZ
--> object
[DETECTION] Contains recognition pattern of the PERL/FindAdmin.A Perl virus
--> http://pastebin.com/index/y03U3HVf
[1] Archive type: GZ
--> object
[DETECTION] Contains recognition pattern of the PERL/FindAdmin.A Perl virus
--> http://pastebin.com/g8cZtHP3
[1] Archive type: GZ
--> object
[DETECTION] Contains recognition pattern of the PERL/Shellbot.a.6 Perl virus
[WARNING] This file is a mailbox. To avoid damaging your emails this file will not be repaired or deleted.

Beginning disinfection:
G:\PASTEBIN\PASTEBIN-2\hts-cache\old.zip
[DETECTION] Contains recognition pattern of the PERL/Shellbot.a.6 Perl virus
[NOTE] A backup was created as '42b98fbd.qua' ( QUARANTINE )


End of the scan: Saturday, February 11, 2012 02:46
Used time: 2:25:08 Hour(s)

The scan has been done completely.

Signed: INTERPOLATOR
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Sat Feb 11, 2012 5:26 am

Question: Wonder why the FBI just doesn't go and download the entire website, just like I did? After that, one can just go through the vast number of files, folders, blogs, photos, etc.

Also, seems to me, this to be something that INTERPOL should jump on.
JC
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Sat Feb 11, 2012 6:16 am

BLACK HOLE EMAIL ADDRESS:

Once again, I am no expert [yet] on this, but here is apparently what's going on...

1. They [spammers] have figured out how to write up various scripts, [HEADERS] that FAKE the Email Service Provider,

into thinking that the email in question is something that really is not - like that of either being reprocessed, relayed, or

received from some other source than it really is. Therefore, once the FAKED email in question hits the Email Service, it

simply becomes relayed on, to whatever the final desitination is supposed to be, including that of a FAKED "From: email

address."

2. The spammer in question simply logs onto an Email Service Provider, such
as Hotmail, by whatever means, and "dumps" his email into that system, all of
which will have those BOGUS HEADERS, to FAKE the system into simply relaying
them on. Most likely, this being done via dialup or any other connection that will
show a "FLOATING IP ADDRESS" for the email/s in question. [see my log/s below]

3. Once the indended recipient/s receive the [bogus] email in question, they can
turn right around and send a reply to the FAKED email address in question, and
they will simply receive a "BOUNCE MESSAGE."

4. What that means is, that although the 419AR seems to be a very interesting
system, it's just not getting anywhere at all, what with regard to "BLOCKING" or
even "REMOVING" all of those email addresses? [THEY DON'T EVEN EXIST!]
[if they are "BLACK HOLE ADDRESSES" that is] [see my log below]

SPAMREPS 005 09 FEB 2012
=========================
[PERIOD COVERED: 01-01-2012 THRU 02-10-2012] [and will continue as necessary]
COMMERCIAL SPAM MOST RECENT SPAM ABUSE SPAM OR SCAM

ORIG IP: MM/DD REPLY TO EMAIL: TRACES TO:[abbreviated]
==================================================================================
65.54.51.78 01/17 diahannhethccf@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESS] VANCOUVER BC
[CANADA HEALTH CARE MALL SCAM]
http://blog.niemanwatchdog.org/

65.54.51.88 02/03 hannagobqty@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM]

65.54.61.99 02/06 aurliedwwwqffi@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM] MIAMI FL
http://www.fayettedyann.com/

65.54.190.100 02/10 fredeliaskyhowq@hotmail.com SAN FRANCISCO CA
[BLACK HOLE ADDRESS]
[CANADA HEALTH CARE MALL SCAM]

65.54.190.101 02/01 natassiaeppke@hotmail.com SAN FRANCISCO CA
[BLACK HOLE ADDRESS]
[CANADA HEALTH CARE MALL SCAM]
http://www.carolanrenae.com/

65.54.190.151 01/09 vonnieaydtpqavj@hotmail.com SAN FRANCISCO
[BLACK HOLE ADDRESS]
[CANADA HEALTH CARE MALL SCAM]
http://www.terrydevina.com/

65.54.190.157 01/13 pollysefbj@hotmail.com SAN FRANCISCO
[BLACK HOLE ADDRESS]
[CANADA HEALTH CARE MALL SCAM]
http://www.florindamillicent.com/

65.54.190.206 01/20 evitainnexykcn@hotmail.com SAN FRANCISCO
[BLACK HOLE ADDRESS]
[CANADA HEALTH CARE MALL SCAM]
http://www.charminecharmain.com/

SEE ALSO: 98.139.213.149
157.55.2.11
209.54.182.131

65.55.34.139 01/29 alejandrinaqxsludrzq@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESS] VANCOUVER BC
[CANADA HEALTH CARE MALL SCAM]
http://www.starkrystyna.com/

65.55.34.147 01/17 isahellafjlvgtg@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM] VANCOUVER BC
http://www.graycecarolina.com/

65.55.34.153 01/08 hollygglybuxdb@hotmail.com [SPOOFED IP?]
[BLACK HOLE ADDRESS?]
[CANADA HEALTH CARE MALL SCAM]
http://www.kellenramonda.com/

65.55.34.200 01/29 rainadcaflghw@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESS] SEATTLE WA

65.55.34.203 01/10 nancyomzfrpjx@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
VANCOUVER BC

65.55.34.205 01/29 rainadcaflghw@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESS?] VANCOUVER BC
[CANADA HEALTH CARE MALL SCAM]
http://www.annadiananorine.com/

65.55.90.86 02/02 alleneffacct@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[PHARMACY EXPRESS SCAM] VANCOUVER BC
http://rmmedic.com/

65.55.90.87 01/24 ambertyxll@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESS] VANCOUVER BC

65.55.90.92 01/27 nissiehokav@hotmail.com NEW YORK
[BLACK HOLE ADDRESS] SEATTLE

65.55.90.104 02/01 rosanayqzihsaees@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM] VANCOUVER BC
http://www.phylisgabrielle.com/

65.55.90.148 01/25 renellfuwidoakc@hotmail.com SUNYVALE CA
[BLACK HOLE ADDRESS] NEW YORK NY
VANCOUVER BC

65.55.90.150 01/28 othiliamswslhml@hotmail.com NEW YORK N
[BLACK HOLE ADDRESS] SEATTLE WA

65.55.90.162 01/14 doniahuupkzr@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESS] VANCOUVER BC

65.55.90.162 01/16 aileekykuu@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESS] VANCOUVER

65.55.90.165 01/18 fredericapzmrdst@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESS] VANCOUVER BC

65.55.90.204 01/13 gennajmpswxbxl@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESSES] VANCOUVER BC

65.55.90.214 01/22 penniebdrdfrv@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESS] VANCOUVER BC

65.55.90.222 01/08 rupertadlfivpe@hotmail.com [SPOOFED IP?]
[BLACK HOLE ADDRESS]

65.55.90.231 01/15 denysexcxmdtcmna@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESS] VANCOUVER BC

65.55.90.145 02/07 ardeliscjfqu@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM]

65.55.90.237 01/14 bellewsguegzca@hotmail.com SUNNYVALE CA
[BLACK HOLE ADDRESSES] MIAMI FL
VANCOUVER BC

65.55.111.76 02/10 meggyhcssovbx@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] MIAMI FL
[ONLINE PHARMACY SCAM] ATLANTA GA
http://www.rafaanallese.com/
[http://rmmedic.com/]


65.55.111.152 01/22 lesleyvloou@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
VANCOUVER BC

65.55.111.153 01/12 rosalyndzbbrohl@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
VANCOUVER BC

65.55.111.112 01/24 dennieenkedkfp@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM]
http://www.fideliaroberta.com

65.55.111.146 01/27 kirstenixqdhra@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
VANCOUER BC

65.55.111.145 01/22 kamillahlreaifjgyy@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
VANCOUVER BC

65.55.111.156 01/16 diannnehpjal@hotmail.com NEW YORK NY
munkhbayar@mobinet.mn SUNNYVALE CA
[BLACK HOLE ADDRESS] SEATTLE
[CANADA HEALTH CARE MALL SCAM]
http://www.brinameta.com/

65.55.111.163 01/09 leaamfeyqtf@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS?] SUNNYVALE CA
VANCOUVER BC

65.55.111.170 01/15 dulcernkaa@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
VANCOUVER BC

65.55.111.170 01/28 help@treebrown.com VANCOUVER
Paterson treebrown.com

65.55.116.86 01/18 cacilielljtiqq@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] MIAMI FL
SUNNYVALE
VANCOUVER BC
65.55.116.87 01/28 hams-321@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SAN FRANCISCO CA
[CANADA HEALTH CARE MALL SCAM] VANCOUVER BC
http://magnobeam.com/
flyer/aye_ic.php?ltqrem=97770

65.55.116.88 02/09 aneethjan30@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM] VANCOUVER BC
http://www.studjobs.ro/
_includes/ajax/r68yf6.php?xoihx=2535

65.55.116.104 01/27 happy_gilmore_svordom@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM] SEATTLE WA
http://maturepornspy.com/linkex/ip0a.php?vcat=002534

65.55.116.109 02/01 julian.vacas@hotmail.com NEW YORK NY
[BLACK HOLE ADDRESS] SUNNYVALE CA
[CANADA HEALTH CARE MALL SCAM] VANCOUVER BC
http://medannic.com/
medannic/tmplc/l1np9.php?cula=1224

SEE ALSO: 98.139.213.149
157.55.2.11
209.54.182.131

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby AlphaCentauri » Sat Feb 11, 2012 9:48 am

Okay, I see the issue. There are two kinds of spammer email addresses:

1. fake from addresses on emails that don't require a response. Those are emails that spamvertise websites like Canadian Health&Care Mall (CH&CM). Spam reporters ignore them, except when they use our email addresses and we get all the bounce messages, in which case we can use the data in the bounces to gather certain types of evidence.

2. real email addresses in emails that DO require a response. A 419 email is not leading to the spammer's e-commerce website. The target victim has to be able to respond. The spammer doesn't want a fake email address distracting potential money-paying victims from getting in touch with him via a real address. They often have multiple real email addresses within the spam itself (the "from," the "reply-to," and an email address within the body of the email), and if any of them is fake, the spammer loses potential responses. Shutting down those email addresses before he can respond to the victims with a new, safe email address will terminate the spammer-victim relationship.

That's why we only do this with 419 spam, not with other types, where the email addresses are fake.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 5989
Joined: Thu Mar 01, 2007 3:01 am

Re: PASTEBIN / CANADA HEALTH CARE MALL SCAM / ANONYMOUS

Postby INTERPOLATOR » Sat Feb 11, 2012 11:02 am

What's happening here, is that most every one of the spam emails I getting from the 65.55.52.xxx block [PASTEBIN] is setting up a different phoney website [CANADA HEALTH CARE] [ONLINE PHARMACY] [ETC.] [new website buried in the message] And then, the "originating email address" means nothing at all, because it never really existed in the first place.
JC
INTERPOLATOR
Getting started
 
Posts: 19
Joined: Sun Jan 29, 2012 9:37 pm
Location: Fort Worth, Texas

Next

Return to Botnets, Hijacks and Hacking

Who is online

Users browsing this forum: No registered users and 1 guest

cron