JustTooMuchTime
04-13-2013, 05:52 PM
Got spammed with Profit From Home Academy the other day from somebody who had their account hacked. Looks like the countries involved are Ukraine, China, and Georgia. I've seen credit card theft rings from the countries that set up fake bizopp sites. I didn't catch anything like that with this one so far, but I'm still looking into it.
It's the usual bizopp scam-sales page used for boiler-room lead generation.
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-header_zpsf54eeff6.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-header_zpsf54eeff6.png.html)
The site spammed to my email is hosted in Georgia (the country).
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/maikaprint-ge_zpsa4bd88c4.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/maikaprint-ge_zpsa4bd88c4.png.html)
That site redirected to a fake news site which triggered an intrusion alert attempt from Norton...
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-com-fake-survey_zpsc742006f.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-com-fake-survey_zpsc742006f.png.html)
The Profit-From-Home-Academy.com site ICANN registrar is the CENTER OF UKRAINIAN INTERNET NAMES
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-ICANN-registrarPNG_zpsc0026c26.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-ICANN-registrarPNG_zpsc0026c26.png.html)
The Profit From Home Academy is listed with a fake U.S. address. The email address is associated with numerous other questionable sites (more on that later).
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/Profit-From-Home-Academy-Com-Whois_zpsdcb7f127.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/Profit-From-Home-Academy-Com-Whois_zpsdcb7f127.png.html)
privacy protection for profit-from-home-academy.com's nameserver (webnsweb.com) is listed as being from China.
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/webnsweb-com-whois_zps260bdb07.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/webnsweb-com-whois_zps260bdb07.png.html)
Profit-From-Home-Academy.com is using the site securely-checkout-now.com for its order page:
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/securely-checkout-now-com-URL_zps421a54d5.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/securely-checkout-now-com-URL_zps421a54d5.png.html)
securely-checkout-now.com uses the same nameserver as profit-from-home-academy.com:
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-ICANN-registrarPNG_zpsc0026c26.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-ICANN-registrarPNG_zpsc0026c26.png.html)
securely-checkout-now.com also moves through IPs from 3 different countries - German, Russia, & the Netherlands in under 30 days.
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/webnsweb-com-ip-moving_zps5a230d6d.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/webnsweb-com-ip-moving_zps5a230d6d.png.html)
It's the usual bizopp scam-sales page used for boiler-room lead generation.
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-header_zpsf54eeff6.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-header_zpsf54eeff6.png.html)
The site spammed to my email is hosted in Georgia (the country).
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/maikaprint-ge_zpsa4bd88c4.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/maikaprint-ge_zpsa4bd88c4.png.html)
That site redirected to a fake news site which triggered an intrusion alert attempt from Norton...
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-com-fake-survey_zpsc742006f.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-com-fake-survey_zpsc742006f.png.html)
The Profit-From-Home-Academy.com site ICANN registrar is the CENTER OF UKRAINIAN INTERNET NAMES
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-ICANN-registrarPNG_zpsc0026c26.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-ICANN-registrarPNG_zpsc0026c26.png.html)
The Profit From Home Academy is listed with a fake U.S. address. The email address is associated with numerous other questionable sites (more on that later).
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/Profit-From-Home-Academy-Com-Whois_zpsdcb7f127.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/Profit-From-Home-Academy-Com-Whois_zpsdcb7f127.png.html)
privacy protection for profit-from-home-academy.com's nameserver (webnsweb.com) is listed as being from China.
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/webnsweb-com-whois_zps260bdb07.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/webnsweb-com-whois_zps260bdb07.png.html)
Profit-From-Home-Academy.com is using the site securely-checkout-now.com for its order page:
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/securely-checkout-now-com-URL_zps421a54d5.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/securely-checkout-now-com-URL_zps421a54d5.png.html)
securely-checkout-now.com uses the same nameserver as profit-from-home-academy.com:
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-ICANN-registrarPNG_zpsc0026c26.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/profit-from-home-academy-ICANN-registrarPNG_zpsc0026c26.png.html)
securely-checkout-now.com also moves through IPs from 3 different countries - German, Russia, & the Netherlands in under 30 days.
http://i1242.photobucket.com/albums/gg536/Paul_Schlegel/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/webnsweb-com-ip-moving_zps5a230d6d.png (http://s1242.photobucket.com/user/Paul_Schlegel/media/Coaching%20Program%20Lead%20Gen%20Sites/Profit%20From%20Home%20Academy/webnsweb-com-ip-moving_zps5a230d6d.png.html)