ADAROSS Scam Site list - 07/26/2019

[size=15]Messages here will be posted automatically as the automated system finds popups.[/size]

[b][size=12]Please do not @ADAROSS when replying[/size][/b]

Number: 877-526-2110

Link: http://165.22.162.10/

![](upload://ipqKbThnpSO0GgOmKN3zfw2JGwE.png)[img]https://cdn.discordapp.com/attachments/572954145628225537/604356545882357787/adaross_temp_scam_site_image_5.png[/img]
[size=10]there is a extremely small chance the image above is wrong but nothing else should be wrong with the information[/size]
[size=12]The following information was found by the automated system called ADAROSS (Automated Detection And Removal Of Scam Sites)[/size]

[COLOR=red][b][size=14]DISCLAIMER: we nor scammer.info are responsible for anything you do or have done with this information[/size][/b][/COLOR]
[b][size=12]Please do not @ADAROSS when replying[/size][/b]

Number: 877-526-2110

Link: http://165.22.162.10/fir/

![](upload://hfizYVHGAwFQdPozakTdoa10XTw.png)[img]https://cdn.discordapp.com/attachments/572954145628225537/604356647875510309/adaross_temp_scam_site_image_2.png[/img]
[size=10]there is a extremely small chance the image above is wrong but nothing else should be wrong with the information[/size]
[size=12]The following information was found by the automated system called ADAROSS (Automated Detection And Removal Of Scam Sites)[/size]

[COLOR=red][b][size=14]DISCLAIMER: we nor scammer.info are responsible for anything you do or have done with this information[/size][/b][/COLOR]
[b][size=12]Please do not @ADAROSS when replying[/size][/b]

Number: 877-526-2110

Link: http://165.22.162.10/iedge/

![](upload://hfizYVHGAwFQdPozakTdoa10XTw.png)[img]https://cdn.discordapp.com/attachments/572954145628225537/604356699607793665/adaross_temp_scam_site_image_3.png[/img]
[size=10]there is a extremely small chance the image above is wrong but nothing else should be wrong with the information[/size]
[size=12]The following information was found by the automated system called ADAROSS (Automated Detection And Removal Of Scam Sites)[/size]

[COLOR=red][b][size=14]DISCLAIMER: we nor scammer.info are responsible for anything you do or have done with this information[/size][/b][/COLOR]
[b][size=12]Please do not @ADAROSS when replying[/size][/b]

Wasted an hour of their time, classic netstat/msconfig call, attempted to syskey the VM at the end after trying to take payment with a fake CC.

Number: 833-212-2232

Link: http://kevinmarshrecptiant.club/25July_Shariq_win_mac/Bxsdsdsdwewe2323sdsds/

![](upload://qwqNsCIuDkOzlvDLLpzAobx0IdC.png)[img]https://cdn.discordapp.com/attachments/572954145628225537/604374165931163669/adaross_temp_scam_site_image_5.png[/img]
[size=10]there is a extremely small chance the image above is wrong but nothing else should be wrong with the information[/size]
[size=12]The following information was found by the automated system called ADAROSS (Automated Detection And Removal Of Scam Sites)[/size]

[COLOR=red][b][size=14]DISCLAIMER: we nor scammer.info are responsible for anything you do or have done with this information[/size][/b][/COLOR]
[b][size=12]Please do not @ADAROSS when replying[/size][/b]

UH OH, THEY JUST ATTACKED A WA STATE LIBRARY!

RIGHT BACK TO SOFMEN.COM https://www.virustotal.com/gui/url/8fd49c4e6e5df307f8c27b5852918245209f165fd36a3726926c76224609b181/community
Warning, Bot net work of malware and trojans. Espionage, extortion, economic terrorism and running scam operations.
Visiting the servers or the websites on the listed servers may make your systems a target for attack and exploitation.
DATA COLLECTION DATE: 7 26 2019
Tax evasion, business license fraud for the purpose of economic terrorism
CLIST AD LINK: https://seattle.craigslist.org/see/cps/d/bellevue-we-design-new-homes-remodels/6942797357.html
CLIST REVOLVING RELAY EMAIL: [email protected]
Screens of live ad:
https://ibb.co/JkbQnrM
https://ibb.co/2h5hGD1
Extra data on subject: BOT NET WORK AND MALWARE DISTRIBUTION
www.magneticdesigngroup.com
AKA
MagneticDesignGroup.com
Serving IP: 198.71.232.3
TC: https://www.threatcrowd.org/domain.php?domain=www.magneticdesigngroup.com
TCSC: https://ibb.co/rZgYQKm

Via Trace Route: 72.167.191.69
TC: https://www.threatcrowd.org/ip.php?ip=72.167.191.69
TCSC: https://ibb.co/5Gwfx6N

VT:
1. https://www.virustotal.com/gui/url/73da721274a4789ca963e70a4257711b4e71bf9c963bc0a79f88d62cb08e3abe/detection
2. https://www.virustotal.com/gui/url/9f3ea5be2d6ccf14c0ea8e08b5a43f7e42e83e44ec9de98be3e3f7a2b8bb1940/community

tech support scam page for economic terrorism, extortion and espionage
Devliery link: http://kevinmarshrecptiant.club/25July_Shariq_win_mac/Bxsdsdsdwewe2323sdsds/
SC: https://ibb.co/Bfq7vpL
kevinmarshrecptiant.club
AKA
www.kevinmarshrecptiant.club NOTE THAT GREEN NODE
TC: https://www.threatcrowd.org/domain.php?domain=www.kevinmarshrecptiant.club
TCSC: https://ibb.co/s9dd17q
First Malware Node: OH LOOK, A GIANT BOT NET OF MALWARE and irc bots
https://www.threatcrowd.org/ip.php?ip=50.63.202.44
TCSC un cleaned up: https://ibb.co/9sz8PZS
107.180.48.115
OH LOOK WHO IT IS, ANUJ
Registrant Name: anuj ALI
Registrant Organization:
Registrant Street: turner road
Registrant City: Dehradun
Registrant State/Province: Uttarakhand
Registrant Postal Code: 248001
Registrant Country: IN
Registrant Phone: +91.7017675551
Registrant Email: [email protected]

@ADAROSS#101333

This one is a bit harder to get the source off of, i am working on that. Difficult page really.

https://www.youtube.com/watch?v=msDcShv_r20

@ADAROSS#101333

https://www.youtube.com/watch?v=8_mePjkQW_c