If you receive any text messages advising you to click a link with http://107.175.219.12, or any IP within the following range, 107.175.219.0 – 107.175.219.255, followed by /****.php in URL, do not click the link. It’s a malicious script. Persons are so desperate for anyone to click their link, they’re texting the numbers of persons who report fraud such as this daily.
The sender’s name is not a phone number, but an email address, such as [0-9]+(at)panix(dot)com or [0-9]+(at)aime(dot)com. However, the messages are being sent through 6245 (Verizon SMS) or the 6245-short code number is being spoofed. View your mobile phone billing records to verify matching text message time, which will match your time zone or the mobile company’s time zone, if you’re both in the same area.
Here’s an example of a message. And note the forgery and unlawful use of company’s name (Home Depot).
43560@aime.com 12:49pm
Unlawful HLM hosted script
/ – / HOME DEPOT
We have a WlNNER: CID#43560
–_http://107.175.219.12#/Hdepot.php
Send 0 to STOP
The networks associated with the messages are:
HLM (C07655687) 560 S. state Street, Ste G2, Orem, Utah 84058 (no phone is associated with ARIN information, and address appears to be forged as well)
Colocrossing (ABUSE3246-ARIN) / Velocity Servers Inc. (NETWO882-ARIN) 325 Delaware Avenue
Suite 300, Buffalo, NY 14202 +1-800-518-9716 (Office) abuse@colocrossing.com
Report the invasion of your mobile phone to your provider so that the messages can be filtered and stopped. Clicking the link, only furthers the problem.
More information about HLM, which has now been confirmed to be an organized crime entity.
Please read more at: https://www.spamhaus.org/rokso/evidence/ROK11457/dama-media-services-damon-mali-wilkinson/main-information. Spamhaus.org is not f’n around with this entity, and is tracking any and all about their organized crime via various networks.
HLM’s fraud cannot and should not be allowed continuously, as their activity is fraud, theft by deception, harassment and more. Each and every message will be reported instantly.
From Spamhaus.org:
Damon Mali Wilkinson runs “Dama Media Services” also going by many other names. His goal is to lease IP ranges, giving various reasons why he needs them, which are then turned around and given to spammers.
Partner in spam with PredictLabs and many other spammers.
Company names used:Dama Media Services, LLC
https://www.spamhaus.org/rokso/evidence/ROK11457/dama-media-services-damon-mali-wilkinson/main-information
HLM / Highlight Marketing, LLC
InfoTechUSA.net
Online Media Connect
Slash20, LLC
Dreamnow, LLC
986 Media LLC
Names used:
https://www.spamhaus.org/rokso/evidence/ROK11457/dama-media-services-damon-mali-wilkinson/main-information
Damon Mali Wilkinson
Danny Dahl
Connor Shields
Jonathan Sawyers
——————————————————————————–
Damon Mali Wilkinson
8553 Shulsen Lane Apt 2, West Jordan, UT 84088
(801) 676-9602, (801) 568-2750
Text messages received:
FROM: 87926@typingstudy.com at 2:47AM EST 11/29/2021
HLM/Damon Mali Wilkinson repeated fraud
/ – / Starbucks GlVEaway
–_http://107.175.219.15#/SB.php
Send 0 to STOP
==
53952@panix.com 4:39pm (11/28/2021)
/ – / PIay Has N0 Iimit
HLM/Damon Mali Wilkinson repeated fraud
Your P S 5 ls on the way
http://107.175.219.12/PIay5.php
96333@aime.com at 2:45pm (11/28/2021
HLM/Damon Mali Wilkinson repeated fraud
/ – / Weekend-MobiIe
Congrats CID#96333
–_http://107.175.219.13#/wknd.php
Send 0 to STOP
FROM: 57854@panix.com 8:44pm (11/24/2021)
HLM/Damon Mali Wilkinson repeated fraud
/ – / Thank you CID#57854
Your iPad Pro is Ready to Ship Upon Confirmation
http://107.175.219.12/ipad.php
UPDATE:
Scam spammer has now switched to the following networks:
Dec 2, 2021 from 6245 SMS short code with forged sender: 86337@localtoprank.com 9:12pm EST
/ – / HOME DEPOT
We have a WlNNER: CID#86337
https://shortlink.ba/7J8w3#msgjs.php
==
Dec 3, 2021 FROM 6245 (Verizon SMS short code) with forged sender: 30499@tripstrading.com 7:48pm EST
date/time, destination, number, direction, type/ – / /
Network providing service: Meric Hosting abuse@meric.net.tr Musteri-Network
Target User#30499
1OO Bucks for you
http://109.236.50.8/TGT.php
Send 0 to stop
==
12/24/2021, 09:31 PM PST 12:31 AM EST, –, (624) 5, Incoming, Text
From: 81705@khakibos.co.zaDate & Time, Destination, Number, Direction, Type
/ – / /
Your Xmas Gift is here
https:http://3260518168/sa.php
12/27/2021,07:43 PM | — | (624) 5 | Incoming | Text
12/27/2021,07:40 PM | — | (624) 5 | Incoming | Text
12/27/2021
FROM SMS 6245 (Verizon) with forged sender as xs5qu@netzero.net at 10:43pm EST
/ [-|-]Mobile /
Please take this brief 30 second survey about T-mobile and we’ll offer you 100 bucks christmas gift : r.napcopromo.com/s.ashx?ms=NPCPR:[redacted]&e=dear-user@t-mobile.com&eId=[redacted]&c=sghn&url=uto.la/wpN#xs5qu
12/27/01
FROM 69704@24htimviec.com 10:40pm EST
/ – //
WIN.NER: [redacted – consumers phone number embedded as link more than likely to a phishing site]
https:http://3260518168///i13.php
From 6245 at 10:02EST with sender info: 14745@asif.imNetwork: AirBit GmbH abuse@air-bit.eu
/ – / -T H A N K Y O U !
C l D : E8YPE1
https:/WlN::http://194.87.143.43///w.php
Dec 31, 2021 From SMS short code 6245 (Verizon) with sender forged as 97221@styleswow.com at 7:40am EST:
/ – / T H A N K Y O U !
T – M O B l L E
#[redacted link of consumer’s number as an embedded link to click, but person wants recipient to know their number is targeted]
–https:/WlN::http://194.87.141.136///E.php
Send 0 to STOP
==
Dec 31, 2021 FROM SMS short code 6245 (Verizon) with from sender info forged as 40493@styleswow.com at 3:24am EST:
/ – / T H A N K Y O U !
T – M O B l L E
#[redacted link of consumer’s number as an embedded link to click, but person wants recipient to know their number is targeted]
–https:/WlN::http://194.87.141.136///E.php
Send 0 to STOP
==
Dec 31, 2021 FROM SMS short code 6245 (Verizon) with from sender at 29701@airiters.com at 6:10pm EST:
/ – / T H A N K Y O U !
l P H ON E 1 3 – F O R
#[redacted link of consumer’s number as an embedded link to click, but person wants recipient to know their number is targeted]
–https:/WlN::http://3260517629/G.php
Send 0 to STOP
==
Jan 2, 2022 6:16pm EST from SMS short code 6245 with forged sender info: 32976@renuka-voyagerforlife.com
/ – / T H A N K Y O U !
1 0 0 B u c k s F O R
#[redacted link of consumer’s number as an embedded link to click, but person wants recipient to know their number is targeted]
–https:/Wln::http://1844196291////gl.php
Send 0 to STOP
==
WHIRL In!
Comments
#cybersafety #cybersecurity #phising #scammers
https://www.cnbc.com/2022/04/02/scammers-are-texting-you-from-your-own-number-now-what-to-do-about-it.html