WARNING: 107.175.219.12 is hosting and soliciting malware via text messages

If you receive any text messages advising you to click a link with http://107.175.219.12, or any IP within the following range, 107.175.219.0 – 107.175.219.255, followed by /****.php in URL, do not click the link. It’s a malicious script. Persons are so desperate for anyone to click their link, they’re texting the numbers of persons who report fraud such as this daily.

The sender’s name is not a phone number, but an email address, such as [0-9]+(at)panix(dot)com or [0-9]+(at)aime(dot)com. However, the messages are being sent through 6245 (Verizon SMS) or the 6245-short code number is being spoofed. View your mobile phone billing records to verify matching text message time, which will match your time zone or the mobile company’s time zone, if you’re both in the same area.

Here’s an example of a message. And note the forgery and unlawful use of company’s name (Home Depot).

43560@aime.com 12:49pm
/ – / HOME DEPOT
We have a WlNNER: CID#43560
–_http://107.175.219.12#/Hdepot.php
Send 0 to STOP

Unlawful HLM hosted script

The networks associated with the messages are:

HLM (C07655687) 560 S. state Street, Ste G2, Orem, Utah 84058 (no phone is associated with ARIN information, and address appears to be forged as well)

Colocrossing (ABUSE3246-ARIN) / Velocity Servers Inc. (NETWO882-ARIN) 325 Delaware Avenue
Suite 300, Buffalo, NY 14202 +1-800-518-9716 (Office) abuse@colocrossing.com

Report the invasion of your mobile phone to your provider so that the messages can be filtered and stopped. Clicking the link, only furthers the problem.


More information about HLM, which has now been confirmed to be an organized crime entity.

Please read more at: https://www.spamhaus.org/rokso/evidence/ROK11457/dama-media-services-damon-mali-wilkinson/main-information. Spamhaus.org is not f’n around with this entity, and is tracking any and all about their organized crime via various networks.

HLM’s fraud cannot and should not be allowed continuously, as their activity is fraud, theft by deception, harassment and more. Each and every message will be reported instantly.

From Spamhaus.org:

Damon Mali Wilkinson runs “Dama Media Services” also going by many other names. His goal is to lease IP ranges, giving various reasons why he needs them, which are then turned around and given to spammers.
Partner in spam with PredictLabs and many other spammers.
Company names used:

Dama Media Services, LLC
HLM / Highlight Marketing, LLC
InfoTechUSA.net
Online Media Connect
Slash20, LLC
Dreamnow, LLC
986 Media LLC

https://www.spamhaus.org/rokso/evidence/ROK11457/dama-media-services-damon-mali-wilkinson/main-information

Names used:

Damon Mali Wilkinson
Danny Dahl
Connor Shields
Jonathan Sawyers

——————————————————————————–

Damon Mali Wilkinson
8553 Shulsen Lane Apt 2, West Jordan, UT 84088
(801) 676-9602, (801) 568-2750

https://www.spamhaus.org/rokso/evidence/ROK11457/dama-media-services-damon-mali-wilkinson/main-information

Text messages received:

FROM: 87926@typingstudy.com at 2:47AM EST 11/29/2021

/ – / Starbucks GlVEaway
–_http://107.175.219.15#/SB.php
Send 0 to STOP

==

HLM/Damon Mali Wilkinson repeated fraud

53952@panix.com 4:39pm (11/28/2021)

/ – / PIay Has N0 Iimit
Your P S 5 ls on the way
http://107.175.219.12/PIay5.php

HLM/Damon Mali Wilkinson repeated fraud

96333@aime.com at 2:45pm (11/28/2021
/ – / Weekend-MobiIe
Congrats CID#96333
–_http://107.175.219.13#/wknd.php
Send 0 to STOP

HLM/Damon Mali Wilkinson repeated fraud

FROM: 57854@panix.com 8:44pm (11/24/2021)
/ – / Thank you CID#57854
Your iPad Pro is Ready to Ship Upon Confirmation
http://107.175.219.12/ipad.php

HLM/Damon Mali Wilkinson repeated fraud

UPDATE:

Scam spammer has now switched to the following networks:

Dec 2, 2021 from 6245 SMS short code with forged sender: 86337@localtoprank.com 9:12pm EST

/ – / HOME DEPOT
We have a WlNNER: CID#86337

https://shortlink.ba/7J8w3#msgjs.php
==

Dec 3, 2021 FROM 6245 (Verizon SMS short code) with forged sender: 30499@tripstrading.com 7:48pm EST

/ – / /
Target User#30499
1OO Bucks for you
http://109.236.50.8/TGT.php
Send 0 to stop
==

Network providing service: Meric Hosting abuse@meric.net.tr Musteri-Network
date/time, destination, number, direction, type
12/24/2021, 09:31 PM PST 12:31 AM EST, –, (624) 5, Incoming, Text
From: 81705@khakibos.co.za
/ – / /
Your Xmas Gift is here
https:http://3260518168/sa.php
Date & Time, Destination, Number, Direction, Type
12/27/2021,07:43 PM | — | (624) 5 | Incoming | Text
12/27/2021,07:40 PM | — | (624) 5 | Incoming | Text

12/27/2021
FROM SMS 6245 (Verizon) with forged sender as xs5qu@netzero.net at 10:43pm EST
/ [-|-]Mobile /
Please take this brief 30 second survey about T-mobile and we’ll offer you 100 bucks christmas gift : r.napcopromo.com/s.ashx?ms=NPCPR:[redacted]&e=dear-user@t-mobile.com&eId=[redacted]&c=sghn&url=uto.la/wpN#xs5qu

12/27/01
FROM 69704@24htimviec.com 10:40pm EST
/ – //
WIN.NER: [redacted – consumers phone number embedded as link more than likely to a phishing site]
https:http://3260518168///i13.php

From 6245 at 10:02EST with sender info: 14745@asif.im
/ – / -T H A N K Y O U !
C l D : E8YPE1

https:/WlN::http://194.87.143.43///w.php
Network: AirBit GmbH abuse@air-bit.eu

Dec 31, 2021 From SMS short code 6245 (Verizon) with sender forged as 97221@styleswow.com at 7:40am EST:
/ – / T H A N K Y O U !
T – M O B l L E
#[redacted link of consumer’s number as an embedded link to click, but person wants recipient to know their number is targeted]

–https:/WlN::http://194.87.141.136///E.php

Send 0 to STOP
==

Dec 31, 2021 FROM SMS short code 6245 (Verizon) with from sender info forged as 40493@styleswow.com at 3:24am EST:
/ – / T H A N K Y O U !
T – M O B l L E
#[redacted link of consumer’s number as an embedded link to click, but person wants recipient to know their number is targeted]

–https:/WlN::http://194.87.141.136///E.php

Send 0 to STOP
==

Dec 31, 2021 FROM SMS short code 6245 (Verizon) with from sender at 29701@airiters.com at 6:10pm EST:
/ – / T H A N K Y O U !
l P H ON E 1 3 – F O R
#[redacted link of consumer’s number as an embedded link to click, but person wants recipient to know their number is targeted]

–https:/WlN::http://3260517629/G.php

Send 0 to STOP
==

Jan 2, 2022 6:16pm EST from SMS short code 6245 with forged sender info: 32976@renuka-voyagerforlife.com
/ – / T H A N K Y O U !
1 0 0 B u c k s F O R
#[redacted link of consumer’s number as an embedded link to click, but person wants recipient to know their number is targeted]

–https:/Wln::http://1844196291////gl.php

Send 0 to STOP
==

About the author: Our Tech WHIRL WHIRL Staff Verified Tech-Edu
Tech news and information, cyber security, innovation and all things geek... because we all know tech and women run the world.

WHIRL In!

WHIRL Forward With Us!
Make a difference and connect with other all-inclusive organizations and individuals!

Comments

@peepso_user_38(OurWHIRL Staff)
# We totally covered this months ago. But glad others are being educated, so that "happy clickers" do not create more problems on networks.
#cybersafety #cybersecurity #phising #scammers

https://www.cnbc.com/2022/04/02/scammers-are-texting-you-from-your-own-number-now-what-to-do-about-it.html
6 April 2022 2:52am

WHIRL News and Info