Justus Perlwitz

Who To Sue If Skype Spam Kills You

The other day I received this ominous message on Skype from an infected machine:


A Trail of 302s

The URL redirects to http://professtanitim.com (with a revealing WHOIS record), which just serves this mysterious JavaScript:

Even in Shandong, programmers like the K&R indent style. Let’s try one of these random URLs:

curl -Lv 'http://fuckyou.com-n7d.net/a=311397&c=wl_con&assholes'
< HTTP/1.1 302 Found
[...] # Gasp! Another redirect
< Location: http://com-zau.net/?a=311397&c=wl_con
[...] # The domain is owned by the same Shamdong individual
< HTTP/1.1 302 Found
[...] # Gasp! Another redirect
< Location: http://277-beauty.com-zau.net/dekedj/womenshealth/
[...] # Same host
< HTTP/1.1 200 OK
< Server: nginx
< X-Powered-By: PHP/5.3.28 # old, grumpy PHP version

The Fake Magazine

image aFake Women’s Health magazine article

The article seems to cater to insecure women that are desperately trying to lose weight and are thus easy bait for weight loss drug scammers. In it, two drugs are being promoted: Garcinia Cambogia + Pure Life Cleanse, AKA Pure Wallet Cleanse, amirite??!

Who is behind it?

Let’s see whether we can find out which company is selling these weight loss drugs.

After sifting through the order page that is linked on the fake article, one can quickly see that a company called BioTrim Labs owns the product. The redirect path there is interesting: It goes through another host name vikingtrck.com which runs Microsoft-IIS/7.5. Now, we all know what IIS stand for: Level 10 CVE. Not only do these scammers hardly cover up their WHOIS records, their server infrastructure is vastly outdated.

Now, when you try to look up BioTrim labs at a UK, US or Germany company registry, it does not turn up. So this is where the trail ends. I have no idea who you should sue once your intestines turn into jello.

Date created:
September 10, 2015

PDF version

Back to Index

You are more than welcome to share your thoughts via email