Audio Buy Fraud
Report
Active
Domain
Don't Bear Internet Fraud
Home
Bobbear Icon
Audio Buy website screenshot (22-Jan-2009)
Audio Buy stolen website screenshot (22-Jan-2009)
This Audio Buy criminal fraud website should not be confused with any other company with the same or similar name. The above screenshot and the following evidence defines this criminal alone.

Audio Buy  is another fraud from the money laundering/reshipping fraud department of the well known 'Rockphish/Asprox' phishing criminals. It was spotted as a domain in DNS replication data on known rockphish zombies and is hosted on a 5-IP zombie botnet, so it is fraudulent without a shadow of a doubt, but its purpose is not yet apparent. It appears to be a fraud in the making. It is rather reminiscent of the old High Level and Next Level frauds inasmuch as it is apparently a merchant site but it is not possible to buy anything. It appears to have a sister site of Elite Jewelry. They claim above to have been founded in 2002, but their domain sellbyinternet.com was only registered with REGISTER.COM, INC. on 10-Nov-2008 which is a clear indication of a fake website.

Audio Buy : Evidence of Site Theft and Criminal Fraud

i) The Audio Buy fraud website is hosted on a five-IP 'fastflux' zombie botnet as evidenced below - No legitimate company would use a zombie botnet to host their website - irrefutable evidence of criminality.

ii) Passive DNS data research on the zombies hosting the site show that the same zombies are currently used to host the Bullet Motorsports Speedlab (BMS) website, the Pacific Corporation website, the Duty Free Shopping website, the Elite Jewelry website and other fraudsters, attack URLs and 'phishing' URLs.

iii) A Google search for "Audio Buy" returns loads of hits as you'd expect with a generic term like that, but nothing for these criminals - they have absolutely no web presence, so the claim "Audio Buy online store was founded in 2002. Today it is one of the largest audio equipment shops" is obvious nonsense.

iv) You can put stuff into your basket, but you cannot check out, which is probably just as well.....

v) Notice in the above screenshot "the biggest choise on the web" and "detalis".

vi) They have no location or contact details on their website.
Well, it's a 'Rockphish' zombie botnet hosted fraud site without any doubt, but what its intention is is anyone's guess, but do not be misled - these are professional criminals with a long history of fraud as detailed on the General Information page and are the same criminals as the 'Rockphish/Asprox' phishing fraudsters.

Audio Buy  Fraudsters hosting details.

Main Domains, Registrars and Hosts 
Domain


sellbyinternet.com

 Registrar


REGISTER.COM, INC. (10-Nov-2008)

 Host IP Network /Botnet Nameserver Host




 Host IP/Botnet Nameserver IP

Current Zombie Botnet Nameserver Domains and Registrars
Nameserver

limitservise.com

 Nameserver Domain Registrar

REGISTER.COM, INC. 07-Nov-2008
 Host IP

Active
Suspended/Disabled
Parked
The Zombie Botnet DNS Data (Valid for domain sellbyinternet.com, duty-free-shopping.cn, dutyfree-shopping.cn )

Looking up at the 2 sellbyinternet.com. parent servers:

Zombie Botnet NameserverBotnet Nameserver 'A' Records (Zombie Site Host IPs)
ns1.limitservise.com [64.34.217.40]12.214.96.191 24.136.214.48 68.46.223.82 71.227.123.55 72.253.177.150
ns2.limitservise.com [44.78.129.16]Timeout - Fake nameserver, (never resolves).

The data shows a standard 5-IP site hosting zombie botnet where the criminal owned nameserver ns1.limitservise.com hosted by Peer 1 Network Inc./H4Y Technologies LLC on IP address 64.34.217.40 is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT/NSLOOKUP). See The Zombie Botnet 'Host By Proxy' for an explanation of this method of hosting. This is the same botnet host as for the Elite Jewelry crook.
***Latest News*** Initial entry 22nd. January 2009
Thanks to Frank Bear for the 'heads-up' on this one.
***Latest News*** 27th. January 2009
Info. from Frank Bear - the nameserver domain limitservise.com has been parked