2017-03-23 - "QUANTUM CODE" SCAM

NOTICE:

• The zip archives on this page have been updated, and they now use the new password scheme.  For the new password, see the "about" page of this website.

ASSOCIATED FILES:

• 2017-03-23-traffic-to-Quantum-Code-website-3-pcaps.zip   18.7 kB (18,660 bytes)

• 2017-03-23-traffic-to-Quantum-Code-website-1st-run.pcap   (16,920 bytes)
• 2017-03-23-traffic-to-Quantum-Code-website-2nd-run.pcap   (15,903 bytes)
• 2017-03-23-traffic-to-Quantum-Code-website-3rd-run.pcap   (10,895 bytes)

• 2017-03-23-Quantum-Code-scam-email-tracker.csv.zip   1.2 kB (1,237 bytes)

• 2017-03-23-Quantum-Code-scam-email-tracker.csv   (1,935 bytes)

• 2017-03-23-emails-for-Quantum-Code-scam-13-examples.zip   16.7 kB (16,687 bytes)

• 2017-03-23-email-for-Quantum-Code-scam-07550755-UTC.eml   (1,890 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07550822-UTC.eml   (1,913 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551039-UTC.eml   (3,223 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551112-UTC.eml   (1,825 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551121-UTC.eml   (1,797 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551343-UTC.eml   (1,728 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551348-UTC.eml   (1,733 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551432-UTC.eml   (1,764 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551458-UTC.eml   (1,907 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551517-UTC.eml   (1,915 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551518-UTC.eml   (1,516 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551617-UTC.eml   (1,971 bytes)
• 2017-03-23-email-for-Quantum-Code-scam-07551622-UTC.eml   (1,888 bytes)

NOTES:

• This is a scam called "Quantum Code" that represents stock trading software that focuses on binary options.  It was formerly known as the "Azure Method."  Emails about this scam have links to compromised websites.  Those links in the emails lead to a series of redirects that end at a website advertising "Quantum Code."

• Emails for this scam are similar to emails distributing malware.  I've been running across "Quantum Code" emails for months now as I search for emails distributing actual malwar.  It's quite annoying.

MORE INFORMATION ON THIS SCAM:

• http://scambroker.com/quantum-code/
• http://www.binaryscamalerts.com/quantum-code-scam-software-review/

 

EMAILS

Shown above:  Screenshot of the spreadsheet tracker.

 

Shown above:  An example of the emails.

 

EMAIL EXAMPLES:

(Read: Date/Time -- Sending host -- Sending address, probably spoofed -- Subject)

• 2017-03-23 07:55 UTC -- 202.146.246[.]170 -- eting@tuat[.]it -- 4439
• 2017-03-23 08:22 UTC -- mail.pngaf[.]com[.]pg -- laughaminute34@yahho[.]ca -- 3465
• 2017-03-23 10:39 UTC -- durgapur-nas1.meghbelabroadband[.]in -- jreyes@appliedsilicone[.]com -- 1025
• 2017-03-23 11:12 UTC -- localhost -- colier@etsc[.]ch -- 7610
• 2017-03-23 11:21 UTC -- 2.182.130[.]85 -- liam@soneramail[.]nl -- 5365
• 2017-03-23 13:43 UTC -- 187.60.35[.]126 -- apy@papy-salaud[.]com -- 7288
• 2017-03-23 13:48 UTC -- 190.42.105[.]252 -- l.heinz.woerlen@matulka[.]de -- 2050
• 2017-03-23 14:32 UTC -- static-186-155-204-71.static.etb[.]net[.]co -- bradles@realfreedate[.]com -- 0005
• 2017-03-23 14:58 UTC -- 120.56.200[.]33 -- aytcieza.turismo1@chorpenning[.]com -- 9790
• 2017-03-23 15:17 UTC -- 46.217.49[.]66 -- danaka-oziransky@delvacchioleather[.]it -- 9195
• 2017-03-23 15:18 UTC -- bzq-79-182-204-241.red.bezeqint[.]net -- hutch@e-universe[.]com -- 3281
• 2017-03-23 16:17 UTC -- abts-kk-static-010.116.166[.]122.airtelbroadband[.]in -- itonishauz@excite[.]it -- 2584
• 2017-03-23 16:22 UTC -- 182.186.168[.]67 -- barazz9@excite[.]it -- 6148

 

TRAFFIC

Shown above:  Pcap of traffic to the Quantum Code website filtered in Wireshark.

 

Shown above:  Another pcap of traffic to the Quantum Code website filtered in Wireshark.

 

LINKS FROM THE EMAILS:

• 46.252.201[.]1 port 80 - www.5fthire[.]com - GET /wp-content/plugins/akossmett/209ed48e0b.html
• 81.19.145[.]158 port 80 - www.wender-geistheiler[.]at - GET /modules/mod_jxtd_slide/61dce701ce.html
• 82.220.34[.]6 port 80 - www.mvsf[.]ch - GET /components/com_users/views/reset/tmpl/39b82e3c4a.html
• 89.46.104[.]19 port 80 - www.cedfacile[.]com - GET /wp-content/uploads/a6bc762d20.html
• 104.196.103[.]155 port 80 - global-gold[.]com - GET /wp-content/uploads/2016/02/5a0ae501f1.html
• 162.254.250[.]6 port 80 - www.roadstaraudio[.]com - GET /wp-content/plugins/23c5d28ce6.html
• 185.119.173[.]120 port 80 - www.ivana-rados[.]com - GET /wp-content/uploads/8882a75410.html
• 192.185.16[.]135 port 80 - www.yhalhammamgroup[.]net - GET /wp-includes/pomo/a6bc762d20.html
• 192.185.30[.]230 port 80 - www.bigthickbooty[.]net - GET /wp-content/uploads/3dbee7b9f0.html
• 192.232.251[.]218 port 80 - www.landwantedfast[.]com - GET /wp-content/plugins/jetpack/modules/widgets/20e18f23d2.html
• 192.254.233[.]44 port 80 - www.waledama[.]com - GET //wp-content/uploads/42e955644c.html
• 209.123.48[.]11 port 80 - www.levelsetinc[.]com - GET /sites/default/files/styles/24c887f5dd.html

QUANTUM CODE SCAM WEB SITES:

• 104.27.188[.]52 port 80 - quantum.binaryguru[.]biz
• 54.192.130[.]188 port 80 - www.incomeapp[.]co - GET /en/thequantumcodes/

 

FROM THE WEBSITE

Shown above:  One of the websites showing the Quantum Code scam.

 

TRANSCRIPT OF VIDEO FROM THE WEBSITE:

Hi there.  My name is Michael Crawford.  Yes, that guy you might have read about in Forbes and other financial magazines.  I'm also called the Wall Street Wizard, the Millionaire Trader, and the nicest rich guy in the world.  So why those names?  Well because I love money.  As you can see, I make a lot of money.  I'm very good at it.

This is my own private jet.  I'm just back from one of the many holidays I take every year all around the world.

But I'm not your average jerk millionaire.  I'm also a well-known philanthropist.  I like to help people more than anything else.  And I do this on a regular basis, or you might have read some articles about me before.  This is how you probably ended up on this website today.

Anyway, today is your lucky day.  I'm about to transform you into my next success story.

And no, I don't want anything in return.  I don't need anything from you.  If you read about me in Forbes, you know you know that I help people making a lot of money for free.

I just need a few minutes of your time, right now...

 

NOTE: As other sites have stated, the person in the video is an actor, or possibly the scammer behind it all.

Shown above:  "This is my own private jet."

 

Click here to return to the main page.