Friday, September 13, 2013

Who is behind BestRecovery

The Pakistani copy/paste admin of BestRecovery key spy service

 Xenon Cool


 I emailed this coward and he deleted his twitter account.


We can see from the youtube channel (pro2comp) that he is commenting on many videos about how to make VB software, how to avoid AV detection, crypters, etc.

can u make video how can we make rat like dark comet and cybergate i hope u will make i love ur videos i have sub to ur channel sir i am inspired and ur role model for me

Wow. This is sad..but really funny. 

Anyway..shall we continue?






The admin of BestRecovery posted a video about the keylogger service using the youtube account Affan Majid (hacked) / Pro2Comp - http://www.youtube.com/watch?v=csiZMBhRJGw


Published on Aug 6, 2012
xenon.cool@yahoo.com



Connect the dots.

ainey_cool aka xenon.cool@yahoo.com
http://hamarakindking.com/Builder.exe
http://achanbhai.com/bai.php
http://wirelesstecho.com/achabai.txt
http://aineyhosting.com/web.php
http://www.financetasksforce.com/ht.txt



The twitter account https://twitter.com/affan546 has a picture of Xenon - the Admin of BestRecovery.
(this account has been deleted. see screen shots)



Notes
mybestrecovery.net 14152 IN A 85.195.87.18
mybestrecovery.ws. 14362 IN A 85.195.87.18
cmmsol.com. 14085 IN A 85.195.87.18
sendsmsfree.co.uk. 9095 IN A 85.195.87.18
WHOIS mybestrecovery.net

Name Servers:
ns1.sendsmsfree.co.uk
ns2.sendsmsfree.co.uk
DNS records
ns1.sendsmsfree.co.uk. 14400 IN A 85.195.87.18
ns2.sendsmsfree.co.uk. 14400 IN A 85.195.87.18
mybestrecovery.net. 21600 IN NS n2.sendsmsfree.co.uk.
mybestrecovery.net. 21600 IN NS ns1.sendsmsfree.co.uk
DNS checks
# dig ns1.mybestrecovery.ws 
mybestrecovery.ws. 1800 IN SOA ns1.sendsmsfree.co.uk. ainey_cool.ymail.com.
and again on the other NS
# dig ns1.cmmsol.com 
cmmsol.com. 1709 IN SOA ns1.localdomain.com. ainey_cool.ymail.com.
Wait....WTF!?!?
You left your email address in your DNS record? Ok..
That email address was plastered on the front page of BestRecovery. 

Busted!

he is in pakbugs.com db dump:

http://archives.neohapsis.com/archives/fulldisclosure/2009-09/att-0197/pakbugs.users.html

I wonder if this guy is Pakistani..?

he registered

betercalls.com 
facebook page:
https://www.facebook.com/xenon.cool.9?fref=ts

(note the Vampire avitar from his Vampire Crypter)
via Xenon Cool (source)





Best Recovery-The Best Fud Keylogger
xenon.cool@yahoo.com

He posted screen pics of him using DarkComet on people and claiming they have $ in bank accounts.

He is also selling access to poeple bank accounts on FB - what a fucker.



 He has a link on the FB account claiming to own the 'FUD' keylogger and video for BestRecovery. 
Uber 1337






Summary 

Im thinking his name is Ainey Bhai? of Lahore PK

He definately lives in Pakistan, and I believe he is or recently was a student. He used the school computers to spread the malware.

Someone will recognize this guy.
ainey cool
xenon.cool@yahoo.com
@affan546
born 27 December 1989

Its all just so pathetic.

Get a life man.

No comments:

Post a Comment