Tag Archive: whois

Estonian Spammer Forges CBS and The Guardian

Get Rich Quick Scam Forges Genuine News Agencies Web Pages

Gmail Spam

Gmail Spam

I recently received two emails from a friend’s old Hotmail account, but to two of my email addresses.

Email Spam

Email Spam

Probably, the account has been hacked as I could detect no spoofing in the emails’ headers.  These are the emails, with the email addresses blacked out.

Initial Email Investigations

The text is similar in that they try to entice a user using pretty poor English to click on the shortened URL links, which are active.

Here’s how the links work:
To my Email address;
cbsbusiness9

cbsbusiness9

I had http://cbsbusiness9.com/index2.php?/5260 which then goes to

http://cbsbusiness9.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/

 

To my GMail address;
cbsnews-article

cbsnews-article

I had http://cbsnews-article.com/index2.php?/4032 which then goes to

http://cbsnews-article.com/uk.html?/partners/the-guardian/small-business/5672-9782-67834/making-money-online/

 

The screenshots show the results using a neat Firefox plugin, Flagfox, which displays the source IP address and country on mouse-over.

The WHOIS’s of each domain are almost identical.  These are screenshots.

whois.domaintools.com screen capture 2012-12-12-17-12-26 whois.domaintools.com screen capture 2012-12-12-17-13-17 That Arthor Brown’s a one, eh?  Notice the Ukrainian, Russian and New York connections?   Who is/are  or what is:

TNew line ave 172 95
NY, 18274
UNITED STATES
+1.7343541732

Google Search on +1.7343541732

Google Search on +1.7343541732

Googling the phone number pulls out a heap of (not)surprises including an awful cesspit of scamminess that’s now starting to rival Pacific Webworks’ Google Treasure Chest and Jesse Willms’ Colon cleansing efforts!  (We saw these scams a few years back – check the links)

Just check out the fake news and dodgy sounding sites in the search results….  These are the first couple of pages of current search results:

  • Com-news8.net
  • Bcnews8.com
  • Dildobigg.com
  • Raspberry-Ketone24.com
  • BigGgEts.com
  • HurtGuys.com
  • GrowsPeniss.com
  • HugerAss.com
  • Com-news9.net
  • Com-nbcnews9.net
  • coloncleanse-extreme.com
  • nbc9news.com
  • nbc1news.com

Arthor Brown is in most of them with his Yahoo! email address as [email protected]   Please don’t confuse him with this Arthur Brown, but yes, handle all of these websites like Fire!

Forged Webpages of The Guardian Newspaper

cbsnews-article.com screen capture 2012-12-12-16-3-51

cbsnews-article.com screen capture 2012-12-12-16-3-51

cbsbusiness9.com screen capture 2012-12-12-16-3-23

cbsbusiness9.com screen capture 2012-12-12-16-3-23

The Guardian, is an old and respected news organisation in the UK.  CBS is a long-established US media network.

They, and the purported author of both webpages, Sirena Bergman, must be pretty pissed off about the hijacking of their names.

Also to be annoyed, is Lloyds TSB Bank who apparently are “in association” with this get rich quick scheme for work at home moms!

Completely Forged News Articles!

Indeed they are.

  • The articles are dated “December, 11:41”, which is odd since there’s no day, just month and time!
  • Both articles are embedded in genuine Guardian web-pages, with all the links surrounding the article going to genuine Guardian web-pages or genuine advertiser websites!
  • The hook links in both forged webpages go to http://workinghome22.com/go.php

The forgery is done in the same manner as the well-known phishing scams done for banks and on-line finance and insurance.

Apart from the images sourced from The Guardian, the scammer’s images are sourced from:

  • ddmcdn.com which is HowStuffWorks.com!
  • localconsumeralerts.com
  • prosperadtracker.com
  • ophan.co.uk

So, Who Is workinghome22.com

Bad Gateway

Bad Gateway

The first link was dead, opening a bad gateway so the expected redirect didn’t work.  The tracking pointed back to Ireland!

Bad Gateway

Bad Gateway

The second link worked, but the sweetly named workingfromhome22.com wasn’t the destination.   No, the link immediate re-directed to http://onlineincnow.com/2/?aff_sub=72

Well, at least the affiliate number 72 is getting paid….

But hang on, who exactly is workingfromhome22.com?
workinghome22.com screen capture 2012-12-12-16-31-44

workinghome22.com screen capture 2012-12-12-16-31-44

Well, typing the URL directly takes me to workingfromhome22.com!  This is it!

Cunningly, you’ll note that it’s pulled out my home-town as Bournemouth (where I live) with that awful “mom” Americanism!  No-one in the UK addresses their mother as mom…  I mean, FFS?

The webpage links, containing the disreputably used graphics of Thomson, Reuters, CNBC and NBC Universal all point to http://workinghome22.com/go.php, which is of course in this domain.  So let’s click it, shall we?

Well, pctrck.com is trying to load, but not much else.

Reversing then trying to exit workinghome22.com produces a pop-up of dubious functionality!  Check the words – there’s no cancel button!

workinghoome22_Popup

workinghoome22_Popup

I did however manage to successfully close this page following that.  Whew!

Now Back to onlineincnow.com

OnlineIncNow Location

OnlineIncNow Location

The previously mentioned http://onlineincnow.com/2/?aff_sub=72 is located in the USA.

So What Is It Up To?

OnlineIncNow.com Whois Record

OnlineIncNow.com Whois Record

Good Question!   A WHOIS puts the registrant in China with the DNS servers in Russia!

As I mentioned earlier, the similarity of the scamminess of this thing is just like the Google Treasure Chest/ Google Money Tree / PWW scams of old.

The site is plastered with the logos of well known businesses to ad an air of authenticity to things (just as the original hook sites used The Guardian Newspaper and CBS in the same way) yet at the bottom of the page they disingenuously ad:

This site and the products and services offered on this site are not associated, affiliated, endorsed, or sponsored by NBCNEWS, ABC, USA Today, CNN or Fox News, nor have they been reviewed tested or certified by NBCNEWS, ABC, USA Today, CNN or Fox News.

onlineincnow.com T&C Screenshot

onlineincnow.com T&C Screenshot

Despite all this, it is of course bollox set to deceive.  In fact, it now appears that it’s the well known negative option scam, used by Pacific Webworks (PWW) and Jesse Willms to good effect until they were found out.

Let’s see how this pans out, shall we?…..

Check out the T&C page from the tiny link in the page footer – screenshot on the right.

  • They say that the applicable law is the State of Florida.
  • You will become a “member” and the key phrases are here:

You must register as a “Member” with Online Income Now to access certain functions of the website. You must provide current, complete and accurate information about yourself (the “Registration Data”) when registering as a Member. You agree that such information is truthful and complete. You agree to maintain and keep your Registration Data current and to update your Registration Data as soon as it changes. You are responsible for maintaining the security of your password. Online Income Now is not liable for any loss that you suffer through the use of your password by others. You agree to notify Online Income Now immediately of any unauthorized use of your account or other breach of security known to you. You also, by becoming a Member, agree to report violations of these Terms and Conditions by others to Online Income Now.

For a limited time only, the cost of this product is $97.00 ( usual price $299.95 ) and every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.

MATERIALS PROVIDED TO Online Income Now OR POSTED AT ANY Online Income Now’s WEB SITE

Online Income Now does not claim ownership of the materials you provide to Online Income Now (including feedback and suggestions) or post, upload, input or submit to any Online Income Now Web Site or its associated services (collectively “Submissions”). However, by posting, uploading, inputting, providing or submitting your Submission you are granting Online Income Now, its affiliated companies and necessary sublicensees, permission to use your Submission in connection with the operation of their Internet businesses including, without limitation, the rights to: copy, distribute, transmit, publicly display, publicly perform, reproduce, edit, translate and reformat your Submission; and to publish your name in connection with your Submission.

You’ll see that “Online Income Now” will:

  • make you a “member” (of what?)
  • and you will be regularly billed, (why?)
  • and that for anything you post, upload etc (wah?  whadya mean?  Where is this uploading?),  “Online Income Now” will take no responsibility for what you do!

…………….which is curious as you don’t know what you’ll be doing and they have invited you to do it in the first place!!!

Now Lets Click The Link!  Follow that Opportunity!

onlineincnow.com screen capture 2012-12-12-17-46-50

2 Spots Left!

Amazingly (sarcasm alert) there are two “spots” left in my area!  This is the page… http://onlineincnow.com/2/index2.php

Michelle Johnson is the “guru” who will tell me everything!  So what do I do?  I have two options:

  • Back out
  • Sign up

Let’s Try Backing Out, Shall We?

CannotBackoutFromOnlineIncNow2

Cannot Backout From OnlineIncNow 2

CannotBackoutFromOnlineIncNow

Cannot Backout From OnlineIncNow

Well of course, they won’t let me.  It takes two goes to get out and the first one completely takes over the browser!  Bad.  This is B.A.D.

Ah, well.  Finally escaped.

Let’s Try Clicking to the Signup Page, Shall We?

secure.onlineincnow.com Data Entry Screen

secure.onlineincnow.com Data Entry Screen

I decide on my name, “Jobless Jake” and a random phone number…. The website is now https://secure.onlineincnow.com/2/cc_97.php

What I see is bad, really bad, and any attempt by this pack of jokers at saying they don’t run a negative option scam is now revealed on this sign-up page!

The scam is now revealed for what it is – a negative option scam!        Read it carefully…..  They expressly say;

By enrolling, you will be charged a one-time fee of $97.00

In teeny-tiny letters, note!

But remember, right back buried in the T&C’s they say;

every 32 days thereafter you will be billed the member’s only price of $9.95 for the monthly use.

This is expressly against the FTC code and laws in most countries.  If any extra charges are to be levied for any service or goods, they should be expressly stated on the sign-up page where the customer first enters their financial details.

Gotcha! You Bastards!

Okay, I’ve Had Enough of This. I’m Off!

“Not so fast, young Jobless Jake”, say onlineincnow.com……!

CannotBackoutFromOnlineIncNow3

Cannot Backout From OnlineIncNow 3

They’ve an extra 20% off plus and extra bit of webpage-erese!  The screenshot says it all, though it wasn’t the end of it.  I had one more “Leave Page” option like the earlier one above.

Conclusion

Negative Options are banned by law in most countries.  If you get collared by one, you’ll have a job stopping the bastards taking money from your account for ages.  The only sure way to stop this once you’ve been sucked in is through….

  • Chargebacks.   Get your bank or card company to get a charge-back saying the terms of trade or purchase were hidden (as seen in my screenshot above).

So………………….

  • It’s a scam.
  • Stay away from it.


Enhanced by Zemanta

Related Posts:

Boundless Hypocrisy Over Kate’s Tits

Public Breast-beating Over Middleton Paparazzi Photos

You must understand that there is no news today.
Everything is celebrity, sport and royal in the UK.
Everyone has a media correspondent, a sports correspondent and a royal correspondent.
Reporters just report on the latest twitter feed.  No-one searches.

There are several aspects to this boob photos media blizzard.

  • There’s the mass media  almost to a man, fawning and groping at half truths.
  • There are many ordinary people wondering what’s going on.

So I’ll explain.                                  (As I see it, natch)

If you want the tit and bum shots, check at the end.  If you can’t wait, click here for the latest information on modified sweat glands.


Private Pictures, Public Place?

We now have several (mainly establishment types) people making exaggerated claims about the camera location.  Well, I’ve checked.

The photos were NOT taken “over a mile and a half away”, nor “well over a mile” away, nor “about a mile away”, nor “from a long way off, in private woods”, but about half a mile away.  The house is clearly visible, along with the windows, railings and garden stuff that appear in the photos on Google Maps Streetview.

I’ve chosen a point ~ 900m from the building as one of many good vantage points.  Go down now to see it.

If I used my hand-held camera taking a shot, I could see the whites of the eyes….  Yes really!  To demonstrate — here are two pictures that show the capability of my hand-held Panasonic Lumix, DMC-TZ30. 

Be careful when clicking as I’ve uploaded the shots at full resolution.  Once loaded, click the little green arrow to see the pictures in all their full-size glory – you will need to scroll both vertically and horizontally to find the yacht when on full-size.

They are hand-held, on a normal day, just like many of my recent shots from my recent French vacation.  I have many high-res scenic shots – I’ll have to check them through – who knows what I’ll find LOL.

No Zoom of Yacht - Can you see it?

No Zoom:  There’s a Yacht here – Can you see it?
Click to see just how really small it is.

20x Optical Zoom of Yacht

20x Optical Zoom of Yacht – Now can you see it?
Click and you’ll see a tanker in the background which I couldn’t see at all with the naked eye.
These two shots and more are visible at lower resolution here on Christine’s Beach Hut.

If someone was on the yacht, I could see them.  The boat is several miles offshore – nearly on the horizon actually!   So don’t let the Streetview shot below fool you – the house is a lot closer than it looks, even from the position I’ve chosen here.  It is only 900 metres away!

The house is dead centre in this link.   So it is a private house visible in public, much like me in my bedroom at night with the curtains open, okay?  My camera could have easily shown them doing anything. Easily.  Yet if I can be easily seen in my bedroom at night (i.e. clearly a private place as they keep repeating) I can get done for indecent exposure?  Right?

Hopefully, by seeing the capability of my own camera in conjunction with a normal Streetview of the area, you can now see how incongruous the claims that this is a private place actually are?

(p.s. pan left – it’s a lovely view!)

View Larger Map


But surely, 900m is a Long Way, isn’t it?

The firstworldwar.com website shows the standard issue British rifle  in WW1 as having guaranteed accuracy up to 600m.  This had no optical scope, just sights to be used by a normal man.  This means a kill shot at 600m, not just wounding, which shows the hand/eye/gun precision easily possible from anyone.  900 metres doesn’t look so far now, eh?
I also remember reading in “With a Machine Gun to Cambrai”, the author George Coppard saying that he picked off men at a similar range with just one or two rounds from his heavy machine gun.  This is despite the juddery nature of a heavy machine gun.

Again, 900 metres doesn’t look so far now, eh?


A Right to Privacy?

Well almost.

The royals have done very well over the last few years with Elizabeth II’s annus horribalis being mostly forgotten.  But let’s cast our minds back, shall we?

At that time, Diana and Fergie had caused much embarrassment with their girlie antics.  Charlie’s behaviour outside the public face of marital fidelity was well known and became ever-more detailed as time passed.  Phil the Greek was his usual self and scandal after scandal built up until the Castle burnt down.  So that was that – then.

Now we have Harry getting his kit off to the amusement of the world (in a €6000 a night hotel suite on a serviceman’s salary, note),  but being dismissed as “just letting off steam but must be more careful in future”.  And almost synchronously in time with Harry, it now appears, Kate & Wills feel so assured in their new-found popularity that they can do anything.  They certainly have the money for it.

But you know – they can’t.

If they want the esteemed position that they publicly project and behind which the combined forces of a fawning mass media enforce, then they must behave like it.  They cannot behave like normal holidaymakers and not expect a come-back no matter how “ordinary” Kate was supposed to have been.  You can’t be a “highness” and not expect attention?   They cannot say and do anything – for one thing, our constitution forbids it!

For another, the public will hate it and they need the public much more than we need them.

Why don’t they all just go away?  I won’t mind a bit.  Maybe this’ll be a turning point as the penny drops?

Privacy – What Privacy? – added 18/9/2012

The BBC has now leapt onto my referencing Google Streetview as an aid to showing relative privacy.  Of course, the devil-in-the-detail of this is not mentioned as I’ve done above.

BBC Copies Me - Chateau d'Autet

BBC Copies Me – Chateau d’Autet
Click image for BBC webpage

But that’s not my point here, is it?  Neither is my point that criminal proceedings are now starting.   My point is that for all of us….

Our Own Privacy is Zilch.

We are (or will be):

  • Subjected to full intimate  body scans at airports by faceless private “agencies”
  • Have our emails and web activity saved and analysed at leisure by faceless private “agencies”
  • Followed down every street, across every junction, inside every shop by CCTV “security” cameras run by faceless private “agencies”
  • Have our phones tapped by faceless private “agencies”
  • Have our shopping habits monitored by faceless private “businesses”
  • Have our finances, credit cards, driving licences all cross-referenced ad infinitum with our passports, our insurances, our taxes and more – by faceless private “agencies”

…and all of this is done to us while the few that own these “agencies” and “businesses” flaunt their wealth, hide their money, holiday in their tax havens, pay no taxes, are as secret and private as they choose to be, collude to manage information and the law, and then have the audacity to tell us how to behave.  Royalty is just the icing on top of a very rich cake…..

Charles & Camilla recently visited the notable tax haven of Jersey on the of 18th July for a day – it cost us £60,000 which we paid to Jersey!   The current SE Asia visit will cost on a par with the last Canadian tour which cost the Canadians alone nearly $2m in security.

  • Why do we let them get away with it?
  • What use are they?
  • Where is our privacy?
  • Where is our return on investment?  I see none.

Reverting to Type?

I’ve just been to a “do” at the Lily Langtry in Bournemouth.  This is the former house, bought by Edward VII as Prince of Wales for his actress mistress , Lily Langtry, the first face of Pears Soap..

And here’s where more hypocrisy creeps in as those reversions to type are conveniently forgotten.

As we all know, Charles, William’s dad, was knocking off Camilla his mistress both before and during his marriage to Diana, Wills’ mother.  Much like Edward VII & Langtry.  All of the UK knows this.  Now Camilla is supposed to be “accepted”, according to our fawning press.  A few grannies during the jubilee said she looked nice….well that’s it then!

Yet in France, for years the hobbled press kept secret the facts of former President Mitterrand’s mistress and his second family….a bit like secret polygamy, but in a Catholic country….?   Yet millions get their kit off in summer all over France?

Ye-es, as Paxman would say….

The French press hid also the fact that 200 Algerians were slaughtered and chucked in the Seine in 1961 by the police.  Now that’s privacy!   Obviously, this is sarcasm, but the royals are using this weird French cultural mish-mash  and press/law combo for their own advantage……. They think!  They should hope!

Clearly, French privacy is wholly different to the British version.  I can get done for undressing while forgetting to shut the curtains, but in France my privacy to do this is upheld?

Ye-es I hear Paxman saying again.


Media Guff and Fawn

So how can we accept protestations about “rightness” from these people when nothing is said about actions and happenings either then or now which go clearly against their public statements and media view of their lifestyle?

If the next likely Prince of Wales, Wills, turns out like other former Princes of Wales’, do we wash it away but say that sensationalistic reporting of public/private sunbathing “hotties” is wrong?

Because a “hottie” is what Kate is – she’s smart, apparently intelligent, elegant and (most importantly for the press), hot in a swimsuit  – as earlier photos revealed. (Remember the debate in all the papers about who was hotter, Kate or Pippa?  Of course you do, but you’d forgotten, hadn’t you?).

The success of the Daily Mail website hangs on her and other sensationalist voyeuristic shots of hundreds of “hotties” – here’s today’s Kate article; note the HUGE list down the right for articles, near half of which are for scantily clad women.    n.b. Checking the Mail On-line now shows a huge dearth of the usual skin revealing links.

The comments at the bottom, like I said, for the most part, go totally against the fawning theme of the piece.  One repeats the mile and a half lie so that mud has stuck again.

Indeed, for those with long memories, the video at the bottom harps on about Berlesconi’s ownership of the magazines and his publication of Diana’s car photos  “minutes after the accident”.

Now, maybe you remember that  following Diana’s crash, The Daily Mail solemnly pledged never to use paparazzi photos again?

Yet virtually all the links down the right of any Mail page are paparazzi pictures!  They have to be – they’ve sacked nearly everyone and the paper would fold without them.

Porn Baron Protests and Threatens to Close Magazine!

Yes.  It’s true.  Here’s the chronology.

  1. French magazine publishes photos taken during the summer. – 14 Sep – http://www.bbc.co.uk/news/uk-19595221
  2. Irish paper does the same on Saturday. – 15 Sep – http://www.bbc.co.uk/news/uk-19611407
  3. Italian magazine follows suit. – 17 Sep (today) – http://www.metro.co.uk/news/912183-topless-photos-of-duchess-published-in-italian-magazine-chi

It’s the Irish one that’s interesting!  It’s co-owned by Richard (Dirty) Desmond, who besides running UK TV’s Channel 5 and  publishing the Daily Express and tit paper The Daily Star, also runs porn channels Red Hot TV and Television X.  This growth was part financed by selling off his earlier publishing business which included such salubrious titles as Asian Babes and Readers Wives.  Notably, his celebrity magazines of OK! and New! are full of paparazzi photos…….  like, dah?

Now, to top it all, Desmond has said he wants the Irish paper closed….. – 17 Sep – http://www.bbc.co.uk/news/world-europe-19621188     He must be after a knighthood or something because his history shows that prurient disapproval is not one of his strong-points.  It’s laughable.

The lady (and Desmond) doth protest too much, methinks. – Hamlet

Mass Media Princely Support, Public Split

Checking the comments following news reporting, I note a two-thirds majority telling Kate to keep her kit on if she doesn’t want to be rumbled.  This is despite the media claiming “over-whelming condemnation” or whatever.

It’s just simply not there.  Most of the public aren’t swallowing it.

Sooner or later there will be a backlash against the Royals if they keep this up.  Let well alone, it’d have blown over, much like Harry’s knob-tastic exposures.  But keeping it going, on and on, using their inherited and publicly provided wealth to pursue legal redress shows them seriously out of touch with the common mood, no matter how much the mass media are beefing them up.

The recent Hilsborough revelations show that media collusion is not a new thing.


Tits and Bums

A lot of people are behaving like bums or making a tit of themselves.

Those in “the establishment” are doing what those in the establishment normally do, which is to fawn and whine, pontificate and lie, all to keep ranks under the firm expectation of a gong at some point.

Then there are the “granny types” who all think she’s lovely and that the queen does a marvellous job.

There’s a few who see it as an attack on women, part of the objectification of women that’s happened for millenia and has now gone past saucy postcards, through Page 3 and porn mags (like Dirty Desmond’s) to full on ubiquitous internet porn and the gyrating phone girls on Freeview.  (All very valid, but not my gist)

Then there’s everyone else!

These are in two camps, I think;

  • those that don’t care either way but think the royals should think themselves lucky to get free holidays and trips and well looked after for the whole of their lives
  • those that just want to see the tits

Well, thanks to Kate & Wills’ explosive reaction, Kate’s bits are everywhere now.

For instance, here’s an enterprising guy (Oliver James) in Bath, UK, who’s got a domain up and running in record time!  See http://www.katemiddletontopless.co.uk/ for all the shots you’ll need.  A WHOIS puts the owner, Bee Digital Media Ltd,  in California.  But a company search places it here in the UK!  (better watch out Oliver…..perhaps….?)

BEE DIGITAL MEDIA LIMITED  (also has website bee-digital.co.uk)

Address removed since it’s been reported as changed, thanks Dan

Kate Middleton Topless Photos – Prince William and Kate Suing Publication

Kate Middleton Topless Photos – Prince William and Kate Suing Publication

Apart from that, there are loads of others.  One that caught my eye was a website called Divided States, a US political site.  They had a web-page here, http://www.dividedstates.com/kate-middleton-topless-photos-prince-william-and-kate-suing-publication/ which they’ve now pulled.  How coy.

Fortunately, the Google Cache shows us this – the full copy of their original posting – click here or the screenshot for the cache. (full image available on request)

  • So am I a tit or a bum?
  • Is Oliver above?
  • Is Berlesconi?  Berlesconi certainly has gripes with the UK following his latin faux-pas with the queen and others….?  Maybe he’s publishing just for revenge?

Conclusion

Wills, with his experience, has behaved like a knob.  He should have known better.  He slipped up, which is a possible explanation for the rapid response unit being thrown into action.  It was notably absent following the Harry incident.

But really, what everyone has totally forgotten, is the old adage:

Don’t throw stones when you live in a greenhouse.

The lady doth protest too much, methinks. – Hamlet


Enhanced by Zemanta

Related Posts:

From Google Treasure Chest to Sun Tan Scam in Nevis on the BBC?

From Google Treasure Chest to Ubertan Sun Tan Scam in Nevis on the BBC?

A.  yes it’s true!

Ubertan On BBC

Ubertan On BBC

An article on the BBC website today highlighted the dangers of a tanning products called Ubertan.  On reading it, and following up with a simple Google search, the way it is portrayed in forums immediately set off warning bells because of its similarity to other scams I’ve seen.

Ubertan

Ubertan Search

Ubertan Search

A simple Google search showed that warnings about Ubertan have been going on for some time.  This website warned way back in April 2011 and here we have a Mens’s Health forum being shilled by Ubertanners with a post starting in Jan 2011…  The first even shows that the Ubertan website changed it’s copy when folks started complaining.

The Ubertan website is currently ‘live’ however, it is showing no content!  At all!  The Google cache is interesting though (more on that later)…

WHOIS Ubertan

Ubertan WHOIS

Ubertan WHOIS

Who is Ubertan indeed?  !!

WarningBell

Warning Bell

What we see is that “Manufacturers Direct” owns several domains and one Vernon Veira is the contact on the dual island nation of Kitts-Nevis.

10 Solomons Arcade
Charlestown,  00000
KN
+1.3057484919

This is when the warning bells started ringing….

Doing The Charlestown in Nevis

It’s two years ago that I started looking at the now seriously-discredited Google Treasure Chest scam (see http://strangelyperfect.tv/3099/google-treasure-chest-its-a-scam-and-a-half/).  the amount of information I had, meant I had to post over several different postings, and it was during these later investigations that a Post Office address (P.O. Box) came up on Nevis.  In Charlestown.

Unfortunately, I couldn’t remember exactly what address it was.  But it’s easily found here a comment from @NotKevin.  I think it’s the first time we saw the address, although it has since popped up many times when checking out folks that would be preferred to be known as “online marketeers” but we like to call scammers.  This is on the posting,

This is the address.

New Online Systems Ltd.
P.O. Box 642, Main Street
Charlestown, Nevis, West Indies

Google Cache

Ubertan Google Cache

Ubertan Google Cache

Ubertan may be silent, but the Google Cache is active and shows this address down at the bottom of the first cached page:

Ubertan.com +44 161 408 5816
Subertan Ltd 642 Main Street, Charlestown, Nevis

 

Uber morphs into Suber, and because the Post Office on Charlestown is one of the few buildings on Main  Street, Charlestown; a whole host of P.O. Boxes exist inside.

P.O. Box 642 means 642 Main Street!

Who are these people using 642?  I don’t know.

What I do know is that the domains listed by @NotKevin, although not exactly the same,  bear a shocking similarity to those domains used by people like Jesse Willms (say) before he decided to turn into a saint-like activist and Pacific WebWorks (say) before they got their pants sued off them.  This is what @NotKevin said:

That West Indies address is also linked with porn:
http://www.highdefriches.com/contact.php
http://www.eshspt.com/
(another Co Durham address on that one too!)
“health products”:
http://hiltonhg.com/
Colon cleansing:
http://www.colocleansemax.com/contact-us.php
Acai:
http://acaidetoxmaxx.com/
and Govt Grants:
http://www.complaintsboard.com/complaints/government-grants-avaliable-cd-c116063.html

Now compare and contrast those domains and businesses with the very large list to be found here on WebCops – the plethora of time-limited similarly-named domains means tracking them is an onerous task, well beyond my spare time.

However, yet again, we have seen the same address appear when dealing with dodgy ego-massaging products.

Phoenix-Like TryUbertan

Ubertan may be dead, but it doesn’t take long to find son-of-Ubertan when looking at the decidedly un-Caribbean telephone number for Ubertan.

+44 161 408 5816 is actually a Manchester, UK number!!

TryUbertan Contact Page

TryUbertan Contact Page

A quick search pulls out…..

Beginnings

Now I know they’re trying to hide!!!

TryUbertan.net on the T&C page now shows the address of Ubertan to be:

Ubertan Sunless Tanning System
c/o Toocoo Media Inc.
39555 Orchard Hill Place
Suite 600
Novi, Michigan
48375

Although it’s supposed to be available from ” high end salons in the U.K, France, Germany, Spain and North America” from their FAQ page, these stores will be doing so ILLEGALLY!  The UK government has officially banned it (as per the UK news item) and is EXPLICITLY ISSUING DANGER WARNINGS about its usage!

Still, TryUbertan (WHOIS is Pennsylvania USA) don’t care.  They’ll just grab the cash and morph into something else.

TooCoo Media CEO

TooCoo Media CEO

The decidedly minimalist website of Toocoo Media Inc, http://www.toocoomedia.com, throws up some interesting conundrums, if that really is their mailing address.  There are two LinkedIn links:

  • http://www.linkedin.com/company/toocoo-media-inc.
  • http://www.linkedin.com/in/jumanok

The latter is for the CEO, a Peter B. Lee whose 3 website links at the bottom of his profile point to the totally and bizarrely un-related websites of:

  • http://www.viafoura.com/
  • https://www.netiq.com/products/migrate/ which then redirects to novell.com as Novell has bought them out
  • http://www.oracle.com/index.html

Mr Lee, who claims to be Canadian from the LinkedIn profile, also has a poetry blog on blogger assuming the same quite distinct user name is being re-used, which is for invited guests only!!!  See The Poetry of Peter B. Lee with the url of http://jumanok.blogspot.com/  I’ve highlighted his key username as it matches the LinkedIn profile.  I don’t think that this Peter Lee (interestingly, a place name in County Durham of all places!) is the same who’s name is used in some recent versions of the classic 419 scam.  Try these examples for a start:

To add to the surreal mix that I’m uncovering, there are also two videos on YouTube uploaded by a “jumanok”!!  One of half a minute looks very much like Mr Lee, doing  some testing thing in Nov 2008 here:

This is a screenshot in case it’s pulled:

Jumanok YouTube

Jumanok YouTube

This is Jumanok from LinkedIn:

Jumanok LinkedIn LargePic

Jumanok LinkedIn LargePic

And here is “Crystal” telling us how her life state has improved after seeing something on OPRAH (down below she says) – except there’s nothing below!!  It appears to be a video plug for something intended to include Oprah in the spiel, except it never happened as there’s nowt to see.  This was uploaded in May, 2009.  The termination of Oprah-related plans may or may not have had something to do with the legal action, taken in May 2009, by Oprah, and reported here on her website;

http://www.oprah.com/health/The-Truth-About-Oprah-Dr-Oz-Acai-Resveratrol-and-Colon-Cleanse

Of course, Oprah sued and won damages against a host of scammers, one of which was Jesse Willms.

Conclusion

  • Time and again we come across scams that are based on a business with a very flakey base (here it’s a banned tanning product with government issued health warnings).  Usually, they are about improving one’s body or finances via unproven “new” medicines or foodstuffs, or get-rich-quick schemes.
  • Time and again we find a myriad of international contact phone numbers & addresses, for businesses that are very minor and specialist yet feel the need to spread themselves to the far corners of the globe.  Q. Why?  A.  Avoidance of easy scrutiny.
  • Time and again, we trace these businesses via LinkedIn (a bit like Jonathon Eborn, say) and other social networks high and wide.  They all start off appearing very legitimate.   As an aside, the Eborn results show a consulting website of http://www.jonathanebornconsulting.com/ and another of http://www.jonathandeborn.com/ which have both been hacked and defaced!  Made my day that!
  • Many businesses have a very public website, of minimalist design and content.  It’s very hard to discern exactly what they’re doing.  Compare these “online marketeers” to the website of Ford or Esso, say?  Now can you tell the difference?

Finally, (and very importantly for your health).  Don’t shove dodgy untested stuff of unknown provender up your nose.  Simple eh?

Related Posts:

Massive Spam Hit for Centurion Wealth Circle Pyramid Scheme

Massive Spam Hit

Willie R

Centurion Wealth Circle Spam Deluge

Centurion Wealth Circle Spam Deluge

Over the weekend, I received over 600 spams from someone called Willie R (with a number appended to the name) to my gmail account which I now use for my spam-trapping on an old email address that I use for registrations and the like…  See the screenshot of one page above!

Centurion Wealth Circle

On checking out a sample I found that most point back to Centurion Wealth Circle with a small array of other dubious links included.  The spams I got had almost identical formats (except for differing ‘from’ addresses).  The differences were in a couple of links.  These are the two spam  types:

Type 1: Includes Link to AutoXten.com

CWC Spam Type 1

CWC Spam Type 1

Type 2: Includes Link to TextAdBrokers.com

CWC Spam Type 2

CWC Spam Type 2

The amazing thing taken straight from http://textadbrokers.com/?premier1 is the spelling mistake for their prime selling point!  Under the headline “What is TextAdBrokers?” we see:

TAB was created as the premier Partner for marketing and distribution For the newly created contextual advertising Platform hitcralwer.com

hitcralwer.com (or HitCrawler.com) has already spawned a long chain on Scam.com that starts with a scam warning, then features server outages, lawyer warnings, lawyer bebunkings and various personal threats and revelations about the contributors.  For me, this is all very entertaining stuff, but the key facts for me are that;

  1. I have been heavily spammed, all links tending to the same source and all pointers pointing to the same destination(s).
  2. TAB’s own blurb can’t even spell correctly!

From that, you’ll gather which side of the honesty fence I think this lot come from…!

Willie R Burke kindly leaves his address in one spam type as “41 Merker Dr, Edison, NJ 08837”.  This ties in with the WHOIS of the source.  However, I don’t see why I should have to follow THEIR suggestion to stop the spam coming from them.  After all, I have over 600! The suggestion is not everywhere, but only on some of the pointers.

Five domains are in nearly every spam, (from those that I checked in my deluge.)

These are;

  1. http://vd.autoxten.com
    • –  Under their earnings disclaimer, they claim “that AutoXTen is not a get rich quick scheme but is a business” and that “all customers are essentially purchasing advertising”….?
  2. http://www.centurionwealthcircle.com/?register
    •  – considering the deluge I just got, their spam policy takes some beating!  e.g. “Unsolicited commercial email (UCE), while regarded as legal in some jurisdictions, is regarded as spam by most Internet service providers (ISPs), and may not be used to promote CWC”.  Larry Harper, take note!  I am not prepared to wade through 600 email headers just to prove that your spam policy works…  You do it.  Start with the source.  YOU!
    • Pyramid Details

      CWC Pyramid Details

      CWC

      Their business model is based on buying “tokens”, keeping them as a “portfolio” or something for a bit, and then cashing in 50% of the “investment” at some ill-defined “maturity” point.  Although they claim otherwise, this is classic pyramid scheme technology.  They make clear the exponential growth that potentially exists in their own blurb, and ONLY pyramid schemes promise exponential growth.

  3. http://www.makemoneyonline-free.org/
    • – here I find out that I “have been invited to join ClixSense by robbie1201”.  Oh really!  Thanks for nowt robbie.  It’s a site called “ClikSense, advertising that pays” but the domain name remains the same.  On their user agreement, point 10, Spam Policy, they helpfully remind Robbie and Willie R that “Spamming is a federal crime. Any member caught Spamming will not only have their account terminated immediately and lose any past, present and future earnings, but shall also be held liable for spamming as we shall cooperate with any authorities and investigations that may arise from the spamming incident. ClixSense may fine your account up to $5 per spam email reported from you email address.”    I don’t think they were listening!
  4. http://www.homebasedtelesalesjobs.com/

The registrant of  http://infinityleadsystem.com/ is;

E.C.I.
5802 Bob Bullock C1 Unit 328C-195
Laredo, TX 78041-8813
US

However, the server is located in Quebec, Canada!

Why this should be so when so may sites (like mine here) are served from the massive data centres in the US (like Texas, say!) is beyond me.  But I find the Canadian connection strangely comforting.

Conclusion

It stinks.  From the initial deluge to burrowing through the various “systems”; it stinks.  Leave it well alone folks.  Any business of note should NOT  be resorting to Spam for new business.  The scale of this spam deluge emphasises the non-credibility of these charlatans much more than their cheesy website offering ever could.

The fact that most domains were hidden “for privacy” plus the fact that the websites are almost incomprehensible as they struggle to disguise their real motives and modus operandi are just bonuses!

Related Posts:

Comments are closed

How WordPress Spam Works

WordPress Comment Spam

The plague of all blogs is spam, mainly comment spam, by sheer numerical superiority.

Q.  Why Do They Do It?

A. As a minimum, they do it to open a back-door into your blog that allows the perpetrator to place reverse linkages to another website to increase that website’s visibility in search engine results (so called “Search Engine Optimisation” – SEO ).  This back-linkage they use to increase website search hits, which they can charge an ignorant website beginner big money for.

At the worst, the culprit would gain full access to the blog allowing free posting and deletions or even the complete removal of your website content.

Today’s Example

Today, I got a comment that made me check further as notionally, it looked okay-ish. These are the details (click image for full-size view of the comment as it appears in the WordPress admin section):

Comment Spam Example

Comment Spam Example

The Jacksonville lawyer is in Florida and has this website; http://www.divorceyes.com/index.html, and the actual comment is pretty kosher, although brief, saying;

Strangely you have made an awesome post and i appreciate your work and keep it up. Thanks for sharing this with us.

This is all very nice, but check out the IP address….

WHOIS 113.203.135.140

By checking the WHOIS for this, we see that the IP Address for this supposedly reputable Florida lawyer (Divorce Yes) is in Karachi, Pakistan!  Well are they?  My guess, given the cheap web costs in the USA, is that Divorce Yes is in the US and that they wouldn’t for an instant even consider anywhere else!

And so it is!  The actual WHOIS for Divorce Yes is in Florida!  (The actual WHOIS for the web-hosting, fortehosting.com is in Illinois).  The registrant’s name (Miller) also agrees with the Divorce Yes’s contact details here, but note; the email address in the comment, [email protected], is not the same as the email address on the contact page, which is [email protected]

Registrant:

jeff miller

1019 grand court

highland beach, Florida 33487

United States

Registered through: GoDaddy.com, Inc. https://uk.godaddy.com/)

Domain Name: DIVORCEYES.COM

Created on: 07-Jun-05

Expires on: 07-Jun-16

Last Updated on: 17-Feb-07

Administrative Contact:

miller, jeff [email protected]

1019 grand court

highland beach, Florida 33487

United States

(561) 445-6962 Fax — (561) 347-7588

Technical Contact:

miller, jeff [email protected]

1019 grand court

highland beach, Florida 33487

United States

(561) 445-6962 Fax — (561) 347-7588

Domain servers in listed order:

NS1.FORTEHOSTING.COM

NS2.FORTEHOSTING.COM

Conclusion

There isn’t a conclusion really.  This is just an example of the way that text harvesting is being used to make seemingly intelligent comments slip past the comment filters on a WordPress blog.

As many of these filters rely on an IP address, if the webmaster lets a dodgy IP address through just once then it’ll be marked as “good” by the filters which will then allow the spammer to post even more comments, all for the various nefarious reasons that I mentioned first.

This is why I use a plugin like WP-SpamFree, and using it I can block all incoming pings from a given IP address, in this case, 113.203.135.140!

For interest, I’ve edited out the back-link from the spam comment above and you can find it on this post, Pacific Webworks, Lawyers and Social Networking, here.

Alternative Conclusion

This isn’t a conclusion again, but my examination of alternative possibilities, but note the following:

  • The Divorce Yes website is made and SEO’d by http://enettechnologies.com/.
  • WordPress is used on the website.
  • Many WordPress plugins exist to “improve” the SEO of a website.  (I use some!)
    • Some do it by ensuring meta and other data is added if it’s missing.
    • Others have sprung up over the last few years that “intelligently” link to other websites….  they harvest websites for text and linkages for later use, much like email spammers scan websites for email addresses to spam.  [n.b.  I use PHPEnkoder from Michael Greenberg to hide email addresses on this site from email address harvesters.]

It could be, although I cannot prove or disprove it, but because some of this spam I receive is now pretty readable as with this one above, that plugins are being used for much of the hits I get.  This comment  could be such an example, or the law website name is being used textually as a smokescreen for the Pakistani spammer.  I see lots of adverts along these lines that couldn’t possibly rely on manual  human link placements for their effectiveness….

I’d be interested to hear from Miller Law or their website designer on this one.  It’s not the first time that I’ve had reputable businesses appear on my website like this and I’d like to know what it appears like at their end, if at all.  It does make me wonder if this very website is being used to cloak spam at other websites in the same manner.

This is why I’ve left all URL back-links to the parties in place so that they’ll see them in their logs.

Related Posts:

Comments are closed

© 2007-2017 Strangely Perfect All Rights Reserved -- Copyright notice by me