Last updated on November 20th, 2015
Last month, I made a posting called Spoofed Emails Make Me Look Like Dodgy Software Saleman …. I’m now beginning to see the bigger picture after I followed through the initial investigation after receiving another email spam today. My interest was piqued because the spam was very different but the final web page destination was not!
It pointed to http://formarnione.com/ which, if it’s still going, is the same as http://lierkaser.com/ from last month. The website is registered like so:
Domain Name: FORMARNIONE.COM
Created on…………: 8 Nov 2008 07:02:16 EST
Expires on…………: 8 Nov 2009 07:02:16 EST
Record last updated on: 8 Nov 2008 07:02:16 EST
Owner, Administrative Contact, Technical Contact, Billing Contact:
Joan Vairo (ID00391833)
11 Bay Point Drive
Toms River, NJ 08753
You can find it on google maps here:
View Larger Map
Further fishing, took me to this forum post on FraudWatchers, say, and to this very informative website which everyone should bookmark immediately! http://spamtrackers.eu/wiki/index.php?title=Main_Page
A host of highly informative stuff is in the root http://spamtrackers.eu but for now, let’s go here to:
…. which is all about the very problem I’m poking with my metaphorical stick.
Today’s site, formarnione, isn’t listed, which is hardly surprising when you read all the information. A key bit is the link to Leo Kuvayev who has been responsible for a shed-load of nasties for years.
Whack his name into Google. Bizarrely, for someone so nefarious, he has less online pictures than a mafioso! There are 4 identical ones, all on spock.com, but whether that’s him or not – he just looks too nice and smiley for words!
Anyway, I’ve done a few spamtracker suggestions, including using the wacky little tool called “The Complainerator” 😀 It’s quirky, but works! Now let’s see if our friends in the Far East at http://126.96.36.199/ actually do anything.
The forged software website, http://eurosoftmarket.com/ stays mostly constant because the “secure” purchase area is sub-domained off like https://secure.eurosoftmarket.com/! What you make of the security is your business. I just know that Firefox doesn’t go green, even though there is some sort of certificate… Check the (wide, I know) picture.
But I tell you, the funniest thing about the whole shebang, is right at the very bottom, next to the “money back policy” and “terms and conditions”, they have the audacity to put the following phrase:
© Euro Software LCC`2005-2008
Ha Ha Ha Ha Ha Ha