| reply to MGD
Re: TheICONIQUE.COM 252-377-4462 Just found a charge on my bank card statement today... charge made on 11/26... posted 12/1. I never used my card on 11/26. Small charge of $4.52. Bank is taking care of it.
Phone number listed for THEICONIQUE is 517-759-1384. |
|
|
|
Whip
join:2009-01-23
Califon, NJ | reply to nobounds
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto A 'nobounds bonanza'. Nice job. |
|
| reply to MGD
Fraud scam site: 24COOLHOME.com
Whois
Domain Name: 24COOLHOME.COM
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Creation Date: 25-Jun-2010
Expiration Date: 25-Jun-2011
Domain servers in listed order:
ns2.startlogic.com
ns1.startlogic.com
Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Nameservers
24COOLHOME.com. 3600 IN NS ns2.yourhostingaccount.com.
24COOLHOME.com. 3600 IN NS ns1.yourhostingaccount.com.
IP Addresses
IP: 66.96.134.75
PTR: 75.134.96.66.static.eigbox.net
Netblock info
NetRange: 66.96.128.0 - 66.96.191.255
CIDR: 66.96.128.0/18
OriginAS:
NetName: BIZLAND-FC01
NetHandle: NET-66-96-128-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS2.BIZLAND.COM
NameServer: NS1.BIZLAND.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2001-04-03
Updated: 2005-03-31
Ref: »whois.arin.net/rest/net/NET-66-96-128-0-1
OrgName: The Endurance International Group, Inc.
OrgId: EIG-12
Address: 70 Blanchard Road
City: Burlington
StateProv: MA
PostalCode: 01803
Country: US
RegDate: 2005-02-07
Updated: 2010-09-16
Ref: »whois.arin.net/rest/org/EIG-12
OrgTechHandle: BBR189-ARIN
OrgTechName: Brock, Brian
OrgTechPhone: +1-781-852-3254
OrgTechEmail: bnbrock@maileig.com
OrgTechRef: »whois.arin.net/rest/poc/BBR189-ARIN
OrgNOCHandle: ENO74-ARIN
OrgNOCName: EIG Network Operations
OrgNOCPhone: +1-339-234-9762
OrgNOCEmail: netmon@maileig.com
OrgNOCRef: »whois.arin.net/rest/poc/ENO74-ARIN
Contact page
Phone Number: 339-368-6125
E-Mail Address: support@24coolhome.com |
|
| reply to MGD
Fraud scam site: 24ULTRAELECTRIX.com
Whois
Domain Name: 24ULTRAELECTRIX.COM
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Creation Date: 30-Jun-2010
Expiration Date: 30-Jun-2011
Domain servers in listed order:
ns2.p-telecom.info
ns1.p-telecom.info
Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Nameservers
24ULTRAELECTRIX.com. 86400 IN NS ns2.p-telecom.info.
24ULTRAELECTRIX.com. 86400 IN NS ns1.p-telecom.info.
IP Addresses
IP: 64.191.25.135
PTR: p-telecom.info
Netblock info
NetRange: 64.191.0.0 - 64.191.127.255
CIDR: 64.191.0.0/17
OriginAS:
NetName: HOSTNOC-3BLK
NetHandle: NET-64-191-0-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS2.HOSTNOC.NET
NameServer: NS1.HOSTNOC.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-05-31
Updated: 2003-08-08
Ref: »whois.arin.net/rest/net/NET-64-191-0-0-1
OrgName: Network Operations Center Inc.
OrgId: NOC
Address: PO Box 591
City: Scranton
StateProv: PA
PostalCode: 18501-0591
Country: US
RegDate: 2001-04-04
Updated: 2010-03-30
Comment: Abuse Dept: abuse@hostnoc.net
Ref: »whois.arin.net/rest/org/NOC
Contact page
Phone : 276-451-3621
E-Mail : support@24ultraelectrix.com |
|
| reply to MGD
Fraud scam site: 24officegoods.com
Whois
Domain Name: 24OFFICEGOODS.COM
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Creation Date: 20-Jun-2010
Expiration Date: 20-Jun-2011
Domain servers in listed order:
ns2.powermonster.net
ns1.powermonster.net
Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Nameservers
24officegoods.com. 300 IN NS ns1.powermonster.net.
24officegoods.com. 300 IN NS ns2.powermonster.net.
IP Addresses
IP: 207.14.35.226
PTR: da.sea.birdhosting.com
Netblock info
NetRange: 207.14.32.0 - 207.14.39.255
CIDR: 207.14.32.0/21
OriginAS:
NetName: SPRINT-CF0E27
NetHandle: NET-207-14-32-0-1
Parent: NET-207-12-0-0-1
NetType: Reallocated
RegDate: 1996-04-15
Updated: 1996-04-15
Ref: »whois.arin.net/rest/net/NET-207-14-32-0-1
OrgName: Kendaco Inc/Telebyte NW
OrgId: KIT
Address: PO Box 3162
City: Silverdale
StateProv: WA
PostalCode: 98383
Country: US
RegDate: 1996-04-15
Updated: 2004-08-05
Ref: »whois.arin.net/rest/org/KIT
Contact page
Phone Number: 239-244-3926
E-Mail Address: support@24officegoods.com |
|
| reply to MGD
Fraud scam site: goyourbike.com
Whois
Domain Name: GOYOURBIKE.COM
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Creation Date: 06-Nov-2010
Expiration Date: 06-Nov-2011
Domain servers in listed order:
ns2.mgnhost.com
ns1.mgnhost.com
Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Nameservers
GOYOURBIKE.COM. 3600 IN NS ns1.mgnhost.COM.
GOYOURBIKE.COM. 3600 IN NS ns2.mgnhost.COM.
IP Addresses
IP: 78.46.113.220
PTR: mgnhost.com
Netblock info
inetnum: 78.46.112.0 - 78.46.113.255
netname: HETZNER-RZ-NBG-NET
descr: Hetzner Online AG
descr: Datacenter Nuernberg
country: DE
admin-c: HOAC1-RIPE
tech-c: HOAC1-RIPE
status: ASSIGNED PA
remarks: INFRA-AW
mnt-by: HOS-GUN
mnt-lower: HOS-GUN
mnt-routes: HOS-GUN
source: RIPE # Filtered
role: Hetzner Online AG - Contact Role
address: Hetzner Online AG
address: Stuttgarter Stra?e 1
address: D-91710 Gunzenhausen
address: Germany
phone: +49 9831 61 00 61
fax-no: +49 9831 61 00 62
abuse-mailbox: abuse@hetzner.de
Contact page
Phone Number: 304-461-4677
E-Mail Address:support@goyourbike.com |
|
| reply to nobounds
This one actually has the content for bratttoys.com…
Fraud scam site: FIRMSCARD.com
Whois
Domain Name: FIRMSCARD.COM
Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Creation Date: 15-Dec-2009
Expiration Date: 15-Dec-2011
Domain servers in listed order:
2.nseasy.com
1.nseasy.com
Administrative Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Technical Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Billing Contact:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 97
Note - All Postal Mails Rejected, visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Nameservers
firmscard.com. 86400 IN NS 2.nseasy.com.
firmscard.com. 86400 IN NS 1.nseasy.com.
IP Addresses
IP: 67.23.226.55
PTR: ns2.nseasy.com
Netblock info
NetRange: 67.23.224.0 - 67.23.255.255
CIDR: 67.23.224.0/19
OriginAS: AS33182
NetName: DIMECNET
NetHandle: NET-67-23-224-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: PTR2.DIMENOC.COM
NameServer: PTR1.DIMENOC.COM
Comment: ********************************************
Comment: Reassignment information for this block is
Comment: available at rwhois.dimenoc.comport 4321
Comment: ********************************************
RegDate: 2009-09-02
Updated: 2010-09-14
Ref: »whois.arin.net/rest/net/NET-67-23-224-0-1
OrgName: HostDime.com, Inc.
OrgId: DIMEN-6
Address: 189 South Orange Avenue
Address: Suite 1500S
City: Orlando
StateProv: FL
PostalCode: 32801
Country: US
RegDate: 2004-06-30
Updated: 2009-08-21
Comment: Reassignment information for this block is
Comment: available at rwhois.dimenoc.com port 4321
Ref: »whois.arin.net/rest/org/DIMEN-6
Contact page
Address: Crestview, FL 32536
Phone: 1-(352)-397-2859
Email: support@bratttoys.com |
|
| reply to MGD
Fraud scam site: NEWPETSONLINE.com
Whois
Updated Date: 27-jan-2010
Creation Date: 27-jan-2010
Expiration Date: 27-jan-2011
Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Registered through: GoDaddy.com, Inc. (»www.godaddy.com)
Domain Name: NEWPETSONLINE.COM
Created on: 27-Jan-10
Expires on: 27-Jan-11
Last Updated on: 27-Jan-10
Administrative Contact:
Private, Registration NEWPETSONLINE.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
+1.4806242599 Fax -- +1.4806242598
Technical Contact:
Private, Registration NEWPETSONLINE.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
+1.4806242599 Fax -- +1.4806242598
Nameservers
newpetsonline.com. 3600 IN NS ns57.domaincontrol.com.
newpetsonline.com. 3600 IN NS ns58.domaincontrol.com.
IP Addresses
IP: 173.201.163.241
PTR: ip-173-201-163-241.ip.secureserver.net
Netblock info
NetRange: 173.201.0.0 - 173.201.255.255
CIDR: 173.201.0.0/16
OriginAS: AS26496
NetName: GO-DADDY-SOFTWARE-INC
NetHandle: NET-173-201-0-0-1
Parent: NET-173-0-0-0-0
NetType: Direct Allocation
NameServer: CNS1.SECURESERVER.NET
NameServer: CNS2.SECURESERVER.NET
NameServer: CNS3.SECURESERVER.NET
Comment: Please send abuse complaints to abuse@godaddy.com
RegDate: 2009-09-18
Updated: 2009-09-18
Ref: »whois.arin.net/rest/net/NET-173-201-0-0-1
OrgName: GoDaddy.com, Inc.
OrgId: GODAD
Address: 14455 N Hayden Road
Address: Suite 226
City: Scottsdale
StateProv: AZ
PostalCode: 85260
Country: US
RegDate: 2007-06-01
Updated: 2009-09-16
Comment: Please send abuse complaints to abuse@godaddy.com
Ref: »whois.arin.net/rest/org/GODAD
Contact page
Phone : 206-339-5677
E-Mail : support@newpetsonline.com |
|
| reply to MGD
Is this what you need? Hmmm they both have the same 4 digit number after them - does that mean the same processor?
11/22/2010 CHK CRD WWW.RELIABLECHI 5732 CLR $9.62
This is the other:
11/18/2010 CHK CRD WWW.FULLYDIGIST 5732 CLR $9.62
even though they cleared 4 days apart, they originally showed up as pending on my accounts within a day of each other. Maybe the weekend slowed one down as far as processing.
To answer your questions -
Both cards were debit/credit cards issued from my bank (same bank, 2 accounts. one is business one is personal). My name is on my personal card, my name plus an extra word (my biz name) is on the biz card.
I can only think of a single place I ever used both cards - my biz card gets used all over but I rarely use my personal card at all. The last time I used it online that I can recall was the website Groupon. And I actually had to dispute the charge with them because I first used my biz card and it told me it was declined, so I then tried the personal account. That one went through but they ended up charging me on BOTH accounts.
I looked back to June on my personal account and aside from that, I have no online purchases with that card.
"Many thanks for posting, and for adding another of the OCS's card fraud laundering websites to the pandemic fraud list.
Can you please post the exact line item charge for the SCAM FRAUD = reliablechip.COM 209-690-9828 = SCAM FRAUD.
• Were the cards issued from the same or different financial institutions?.
• Do the cards share common activity / vendors over the past 24 months?.
• Both cards debit, credit, one of each?.
• Both cards in the same account name ?." |
|
| reply to MGD
said by MGD:Domain servers in listed order:
ns2.infiumhost.com
ns1.infiumhost.com
Yet another small-ish host with mostly Russian language sites on it. I know of a bit over 100 domains using those nameservers, and a little over 20 sites hosted on the same IP. Almost all in Russian. |
|
MGDPremium,MVM
join:2002-07-31
kudos:9
1 edit | reply to Nowayjose
said by Nowayjose :I also got the $9.62 charge to my credit/debit card recently from fullydigistore.com...but within a day another credit/debit card of mine was hit from a site called reliablechip.com. Same exact amount!
Many thanks for posting, and for adding another of the OCS's card fraud laundering websites to the pandemic fraud list.
Can you please post the exact line item charge for the SCAM FRAUD = RELIABLECHIP.COM 209-690-9828 = SCAM FRAUD.
• Were the cards issued from the same or different financial institutions?.
• Do the cards share common activity / vendors over the past 24 months?.
• Both cards debit, credit, one of each?.
• Both cards in the same account name ?.
============================
Contact Us
If you have any problems, comments or suggestions, please feel free to contact us. We will reply within 24 hours during regular business days.
Phone : 209-690-9828
E-Mail : support@reliablechip.com
Business Hours: Mon-Fri 8:00am to 5:00pm Central Time Zone
============================
Another card fraud laundering website which has "hit the ground running" !!. I suspect in this case, since fraud charges are reporting 2 weeks after the domain was registered, is that RELIABLECHIP.COM 209-690-9828 is the SECOND or higher card fraud website for an existing active cyber-mule who already has a merchant account. May even be the same San Jose, CA, cyber-mule whose business bank and merchant account is at a local branch of COMERICA Bank
Registration Service Provided By: WEB FOR ALL (WEB4ALL.RU)
Contact: +7.4012971111
Website: >http://www.Web4All.ru
Domain Name: RELIABLECHIP.COM
Registrant:
PrivacyProtect.org
Domain Admin ()
P.O. Box 97
Note - All Postal Mails Rejected,
visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Creation Date: 14-Nov-2010
Expiration Date: 14-Nov-2011
Domain servers in listed order:
ns2.infiumhost.com
ns1.infiumhost.com
.
.
IP Address History
.
Event Date Action Pre-Action IP Post-Action IP
===========================================
2010-11-16 New -none- 91.218.36.7
2010-11-17 Not Resolvable 91.218.36.7 -none-
2010-11-28 New -none- 91.218.36.7
.
.
Name Server History
.
Event Date Action Pre-Action Server Post-Action Server
===========================================
2010-11-15 New -none- Grishek.ru
2010-11-16 Transfer Grishek.ru Infiumhost.com
IP Location: Ukraine Infium Ltd
Resolve Host: h2.infiumhost.com
IP Address: 91.218.36.7
Once again note the quick move of the domain away from the original DNS, so the domain cannot be locked out or revoked by the original vendor.
It appears that SCAM FRAUD = FULLYDIGISTORE.COM 209-710-5385 = FRAUD SCAM went offline also, in tandem with its sibling SCAM FRAUD = USTECHTODAY.COM 209-710-5237 = SCAM FRAUD
Again please post the line item of the fraud charge for: SCAM FRAUD = RELIABLECHIP.COM 209-690-9828 = SCAM FRAUD include any state abbreviation. Obtaining an ARN (Acquirer Reference Number for that transaction would be very helpful.
Less than 14 DAYS from domain registration to completed fraud charging, sets another milestone in the infamy of this multi year Organized Crime Syndicate.
It also underscores just how completey owned the financial system, and ultimately consumers, are by this massive fraud operation.
MGD |
|
| reply to MGD
I also got the $9.62 charge to my credit/debit card recently from fullydigistore.com...but within a day another credit/debit card of mine was hit from a site called reliablechip.com. Same exact amount! |
|
MGDPremium,MVM
join:2002-07-31
kudos:9
1 edit | reply to MGD
Re: Fraud SCAM FULLYDIGISTORE.COM - USTECHTODAY.COM 209-710-5237said by MGD:......... A genetic clone, code wise, of FULLYDIGISTORE.COM is the newly discovered SCAM FRAUD = USTECHTODAY.COM 209-710-5237 = FRAUD SCAM »ustechtoday.com
Not only does it share the identical code and contents with altered graphics and theme as FULLYDIGISTORE.COM, in keeping with DrStrange  's research, it also shares the same area code and city prefix: .... .. ============================== Contact Us If you have any problems, comments or suggestions, please feel free to contact us. We will reply within 24 hours during regular business days. Phone : 209-710-5237E-Mail : support@ ustechtoday.comBusiness Hours: Mon-Fri 8:00am to 5:00pm Central Time Zone ============================== Though currently hosted with a Moscow based provider, it is using a minimalist DNS which only covers a few dozen hosts:
Registration Service Provided By:
HIGH QUALITY HOST COMPANY
Contact: +1.6462130098
Domain Name: USTECHTODAY.COM
Registrant:
PrivacyProtect.org
Domain Admin ()
P.O. Box 97
Note - All Postal Mails Rejected,
visit Privacyprotect.org
Moergestel
null,5066 ZH
NL
Tel. +45.36946676
Creation Date: 07-Apr-2010
Expiration Date: 07-Apr-2011
Domain servers in listed order:
ns1.m-hoster-1.ru
ns2.m-hoster-1.ru
======================= Server Type:Apache/2.2.14 (Unix) mod_ssl/2.2.14 OpenSSL/0.9.8e-fips-rhel5 mod_bwlimited/1.4 IP Address: 178.162.163.99 IP Location: - Russian Federation - Rustelekom Llc. Obshestvo S Ogranichennoj Response Code: 200 Domain Status: Registered And Active Website ======================= Registered since April 2010 and identically cloaked as its sibling, ... .... MGD .
USTECHTODAY.COM 209-710-5237 was taken offline rather rapidly after posting. Underlying the hidden privacy cloaked domain registration is:
Registration Service Provided By:
HIGH QUALITY HOST COMPANY
Contact: +1.6462130098
Domain Name: USTECHTODAY.COM
Registrant:
WHITED llc.
DANNY WHITED (ustechtoday@mail15.com)
822 phelps rd.
hillsborough
New York,27278
US
Tel. +346.7854765
Creation Date: 07-Apr-2010
Expiration Date: 07-Apr-2011
Domain servers in listed order:
ns2.m-hoster-1.ru
ns1.m-hoster-1.ru
Registrar: DirectI.com
Name server: M-hoster-1.ru
IP Address History USTECHTODAY.COM
Event Date Action Pre-Action IP Post-Action IP
=================================================
2010-04-08 New -none- 89.149.223.80
2010-04-11 Not Resolvable 89.149.223.80 -none-
2010-04-24 New -none- 89.149.223.80
2010-07-12 Change 89.149.223.80 178.162.163.99
Siteshots are a great archiving tool for preserving these quickly pulled websites. Interestingly, an analysis of USTECHTODAY.COM once again yielded a forensic crumb which connects the current group back to the card fraud operations in 2008. This connection also ties back to the first discovery of the Organized Crime Syndicate's testing of non intangible card fraud laundering websites, real physical products. During the shadowing of the birthing and start up phase of the 2008 UK Berry fraud operation which was hosted in the US on a master block of IPs owned by the now defunct and notorious Russian McColo Cybercrime operation. During that 2008 shadowing, an audit revealed these two websites stashed on the OCS's McColo IP space megaphotostore.net and kiddytoys.net on IPs 208.72.172.194 and 208.72.172.195 respectively. Though apparently targeted at the UK, these were the first card fraud laundering websites discovered listing tangible products.
Take note of the stock camera photo used on the main header display of the 2008 MEGAPHOTOSTORE.NET:
Though at first it may not appear to be related to the camera photo used on USTECHTODAY.COM
and the circa 2008 UK targeted MEGAPHOTOSTORE.NET
Forensic analysis shows that both pics, though altered and presented differently, are both derived from the same identical stock photo.
You can begin to see it when the mirrored images from each are presented side by side:
Once rotated and presented in the same perspective, the matching hash values becomes visually obvious:
One of hundreds of data bits collected over time, where individually they may seem as random events, however, collectively they add significantly to the evidence data.
MGD |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to nobounds
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Plutosaid by nobounds:I believe blando-screen.com might be a former site, but the registration expired and the site isn't running any more.
Yes it was:
blando-screen.com
Registration Service Provided By:
Active-Domain LLC
Domain Name: BLANDO-SCREEN.COM
Expiry Date: 03-Nov-2010
Creation Date: 03-Nov-2009
Name servers:
ns39.worldnic.com
ns40.worldnic.com
Registrant Name: Whois Manager
Registrant Company: Whois Proof LLP
Registrant Email Address: dumt5nxz9@whoisproof.com
Registrant Address: PO Box 4120
Registrant City: Portland
Registrant State/Region/Province: OR
Registrant Postal Code: 97208-4120
Registrant Country: US
Registrant Tel No: +1.2024700599
Registrant Fax No: +1.8663666681
The fraud website travelled around a bit!.
.
HISTORY:
.
BLANDO-SCREEN.COM
.
Date Registrar
.
2009-11-03 Name Twister, Inc
Name Server History
.
Event Date Action Pre-Action Server Post-Action Server
=================================================
2009-11-04 New -none- Worldnic.com
2009-12-18 Transfer Worldnic.com Dnsserver8.com
2009-12-24 Transfer Dnsserver8.com 100mwh.com
2010-11-05 Transfer 100mwh.com Active-dns.com
2010-11-20 Delete Active-dns.com -none-
.
.
IP Address History
.
Event Date Action Pre-Action IP Post-Action IP
=================================================
2009-11-04 New -none- 206.188.193.89
2009-12-25 Change 206.188.193.89 209.197.255.143
2010-11-05 Change 209.197.255.143 67.228.37.8
2010-11-06 Change 67.228.37.8 209.197.255.143
2010-11-17 Change 209.197.255.143 67.228.37.8
The BBB listed:
Business Contact and Profile for Blando-screen
Name: Blando-screen
Phone: (630) 608-4641
Address: Unknown
Oswego, IL 60543
Principal: Arietta Grimes
Customer Contact: Arietta Grimes 630-608-4641
Numerous fraud charges reported:
»www.ripoffreport.com/Search/Blan···een.aspx
MGD |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to codeslave
said by codeslave:I have a similar domain name (iconomatic.com) as to one of the sites being used in this fraud (icon-o-matic.org), so I've been getting a lot of mail recently from people asking about mysterious unauthorized charges on their accounts. Is there any way I can get this domain name removed? I'm now directing people to contact that other site or better yet, their credit card company, but I'd rather have the other site shut down if possible. Thanks!
Kudos for placing an alert of your site ribbon-o-matic.com »www.ribbon-o-matic.com about the car fraud laundering site ICON-O-MATIC.ORG Hopefully it will stop victims from incorrectly associating your site with the fraudulent one.
MGD |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to moike
Re: SCREENSAVR.BIZ 877-455-8264 said by moike:http://screensavr.biz/
Web IP: 204.93.163.124 Web page Phone: 877-455-8264 Web page email: support@screensavr.biz Domain Registration Date: Tue Sep 07 2010 Outstanding and difficult find !!. Not only is it a fresh design, the fraud website SCREENSAVR.BIZ 877-455-8264 is buried within a several hundred website hosting IP, has a tollfree contact number image hidden, and the site is robots hidden from search archiving:
MGD |
|
MGDPremium,MVM
join:2002-07-31
kudos:9
1 edit | reply to moike
Re: Scam Fraud = BRATTTOYS.COM 352-397-2859 said by moike:http://www.bratttoys.com/
Web page info: Address: Crestview, FL 32536Phone: 352-397-2859 Email: support@bratttoys.com Web ip: 68.178.232.143 Domain Name: BRATTTOYS.COM
Registrar: MONIKER
Record created on: 2010-09-07
SCAM FRAUD = BRATTTOYS.COM 352-397-2859 = FRAUD SCAM must have hit the ground running after their 09/10 formation:
=======================
352-397-2859 reported on Nov 26
hit my bank statement for 4.97 too
=======================
352-397-2859 reported on Nov 23
$ 4.97 also showed up on my visa. I don't know why or how.
=======================
352-397-2859 reported on Nov 22
they got my card also.
=======================
352-397-2859 reported on Nov 20
This company, Brattcompany.com, showed up on my Visa statement with acharge for $4.97. I
have no idea who they are or what the charge is for.
=======================
352-397-2859 reported on Nov 20
this number showed up on my bank statement shows as brattcompany.com. they stole my debit
card number, no such company or number.
=======================
Reasonable to suspect that
SCAM FRAUD = BRATTTOYS.COM 352-397-2859 = FRAUD SCAM
and
SCAM FRAUD = BENETENTERPRISES.COM 727-493-2152 = FRAUD SCAM
are the same cyber-mule based on the common Crestview, FL 32536
said by moike:More in the lotosus.com / FL category:
benetenterprises.com:
Web ip: 67.227.148.38
Web page info: Address: 602 S Main St #782,
Crestview, FL 32536
Phone: 727-493-2152
Email: support@BenetEnterprises.com
-------- BENETENTERPRISES.COM is an identical clone of the now offline FRAUD SCAM = ROSMANNENTERPRISES.COM aka Rosmann Enterprises LLC 305-767-1953
»Re: Rosmann Enterprises LLC 305-767-1953
The business entity is similarily configured to an anonymous mail drop / forwarwarding service many miles away
==================
Florida Limited Liability Company
BENET ENTERPRISES LLC
Filing Information
Document Number L10000089427
FEI/EIN Number NONE
Date Filed 08/25/2010
State FL
Status ACTIVE
Principal Address
602 S MAIN ST
#782
CRESTVIEW FL 32536
Mailing Address
602 S MAIN ST
#782
CRESTVIEW FL 32536
Registered Agent Name & Address
CORPORATION SERVICE COMPANY
1201 HAYS STREET
TALLAHASSEE FL 32301 US
Manager/Member Detail
Name & Address
Title MGRM
BENET, BERNHARD
602 S MAIN ST #782
CRESTVIEW FL 32536
Annual Reports
No Annual Reports Filed
==================
Due to relativley unique name we can trace BERNHARD BENET and his LKA to the Tampa,FL area, and more specifically to Tarpon Springs, FL., not anywhere near the Crestview, FL/ mail dropbox over near Pensacola. Online promotions for other business entities connected to him or his wife show a residential address near Tampa, FL of:
HOA Publishers
3831 Brooksworth Ave,
Tarpon Springs, FL 34688
727-934-7038
That residential address was corroborated as recently as January 2010 on an annual report filing with the state of Florida for Travel Pros, Inc., A Delaware Corporation, and also for Tpi Training Services, Inc.
Only the online filing for BENETENTERPRISES.COM 727-493-2152 carries a contact address of Crestview, FL:
The OCS tactic of a remote drop box is certainly not new, but does appear to be a consistent SOP of this genre. An address close enough so as not to raise suspicion during the merchant account application process, and far enough away to shelter and hide the cyber-mule. The OCS goes to some lengths to locate an independent mail drop within a defined radius of the cyber-mule.
EDIT = ADD:
The presumption is that these are all cyber-mules and not LLC formations using identity theft data. As mentioned before while there have been some cases in th epast of drop box set ups for that purpose, specifically in the toll free group, the vast majority of drop box configurations were for the named cyber-mules. Mary Attalla was one such example where drop boxes were utilized for subsequent LLC formations. We have yet to uncover for this genre both the mode and recruiting vector used for recruitment.
The curent mass profilation of card fraud laundering websites now almost nearing the pandemic stage, reiterates both the level of access and unfettered availability that this organized Crime Syndicate has to consumer's card and identity account data. Regadless of the rate of uncovery of these card fraud laundering entities it still remains only a percentage of the total.
MGD |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to ea
Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto said by ea :I was taken for a ride and never saw any money from this...I am also a victim.
Evelio areas
.
Indeed you are, I recall trying on multiple occasions to locate a contact number for you during mid 2008. Not only was your assigned entity short lived, the Organized Crime Syndicate then utilized your identity to register multiple subsequent card fraud laundering domains after your departure.
MGD |
|
moike
join:2007-03-31
Atlanta, GA | reply to MGD
screensavr.biz »screensavr.biz/
Web IP: 204.93.163.124
Web page Phone: 877-455-8264
Web page email: support@screensavr.biz
Domain ID: D41192046-BIZ
Sponsoring Registrar: ENOM, INC.
Sponsoring Registrar IANA ID: 48
Registrar URL (registration services): whois.enom.com
Domain Status: clientTransferProhibited
Registrant ID: B5EE1AA00D7C6E00
Registrant Name: DNS Admin
Registrant Address1: 3655 Torrance Blvd
Registrant City: Torrance
Registrant State/Province: CA
Registrant Postal Code: 90503
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.3103162744
Registrant Email: dns@webhostingpad.com
Technical Contact ID: 8A0EB07DC6CDE4AB
Technical Contact Name: DNS Admin
Technical Contact Organization: Webhostingpad.com
Technical Contact Address1: 5005 Newport Dr
Technical Contact City: Rolling Meadows
Technical Contact State/Province: IL
Technical Contact Postal Code: 60008
Technical Contact Country: United States
Technical Contact Country Code: US
Technical Contact Phone Number: +1.8473429199
Technical Contact Email: dns@webhostingpad.com
Name Server: NS1.WEBHOSTINGPAD.COM
Name Server: NS2.WEBHOSTINGPAD.COM
Created by Registrar: ENOM, INC.
Last Updated by Registrar: ENOM, INC.
Domain Registration Date: Tue Sep 07 17:48:33 GMT 2010
Domain Expiration Date: Tue Sep 06 23:59:59 GMT 2011
Domain Last Updated Date: Tue Sep 07 17:48:34 GMT 2010
|
|
moike
join:2007-03-31
Atlanta, GA | reply to MGD
bratttoys.com »www.bratttoys.com/
Web page info:
Address: Crestview, FL 32536
Phone: 352-397-2859
Email: support@bratttoys.com
Web ip: 68.178.232.143
Domain Name: BRATTTOYS.COM
Registrar: MONIKER
Registrant [3120437]:
Michael Decker mdecker30@ymail.com
155 Gleneagle Drive
Byron
GA
31008
US
Domain servers in listed order:
1.NSEASY.COM
2.NSEASY.COM
Record created on: 2010-09-07 10:05:37.0
Database last updated on: 2010-09-08 10:21:04.217
Domain Expires on: 2011-09-07 10:05:37.0
|
|
