Ebook websites, fraud charges, Devbill/DigitalAge/Pluto - Scam and Phishbusters

Author	All Replies
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	reply to garys_2k Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto said by garys_2k: We may get a few more views on this thread, I posted a reply here: »800notes.com/Phone.aspx/1-805-275-2235/ where people are speculating about how their cards were compromised. .......... Thanks, I had seen some of those individual pages before from search hits, but not the entire thread. In reviewing, it leads to another "template page". A poster listed a charge from naturalordretemplate. Re arranging the name leads to: naturalordertemplate.com - 626-310-0668 Natural Order, Inc [naturalordertemplate.com IP= 66.152.173.178] Domain name: naturalordertemplate.com Registrant Contact: I E C I Andrew Fairbanks (andy_fairbanks@yahoo.com) +1.6106431850 Fax: +1.6106431850 403 Perkins ST Oakland, CA 94610 US Name Servers: ns1.hostdone.com ns2.hostdone.com Creation date: 17 Sep 2007 20:07:28 Expiration date: 17 Sep 2008 20:07:28 Andrew Fairbanks 403 Perkins St Oakland, CA 94610-4722 phone number unavailable There are two other individuals who have the same phone number using that address. Though the listed contact phone is also a CA area code, there is no listing for a "Natural Order " in the California corp. database. Two postesrs report that the charge appears to list Minnesota as the origination, and also that the phone number above is also listed as "Atala Designs". That is the Hub / recruiting site I listed in a previous post. quote: ..."Pending charge from "Atala Designs St Paul Park MN" for $11.85 on 22Dec07"... ..."I received a charge on my credit card from ATALA Designs for $10.65 12/12/2007. I reported it to my bank and the charge was removed and now I have to get a new card. On my account description of the charge it gave a 626 number which is Alhambra, CA but the info on my account said MN".... Strange, ataladesigns.com: »ataladesigns.com/ is now off the air. I also checked Minnesota corp data base and did not get a hit under that name either. EDIT= This could be an attempt to salvage a business entity set up, where the mule may have got suspicious and dropped out in the early stages. /edit I have some other hub sites coming up shortly including what appears to be a new theme, version 6.0. Also have the latest version of the "mobile phone games" site, a la Generex and Moball. MGD
	to forum · permalink · 2007-12-23 15:11:29 ·
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	reply to MGD Still digging around the "Inowest" connection, so far unable to tell if they are a part of the operataion, or complicit. I cannot yet rule them out. We have already established the firm connection, and continuation to the Devbill / digitalAge et all by way of the foreign laundering. As stated, the version 4.5 templates funds from the hijacked cards were wired out of US banks to: Beneficiary's Bank Name: EUROBANK PLC Beneficiary's Bank SWIFT code: EUBKBGSF Beneficiary's Bank Address: 43 Cherni Vrah Blvd., 1407 Sofia, Bulgaria Beneficiary Account: BG96PIRB91701745144579 Beneficiary Name: Inowest Enterprises Inc We know that the fraudulent carded funds from several of the e-book sites are now wired out of US banks and routed to: Beneficiary's bank name: ASIAUNIVERSALBANK Beneficiary's Bank SWIFT code: ASUJK22 Bank address: 59, togolok moldo str., 720033, BISKHEK, KYRGYZSTAN REPUBLIC Beneficiary account: 1231128530000131 Beneficiary name: Inowest Enterprises Beneficiary address: same as bank address Asia Universal Bank is: »www.aub.kg/en .No coincidence that Asia Bank has several outlets in Russia, and branch offices in the Ukraine, Latvia, and Kazakhstan. AUB does have a stated policy to counteract the laundering of illicitly-acquired funds: »www.aub.kg/en/about/general/proiz Maybe a "heads up" is in order. Inowest is now referenced in two webmaster forums that deal in PrOn affiliate referrals and sponsored site linking. In addition to the previous: quote: I'm getting wires but don't know which sponsors - please help! ------------------------------------------------------------ Hey I've received a few unknown wires. Does anyone here know which sponsors they are? These are wires btw, no cheques. Inowest Enterprises Gioram Kenny Media Design Ironic And if the owners of these sponsors see this post, can you please tell me in which country your company is based? Thanks anyway Maikel Source= NOT WORK SAFE »www.gofuckyourself.com/showthrea···t=615371 A second recent reference is on a similar Russian forum, and in fact specifically mentions "Inowest v ASIAUNIVERSALBANK". A rough Google translation is here may not be WS either: »translate.google.com/translate?h···6hl%3Den At this stage it is possible that inowest is a Russian "currency facilitator", operating on the virtual fringe. Maybe similar to this Russian company: »www.fethard.biz/ and »www.fethard.biz/about.php It is reasonable to assume that whatever laundering vehicle and location the criminal enterprise is using, it is one that they are familiar with, and have established history with. I need to reach and convert more "cyber mules" in order see if there are other accounts and C&Cs that are in use. MGD
	to forum · permalink · 2007-12-23 17:05:54 ·
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	reply to MGD At the start, I reiterated that this syndicate has been in operation for years, and has constant access to card account data. You can journey back to seven years ago and see the "Beta", or maybe even Version 1.0 of this long running criminal operation. These reports are from 7 years ago, almost exactly to the day: 'Tis the season for credit-card heists and: 'Egghead.com Gets Hacked Besides, at that time, the obvious operational base was Russia, pay close attention to some of the common ingredients: circa 2000: quote: "....MSNBC.com research has revealed that for at least the past six months, hundreds and perhaps thousands of consumers have found charges between $5 and $25 billed to their credit cards. The laundering efforts appear to involve a group Russian telecommunications and Internet companies. Since July, Net users have widely complained about charges from companies named Skiftelecom, Incomtel, Global Telecom, and Inetplat. It was not immediately clear if the Russian firms were participants or victims of the scheme. After initial e-mail contact, Inetplat didn't respond to a request for an interview. None of the others immediately replied to e-mail. There has been a fresh flurry of charges-at least 100-billed this week by Global Telecom and Inetplat, which appear from their Web site to be the same company......." Ringing any bells ??? if not try this: quote: "....She said one of her fellow victims had received a reply from Inetplat earlier this year after complaining. In the e-mail, the company was said to reply: "Possible your credit card data was stolen by hackers and used to enter one of the sites of our clients. We refund you all the money charged from your card within one week. Please do not make chargeback within this week." ..... Oh.. sound familiar.!! What was not apparent back in 2000 was these sites were "fronts" and connected.GTELECOM.NET Global Telecom gtelecom.net and Inetplat Inetplat.com were clones of each other. From a rough translation of Inetplat.com's Home Page quote: "....The pay system InetPlat allows services on the method to the payment through Internet of the credit maps VISA and Eurocard/Mastercard for vebmasterov of paid sites and developers of software. Relying on contemporary technologies we let us ensure reliability and safety of your electronic commerce. Hundreds of clients from the different countries of peace already are used InetPlat in their business"..... A comment in another Russian PrOn webmaster affiliate forum not long afterwards makes reference to "inetplat" and translates as: circa 2001: quote: ".....4 more greatly I will say, they do not work from similar lazhey EVEN nelegal'shchiki! -))) An example, there was this office as inetplat.com (recently its name it was mentioned in connection with the scandal "Russians they robbed 3 million Americans"), so they they attempted to interest in its service of russkoyazychnykh nelegal'shchikov. And those sent them. This office awaits analogous. However, however, there lie in the first proposal on the site, in the first word: THE "RELIABLE method to obtain payment into the Internet"; -))".... Of course now after several progressions and iterations they have adapted and fine tuned the operation. Incoming charges from Russia against thousands of US cards has long been addressed by monitoring algorithms that will reject them onsight. As recently as 2006 they had several sites that tried to run charges from merchant accounts in the UK and Sweden. They failed, the majority of the charges were rejected, and were subsequently blacklisted. Many potential victims received a notice from the card issuer that the charge was rejected. The hosting and processing via internal US merchant accounts was a procedure adopted by the syndicate to counteract these measures. The most lenient security threshold for charges processed to US cards are ones that originate from within the US. It was then that the recruiting of cyber mules began, and the operation moved "onshore". The fundamental issue back then was one of a card data security problem, that is what drives this entire operation. Unfortunately, 7 years later it is still the core problem. MGD
	to forum · permalink · 2007-12-23 19:45:06 ·
garys_2k Premium join:2004-05-07 Farmington, MI Reviews: ·Callcentric ·Future Nine Corp..	Getting to the core issue, where/how they get the card data, ought to be front and center to the entire Mastercard/Visa/Amex industry. Seven years? Clearly the source data has been the most consistently reliable part of the scheme -- more certain than the systems for processing the charges. It could likely be a small group of moles placed in key positions in the business. They could skim the data onto floppies/CDRs/USB drives, whatever and export it at their leisure. They could plant the malware onto the providers' servers that uploads files. Or, maybe they can do the latter remotely -- given the number of vulnerabilities in web facing servers out there. As for the high rejection rate, that could be a key clue. Clearly we need a much more robust method of verifying credit card transactions where the card isn't physically present. I suspect this syndicate targets the U.S. because our procedures are easier to defraud.
	to forum · permalink · 2007-12-23 21:47:57 ·
chst @pacbell.net	reply to MGD MGD, the job you are doing is amazing! I could become one of those cyber mules! But now they have no chance. They've hired me and I've almost set up the merchant account already. That's a big luck I've found everything out on this stage, they haven't had a chance to charge anybody through me yet! Well, anyway.. I think I've got some interesting things that were not mentioned above and could help to trace those bastards, but I'm not sure if I should post them right here. Please e-mail me at chstpublic[at]gmail.com
	to forum · permalink · 2007-12-24 20:40:13 ·
MGD Premium,MVM join:2002-07-31 kudos:9	said by chst : MGD, the job you are doing is amazing!....... Thank you, as requested, made contact from 007MGD MGD
	to forum · permalink · 2007-12-25 17:05:43 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to MGD Updating, rooted some more out. Another template clone: infinitysonstemplates.com 404-474-2550 Infinity & Sons, LLC . That is the current phone number listed here: »infinitysonstemplates.com/help.php Charges have also shown up on statements under that name listing another number: 404-645-1736 see: »800notes.com/Phone.aspx/1-404-645-1736 [infinitysonstemplates.com IP 66.152.162.116 ] Domain name: infinitysonstemplates.com Registrant Contact: IS LLC bryan gracy (gracy_bryan@yahoo.com) +1.4046451736 Fax: +1.4046451736 205 Sue Ln Auburn, GA 30011 US Name Servers: ns1.hostdone.com ns2.hostdone.com Creation date: 02 Nov 2007 19:41:28 Expiration date: 02 Nov 2008 20:41:28 The cybermule matches the domain reg.: Business Name History ----------------------------------------- Name Name Type INFINITY & SONS LLC Current Name ----------------------------------------- Limited Liability Company - Domestic Control No.: 07089304 Status: Active/Compliance Entity Creation Date: 10/29/2007 Jurisdiction: GA Principal Office Address: 205 sue lane Auburn GA 30011 Last Annual Registration Filed Date: Last Annual Registration Filed: ---------------------------------------- Registered Agent Agent Name: Gracy, Bryan Office Address: 205 sue lane Auburn GA 30011 Agent County: Barrow ---------------------------------------- There is no number listed for him at that specific address. A reverse lookup of the address lists a different name. It is possible that this was a recent move, as there are other listings for his name in Georgia. . . Here is another E-book site: mynetconnex.com 732-993-5297 mynetconnex Been around since March 2007 without much noise: »www.google.com/search?hl=en&q=my···e+Search For this genre, the domains usually do not match anyone, and can be carded. There is no reverse listing for this address, nor is there one for anyone with that name in NJ. [mynetconnex.com IP 68.178.233.191] Domain name: mynetconnex.com Registrant Contact: MYNETCONNEX.COM MEGAN BROCK (supportmynetconnex@gmail.com) +1.7329935297 Fax: +1.5555555555 306 Stevens Way Freehold, NJ 07738 US Name Servers: dns1.name-services.com dns2.name-services.com dns3.name-services.com dns4.name-services.com dns5.name-services.com Creation date: 20 Mar 2007 20:42:34 Expiration date: 20 Mar 2008 20:42:34 There does not appear to be any corp listing for a mynetconnex, however, there is the following New Jersey corporation: quote: New Jersey State Corporate and Business Information Reporting Business Entity Name NET CONNEX, INC. Filing Number 0100708464 Code DP There is a legit business called : Net Connex Technologies, Inc., so I am unable to tell yet. The Governor of New Jersey wants at least $5 to cough up more info. I have added it to my list. I may try and negoitate a bulk rate ! MGD
	to forum · permalink · 2007-12-27 05:03:15 ·
pleekmo Triptoe Through The Tulips Premium join:2001-09-14 Manchester, CT Reviews: ·AT&T DSL Service	Maybe we should start an MGD anti-scammer fund. I think that this would be an excellent idea, given MGD's value so far in shining the light on the dark corners of the Internet financial world. -- HCN: Because you deserve a rest! Proud member of the Free Omelas Liberation Front.
	to forum · permalink · 2007-12-27 06:43:50 ·
MGD Premium,MVM join:2002-07-31 kudos:9	Thanks, I was just making fun, .... and to be fair to NJ, they are not alone, several states now charge to look up data. However, I am still set on you winning that lotto. MGD
	to forum · permalink · 2007-12-27 09:31:35 ·
pleekmo Triptoe Through The Tulips Premium join:2001-09-14 Manchester, CT Reviews: ·AT&T DSL Service	said by MGD: However, I am still set on you winning that lotto. MGD Yes, I do every now and then say my prayers to the Jackpot God. -- HCN: Because you deserve a rest! Proud member of the Free Omelas Liberation Front.
	to forum · permalink · 2007-12-27 10:20:46 ·
Acala or Atala @aol.com	reply to MGD Got a charge of $10.25 on my credit card statement from December from this Acala/Atala outfit. Its interesting because I had to close out my account at end of November due to other fraud charges (2 out of Utah and 3 that, from reading weblogs of others victimized. seem to be out of St. Kitts). This Atala charge showed up on my new account but on calling credit card company was a carryover from the previous account with the other fraud charges on it. The phone number that showed up for Atala (but apparently, per credit card person, was Acala) is (626) 310-0668. I do with these credit card companies would do something more substantive regards fraudulent charges, instead of just closing down the affected account and then issuing a new account (and, in this instance, carrying yet another fraudulent charge over to new account). I can understand that it might be cost-prohibitive for them to pursue one-time small charges, but its pretty evident that all 3 fraud entities I have referenced have victimized thousands of people, collectively, to the tune of 'who knows' how much in the way of collective fraud dollars.
	to forum · permalink · 2008-01-01 11:01:50 ·
ftthz If love can kill hate can also save join:2005-10-17	reply to MGD great info ... will look out for these types of charges
	to forum · permalink · 2008-01-01 17:29:35 ·

stae2 @cox.net	reply to MGD I just found this and thought it might be linked up to this scam article could be found on: »www.scamclub.com/blog/2006_11_01···ive.html Company: Finbridge Private Equity Ltd. Moscow, Russian Federation URL: »finbridge-pe.com/en/career The following is an email scam I received from three different email addresses: I am writing to inquire if you might be interested in part-time employment with our company. FinBridge Private Equity Ltd. (FinBridge) based in Moscow, Russia is looking for energetic and committed individuals to fill the part-time receivables clerk positions in the United States. As a receivables clerk, you will be in charge of processing and facilitating investment funds transfers initiated by our US clients under the supervision of the regional receivables manager. A perfect candidate should be a strong communicator who is also comfortable with numbers and ideally has some previous book-keeping experience. College education or any administrative professional background is a plus. No relocation is required from a successful candidate. This opening is a great opportunity for those looking for a reasonable trade-off between working hours and compensation, such as senior citizens or self-employed individuals. FinBridge is an emerging markets fund of funds manager headquartered in Moscow, Russia. FinBridge is the general partner of the Russia Growth Fund. The Russia Growth Fund is the first region-specific closed-end fund of private equity funds to target Russia and the Commonwealth of Independent States (former Soviet Union). FinBridge is dedicated to providing investors reduced emerging market risk through broad portfolio, manager, and market segment diversification. To learn more about our company, please visit us online at finbridge-pe.com The receivables clerk position is commission-based, and it will typically take up to 6 hours per week to fulfill your duties. You should be able to perform your duties during regular business hours. Your core responsibility will be to receive the investment funds from our US clients into your designated bank account, reconcile the payments with your supervisor if required and transfer specified funds into our managed investment accounts. You will be in charge of contacting your bank in order to obtain transfer status information, confirmations and account activity reports, as well as handling daily communications with your bank. You will be receiving a 2% commission from the gross amount of each transfer that is remitted into your designated account (for instance, if $10,000 is credited into your account, you will be retaining a commission of $200). Your commission is available immediately, so there is no need to wait for the payroll check in the end of the month. From the tax aspect, you will be paying your income tax, either as an individual or as a business entity, calculated as a percentage of the commissions received for fulfilling your duties. It should be understood that it is your sole responsibility to report your incomes to the IRS. Being a foreign legal entity, Finbridge is not subject to the US tax regulation. You will be receiving the investment funds exclusively from our US clients via secure electronic Wire transfer used by major US banks for funds and securities settlement. This means that no funds will be deposited into your account unless the transaction is reviewed and confirmed both by the remitting and recipient banks. Thus, there is no operational risk on your end. You will never be required to cash a check, make a remittance before the funds are cleared into your account or engage in any other financially risky activity. In order to qualify for the position, you must be a permanent US resident aged 21 and above. It is recommended that you set up a separate bank account for the receivables service (a list of preferred banks is available); however, you may also use an existing account. Since most communication with your supervisor will be via email/fax/phone, you should have access to these facilities and be available for communication in regular business hours. It should also be underlined that business owners utilizing business bank accounts will be subject to higher receivables turnover, and thus, higher commissions. You can apply for the position or online at: »finbridge-pe.com/en/career Please note that only candidates under serious consideration will be contacted. Please use the following vacancy code: FBUSA88. You can also contact the HR Department by visiting us online at:
	to forum · permalink · 2008-01-04 14:31:41 ·
MGD Premium,MVM join:2002-07-31 kudos:9 2 edits	reply to Acala or Atala said by Acala or Atala : Got a charge of $10.25 on my credit card statement from December from this Acala/Atala outfit. Its interesting because I had to close out my account at end of November due to other fraud charges (2 out of Utah and 3 that, from reading weblogs of others victimized. seem to be out of St. Kitts). ..... . If you can recall, or have access to the line item listing of the other fraud charges, please post them. Yes there is a "rollover" period, usually around 30 days, where charges to you old card will be transferred to the new one. It does not mean that the criminals have your new number. Your post also helps emphasize another important point. Victims of these charges need to cancel and replace their card as soon as the first fraudulent charge appears. There is absolutely no doubt that you will be subject to additional fraud charges from this crime syndicate. They will continue to hit you until you cancel and replace the card. So you may as well address it as soon as possible. Be aware that a criminal enterprise has your card number, the expiration date, the cvv2 security code, your first and last name, and your address. You need to remove that valid card number from the equation immediately. There is no evidence to indicate that they have your pin number, or any other account information, other than the card account data itself. Victims may have some difficulty persuading their bank CSRs, some are a lot more clued in than others. Many customer reps may assume this to be trivial because of the amount. That is why it is vital that you report this as a fraudulent charge. Do not allow them to go down the "dispute the charge" path. You must reiterate that the charge is "fraudulent", and that your card data has been compromised. You are not liable for any portion of the fraud, you did not loose your card, you still have it. You card was not stolen, your account data was. There are a few horror stories from some victims of this fraud with respect to how it was handled by their banks. If for any reason your bank does not resolve this issue promptly, then you need to report it to them in writing. Preserve your rights under Federal Law by notifying the bank in writing. Send it via certified mail RRR, to the address listed for billing inquiries on your statement. That notification must arrive within 60 days of when the statement that listed the fraud charges was mailed to you. Any additional charges to your account that resulted from the fraudulent charge/s must also be credited back to you. Generally, most banks with well trained CSR's are addressing this properly by reversing the charge and cancelling and re-issuing the card. Though the banks as a matter of courtesy may tell you that they will investigate the fraud, they will not, the amounts are too small. That is one reason this crime syndicate has been in operation for many years. I do urge victims to take a few minutes and report the fraud at »www.ic3.gov/ Coming up, the next chapter. •Additional websites of existing cyber mules processing fraud charges. •A new confirmed division of the crime syndicate, Version 6.0. An entire group operating as a website promoting gimmick, along with a new Command and Control recruiting Hub. •Information on the recent slew of charges from VALLJRSX / Paradise Web / Home Base, and more. MGD
	to forum · permalink · 2008-01-04 17:38:53 ·
MGD Premium,MVM join:2002-07-31 kudos:9	reply to stae2 said by stae2 : I just found this and thought it might be linked up to this scam .... It is hard to tell, however, most cyber criminal operations are usually involved in multiple forms of fraud. That one may involve transferring funds out of hijacked brokerage accounts to mules, who then convert and send the funds out of the country. One of the trademarks of this crime syndicate's recruitment operation, is the requirement for the cyber mule to set up a corporation and corresponding bank account, and obtain an EIN number. That is needed to attach to the fake website in order to set up a merchant account and facilitate the transfer of fraudulent funds. MGD
	to forum · permalink · 2008-01-04 17:50:30 ·
Taken @comcast.net	I was hit for 4.95 by the MYNETCONNEX awhile back. I didn't notice it because of the Holiday rush. This is the only location I could find that mentioned MYNETCONNEX in a Google search, thank you for the information. I am also now seeing a pending charge to my card for "SITE SERVICES" which is wonderfully non-descript. I know this pending charge is fraudulent as I have been living off Christmas cash for awhile now. I guess I am going to the bank tomorrow to get a new card.
	to forum · permalink · 2008-01-04 23:24:07 ·
MGD Premium,MVM join:2002-07-31 kudos:9	said by Taken : ....This is the only location I could find that mentioned MYNETCONNEX in a Google search, thank you for the information. I am also now seeing a pending charge to my card for "SITE SERVICES" which is wonderfully non-descript. ..... You are welcome, Please post back any additional information on the line item for "SITE SERVICES". A phone number, even a partial one, or the state abbreviation, will all be very helpful. I use several techniques for identifying and tracking this crime syndicate's operation. One of the main detecting triggers are victim reports such as yours that match their modus operandi. I also can map the linkage where victims do not recognize the original charge as fraudulent and then are hit with subsequent charges. I monitor several forums that victims are posting on, and there are several names currently unidentified. I will add SITE SERVICES to that list. This criminal enterprise is adapting and becoming more difficult to identify. They are adding additional obfuscation to their records to deter tracking. They have done this on several occasions in the past few years, when publicity increases. They manipulate the wording on the business and merchant account names. They use abbreviated names or acronyms to prevent a direct connection between each one. They are dynamic and flexible, but they never stop the fraudulent processing. MGD
	to forum · permalink · 2008-01-05 00:19:06 ·
Taken @comcast.net	The pending charge came through and now I have a phone number. The complete detail for the transaction is "SITE SERVICES 8885909662". The transaction amount was for 9.15 in my case. I googled the ph# and found this »800notes.com/Phone.aspx/1-888-590-9662 The person posting here reported a transaction of 9.10 and reported it as fraud. The post was from yesterday as was my charge so maybe this is a new front. Thanks again for the information.
	to forum · permalink · 2008-01-05 12:08:57 ·
Taken @comcast.net	reply to MGD After the Site Services transaction posted it showed a phone number. The complete description from my bank is "SITE SERVICES 8885909662". The charge was for 9.15. I googled the ph# and found »800notes.com/Phone.aspx/1-888-590-9662 It seems at least one other person has seen this. They were charged 9.10. Thanks again for the great information.
	to forum · permalink · 2008-01-05 12:09:03 ·
MGD Premium,MVM join:2002-07-31 kudos:9 3 edits	reply to MGD These additional fraud sites were found while auditing various servers that are hosting the crime syndicate's websites. Now it is apparent that several of the cybermules are recruited to front multiple sites and corresponding corporations. The Chicago, Illinois individual named Allen Ilic who fronts a website and LLC listed in a previous post, named ilicsolutions.com AKA Alen Ilic, Inc 312-235-6926 is also fronting: ilicmaster.com AKA Website Master, Inc. 312-698-7897 This set up is very recent, and so far I have only seen a few reports of fraud charges. Give it some time until they season the account, and get up to full speed. The domain was registered in December: Registration Service Provided By: NameCheap.com Domain name: ilicmaster.com »ilicmaster.com [ilicmaster.com IP 66.152.162.119] Registrant Contact: WSM Inc alen ilic (alen_ilic05@yahoo.com) +1.7572991858 Fax: +1.7572991858 4950 N Marine Dr #807 Chicago, IL 60640 US ns1.hostdone.com ns2.hostdone.com Creation date: 04 Dec 2007 22:45:47 Expiration date: 04 Dec 2008 22:45:47 The LLC was formed on the same date: Entity Name WEBSITE MASTER INC. File Number 66361985 Status GOODSTANDING Entity Type CORPORATION Type of Corp DOMESTIC BCA Incorporation Date (Domestic) 12/04/2007 State ILLINOIS Agent Name ALEN ILIC Agent Change Date 12/04/2007 Agent Street Address 4950 N MARINE DR APT 807 Agent City CHICAGO Agent Zip 60640 Duration Date PERPETUAL Annual Report Filing Date 00/00/0000 A second fraud site was located fronted by the same cybermule as mvwebtemplates.com AKA Most Valuable Web Templates 404-474-3440, also listed previously. Mr. Murphy from Atlanta, Georgia is also fronting: 123gettemplates.com AKA 123GETITDONE, INC 404-474-0491 There are several reports of fraud charges from the 123gettemplates.com domain, which was registered back in July 07: Registration Service Provided By: NameCheap.com Domain name: 123gettemplates.com »123gettemplates.com [123gettemplates.com IP 66.152.162.116] Registrant Contact: TTS Edward Murphy () +1.2707787541 Fax: +1.5555555555 1060 Park Row North Atlanta, GA 30312 US Name Servers: ns1.hostdone.com ns2.hostdone.com Creation date: 13 Jul 2007 19:25:07 Expiration date: 13 Jul 2008 19:25:07 As was the case with the Georgia LLC for mvwebtemplates.com, which was reformed from a previous LLC to Murphy Ventures (MV), likewise for 123gettemplates.com. The new domain is attached to 123GETITDONE, INC., which was formerly THE CHATZ FOUNDATION, INC. Business Name History --------------------------------------- Name Name Type 123GETITDONE, INC Current Name THE CHATZ FOUNDATION, INC. PRIOR NAME --------------------------------------- Profit Corporation - Domestic - Information Control No.: K824503 Status: Active/Owes Current Year AR Entity Creation Date: 6/26/1998 Jurisdiction: GA Principal Office Address: PO BOX 311291 ATLANTA GA 31131-1291 Last Annual Registration Filed Date: 9/12/2007 11:25:40 AM Last Annual Registration Filed: 2007 --------------------------------------- Registered Agent Agent Name: Murphy, Edward Office Address: 1270 CAROLINE ST STE D120-381 Atlanta GA 30307 Agent County: Fulton --------------------------------------- Officers Title: CEO Name: EDWARD MURPHY Address: 1270 CAROLINE ST STE D120-381 Atlanta GA 30307 --------------------------------------- Several victims of Mr. Murphy's entities reported that they were also hit by the now defunct: hottemplatesites.com AKA Hot Sites LLC. They had a considerable number of fraud charge reports under the listed number of 202-558-7562 Apparently hottemplatesites.com has now burned out, with only a Google cache of the site remaining. That domain was registered as follows: Domain Name: HOTTEMPLATESITES.COM Registrar: ENOM, INC. Registrant Contact: ADs LLC William Vanover (kevinbarnes@vpm.net) +1.5023717468 Fax: +1.5555555555 620 Q St. N.W Washington, DC 20001 US Name Servers: ns3.jaguarpc.net ns4.jaguarpc.net Creation date: 28 Apr 2007 13:57:15 Expiration date: 28 Apr 2008 13:57:15 The actual LLC was registered to a different name than the domain: Organization LLC Organization Name: HOT SITES LLC State: DC Status: ACTIVE Initial Date of Registration: 6/22/2007 File No.: L34129 Organization Type: DOMESTIC LIMITED LIABILITY COMPANY Registered Agent KEVIN PURNELL BARNES 4905 NASH STREET, APT. 303, NE Washington, DC 20019 . A note of interest regarding AtalaDesigns.com, the former C&C hub site listed earlier. They subsequently converted to a card billing operation listing St Paul Park MN., on the line item charge. However, they frequently list a California contact number 626-310-0668 which is also listed as a contact phone number on a fraud template site naturalordertemplate.com Also worth noting, do not confuse the name Atala Design, or the domain ataladesign.com without the "S", with this criminal enterprise. I have read reports of victims contacting the folks at Atala Design and accusing them of fraud. While it is understandable to want to reach out and vent at someone for these crimes, do not assume that they are listed on the first page of search results that you run. Being close does not count here. This is a sophisticated criminal enterprise, they will not be found in the first several layers of this operation. In fact, wherever your search leads to, you can be guaranteed that it is not them, and they are not there. Neither should you assume that the last CNP transaction that you made is the location where your card data was compromised, regardless of how many others have that vendor in common. Remember that this syndicate is fraudulently processing well over 100,000 cards a month. A congregation of 50, 100 or 200 people with the same recent vendor in common is materially insignificant for that volume. Can they be found?, yes they can, however, it will take considerable resources to disassemble this multi year operation. By now, they have this down to a science. They do make mistakes, as every criminal enterprise does. Far fewer now than they made several years ago. The mistakes that they have made have led to this expose, but it has taken several hundreds of hours of research and two years to get to here. MGD Next... moving on to version 6.0
	to forum · permalink · 2008-01-06 01:10:16 ·

Broadband Tech > Security > Scam and Phishbusters > Ebook websites, fraud charges, Devbill/DigitalAge/Pluto

Re: Ebook websites, fraud charges, Devbill/DigitalAge/Pluto