I see that the three laundering domains are all cloaked by the "hide a criminal" service of:
Registrant:
Domains by Proxy, Inc.
.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: IMAGLOBUS.COM
Created on: 26-Aug-07
Expires on: 26-Aug-08
Last Updated on: 26-Aug-07
.
Administrative Contact:
Private, Registration IMAGLOBUS.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599
All of these are the same:
pictureglobus.com IP 72.167.106.230
Support: Eric Robertson
e-mail: support@pictureglobus.com
tel: (210) 807-4272
templateglobus.com IP 72.167.23.251
Support: Eric Robertson
support@templateglobus.com
tel: (210) 807-4272
imaglobus.com IP 72.167.3.161
Support: Eric Robertson
support@imaglobus.com
tel: (210) 807-4272
hermeselectro.com IP 208.109.138.8 is registered to an individual in the UK, I assume a carded domain, "meshmesh1231@yahoo.com" is a give away:
Registrant:
GILLARD, SUSAN meshmesh1231@yahoo.com
11,MALLARD CLOSE
BEVERLEY, NORTH HUMBERSIDE HU17 7QG
United Kingdom
(01482) 873892
.
Registered through: GoDaddy.com, Inc.
Domain Name: HERMESELECTRO.COM
Created on: 15-Aug-07
Expires on: 15-Aug-08
Last Updated on: 15-Aug-07
.
Domain servers in listed order:
NS53.DOMAINCONTROL.COM
NS54.DOMAINCONTROL.COM
I also thought that I read a post probably by the mule somewhere, saying something like "Please stop making negative posts about our company, you are hurting sales". I will have to look back for it, amusing.
Trying to hunt down the a business registration that they need, in order to set up the merchant and bank accounts needed to launder the stolen money out of the country.
One of the questions is, if "Eric Robertson" is a real name. If so, obviously it would be the cyber-mules. I see the phone number used 210-807-4272 was originally assigned to Verizon Wireless in San Antonio, TX. It could have been subsequently ported, however, it clearly indicates that a local cyber-mule would have set this up. It could not have been done online.
I checked fictitious business name registrations in 3 Texas counties that may be relevant to this operation, Bexar County, Galveston County, and Harris County. So far, have not found anything relating to those web names, or for a Eric Robertson.
I suspect it will be a State of Texas LLC filing. I presume that they may use just the name "Globus", doing so would make it a catch all for the multiple domains that end in globus. However, a check with the State of Texas produces only a Globus Corp registered in 04/2006, to an individual with the last name Singh in Irving, TX. That is not a match, plus the name Globus is used by several legit entities. The search is still ongoing, as there is a need to identify the rest of the processing operation that is in place with this group.
The merchant account vetting process never ceases to amaze me.
Here we have a new web only businesses applying for, and receiving, a merchant account to process cards. As Doctor Olds
points out, they are completly blocked from anyone finding them. Combine that with the fact that their domain registration is cloaked, and you have two ingredients that should immediately flag, and mostly definitely deny a merchant application. No internet only commercial venture should have a hidden domain registration, that procedure alone is synonymous with fraud.
MGD