MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| reply to Doctor Olds
Re: pictureglobus.com, imaglobus.com, and templateglobus.com now
Excellent catch on the search engine blocking Doctor Olds  . I see this group has some unique characteristics as well. They are even supplying bogus account set up and login data to victims, in order to hide the fact that they are a criminal fraudulent front operation laundering card data.
I saw that on the mpix.com thread. Another interesting item on that thread was the email of a refund notice:
quote:
From: MALLISON@HERMESELECTRO.COM
Subject: PICTUREGLOBUS.COM Customer Receipt/Purchase Confirmation
Date: December 13, 2007 8:34:35 AM PST
To: (my email address redacted)
========= GENERAL INFORMATION =========
Merchant : PICTUREGLOBUS.COM
Date/Time : 13-Dec-2007 09:34:34 AM
Transaction ID : 1657880268
========= ORDER INFORMATION =========
Type : REFUND
Invoice Number :
Description :
Total : 9.87 (USD)
Payment Method : Visa
..SNIP
That HERMESELECTRO.COM caught my attention, it is a site with all bogus info.
»hermeselectro.com
Including the address:
and is also hidden from search engines: »hermeselectro.com/robots.txt
I see that the three laundering domains are all cloaked by the "hide a criminal" service of:
Registrant:
Domains by Proxy, Inc.
.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
.
Registered through: GoDaddy.com, Inc.
Domain Name: IMAGLOBUS.COM
Created on: 26-Aug-07
Expires on: 26-Aug-08
Last Updated on: 26-Aug-07
.
Administrative Contact:
Private, Registration IMAGLOBUS.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599
All of these are the same:
pictureglobus.com IP 72.167.106.230
Support: Eric Robertson
e-mail: support@pictureglobus.com
tel: (210) 807-4272
templateglobus.com IP 72.167.23.251
Support: Eric Robertson
support@templateglobus.com
tel: (210) 807-4272
imaglobus.com IP 72.167.3.161
Support: Eric Robertson
support@imaglobus.com
tel: (210) 807-4272
hermeselectro.com IP 208.109.138.8 is registered to an individual in the UK, I assume a carded domain, "meshmesh1231@yahoo.com" is a give away:
Registrant:
GILLARD, SUSAN meshmesh1231@yahoo.com
11,MALLARD CLOSE
BEVERLEY, NORTH HUMBERSIDE HU17 7QG
United Kingdom
(01482) 873892
.
Registered through: GoDaddy.com, Inc.
Domain Name: HERMESELECTRO.COM
Created on: 15-Aug-07
Expires on: 15-Aug-08
Last Updated on: 15-Aug-07
.
Domain servers in listed order:
NS53.DOMAINCONTROL.COM
NS54.DOMAINCONTROL.COM
I also thought that I read a post probably by the mule somewhere, saying something like "Please stop making negative posts about our company, you are hurting sales". I will have to look back for it, amusing.
Trying to hunt down the a business registration that they need, in order to set up the merchant and bank accounts needed to launder the stolen money out of the country.
One of the questions is, if "Eric Robertson" is a real name. If so, obviously it would be the cyber-mules. I see the phone number used 210-807-4272 was originally assigned to Verizon Wireless in San Antonio, TX. It could have been subsequently ported, however, it clearly indicates that a local cyber-mule would have set this up. It could not have been done online.
I checked fictitious business name registrations in 3 Texas counties that may be relevant to this operation, Bexar County, Galveston County, and Harris County. So far, have not found anything relating to those web names, or for a Eric Robertson.
I suspect it will be a State of Texas LLC filing. I presume that they may use just the name "Globus", doing so would make it a catch all for the multiple domains that end in globus. However, a check with the State of Texas produces only a Globus Corp registered in 04/2006, to an individual with the last name Singh in Irving, TX. That is not a match, plus the name Globus is used by several legit entities. The search is still ongoing, as there is a need to identify the rest of the processing operation that is in place with this group.
The merchant account vetting process never ceases to amaze me.
Here we have a new web only businesses applying for, and receiving, a merchant account to process cards. As Doctor Olds points out, they are completly blocked from anyone finding them. Combine that with the fact that their domain registration is cloaked, and you have two ingredients that should immediately flag, and mostly definitely deny a merchant application. No internet only commercial venture should have a hidden domain registration, that procedure alone is synonymous with fraud.
MGD |
