how-to block ads
|
jswanson
join:2008-02-24
| [Credit Card Fraud] fraud: www.prophotosland.com & www.photogey This is the same small charge $9.87 credit card fraud scheme posted on other threads although I have not yet seen these two sites specifically mentioned. If you see a small charge from either of these companies please:
1. Report the FRAUD to your credit card company, do not just dispute the charge - state that it is FRAUD and insist on a chargeback. Get a new credit card # and close the old account.
2. Report the fraud to www.ic3.gov with as much detail as possible
3. DO NOT attempt to contact the company as they will reverse the charges but may charge you again next month. They would rather refund your money then be investigated for fraud. HOWEVER, if you want to help stop them work through ic3.gov and your credit card FRAUD division.
4. Check your credit card statements carefully every month.
There are many forums out there regarding this topic... all you need to do is search on small charge credit card fraud or even 9.87 charge credit card fraud. | |
|  jswanson
join:2008-02-24 | Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot Sorry - other site name was cut off... it was
www.photogeyser.com | |
| jswanson
join:2008-02-24
| Another site in this network just popped up...
»polishpicturesonline.com/
they use the same exact pictures and text as the other two... watch out for this one... looks like it has been live for a little over a week. | |
| | jswanson
join:2008-02-24 | Another one is popping up with similar text... home page is different but text and some photos are the same:
»imagesparadise.com/ | |
| | | | | | | | 
fireflier
Coffee. . .Need Coffee
Premium
join:2001-05-25
Limbo | Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot Interesting that the name "Jupiter, LLC" is shown there. Wasn't the name jupiter involved in some other less recent CC charging scams? | |
| 
crazfamily
@coxfiber.net | This has happened to me recently. I will go to that web site asap. also this must be wide spread. It looks like the credit card companys would pick up on this. | |
|
Juliette
@sbcglobal.net
| This just happened to me with prophotosland - I contacted my credit card's fraud dept. and filed a complaint.
The weird thing is that they were telling me that that charge was from a local mall (which I have not shopped at in weeks and at which there is no such store) and that my card was swiped (I had my card with me).
Card closed, charge replaced, but am curious about how it came up as a local charge with my card swiped... | |
| MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| said by jswanson  :This is the same small charge $9.87 credit card fraud scheme posted on other threads although I have not yet seen these two sites specifically mentioned. ....... Oh Excellent, thank you for Heads Up!!
And lets continue with Doctor Olds 's digging. pcdebb is indeed correct, into the data base they go.
I can confirm positively that these are the next round of "Globus" fraud sites from Doctor Olds 's thread: »pictureglobus.com, imaglobus.com, and templateglobus.com now
I need to see if anyone who is a slickdeals member can either IM or post to this thread: »forums.slickdeals.net/showthread···ngle.com
The poster "Minette" may have some valuable info I need. They got charged $9.87 by PROPHOTOSLAND.COM on 1/27 and subsequently got hit by according to them:
"a company called "Alkay Services LLC", this time on ANOTHER credit card I own, for the amount of $9.64. Same business (photo) according to my bank (Chase).
I need the phone number that may have been listed on the line item charge, or at least part of it. if it was not listed on the charge the card issuer should be able to give it to them. If anyone else has a "Alkay Services LLC" charge and has or can get the number. This group is also using the same deflecting tactic as the globus group, by telling victims someone registered on the site with their car. More than likely any victim who bought that lie and got a credit will have been hit with a second charge the next month. Any subsequent second hit names and full info is vital in following the trail.
The C&C website for the Globus was the bogus "Hermes Electro" hermeselectro.com: »hermeselectro.com pretending to be in Hong Kong:
The C&C for this picture, image, photo, fraud group is a bogus site "Hong-Kong Content Trade", hkc-trade.com: »hkc-trade.com/
A direct clone of the other one:
There are no records that indicate a business by those names exist at either of those addresses.
Need to add picturesjungle.com »www.picturesjungle.com/index.php···=contact to the list also.
I am off the belief that the names listed on the sites such as Eric Robertson, also of Globus fame, and Cristian Darie etc. are all fictitious. Having spent countless hours checking LLCs' and corp registrations in the state of Texas, including multiple county FBN lists, I do not believe they exist. At least until something substantial comes up to indicate otherwise.
You will notice from the added info to the sites listed above, that not only are the current crop using GoDaddy hosting, so were the Globus group.
I am not sure if it was posted, but one of the early victims of the Globus run, was told by GoDaddy that they would not shut them down without legal action. I will try and find a copy.
This group probably represents one of the most egregious lack of due care by a hosting company. Providing these criminals with a conduit, which enables them access to payment gateways allowing them to fraudulently process thousands of credit cards is unbelievable.
Lets just look at the worst case:
We have hosting provided to supposed e-commerce sites, where one can readily see from the robots.txt file, that no one could even find them. Plus their domain registration is cloaked, hidden. The only information published is a bogus name, and a cell phone contact number.
Now we are seeing supposed e-commerce sites registered to bogus locations in Hong Kong, and they are using contact phone numbers in various US states. The entire set up configuration reeks of fraud, a four year old could spot it, before the first charge ever hit.
http://www.polishpicturesonline.com/index.php?action=contact Support: Cristian Darie e-mail: support@polishpicturesonline.com tel: 214-556-6190 no scam reports 214-556-6190 Type: Land Line Provider: MCI Worldcom Communications Inc Location: Plano, TX Registered through: GoDaddy.com, Inc. Domain Name: POLISHPICTURESONLINE.COM Created on: 30-Dec-07 Expires on: 30-Dec-09 Last Updated on: 30-Dec-07 Administrative Contact: ZHANG, HAITAO support@hkc-trade.com Honk-Kong Content Trade Company 426 King's Road North Point, N/A 000000 Hong Kong 85281980664 Domain servers in listed order: NS19.DOMAINCONTROL.COM NS20.DOMAINCONTROL.COM » www.prophotosland.com/index.php?···=contactSupport: Alex McGuire e-mail: support@prophotosland.com tel: 609-916-0040 (609) 916-0040 Type: Land Line Provider: Focal Communications Corp Location: Pleasantville, NJ PROPHOTOSLAND.COM Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com, Inc. Domain Name: PROPHOTOSLAND.COM Created on: 05-Dec-07 Expires on: 05-Dec-08 Last Updated on: 05-Dec-07 Domain servers in listed order: NS15.DOMAINCONTROL.COM NS16.DOMAINCONTROL.COM » www.imagesparadise.com/index.php···=contactSupport: Cristian Darie e-mail: support@imagesparadise.com tel: 214-556-6153 (214) 556-6153 Type: Land Line Provider: MCI Worldcom Communications Inc Location: Plano, TX Registered through: GoDaddy.com, Inc. Domain Name: IMAGESPARADISE.COM Created on: 07-Feb-08 Expires on: 07-Feb-09 Last Updated on: 07-Feb-08 Administrative Contact: ZHANG, HAITAO haitao.zhang44@yahoo.com 426 King's Road Hong Kong, North Point -- Hong Kong 85281980623 Domain servers in listed order: NS23.DOMAINCONTROL.COM NS24.DOMAINCONTROL.COM » www.photogeyser.com/index.php?action=contactSupport: Eric Robertson e-mail: support@photogeyser.com tel: (301) 979-9960 (301) 979-9960Type: Land Line Provider: Verizon Location: Washington, MD PHOTOGEYSER.COM Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com, Inc. Domain Name: PHOTOGEYSER.COM Created on: 14-Nov-07 Expires on: 14-Nov-08 Last Updated on: 14-Nov-07 Domain servers in listed order: NS15.DOMAINCONTROL.COM NS16.DOMAINCONTROL.COM » www.picturesjungle.com/index.php···=contactSupport: Alex McGuire e-mail: support@picturesjungle.com tel: (706) 955-4677 (706) 955-4677Type: Land Line Provider: Level 3 Communications Location: Augusta, GA PICTURESJUNGLE.COM Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com, Inc. Domain Name: PICTURESJUNGLE.COM Created on: 27-Nov-07 Expires on: 27-Nov-08 Last Updated on: 27-Nov-07 Domain servers in listed order: NS27.DOMAINCONTROL.COM NS28.DOMAINCONTROL.COM HKC-TRADE.COM Registrant: HKC Trade Co. 426 King's Road Honk Kong, North Point - Hong Kong Registered through: GoDaddy.com, Inc. Domain Name: HKC-TRADE.COM Created on: 28-Nov-07 Expires on: 29-Nov-08 Last Updated on: 28-Nov-07 Administrative Contact: ZHANG, HAITAO haitao.zhang44@yahoo.com HKC Trade Co. 426 King's Road Honk Kong, North Point - Hong Kong +852 2562 8127 Domain servers in listed order: NS27.DOMAINCONTROL.COM NS28.DOMAINCONTROL.COM | |
| jswanson
join:2008-02-24 | Hi MGD,
Please also add www.photosmix.com to your database. Phone 941-312-2213 out of Florida. Same visuals/text as photogeyser and prophotosland.com. Alex McGuire is also the contact on this one. Just looks like a different version. | |
| |
juicyminidonut
@comcast.net
| Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot said by jswanson :Hi MGD, Please also add www.photosmix.com to your database. Phone 941-312-2213 out of Florida. Same visuals/text as photogeyser and prophotosland.com. Alex McGuire is also the contact on this one. Just looks like a different version. Same thing happened to me, a charge was listed on my account for $9.87 from www.photosmix.com. Did you ever get through to the phone number listed on the website? After reading this forum, I called once and didn't bother trying again, and called my bank instead. They reimbursed me but it's kind of a hassle now that I have do the paperwork to file it as a fraudulent charge and everything... and I also have to wait for a new card in the mail... | |
| | |
shepbobz
@ameritech.net | Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot Add one more to the photosmix.com scam. Showed up on our bill today. Hope all who get this report it as a fraud-- these folks need to be stopped. | |
| | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| said by jswanson :Hi MGD, Please also add www.photosmix.com to your database. Phone 941-312-2213 out of Florida. ..... Yes indeed, good find. They are confirmed as a fraud operation. Also had the robots.txt no follow search block. As a matter of fact, the site went down while I was checking it. Not sure why, or if it will stay down. Many of these set ups are paid for with hijacked card data. GoDaddy needs to get with program and put a stop to this fraud hosting and domain registration cloaking.
The names on the sites, such as Alex McGuire are boogus.
[photosmix.com IP 72.167.110.64]
Registrant:PHOTOSMIX.COM
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Registered through: GoDaddy.com, Inc.
Domain Name: PHOTOSMIX.COM
Created on: 17-Dec-07
Expires on: 18-Dec-08
Last Updated on: 17-Dec-07
Administrative Contact:
Private, Registration PHOTOSMIX.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599
Domain servers in listed order:
NS19.DOMAINCONTROL.COM
NS20.DOMAINCONTROL.COM
MGD | |
| | |
cxg
@citicorp.com
| www.photosmix.com happened to me as well. I've filed a complaint with the fraud department of my bank, used the government website listed above, and e-mailed the abuse@godaddy.com website, as they are the host for this website (their "secure site" logo is at the bottom left). I may even go file a complaint with the local police department today, and even go so far as contacting the better business bureau. | |
|
hkfczrqj
@uiuc.edu | add me to the www.photosmix.com scam. Will proceed as stated in this thread. Thanks for the very complete info on this fraud. | |
| jswanson
join:2008-02-24
| Another one to watch out for... www.glossyeldorado.com. Gotta love that name 
MGD... please add to the db!
There are other sites that talk about this scam:
»www.ripoffreport.com/reports/0/3···6667.htm
The most annoying thing for me is that my credit card company charged me $10.00 for a new card... to make sure the $9.87 doesn't turn into a recurring charge I am made to pay $10.00. I will be cancelling that card. | |
| | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot said by jswanson :Another one to watch out for... www.glossyeldorado.com. Gotta love that name MGD... please add to the db! .............. Done !!
said by jswanson :.......The most annoying thing for me is that my credit card company charged me $10.00 for a new card... to make sure the $9.87 doesn't turn into a recurring charge I am made to pay $10.00. I will be cancelling that card. That is unbelievable !!
You are actually saving them money by telling them to cancel and reissue the card. You are not liable for fraudulent charges, it becomes their problem. The alternative is to allow these criminals to hit the card with new charges every two weeks, and let the Bank deal with them. Until such time as they catch on, and decide to re issue it at their own expense.
If this is a National or large Regional Bank, please name them. The only possibility that I am thinking of, is that they are a small credit union or something. Either way it is ridiculous to charge a customer, who through no fault of their own, becomes the victim of card fraud. I am not even sure that it is legal under Federal Law to do so. I could see it if you had lost the card, or otherwise contributed to the problem. Just on principle alone I would raise all kinds of commotion with that institution. It has to be a small non profit credit union or something, correct?. If not, they via their CSR are entirely clueless. They just don't get it.
MGD | |
| | | jswanson
join:2008-02-24
| Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot Hi MGD,
It was a small credit union as you guessed and believe me, I will be talking to someone pretty high up about their policy. I will most likely also close the account as I have not been happy with their response.
Thanks for all of your work on this! | |
| | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| GLOSSYELDORADO.COM
A new twist on the search engine blocking, specifically line items Google:
No contact phone number, only the made up name Cristian Darrie.
And a familiar bogus GoDaddy domain registation, and GoDaddy hosting:
Registrant:
HAITAO ZHANG
426 King's Road
Hong Kong, North Point --
Hong Kong
Registered through: GoDaddy.com, Inc.
Domain Name: GLOSSYELDORADO.COM
Created on: 15-Feb-08
Expires on: 15-Feb-09
Last Updated on: 15-Feb-08
Administrative Contact:
ZHANG, HAITAO haitao.zhang44@yahoo.com
426 King's Road
Hong Kong, North Point --
Hong Kong
85281980611
MGD | |
|
lorider680
@okheart.com | Chalk me up for Photogeyser.com. Glad I stumbled on this forum. Going to call my bank and have a new card issued. | |
| jswanson
join:2008-02-24
| Looks like photosmix.com and prophotosland.com are back up and running so beware... their site states "Our hosting provider has accidently delegated our domain to a different company... " not sure what this means as they still have the same GoDaddy logo. GoDaddy may have received enough abuse complaints that they made them change something... but obviously they are still operational. Perhaps MGD, you will know what this means.
I am guessing there will be another round of charges in the next few weeks... | |
| | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.photsaid by jswanson :Looks like photosmix.com and prophotosland.com are back up and running so beware... their site states "Our hosting provider has accidently delegated our domain to a different company... " not sure what this means as they still have the same GoDaddy logo..... That was no "accident", upon reviewing the domain transaction history, the most likely reason is that the payment for the original registration was charged back to GoDaddy. These criminals use hijacked victim financial data to pay for all the support and hosting services.
The domains were originally registered using go GoDaddy's domainsbyproxy cloaking service that hides the details of the registration for an additional fee. That service is a crime magnet, and should never be available for sites that are set up for e-commerce. The can only be a nefarious purpose in hiding the ownership of a commercial site engaged in payment processing.
On or about March 08th, GoDaddy took possesion of the photosmix.com domain and put it up for sale:
----------------------------------------
Domain: photosmix.com
.
Domain History
.
Cache Date: 2008-03-08
.
Registrar: GODADDY.COM, INC.
.
----------------------------------------
.
Registrant:
Godaddy Software
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260
United States
.
Domain Name: PHOTOSMIX.COM
Created on: 17-Dec-07
Expires on: 18-Dec-08
Last Updated on: 07-Mar-08
.
Administrative Contact:
domains for sale, Godaddy Software
domains4sale[@]godaddy.com
Godaddy Software
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260
United States
480-505-8800 Fax -- 480-505-8844
.
----------------------------------------
That ownership reversion indicates that payment funds were charged back. Ridiculous as it may seem, the criminals would still have an opportunity to "make good" on the funds and recover the domain. Which they apparently did around March 16th, as the domain then reverted back to a domainsbyproxy cloaked status:
----------------------------------------
.
Domain: photosmix.com
.
Domain History
.
Cache Date: 2008-03-16
.
Registrar: GODADDY.COM, INC.
.
Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
.
Domain Name: PHOTOSMIX.COM
Created on: 17-Dec-07
Expires on: 18-Dec-08
Last Updated on: 12-Mar-08
.
Administrative Contact:
Private, Registration PHOTOSMIX.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599
.
----------------------------------------
MGD | |
|
Victim 1947
@comcast.net
| A charge of $9.64 from a Michael P Hamilton in Maryland (213-984-4966) posted to my Chase on 3-14-08. A foreign voice recording, gave an indiscernible .com name, not Hamilton, not prophotoland, etc. Sounds like "time share" but is indiscernible. I see $9.64 has been used on previous attacks. Chase described Hamilton as an Art Dealer, but said they would do the charge back. They did not want to close/replace the card. So I asked the rep to clearly state for their recording that they were declining to close the account for fraud. They said they will investigate. I'll monitor the account daily. | |
| |
deanhuff
@rr.com
| Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot Add another for MICHAEL P HAMILTON $9.64 on 03/15/2008. Bank of America gave me a new account number and re-imbursed the money.
I also had another charge for around $3 from "M BAR C RANCH" in Pending state but never posted.
I saw on the news that a local grocer called Sweetbay had a security breach and gave out a bunch of card numbers. Sure enough, I had 1 Sweetbay transaction in early December. | |
| | | 
pcdebb
RIP dadkins
Premium
join:2000-12-03
Tampa, FL
clubs: 
| Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot said by deanhuff :
I saw on the news that a local grocer called Sweetbay had a security breach and gave out a bunch of card numbers. Sure enough, I had 1 Sweetbay transaction in early December.
It was their parent company "Hannaford", which Sweetbay Supermarkets is one of their stores, but I do believe many of their other chains are affected as well.
--
a time for change... | 1st & 10 | Ham is good | |
| | | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
1 edit | said by deanhuff :
Add another for MICHAEL P HAMILTON $9.64 on 03/15/2008. Bank of America gave me a new account number and re-imbursed the money.
I also had another charge for around $3 from "M BAR C RANCH" in Pending state but never posted. ......
I assume the "M BAR C RANCH" appeared first, that would be a "ping" charge to validate the account. I wonder if these people »www.m-bar-c.org/ have a merchant account that was hacked.
[EDIT= They do have a merchant account: »https://payments.auctionpay.com/ver3/?id=w038846 ]
said by deanhuff :
.....I saw on the news that a local grocer called Sweetbay had a security breach and gave out a bunch of card numbers. Sure enough, I had 1 Sweetbay transaction in early December.
I am fairly certain that the Hannaford data would not be sufficient to be proccessed for this CNP type of fraud transactions. "IF", what Hannaford's reps stated is true, that customers names were NOT intercepted, then the data that the hackers got was the TRACK 2 card data. That would only enable them to use the data for fraudulent POS (Point of Sale) transactions. Typically that data is encoded on to white stock" and used where the card is not presented, e.g. gas stations etc. A common cheap method that they can use the stolen data for store POS fraud purchases is to clone the data on to used VISA / MC branded gift cards. That way they can be presented and swiped without causing suspicion.
I have not seen any reports yet of the specific fraud use of the 1,800 victims of the Hannaford data so far. If the type of data leaked is correct, fraud use should be limited to POS transactions.
Up until your card was replaced, you could have been the victim of fraud from that as well. However, for an online CNP transaction, the full name and address would have been needed, along with the CVV2 security code. The security code is only printed on the card, and is not embedded in any of the track magnetic data.
A merchant gateway account for an online only entiity, such as these scams, will usually require the use of (AVS) and (CVV2) to restrict fraud. »en.wikipedia.org/wiki/Address_Ve···n_System
MGD | |
| | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| said by Victim 1947 :
A charge of $9.64 from a Michael P Hamilton in Maryland (213-984-4966) posted to my Chase on 3-14-08. A foreign voice recording, gave an indiscernible .com name, not Hamilton, not prophotoland, etc. Sounds like "time share" but is indiscernible. I see $9.64 has been used on previous attacks. Chase described Hamilton as an Art Dealer, but said they would do the charge back. They did not want to close/replace the card. So I asked the rep to clearly state for their recording that they were declining to close the account for fraud. They said they will investigate. I'll monitor the account daily.
That was a fraud charge from Imgparadise.com:
They are part of this sub group of Globus / Image / Pictures themed fraud sites laundering hijacked card data. »pictureglobus.com, imaglobus.com, and templateglobus.com now
I suspect "Michael P Hamilton in Maryland" may be a secondary merchant account, set up in a cyber mule's name after the original one was terminated for excessive chargebacks.
The phone number 213-984-4966 and the recording is definitely part of this group;
 213-984-4966.wav 453498 bytes
The reason Chase probably described them as an "Art Dealer", is from their interpretation of the vendor classification code assigned to the merchant account.
Chase will eventually have to cancel and replace your card. Yes, do keep a close eye on it, you will get more charges.
MGD | |
| | |
GINAH
@bledsoe.net
|  Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot
| |
| | | | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
2 edits | Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.photsaid by GINAH :
Thank you for this information! Same thing happened to me. ........... I had a charge about six days ago from wiseegoods, llc with phone number 954-603-7710. I emailed the Fla. Attorney General's office and filed a complaint. I then found out that the Miramar Police Dept is investigating Wiseegoods and will likely be a federal case. ........ You are welcome, and glad that you posted.
You are the first victim whose fraud charges actually tie this Globus / Pic / image scam subset back to the main template Ebook group »Ebook websites, fraud charges, Devbill/DigitalAge/Pluto You have one fraud charge from each division. I assume they were on the same card, though there are victims who get hit on two different cards.
Thanks again, as this is the first time that I have seen a reference to Wiseegoods. Which apparently has been around since January of 2007, and is hosted on GoDaddy. I can confirm that they are in fact part of the main group, as there are several victim reports who also had additional fraud charges from other sites in the main group, Interactive designs, etc.
The domestic based portion of wiseegoods was set up by a duped US cyber-mule who was recruited via an employment offer.
wiseegoods.com AKA WISEEGOODS.COM LLC 954-603-7710
.
The domain is registered to the cyber-mule, which fits the pattern of the template group.
[wiseegoods.com IP 68.178.254.16]
.
Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
.
Domain name: wiseegoods.com
.
Registrant Contact:
WiseEGoods.com LLC
Basil Lynch (thewisemanster@gmail.com)
+1.6109563936
Fax: +1.5555555555
16781 S.W. 36 Court
Miramar, FL 33027
US
.
Status: Locked
.
Name Servers:
ns1.secureserver.net
ns2.secureserver.net
.
Creation date: 15 Jan 2007 07:56:35
Expiration date: 15 Jan 2009 07:56:35
In addition, Mr. Lynch would have registered an LLC in order to obtain a business bank account, and merchant processing account which uses Authorize.net / Cybersource.
.
.
Florida Limited Liability Company
WISEEGOODS.COM LLC
.
Filing Information
Document Number L07000001015
FEI Number 113800709
Date Filed 01/03/2007
State FL
Status ACTIVE
.
Principal Address
16781 S.W. 36 COURT
MIRAMAR FL 33027
.
Mailing Address
16781 S.W. 36 COURT
MIRAMAR FL 33027
.
Registered Agent Name & Address
LYNCH, BASIL
16781 S.W. 36 COURT
MIRAMAR FL 33027 US
.
Manager/Member Detail
Name & Address
Title MGRM
LYNCH, BASIL
16781 S.W. 36 COURT
MIRAMAR FL 33027
.
Annual Reports
Report Year Filed Date
2008 03/07/2008
As usual, wiseegoods.com was set up exclusively to launder hijacked card data into cash, so it needed to be hidden from the rest of the internet, by blocking search engine archiving:
The cyber-mule, Mr Lynch, obviously would have been totally unaware of what he was setting himself up for. Once he is alerted, the merchant account should be closed immediately, the bank account frozen, and any recent foreign wire transfers of the fraudulent funds should try and be recovered. All communication with the crime syndicate should be stopped at once.
MGD | |
| | | | |
Molly01
@comcast.net
| Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot Thank you so much for the information. I have never dealt with this before and have now been hit twice in two days within the last week. Once for LoadofPhotos.com for $9.87 and over the weekend from Wiseegoods.com for $4.95. You were very informative and even though I have a new debit card coming, I think I will definitely follow up with a complaint or hand-written letter to help draw attention to this ridiculous new fear invading our everyday life. | |
| jswanson
join:2008-02-24
| MGD,
Please add stockimagemix.com to the database. Another one with the exact same home page... unbelievable. Same bogus support name of Alex McGuire, etc.
Support: Alex McGuire
e-mail: support@stockimagemix.com
tel: (561) 283-4229 | |
| jswanson
join:2008-02-24 | MGD,
And stockimageplanet.com
Support: Alex McGuire
e-mail: support@stockimageplanet.com
tel: (941) 312-2230 | |
| | MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
2 edits | Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.photsaid by jswanson :MGD, Please add stockimagemix.com to the database. Another one with the exact same home page... unbelievable. Same bogus support name of Alex McGuire, etc. Support: Alex McGuire e-mail: support@stockimagemix.com tel: (561) 283-4229 said by jswanson :MGD, And stockimageplanet.com Support: Alex McGuire e-mail: support@stockimageplanet.com tel: (941) 312-2230 Done,
Below is a current list of the group, the current status needs to be updated as it is over a week old:
Fraud Domain Date of Reg Registrar Hosted IP Provider Status Contact N umber
----------- --------- -------- -------- ------- ----- -------- ---
.
PHOTOSMIX.COM 17-Dec-07 DomainsByProxy 72.167.110.64* GoDaddy.com Down 941-312- 2213
. back up 03/12/08 on 208.109.181.27 (03/07/08)
.
PICTURESJUNGLE.COM 27-Nov-07 DomainsByProxy 72.167.116.221 GoDaddy.com UP 706-955- 4677
.
POLISHPICTURESONLINE 30-Dec-07 GoDaddy.com 72.167.58.216 GoDaddy.com Parked 214-556- 6190
.COM
.
PHOTOGEYSER.COM 14-Nov-07 DomainsByProxy 72.167.107.98 GoDaddy.com UP 301-979- 9960
.
IMAGESPARADISE.COM 07-Feb-08 GoDaddy.com 216.69.131.90 GoDaddy.com UP 214-556- 6153
.
PROPHOTOSLAND.COM[*] 05-Dec-07 DomainsByProxy *216.69.138.250 GoDaddy.com UP 609-916- 0040
. *(Was For Sale scammers recovered)*Hosted at 208.109.165.98 Prior to 03/16/ 08
.
PHOTOSPARADISE.COM 12-Jan-08 GoDaddy.com 216.69.140.242 GoDaddy.com UP 214-717- 5031
. & 214-556- 6153
.
GLOSSYELDORADO.COM 15-Feb-08 GoDaddy.com 72.167.168.179 GoDaddy.com UP No Numbe r
.
IMGPARADISE.COM 11-Jan-08 DomainsByProxy 72.167.78.41 GoDaddy.com UP 213-984- 4966
.
IMAGLOBUS.COM 26-Aug-07 DomainsByProxy 72.167.3.161 GoDaddy.com UP 210-807- 4272
.
TEMPLATEGLOBUS.COM 16-Oct-07 DomainsByProxy* 72.167.23.251 GoDaddy.com Down**210-807- 4272
. 208.109.182.137 ** as of 03/12/08 Spam-and-abu se
.
PICTUREGLOBUS.COM 13-Nov-07 DomainsByProxy 72.167.106.230 GoDaddy.com Down 210-807- 4272
. 03/09/08
.
ZENITHGRAPHIC.COM 04-Oct-07 DomainsByProxy 72.167.27.37 GoDaddy.com UP 504-208- 4860
. & 505-350- 8506
.
STOCKIMAGEMIX.COM 18-Dec-07 DomainsByProxy 72.167.56.91 GoDaddy.com UP 561-283- 4229
.
STOCKIMAGEPLANET.COM 10-Dec-07 DomainsByProxy 208.109.174.94 GoDaddy.com UP 941-312- 2230
.
LOADOFPHOTOS.COM 05-Dec-07 DomainsByProxy 72.167.9.148 GoDaddy.com UP 870-619- 4035
.
.
C&C support sites
-----------------
.
HERMESELECTRO.COM 15-Aug-07 GoDaddy.com 208.109.138.8 GoDaddy.com UP (10)8528120 4462
.
HKC-TRADE.COM 28-Nov-07 GoDaddy.com 72.167.4.140 GoDaddy.com UP (10)8528198 0664
.
Let me know if there are any missing from that list.
The last two that you posted, both have the robots.txt file set to block search engine archiving:
»https://www.stockimagemix.com/robots.txt
User-agent: *
Disallow:
STOCKIMAGEPLANET.COM
STOCKIMAGEMIX.COM
I am positive that the names listed on any of these sites are fictitious. Not long after the first generation "globus" sites were posted by Doctor Olds in this post »pictureglobus.com, imaglobus.com, and templateglobus.com now I ran searches on the names through the Texas division of corporations, and did not find any relevant business registrations under the related names:
CONTACT NAME: MGD
SESSION STATUS: Open
DATE: 020108KBDNCR
2/1/2008 2:04:31 PM
------------------------------------------------------------
Client Reference Document Number Document Type Status Received Date Document Fee
[ NONE ] 201976250002 Corporations - Names Availability (No decision making) {globus} Processed 2/1/2008 2:07:05 PM $1.00
[ NONE ] 201976250003 Corporations - Find by Assumed Name {imaglobus} Processed 2/1/2008 2:13:41 PM $1.00
[ NONE ] 201976250004 Corporations - Find-Global {pictureglobus} Processed 2/1/2008 2:18:50 PM $1.00
[ NONE ] 201976250005 Corporations - Find by Registered Agent {Robertson} Processed 2/1/2008 2:20:37 PM $1.00
[ NONE ] 201976250006 Corporations - Find by Registered Agent {eric Robertson} Processed 2/1/2008 2:22:17 PM $1.00
[ NONE ] 201976250007 Corporations - Find {Atala} Processed 2/1/2008 2:25:22 PM $1.00
This fraud division is probably the most egregious example of failure in the merchant account vetting process seen so far.
We have sites where not only are the domain registrations cloaked, but there is also invalid contact information listed on the sites. Nothing more than a bogus name, and a cell phone number.
The major security flaw in the merchant account vetting process, and one of obvious malfeasance, is that there is no check to make sure that the domain is actually registered by the business entity applying for the merchant account. In theory a business registered as Igor Cyber Scammer LLC. could open a merchant account for homedepot.com or Sears.com. Just the fact alone that an e-commerce site with no B&M location has a hidden domain registration should be enough to set alarm bells ringing. That's before we even get to the fact that an e-commerce site is hiding its existence from every search engine. The fact that there are no folders containing graphic images "the intangible product for sale", is just icing on the cake.
We do know who the merchant account provider is, yes, as usual it is Authorize.net / cybersource. That has been established from data supplied from victim debriefings. Credit issuing notifications sent to victims who complained, came from the authorize.net account control panel:
From MICHAEL ALLISON "REDACTED" 2008
Return-Path:
Authentication-Results: mta116.mail.re3.yahoo.com from=ghg.net; domainkeys=neutral (no sig)
Received: from 64.94.119.18 (EHLO anetrelay2f.authorize.net) (64.94.119.18)
by mta116.mail.re3.yahoo.com with SMTP; Mon, 21 Jan 2008 12:37:10 -0800
Received: from extta5f.authorize.net [64.94.118.194]
by anetrelay2f.authorize.net (StrongMail Enterprise 3.2.2.2(3.00.287)); "REDACTED" -0800
Received: from mail pickup service by extta5f.authorize.net with Microsoft SMTPSVC;
"REDACTED" -0700
From: "MICHAEL ALLISON" MIKEALLISON@ghg.net
To: "REDACTED"
Subject: TEMPLATEGLOBUS.COM Customer Receipt/Purchase Confirmation
Date: "REDACTED" -0700
Importance: Normal
Message-ID:
Content-Length: 572
Sent: "REDACTED", 2008 "REDACTED"
Subject: TEMPLATEGLOBUS.COM Customer Receipt/Purchase Confirmation
=========
GENERAL
INFORMATION
=========
Merchant
:
TEMPLATEGLOBUS.COM
Date/Time
:
"REDACTED"
"REDACTED"
PM
Transaction
ID
"REDACTED"
=========
ORDER
INFORMATION
=========
Type
:
REFUND
Though GoDaddy is on record at the beginning as refusing to shut the hosting operation down without legal action, which is out of character of their normal trigger happy removal behavior. They have now done so to at least one of the sites. By doing so, they have also unmasked the original cloaked domain registration, which is SOP.
TEMPLATEGLOBUS.COM is showing terminated as of 03/12/08 for "Spam and Abuse".
The original TEMPLATEGLOBUS.COM cloaked domain registration:
Registrant:
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
Domain Name: TEMPLATEGLOBUS.COM
Created on: 16-Oct-07
Expires on: 16-Oct-08
Last Updated on: 28-Nov-07
Administrative Contact:
Private, Registration TEMPLATEGLOBUS.COM@domainsbyproxy.com
Domains by Proxy, Inc.
DomainsByProxy.com
15111 N. Hayden Rd., Ste 160, PMB 353
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2599
Domain servers in listed order:
NS29.DOMAINCONTROL.COM
NS30.DOMAINCONTROL.COM
Once the site violated the TOS and was shut down around 2008-03-12, that cloaking service also ceased. The domain reverted to the actual data entered at the time of the original registration.
Registrant:
ERNEST TAYLOR
29159 PERCH LAKE RD
WATERTOWN, New York 13601
United States
Domain Name: TEMPLATEGLOBUS.COM
Created on: 16-Oct-07
Expires on: 16-Oct-08
Last Updated on: 28-Nov-07
Administrative Contact:
TAYLOR, ERNEST templateglobus@yahoo.com
29159 PERCH LAKE RD
WATERTOWN, New York 13601
United States
(315) 629-5442 Fax --
Domain servers in listed order:
NS1.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
NS2.SUSPENDED-FOR.SPAM-AND-ABUSE.COM
Good reason to want to hide it, there are no records of an Ernest Taylor at that address. A reverse check of the street address shows a different first and last name. That phone number is not even for that locale, the number shows for a party in Evans Mills, NY 13637.
Clearly, with a little lobbying Godaddy could be motivated to pull the hosting on the entire operational group. Fraud and cyber crime are TOS violations, and there is more than ample evidence to confirm that they are all fraudulent.
In addition, the terms of service page on all the fraud sites are hijacked word for word from the legit gettyimages.com »www.gettyimages.com See: »www.gettyimages.com/Corporate/Terms.aspx
In fact on zenithgraphic.com they did not even remove Getty Images name:
»https://www.zenithgraphic.com/index.php?action=terms
If those terms are unique to Getty Images and not generic, then Getty would have a cause for action for copyright violations.
Some pressure applied to GoDaddy now to pull the rug from this criminal operation, should be effective. To continue to host this obvious fraudulent enterprise would amount to knowingly aiding on ongoing criminal enterprise. Victims of this fraud might well consider that actionable.
EDIT= Added LOADOFPHOTOS.COM to master list 03/29/08
MGD | |
| | | jswanson
join:2008-02-24
| Re: [Credit Card Fraud] fraud: www.prophotosland.com & www.phot MGD,
I have reported these sites to godaddy, both to president@godaddy.com and abuse@godaddy.com. I am not satisfied with their response:
From godaddy:
"If you were, in fact, fraudulently charged through use of one or more of these sites, we can only recommend that you contact local law enforcement.
We have forwarded this to our Abuse Department for further investigation of potentially illegal activity. Of course, we cannot guarantee that any action will be taken, but we appreciate that you have brought this matter to our attention."
I would add to the steps to take if you are a victim of this fraud to contact both president@godaddy.com and abuse@godaddy.com. Perhaps if they get enough complaints they will do what you advise and shut these guys down. A few policy changes to verify legit entities is all it would take to stop this fraud.
Again, thanks for all of your work. BTW, I did get a chargeback that stated "fraud adjustment". Can I get my credit card company to give me the details of the chargeback?
| |
| | | |
|
