Saturday, January 22, 2011

Emailrelatedservice.com and AVKY Inc

The server emailrelatedservice.com is being used to host the content of numerous confirmed or suspected scam sites. Emailrelatedservice.com is hosted by HostGator and the domains that get their content from it are hosted by 1&1 Hosting. If you receive an email message asking you to visit any of these sites, forward the message to security@hosgtator.com and abuse@1and1.com along with the message headers. Be sure to explain to HostGator that the site you visited gets its content from emailrelatedservice.com. Also explain to both hosting companies the circumstances under which you received the message (e.g., you replied to an ad on Craigslist, it was a reply to an ad you posted on Craigslist, etc.). Instructions on how to find the message headers can be found at spamheaders.com.

http://annatsfreecam.com
http://ashleysfreecams.com
http://freecindycam.com
http://fucksafely.com
http://hannahsbestmassage.com
http://hannahsmassage.com
http://jqdproductions.com
http://jill4secretary.com
http://job-verify.com/ (suspected)
http://joshsfreecam.com
http://kimstsblogcam.com
http://kinkymeetup.com
http://www.layerproductions.com
http://www.lindseyspage.com
http://localtrannyhookup.com
http://mysafehookup.com
http://naughtymade4u.com
http://nsocdatabase.com
http://nursepleasure.com
http://parlorbyrachel.com
http://pornorecruiter.com
http://postnumbers.com
http://rachelpleasures.com
http://rachelsparlor.com
http://rachelsparlor4u.com
http://safecoupleconnect.com
http://safecouplesconnect.com
http://safegaymeetup.com
http://safelyconnectcouples.com
http://safelyhookup.com
http://safelymeetme.com
http://securemeetup.com
http://sexymaid4u.com
http://stacyshomepage.com
http://swingeasynow.com
http://tanyasfunpage.com
http://tinashaircuts.com
http://tinashcuts.com
http://topcitypleasures.com
http://trannyrubs.com
http://trannyproductions.com
http://vzyproductions.com

These sites all load their content from that emailrelatedservice.com in a frame. They are mostly fake dating sites that actually sign you up for porn sites, but some are variations on that scam. Rachelsparlor4u.com is supposed to be a site run by a massage therapist who is offering free massages for new clients. Ads are placed on Backpage advertising this special offer. When you reply to one, you get a response like this:

From: Rachel Henry [mailto:rachel@noreasontogoduh.com]
To: *****
Subject: Re: backpage response: providing no charge massage aro

thank you for the interest in my new special...with this economy i have been trying to acquire new customers by first giving away a few free massages.

I have been practising massage therapy since 2008, and no session is ever the same. My work is always changing

I do strive for a a perfect massage any way you like it to keep you happy, even if you want a happy ending and will make sure to take care of you well.

To speed up the process of me seeing you, and due to an overwhelming response so far, so go through my booking form below and send me a message to let me know when you are done to see me for free!


rachelsparlor4u.com

Job-verify.com appears to be a fake job search site, probably used for harvesting peoples' personal information, but this hasn't been confirmed.

Nsocdatabase.com is supposed to be the National Sex Offender and Criminal Organization Database. The way it works is that you receive a message from a girl who wants you to go to the site and verify you're not a criminal before she meets you. She gives you her member ID for the site. When you enter it there and click the "Check Now!" button, a message pops up saying that she's been verified and that now you should verify yourself. At the same time, a form appears for you to fill out. The form is loaded from a porn site. Here is some of the code for the click event for the button, which is contained in the home page of the site. This code shows that the site is not querying a database to verify people, but simply displays data embedded in the web page itself. It also shows that the form displayed when it's your turn to verify yourself comes from a porn site.
if(memID=='2938457'){

var pop3="http://www.freeteenpass.com/exit/pjs.php?popup=1&revid=247753&opt=&adtr=";

var include_file = document.createElement('script');

include_file.language = 'javascript';

include_file.src = pop3;

gName="Mandy Korsikova";

sexFM="female";

nameID.innerHTML=gName;

sexID.innerHTML=sexFM;

iBox.showURL('#inner_content');

document.getElementById("joinPage").style.display = "block";

test=1;

joinPage.innerHTML='<table width="500" height="72" border="0" bgcolor="#CC9999"><tr><td bgcolor="#CC9999"><div align="center"><iframe src="FPB.php" width="650" height="650" scrolling="yes" frameborder="0" class="style1"></iframe>'+'<iframe src="http://www.freeteenpass.com/?revid=247753&track=NSOCD" width="1" height="1" frameborder="0" scrolling="yes"></iframe>';

var phone="723";

}

The registration information for emailrelatedservice.com.
Domain name: emailrelatedservice.com

Registrant Contact:

Alex Vanner ()

Fax:
750 w scottsdale rd
tempe, 85254
US

Administrative Contact:
Hostgator.com
Brent Oxley (@hostgator.com)
+1.7135745287
Fax: +1.11
11251 Northwest Fwy suite 400
Houston, TX 77092
US

Most of the sites in the list are registered with privacy protection, but a few aren't.

domain: safelyhookup.com
created: 09-Aug-2009
last-changed: 03-Dec-2010
registration-expiration: 09-Aug-2011

nserver: ns57.1and1.com 74.208.2.9
nserver: ns58.1and1.com 74.208.3.8

status: CLIENT-TRANSFER-PROHIBITED

registrant-firstname: Aleksandr
registrant-lastname: Vanner
registrant-street1: 20100 N 78th Pl
registrant-street2: #2044
registrant-pcode: 85255
registrant-state: AZ
registrant-city: Scottsdale
registrant-ccode: US
registrant-phone: +1.4407257446
registrant-email: avkyinc@gmail.com

domain: securemeetup.com
created: 12-Aug-2009
last-changed: 03-Dec-2010
registration-expiration: 12-Aug-2011

nserver: ns57.1and1.com 74.208.2.9
nserver: ns58.1and1.com 74.208.3.8

status: CLIENT-TRANSFER-PROHIBITED

registrant-firstname: Aleksandr
registrant-lastname: Vanner
registrant-street1: 20100 N 78th Pl
registrant-street2: #2044
registrant-pcode: 85255
registrant-state: AZ
registrant-city: Scottsdale
registrant-ccode: US
registrant-phone: +1.4407257446
registrant-email: avkyinc@gmail.com

At the moment, it is still possible to see the registrant information for some of the privacy protected ones on sitetrail.com, probably because the protection was just recently added and this is cached registration data.


Safecouplesconect.com registration information. (Click to enlarge.)

Localtrannyhookup.com registration information. (Click to enlarge.)


The registration email address is avkyinc@gmail.com and the names used for registering these sites are Alex Vanner and Aleksandr Vanner. This Alex Vanner supposedly lives in the Phoenix area and he has an Ohio phone number. When I researched the phone number 440-725-7446, I found that it is owned not by an Aleksandr Vanner, but an Aleksandr Vasser. The Arizona Corporation Commission lists Alex as the Vice President of the company AVKY Inc which has an address in Scottsdale, Arizona, but whose state of domicile is Ohio. The address 20100 N 78th Pl #2044 is used for four of the above registrations, and this is also the corporate address for AVKY Inc:

http://starpas.azcc.gov/scripts/cgiip.exe/WService=wsbroker1/names-detail.p?name-id=F14121615&type=CORPORATION

The business type for AVKY Inc is given as "COMPUTER ADV", and its corporate application states its purpose as "sell advertisements on the internet". The director, president, and CEO of the company is listed as Kyle Uchitel. On Facebook, I found a Kyle Uchitel in Arizona who is attending ASU and who says his main job is internet advertising.

Kyle Uchitel (Click to enlarge.)


In the bottom left corner of the above picture, you can see that one of his friends is Alex Vasser, who lives in Scottsdale, AZ.

Alex Vasser (Click to enlarge.)


So these two guys are probably the owners of AVKY Inc. But are they also the actual owners of the scam sites, or is someone else using their personal and corporate data? That is still an open question.

No comments:

Post a Comment

Comments are moderated and it may take up to a day for them to be published.