Sunday, March 3, 2013

711ipad.com Looks Suspicious

UPDATE!!! The website 711ipad.com is apparently down. Whether this is permanent or temporary is impossible to know at this time. 

One of my Facebook friends posted this on his timeline. Since I was tagged on the photo, I was informed of it via private message.
Have you heard? this site is glitching. They forgot to insert their payment page. I got an Ipad and didnt have to pay! This is the 2nd I place an order. The first one came in the mail already. Hurry before they fix it. Go to: 711iPad ....com
The accompanying picture that I was tagged on was this
 I decided to do a WHOIS check on 711iPad.com before I went to the site. As you can see, the site was only recently created as of the date of this blogpost being written. The email address associated with this website is not affiliated with any other site that I am aware of right now. The street address appears to be fake and I seriously doubt if the owner has the unfortunate name "Willie Stroker". The phone number given - 612-548-7398 - is actually a landline in Minneapolis, Minnesota, not a New York City number.

I decided to take a shot and go directly to the site. What I found there really surprised me. Have a look
Your eyes aren't deceiving you. The entire webpage is made to look exactly like a Facebook page. If it wasn't for the link in the address bar, I would not have known that I wasn't simply visiting a Facebook page set-up for 711iPad.com by the site owner.

Normally, profile names have a link directly to the person whose page it is. But on this one, every single link - including the "ads" to the right - links back to 711iPad.com.

Pretty slick, I must admit.

Clicking on the link you'll find at "To participate in our iPad-3 quality test please Click here." takes you to another site run by branddealonline.com and it looks like any scam site that offers you a "free" anything. The owner of branddealonline can also be discovered via WHOIS
Domain-name:     branddealonline.com
Similar-domains:     branddealonline.net     branddealonline.org   
Domain-ip:     IP173.193.167.170     United States
Domain-tld:    COM (Top Level Domain)
Domain-locked:     Locked
Creation date:     2011-10-19   (1 year)
Last update:     2012PM1026
Expiration date:     2013-10-19
Nameservers:    
NSNS0.DIRECTNIC.COM         IP74.117.217.20 Cayman Islands
NSNS1.DIRECTNIC.COM         IP74.117.222.20 Cayman Islands
Domain record:    Domain Name: BRANDDEALONLINE.COM
Registrar: DNC HOLDINGS, INC.
Whois Server: whois.directnic.com
Referral URL: http://www.directnic.com
Name Server: NS0.DIRECTNIC.COM
Name Server: NS1.DIRECTNIC.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 19-oct-2012
Creation Date: 19-oct-2011
Expiration Date: 19-oct-2013
    
Whois data:
   
Registrant:
Graceton Media Group gracetonmg@gmail.com
10475 East Park Meadows
STE 600
Littleton, CO 80124
US
3035224443

Domain Name: BRANDDEALONLINE.COM

Administrative Contact:
Carrington, John email gracetonmg@gmail.com
10475 East Park Meadows
STE 600
Littleton, CO 80124
US
3035224443

Technical Contact:
Carrington, John email gracetonmg@gmail.com
10475 East Park Meadows
STE 600
Littleton, CO 80124
US
3035224443

Record last updated 10-26-2012 02:12:28 PM
Record expires on 10-19-2013
Record created on 10-19-2011

Domain servers in listed order:
NS0.DIRECTNIC.COM 74.117.217.20
NS1.DIRECTNIC.COM 74.117.222.20
Graceton Media Group owns branddealonline.com and also owns fanwoographics.com, but branddealonline is their more popular site. They appear to be a real company registered in Littleton, Colorado.

Yeah, a real company that links to a website made to look exactly like a Facebook page.

I also discovered that, before the distribution of the 711iPad link, the people behind all this were distributing the link 76iPad.com, as you can see from this poor guy whose Myspace page is filled-up by that crap. 76iPad.com is no longer functioning, but it is registered to some guy in China. Why am I not surprised by that?

I advise staying away from these people. I'm guess that my friend's Facebook account was hacked or phished and the advertisement for 711iPad was posted without his permission, so I'm off to warn him.

UPDATE: upon further research I found this link which gave me information on the Kansas City-based servers of 711iPad.com and it's a legitimate company called Joe's Data Center. Their contact information is
 Joe’s Datacenter Office
324 E. 11th St., FL 26
Kansas City, MO 64106
Phone: 816.326.0040
Toll Free: 877.JOE.DATA (877.563.3282)
e-mail Sales: sales@joesdatacenter.com
e-mail Security: security@joesdatacenter.com

I don't think Joe's is aware of the activities of the site they're hosting, so please be polite when/if you contact them.

UPDATE: I have been informed that at least one of the 2000+ people that has read this article since it was posted sent an email to Joe's Data Center, along with a link to this blogpost. No response has been received. Either Joe's hasn't received the message, it got caught in a spam filter or Joe's received and read the message, but decided to take no action.

ANOTHER UPDATE: new websites were setup as a continued effort to keep the scam working. That site was 65iPad.com (WHOIS), 44ipad.com (WHOIS) and 93ipad.com (WHOIS). Though these sites appear to be down, it shows that the scammers aren't going to give this one up without a fight. These site also uses Joe's Data Center as their servers, which makes me wonder why they seem to prefer that company over anyone else.


Duane Browning

1 comment:

Loveday said...

Ty you prob ssved a whole lot of people from getting scanned, hacked or whstever they have in mind for unsuspecting, trusting people thanks again