Saturday, November 29, 2014

ExposingJohns.com Is A Scam

UPDATE FOR 23 AUGUST 2015

The site exposingjohns.com is down. It is impossible to know if this is permanent or temporary. If you've  already read my blog on this topic, the site went offline for a period of time in the past, only to reappear again soon afterwards.

According to exposingjohns.com's registration information, the site's registration expires on 15 April 2020, so that may not be the reason.

However, I also learned that someone had posted a job offer on Hackers List for a takedown of the site on 27 July 2015.

UPDATE FOR 7 June 2015

Much of what was written in this entry is out-of-date. The situation with ExposingJohns.com and the people associated with it has evolved to such a degree that I would have to rewrite this entire blog to remove the outdated material and incorporate the new stuff.

Rather than go through all that and make an even bigger mess of this entry than it already is, I have written a new post, which you can visit here

Current Status

I haven't noticed new profiles being added to the site in awhile, simply judging by the first page. However, the best way to measure whether the site's listings is growing, shrinking or staying the same is to determine how many pages of profiles there are on any given day. From what I have seen, there are ten profiles per page on the site, with the exception of the last one, which has eight.

As of 28 March 2015, there were a total of 16,447 pages on the site.
Estimate of total profiles listed: 164,468

As of 8 August 2015, there are 16,439 pages on the site
Estimate of total profiles listed: 164,391

Why no new profiles have been added isn't something I know or currently have any way of learning. It does appear that ten profiles have been removed from the site in the past couple of months/ Most of the profiles in the older pages didn't have names or pictures on them and these appear to be the types of profiles removed. This makes sense, since these profiles didn't offer ExposingJohns any sort of leverage against their intended victims.
*************************************

I found this website https://www.exposingjohns.com/ quite by accident. It immediately reminded me of another site I blogged about in the past, which has already been deleted.

Like PotentialProstitutes, the site claims to be doing a Public Good by publicly exposing men who have allegedly solicited prostitutes via text message. I guess you could call this "john-shaming", which is a lot like "slut-shaming". The site shows pictures of the accused - apparently from their Facebook profiles - along with their phone numbers, the city where they live and the type of prostitute they solicited, such as female or transgender. People can post these accusations to the site for free and they don't get paid for these submissions.

Here's what they say about themselves:
What we actually do 
Our operations are clean and professional
ExposingJohns is an online organization, which investigates, identifies, and publicizes the conduct of adults who solicit prostitutes for sex online. The site consists of Third party volunteers who carry out sting operations by posing as prostitutes on sites known for being used to prostitute.
As far as their justification for doing this, they make this statement:
Q: Why are ExposingJohns.com users doing this? Don't we have a right to privacy? 
A: Everyone; including wives, girlfriends, boyfriends, family members, co-workers, current employers and neighbors have the right to know what's going on online and in their neighborhoods. Just like any other illegal activity of concern that is exposed. ExposingJohns.com is no different than a complaint board that exposes the information of those who abuse the trust of the public. There are very serious issues arising such as the spread of STDs to the innocent, child exploitation and human trafficking. In our day and age, this is all now exacerbated by the easy sale of sex online. Since it is so easy to commit such crimes online it is our user's job to make it easy to be exposed.
So, these self-appointed Guardians of the Internet receive their information from people who post ads on websites used by pimps and prostitutes to advertise themselves. These "volunteers" post ads, posing as escorts and forward to ExposingJohns the phone numbers of the respondents, along with screenshots of the text they received.

Once the phone number has been received by ExposingJohns, they can do a Facebook search. Entering the phone number in the Facebook search bar will reveal the owner's name, along with their city of residence and - most damaging - pictures of themselves. The only way ExposingJohns could even get those pictures is if the phone number is linked to a Facebook account.

My understanding is that ExposingJohns then sends a text message to the accused individual, telling them that they have been listed. This person can then visit the link to see their personal information put on the Internet for anyone to see if they do a Google search for their phone number.

There have been reports that the phone number that the texts are apparently sent from is 832-478-7053 and the text reads as follows:
My name is David from Exposing Johns, An online organization that investigates,identifies,and publicize the conduct of adults who solicit prostitutes for sex online. Your name and phone number were reported by prostitutes and female escorts you had solicited for so we hereby pressing charges and you might appear before a judge to defend these charges.Please reply if you want all these charges dropped.
I attempted to call the number from a payphone to see if anyone would answer. No one did and text messages sent to that number were rejected. The number may have been disconnected.

So, while ExposingJohns claims on their FAQ that they don't accept money to remove ads, someone has been sending out text messages demanding money from people they are accusing of having solicited prostitutes.

For a while, ExposingJohns had ads on their site for a company called InternetReputation.com which, for a fee, would remove the ads from ExposingJohns or, at least, suppress the ability of people to find your ad.

Recently, I visited ExposingJohns again and noticed that no ads appear for InternetReputation.com anymore. I have edited this blog from its previous version to reflect this. As of 14 May 2015, InternetReputation.com does not have any connection to ExposingJohns,

Moving on.

Some people might think "So, what? Some guy tries to solicit a hooker and it turned-out to be a fake ad. Nobody got hurt." It's not that simple. Some of the alleged "johns" appear to be either married or have girlfriends, some also appear to be business owners. Even a false accusation can have serious repercussions for these men.

ExposingJohns doesn't spell-out how they determine if a report is fake or genuine. For all they know, someone could Photoshop an image and send it to them, claiming that it's a text message they got from some john. Even assuming that most of the profiles are of men who really did solicit prostitutes, the apparent lack of safeguards to prevent false accusations puts the reliability of the entire site into question.

Furthermore, under their own Terms and Conditions, ExposingJohns states the following:
"You may not upload or transmit any material that infringes or misappropriates any person's copyright, patent, trademark, or trade secret, or disclose via the the Website any information the disclosure of which would constitute a violation of any confidentiality obligations you may have."
What makes this statement hypocritical is the fact that the profile photos of the alleged johns obviously come from Facebook profiles, as far as I could tell. Under the law, the copyright of any photograph is held by the photographer by default. By reproducing, without permission, the photographs of these people, taken from their Facebook profiles, ExposingJohns could have violated copyright law thousands of times over the course of its existence.

ExposingJohns Getting Greedy


NOTE: ExposingJohns ceased offering this method for removing a profile. I decided to keep this section for reference.

Despite the claim posted on their FAQ that they don't accept money to remove profiles, they recently (as of 26 December 2014) added a link for "johns" to remove their profiles. Now, when you view any profile, you will see this 
If you click on the button, this is what you will see

One time fee of $99.97
Premium 24 hour investigation into the claims. The profile in question will be removed from the live site immediately during the 24 hour investigation. We will contact the person who has posted the profile for the following information; full contact information (including proof of personal address), physical proof of solicitation, and all supporting evidence, such as documents or Witness Statements.

If the requested information is not supplied in full after 24 hours the profile in question will be removed and blocked from future posting.

Selecting this "Premium Package" will take you to this 
 

Of course, this means that you will have to trust ExposingJohns not to do anything bad will the credit/debit card information that you'll be giving to them. Since these people are in a foreign country and beyond the reach of US law enforcement, they could just as easily take your money, leave your profile up anyway and sell your information on the Black Market.

The Supposed "Evidence"

Here are three texts that ExposingJohns claims were sent by three separate men in an attempt to solicit prostitutes via the Internet. I have blacked-out the phone numbers, but nothing else was altered.

Look very carefully at the three text messages. Do you notice anything odd about them?

Did you notice that the battery charge is the same in each of them, all of them showing the receiving phone to have a battery charge of 71%. I did a cursory look through other profiles and it was always the same when the receiving phone was a Sprint phone, which always seemed to have the same signal strength, by the way.

Isn't that an odd coincidence of how the battery has somehow maintained the same charge, no matter when the text had been received? I wish my cellphone battery could hold a charge like that, don't you?


The same thing seems to apply no matter what kind of phone is receiving the text. Notice how the receiving phone seems to have the same battery charge when each of these messages was received, regardless of how much time has passed.

It's almost as if they have a template that they use to create fake text message screenshots. isn't it?

What I think is going-on - at least some of the time, maybe all the time - is that the people running ExposingJohns get some guy's phone number (it doesn't matter how) and they do a Facebook search for the phone number where they get his name and other information. They then create a fake text message, accuse him of sending it and send him a text to tell him that his profile is on their site.

You see, you don't even have to do anything to get listed on ExposingJohns. All that has to happen is they get your phone number, find your Facebook profile and copy some of your pictures. Then, they create a profile and send the unwitting victim an accusatory text message. ExposingJohns hopes that you'll be so scared of your friends, family, coworkers, etc seeing it that you'll pay them  to take it down.

If you've received an accusatory text from ExposingJohns, I'd appreciate it if you'd post a screenshot of the message you received in the comments below.

I have no idea how much, if anything, InternetReputation paid ExposingJohns to place its ad on their website. While InternetReputation seems to be an otherwise legitimate company, its relationship with ExposingJohns would gives me enough suspicion to avoid doing business with them, even though that relationship seems to have ended.

Okay. Moving on.

The website exposingjohns.com isn't registered in the United States, but in India.
Name: NETINDIA NETINDIA
Organization: Net4India
Address: D-25Sec-3
City: Noida
State: UP
Postal Code: 201301
Country: IN
Phone: +91.1204323500
Fax: +91.120432350
Email: email@net4.in

They also have a Facebook page https://www.facebook.com/net4.in
and a Twitter account https://twitter.com/net4in
a Google+ page https://plus.google.com/106417143243841714691/posts
and a LinkedIn account https://www.linkedin.com/company/net4-india-ltd

If your personal information has been posted on ExposingJohns and you've already been in contact with  them you might be wondering if you're faced with two rather unappealing choices:
1) pay the money they are asking for in order to remove the profile ; or
2) leave it up and pray that no one you know sees it.

You actually have other options:

  1. change your phone number. It seems obvious, but changing your phone number is a pretty good idea. Doing so removes one level of credibility from the accusing profile. If anyone asks you about it, tell them that telemarketers are harassing you, an ex-girlfriend is stalking you, etc. Make shit up, but try to keep it believable. Personally, I'd blame it on telemarketers. Fuck those guys!
  2. If they posted pictures of you online, they likely got them from your Facebook profile. Deleting your profile would help. If you don't want to go that far, set your profile to Private. It's because your profile is Public that they got your pictures in the first place;
  3. ignore it, since the "proof" they display is no kind of proof at all.


But, wait! There's more!

ExposingJohns, like any website, needs servers to stay on the Internet. As mentioned in the WHOIS, even though the site is registered in India, their servers are in other countries. For awhile, their servers were in the United States, but they have been moved to Singapore. A company called Cloudflare operates reverse proxies for them. Attempts to get Cloudflare to cut them off were unsuccessful.

A reader contacted Cloudflare about ExposingJohns' activities and informed me of the results of their message to the server:
CloudFlare received your abuse report regarding:exposingjohns.com
Please be aware CloudFlare is a network provider offering a reverse proxy, pass-through security service. We are not a hosting provider. CloudFlare does not control the content of our customers.
Accepted URL(s) on www.exposingjohns.com: https://www.exposingjohns.com/
    Hosting Provider: Pallada-For-Dedicated-Servers
    Abuse Contact: abuse@pw-service.com    PR13126-RIPE

We have notified our customer of your report, and we have forwarded your report on to the responsible hosting provider. You may also direct your report to:
1. The provider where exposingjohns.com is hosted (provided above);2. The owner listed in the WHOIS record for exposingjohns.com and/or;3. The contact listed on the exposingjohns.com site.
Note: A lookup of the IP for a CloudFlare customer website will show CloudFlare IPs because we are a pass-through network. The actual website is still hosted at the hosting provider indicated above. If the hosting provider has any questions, please have the hosting provider contact us directly regarding this site. Due to attempted abuse of our complaint reporting process, we will only provide the IP of exposingjohns.com to the responsible hosting provider if they contact us directly at abusereply@cloudflare.com.
Regards,
CloudFlare Abuse
So, it seems that I was mistaken in thinking that ExposingJohns would only have had a single server in the USA. Instead, they are using Cloudflare as a reverse proxy in this country. This keeps their real IP a secret and also provides them with protection from DOS and DDOS attacks.

Very smart. I also discovered that this isn't the first time that Cloudflare has been affiliated with questionable websites or online activities.

The main server seems to be Pallada Web Service, which is located in Russia and is outside the jurisdiction of US law enforcement.

Pallada Web Service has reportedly never responded to inquiries about its connection to ExposingJohns.com, so don't count on them to do anything about it. However, they do have a Facebook page, if you want to try to contact them that way. Posting something there does put it out in the open for others to see. But, it's a good bet that they'll delete your post.

In the same vein, if you want to contact ExposingJohns.com, they posted their email address pm their contact page. In order to thwart attempts by spammers to harvest their email address, they posted it as support(@)exposingjohns(.)com which is rather ironic, when you think about it. Not being inclined to be supportive of their efforts to protect themselves, here's their email address support@exposingjohns.com and I hope you have better luck than others.

I did discover a listing from the Florida Better Business Bureau for ExposingJohns.com, which gave them an "F" rating. ExposingJohns has numerous complaints filed against it in Florida. The given address on the BBB profile is 6815 Biscayne Blvd. Ste. 103 394, Miami, FL 33138 which is likely to be a virtual office and mail sent there is likely to be either returned or ignored.

You can file a complaint with the US Federal Trade Commission against ExposingJohns, as Brian Bates has advised and this seems to be the best bet. Just go to this link.

Another body to which you can complain is the Internet Crime Complaint Center (IC3), which is a joint operation of the Federal Bureau of Investigation and the National White Collar Crime Center. Just go to http://www.ic3.gov/default.aspx to file your complaint.

Since ExposingJohns is registered in Noida, Uttar Pradesh, India, you can also try reporting them to the Noida Police. If you live in the USA, I have no idea how much attention the Noida Police will give to your complaint, but it doesn't hurt to try. Reports can be filed at this link and you can also send an email to cybercrimecell@noidapolice.com and wait for a response.\\


For several days, ExposingJohns was offline, but could still be found at an obscure IP address. They were located at http://37.0.123.249/ and the site can still be seen at this link.

This is the IP address they are using for their former address. Here is the WHOIS for this address

IP Information for 37.0.123.249
Quick Stats
IP Location Russian Federation Russian Federation Moscow Pallada Web Service Llc
ASN Russian Federation AS198310 PALLADA-AS Pallada Web Service LLC,RU (registered Dec 09, 2011)
Whois Server whois.ripe.net
IP Address 37.0.123.249
% Abuse contact for '37.0.123.0 - 37.0.123.255' is ''

inetnum:        37.0.123.0 - 37.0.123.255
netname:        Pallada-For-Dedicated-Servers
descr:          Pallada-infrastructure
country:        RU
remarks:        INFRA-AW
admin-c:        BBER-RIPE
tech-c:         BBER-RIPE
status:         ASSIGNED PA
mnt-by:         Pallada-MNT
org:            ORG-PWSL1-RIPE
changed:      b.kazakov@rt-center.ru   20140328
source:         RIPE

organisation:   ORG-PWSL1-RIPE
org-name:       Pallada Web Service LLC
org-type:       LIR
address:        Pallada Web Service LLC.
address:        Boris Kazakov
address:        8 build.7 Yaroslavskaya street
address:        129164
address:        Moscow
address:        RUSSIAN FEDERATION
phone:          +79160596714
fax-no:         +74955807165
mnt-ref:        RIPE-NCC-HM-MNT
mnt-ref:        Pallada-MNT
mnt-by:         RIPE-NCC-HM-MNT
abuse-mailbox:  abuse@pw-service.com 
abuse-c:        PR13126-RIPE
e-mail:         b.kazakov@pw-service.com 
tech-c:         BBER-RIPE
changed:      bitbucket@ripe.net   20140626
source:         RIPE

person:         Bogdan Berkovich
address:        141009, 10 Olympic prospect, Mytishi, Moscow region, Russia
nic-hdl:        BBER-RIPE
mnt-by:         Pallada-MNT
changed:       bb@pw-service.com   20140415
e-mail:         bb@pw-service.com 
abuse-mailbox:  abuse@pw-service.com 
phone:          +7 495 580 7165
source:         RIPE

route:          37.0.123.0/24
descr:          PWS-Network
origin:         AS198310
mnt-by:         Pallada-MNT
changed:       b.kazakov@rt-center.ru  20140407

source:         RIPE

The email address b.kazakov@rt-center.ru is linked to phishing attacks and  you can find more information here. Proceed at your own risk.

The website RT-Center.ru appears to be a telecommunications company in Russia. The website is registered to a private individual. Strangely, their website is offline, which is odd for a telecommunications company.

Removing Your Own Name

While you can't force ExposingJohns to take down your profile, you can take steps to remove it from search results, if someone uses that search engine to search for you by entering your phone number.

Remove from Google Search.
Remove from Yahoo Search. Click "Online Safety" under Topics.
Remove from Bing Search.

As I said above: If you don't use your Facebook page very often - or ever - just delete it. Changing your phone number would also be a good idea.


Duane Browning