flapstate.com / mdanclub.com / wayizer.com

Today I was contacted by someone about a domain flapstate.com which was still on my spam list from spam received last year. It looks like since then the domain had expired and been deleted, but then registered by a new owner for what appears to be a scam.

The same scam also uses domains

  • mdanclub.com
  • wayizer.com
  • wayate.com
  • coralnic.com
  • grigga.com
  • srcify.com
  • azureclub.com
  • flipality.com

and probably many others. The fact that they keep switching the domain of their website is already one giveaway that it’s a scam.

The four domains wayate.com, wayizer.com, mdanclub.com and flapstate.com are all hosted on the same server, at IP address 216.22.50.130. That IP address has been assigned the reverse DNS name “server1.bestunbeatableoffer.com”. Interestingly “bestunbeatableoffer.com” is not currently working, as it has been suspended by its registrant for spam or abuse. A Google search for the domain “bestunbeatableoffer.com” finds a blog entry that accuses the site owners of phishing, using a whole bunch of different domains that harvested personal details, including email addresses and passwords.

Do not enter your real name, email account or password on any of these websites. These sites are deceptive and harvest personal information which can (and probably will) be abused!

Here is what happens. If you access any of these websites it first gives you this message:

Our system indicates that a pic from your ip address has been uploaded to this site within the past 48 hours.

This is a blatant lie, because it will say that from whatever IP address you access from, as this is hard-coded into the website. It doesn’t even check what IP address you access from before it puts up this dialog.

Once you click OK it puts up another dialog:

Fill in to view your pics.

FULL Name of Friend
who referred you to this page:

Your FULL Name:

Your FULL Email:

It then asks for your password. This is highly dangerous. With your email address on Yahoo, Hotmail, Gmail and many other services and your password, the website could access your online address book and find all your online contacts. What’s more it can then contact everyone in your address book in your name, sending them an email that looks like it was sent by you! Thus the deception would snowball. It would allow massive address harvesting.

This is especially true because they also ask about which social networking site you come from (e.g. Myspace, Facebook). If people happen to use the same password there, it will allow the scammers to break into social networking accounts and their associated address books, “friends lists”, etc. They can then tell every one that “their pic has been uploaded” and repeat the game ad infinitum, until they have stolen millions of names, email addresses and passwords.

After filling in the previous forms with bogus data, I got this dialog:

FINAL STEP BEFORE RETRIEVING RESULTS

Our system indicates that your friend recently bookmarked and reserved this page just for you.

It said that after I made up a bogus name for the friend who supposedly sent me there. My email address was also one I made up and had never used before (on a domain that I own). After that I got an error message:

Link unavailable

Possible causes are:
Your geographic location is not allowed for this offer.
Duplicate IP Address.
A system error ocurred.
The offer has expired.
The AFID or CID is not valid or authorized.

The domain flapstate.com was registered with these details, which appear to be forged (see comments below by the real Adam Arzoomanian, who appears to be an innocent party whose name was abused and reputation destroyed by the real scammer):

Registrant [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US

Administrative Contact [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US
Phone: +1.7029221911

Billing Contact [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US
Phone: +1.7029221911

Technical Contact [1405632]:
Adam Arzoomanian bulletinpics@gmail.com
375 E Harmon
Las Vegas
NV
89109
US
Phone: +1.7029221911

Domain servers in listed order:

NS1.DOMAINSERVICE.COM 67.99.176.12
NS2.DOMAINSERVICE.COM 67.97.247.209
NS3.DOMAINSERVICE.COM 64.49.213.231
NS4.DOMAINSERVICE.COM 67.97.247.210

Record created on: 2008-08-03 19:18:56.0
Database last updated on: 2008-08-03 19:16:31.357
Domain Expires on: 2009-08-03 19:18:56.0

(Note that registrant details are not generally verified by registrars, so there is little to stop a criminal from using someone else’s name for a fraudulent domain registration.)

Any other domains that are part of this same scam are likely to use the same address details.

The street address and phone number listed above appear to belong to a nightclub called Spin Nightclub.

Toptieprofiles.com appears to have been part of the same scam, because its HTML code used to reference IP address 216.22.4.42, as does flapstate.com.

Also, the email address used in the domain registration (bulletinpics@gmail.com) suggests a link to domain BulletinPics.com which was also used for an email address and password harvesting scam (see here). Website www.bulletinpics.com looks identical to flapstate.com but is hosted on a different server, on IP address 159.25.17.50. This site loads an iframe that points at domain destination-server.com, which is hosted at IP address 216.22.50.130 like flapstate.com, wayate.com, wayizer.com and mdanclub.com. Here’s the registration record for bulletinpics.com:

Registrars.domain: bulletinpics.com
owner: – –
organization: Spin Promotions
email: bulletinpics@gmail.com
address: 2255A Renaissance Drive
city: Las Vegas
state: —
postal-code: NV
country: US
phone: +1.7029221911
admin-c: CCOM-1288874 bulletinpics@gmail.com
tech-c: CCOM-1288874 bulletinpics@gmail.com
billing-c: CCOM-1288874 bulletinpics@gmail.com
nserver: a.ns.joker.com 69.39.224.27
nserver: b.ns.joker.com 66.197.237.21
nserver: c.ns.joker.com 69.39.224.26
status: lock
created: 2008-05-13 12:14:33 UTC
modified: 2008-05-14 10:01:57 UTC
expires: 2009-05-13 12:14:33 UTC

contact-hdl: CCOM-1288874
person: – –
organization: Spin Promotions
email: bulletinpics@gmail.com
address: 2255A Renaissance Drive
city: Las Vegas
state: —
postal-code: NV
country: US
phone: +1.7029221911

The name “Spin Promotions” suggests a possible connection to Spin Nightclub, whose street address was used for the other domain registrations.

ProfileMirrors.com is another domain that loads a page off destination-server.com. This job offer on GetAFreelancer.com for people doing captcha entry mentions both destination-server.com and bulletinpics. This is very interesting because CAPTCHAs are commonly used to defeat spammers who automatically set up or log in to email accounts at free email providers or BBSes or social networking sites. Here’s a copy of the posting, just in case it gets removed:

searching for good and reliable Teams for desntination captcha entry project . we can pay good rate . PM for more details

when you will PM , please include in your PM

* how many entries you will do everyday
* how many peoples you have to work on this project

********************************************************************

Before bidding work for 15 mins then give us feedback

http://www.destination-server.com/bulletinpics/entry.cgi

entry ID : demo

When I tried the URL given I got this message:

TOO MANY AGENTS LOGGED IN AT ONCE:

PLEASE TAKE A 30 MINUTE REST.

After 30 minutes CLICK HERE to continue work.

Project Manager: Scott Shaw
bulletinpics at gmail dot com

The reason this error page continues to appear is
because agents NEED to take a 30 minute break.
Do not keep attempting to open page.
PLEASE WAIT 30 MINUTES or this
error will continue to appear.

When I tried it again, I got a CAPTCHA to solve. It turned out to be from MySpace:

MySpace CAPTCHA

Could it be that these people use software to log into MySpace accounts using passwords obtained via the scam and then use job seekers in Bangla Desh, India and other low-wage countries to defeat the CAPTCHA test thrown at them by MySpace, so they can get at the data in the account afterwards?

With bulk CAPTCHA tests they can also invite anyone on MySpace to become “friends” of the phished accounts, so they can potentially reach every active MySpace user.

Here’s another job offer (a Google search finds many more offers like this):

we need captcha entry team for destination capthca project . we need teams who can deliver minimum 15,000 captcha entries to 50,000 captcha entries daily

http://www.destination-server.com/bulletinpics/entry.cgi

entry ID : demo

please go to the link and work for 15 mins , then give us feedback how many entries you can handle daily.interested team can PM us . but u should check the given link before PM us

Rate is negotiable

happy bidding

The following offer that mentions “bulletinpics” even talks of millions of CAPTCHAs to be solved:

Status: Open
Budget: $30-250
Created: 06/15/2008 at 5:07 EDT
Bidding Ends: 08/14/2008 at 5:07 EDT (2 days, 2 h left)
Project Creator: bulletinpics
Buyer Rating:
(2 reviews)
Description: As many people know, the BulletinPics CAPTCHA project has been very succesful, solving over 250,000 captcha entries per day for several teams earning very good money. We are looking to expand to over one million captchas per day but in order to do this, we need to rotate new domain names to host our images.

We are now looking for people/companies who own unused .COM domain names. We need to point these domains to our main image server for two weeks per domain.

For example, if you own 10 unused domains, we would need you to change the DNS so the A record of each domain would point to our captcha server’s IP address. We are willing to pay $1USD (or best lowest bid) to use up to 1000 domains for 2 weeks each. Please let us know if you can provide this type of service.

More related domains (see also):

  • tellafriendrewards.com
  • stolenprofiles.com
  • profilemirrors.com
  • ownyourfriendarchive.com
  • tradepeopleprofiles.com
  • friendownership.com
  • mirrorsocialsites.com
  • bulletinpics.com
  • peepatpeeps.com
  • buddyspots.com
  • saveyour profile.com
  • seepeopleprofiles.com
  • socialprofilemirror.com
  • discussprofiles.com

UPDATE 2008-10-21:

The server at 216.22.50.130 (http://www.destination-server.com/bulletinpics/entry.cgi) now displays this message, suggests the scam has ended:

This website has been discontinued

All team leaders will be paid in full this week.

UPDATE (2008-11-06):

Spin nightclub happened to be where infamous spammer Sanford “Spamford” Wallace aka “DJ Masterweb” worked (see here). According to the WikiPedia article on Wallace he has been targeting MySpace users before:

On 2008-01-26 the UK Register reported that the Federal Trade Commission has asked the Judge overseeing the 2006 settlement to find Wallace and partner Walter Rines in civil contempt of court for their use of malware and social engineering on MySpace to promote porn and gambling sites.[8] In May 2008 Wallace and Rines were found guilty and ordered to pay $230 million to MySpace by the L.A. District Court when they failed to appear for trial.

What a remarkable coincidence!

Good bye Audi, welcome Prius!

Only about 6% of cars sold in Japan are foreign makes (mostly German), but Kanagawa prefecture and its capital Yokohama have one of the highest rates of import cars in Japan. Yokohama is one of the two major ports (the other is Kobe), it has a relatively long history of exposure to Western influences and on average is relatively wealthy. Even so, the street where I live in a middle class neighbourhood is unusual for actually having more foreign cars than Japanese ones.

Until very recently the count was as follows:

  • Mercedes Benz: 4
  • BMW: 3
  • Volvo: 2
  • Audi: 1
  • Porsche: 1
  • Toyota, Nissan and Honda: 4

Since then the numbers changed because I sold my Audi A4 and bought a Toyota Prius. Who knows what’s going to happen when the only German in a street in Japan where German cars outnumber Japanese cars trades in his German car for a Japanese one? 😉 It’s going to be interesting.

The first time my wife and I washed it in front of our garage, neighbours from two houses came over to take a look at it and to talk about it. One couple, who have a BMW X5 were very curious. They explained they only get about 6 km per litre (17 litres per 100 km) and were thinking about what to replace their car with. The other, who drives a Volvo came up as soon as she saw her neighbours across the street talk to us. Afterwards, the wife of the BMW driver said: “Minna eko ni shimashô!” (“Let’s all go green!”)

I expect we will see more hybrids in our street soon.

I’ve driven Audis (or Volkswagens based on Audi designs, such as the VW Passat) since I got my first car in 1982. Generally I have been very happy with them, especially an Audi coupe quattro 20V I had from 1989 to 1994. The latest Audi A4 2.4 however that I bought in 2000 was heavier and seemed not as well made as its predecessors.

The A4 was fun to drive when I bought it second hand with only 3000 km on the clock, but its V6 engine was never anywhere near as fuel efficient as my previous five cylinder engined Audis, nor was it quite as reliable.

After spending more than $2500 on repairs in the final year alone while consistently getting only about 320 km of range out of a 53 litre refill of premium unleaded (98 octane RON), I was starting to worry for the future of that car.

Even allowing for the fact that most of our trips are short runs to the station or to shops, usually less than 10 km total, with the engine starting from cold much of the time, that 16-17 l per 100 km (6 km/l) that I was getting was simply way too much. The best I’d seen was around 12 l per 100 km (8 km/l) on long highway runs on a ski trip.

Then one day last winter I took my daughter to an entrance exam at a junior high school. As I was waiting near the school, a Toyota Prius rode past me in “stealth mode”, running only on its batteries without any engine noise. It was almost as quiet as a bicycle. My curiosity about this car was awakened.

I had heard various rumours about the Prius, such as about limited battery life and started to check out the facts. I found the batteries did not need replacing every couple years and were expected to last as long as the rest of the car.

The more I read, the more I was fascinated how much thought the Toyota engineers had put into this car and how methodical they had been about making it work in real life. The Prius has been around in Japan since 1997, even though relatively few of that first generation were sold until 2000, when the second generation came out, which went into export markets too. Even before the Prius, Toyota had already been gathering experience with the RAV4 EV, a plug-in electric. The 1.5 litre engine in the Prius is a close cousin of the identical sized engine in the Yaris / Vitz / Platz ranges, but using the more efficient Atkinson cycle instead of the Otto cycle. Its peak efficiency is 34%, better than some diesels. By giving up on peak power and peak torque (which instead are provided via the battery and electric motors), the engine can be much more efficient.

Later in February my Audi needed more repairs and this time I had a Toyota Corolla as a loan car. It made me consider if maybe I would be better off in something lighter and more economical than the Audi and I was curious what a Prius would be like.

In March I went to California on a business trip. A friend there whose wife drives a Prius let me do a short test drive. Pulling away from a traffic light, where the engine had been automatically stopped, felt very unusual: The car starts up running only on its electric motors, without the noise of the engine, which comes alive only as you already start rolling.

Finally in late June my wife and I started shopping around for a buyer for the Audi and for a good deal on a Prius. The waiting list from custom order to delivery turned out to be about 5 weeks, far less than I had seen quoted by US-based posters on websites. I went for the “S Touring” model with a navigation system as an option, which my wife had been requesting for years. The touring comes with HID headlamps (I had never been happy with the conventional halogen lights on the A4) and a firmer suspension than the base model.

We also added a gadget called “etc” (electronic toll collection), which handles toll road charges for motorways here in Japan (most motorways here charge for usage). There are special lanes for etc-equipped cars at toll gates, which make it quicker to get through, as you just have to slow down to 20 km/h to pass through while your car contacts the wireless booth equipment. Before we always had to queue in a line to hand a prepaid card, cash or a credit card to a guy in a toll booth. There are discounts for paying by etc, I guess because the operating company can cut back on staff.

We returned the Audi on the day its bi-annual vehicle inspection became due. We then relied on bicycles and public transport for four days, until the Prius arrived on the last day of July.

Only after I placed the order did I google for crash test results, but the outcome was very comforting: Though the Prius was some 200 kg lighter than my 1999 model Audi, it did as well as the latest A4 model (2008) on crash test results. In fact it had the highest rating of any car tested for kids in child seats in the EuroNCAP tests. As far as interior space is concerned, I didn’t have to give up anything. If anything it’s more spacious than the Audi and it offers the practicality of a hatchback.

Last weekend we drove down to the coastal town of Enoshima on the Pacific, about 35 km from here, which on a Sunday takes 1 1/2 hours because of traffic jams. The Prius will simply shut down its engine whenever stopped, whether at a red light or in slow traffic. Even then the air conditioner (essential at 30+ centigrade in hot and humid Japanese summers) will keep you comfortable, as it’s electrical and draws current from the car’s powerful traction battery that also drives that car’s electric motors.

The NiMH battery will get recharged when the engine is running again or whenever you push the brake pedal to slow down the car, which switches one of the motors to work as a generator. This “regenerative braking” extends the life of the brake pads too.

Other auxiliary systems that on conventional cars are driven directly by the engine via a belt are electric on the Prius, such as the power steering and the brake servo. These always suck some power on conventional cars, whereas on a hybrid they only draw power when needed, making it more efficient.

On the way back we also drove at 80-90 km/h on multi lane highways, with the multi function display (MFD) showing better than 20 km per litre (better than 5 l per 100 km). We never had any trouble keeping up with traffic.

UPDATE (2008-08-10):
With about 250 km on the odometer, the displayed fuel consumption average is now around 16 km per litre (6.25 km per 100 km or 38 mpg US). Other than the weekend trip, it was mostly short trips to a shop or to drop off or pickup a family member at one of the train stations, which are about 3 km away. At our average of about 900 km per month this means the Prius is burning some 90 to 100 litres of fuel less per month than the Audi A4 it replaced, as well as running on a cheaper grade of fuel (regular instead of premium unleaded).

According to the website of the UK Department for Transport the Prius is not the car with the lowest CO2 output per km in Europe: It is undercut by two other cars. The Polo 1.4 TDI Bluemotion and the SEAT Ibiza 1.4 TDI Economotion both use the same 80 PS VW/Audi turbodiesel engine. At 99 g/km they output about 5g less CO2 than the Prius. However, these cars are classed as “superminis”, which offer considerably less space to passengers. Most people fail to realize how spacious the Prius really is compared to its competitors. Based on interior space the EPA in the US actually puts it into the “mid-size” category, along with the BMW 5-series and the Audi A6. Below the 5-series and A6 in size are the 3-series and A4 (rated as “compact” cars by the EPA). Below that is the A3 / Golf / New Beetle (“minicompact”). And one more size below that are the Polo and Ibiza.

UPDATE 2 (2008-10-16):

In two and a half months of ownership, our Prius has clocked up over 2500 km (1530 miles). My daughter accidentally reset the average fuel consumption display after 100 km, but in the 2400 km since then the car has averaged 18.9 km/l or 5.3 litres per 100 km or 44 miles per US gallon.

Keep in mind that most of our trips are to pick up or drop off a a family member at a station 3 km away, so most of our trips are no more than 6-7 km on a cold engine. Also, almost all our driving is urban, with plenty of traffic lights / stop and go traffic. If your average trip is longer or you drive more across country or if you live in an area that’s flatter than hilly Yokohama then you’d probably see even better fuel economy from this car.