cancel
Showing results for 
Search instead for 
Did you mean: 

Is there a way to report the scammer responsible for the phony Firefox update redirect?

SOLVED
Highlighted
New Contributor

Is there a way to report the scammer responsible for the phony Firefox update redirect?

As was pointed out to me, the phony update download domain changes on a daily basis.

This time the phony site was IERAIDREAMLAND.ORG

I immediately went to the ICANN whois page and looked it up -- this phony update page was created by the EXACT SAME individual that did the last one (keeshelcuara.net) that popped up.

When I looked keeshelcuara.net yesterday, the record came up. Today ICANN Whois says it doesn't exist. However, I saved the page from that whois lookup, and from today's phony update popup.

Aside from the domain name,, all the other information matches - from the persons name to their address to their phone number. While this information is probably also phony, it would be great if there was an avenue for reporting this jerk.

At: https://whois.icann.org/en/lookup?name=ieraidreamland.org (created 2016.09.08)

The person's info is:

Showing results for: IERAIDREAMLAND.ORG Original Query: ieraidreamland.org Contact Information Registrant Contact Name: Chad N. Wessels Organization: NA Mailing Address: 4145 Diane Street, Atascadero California 93422 US Phone: +1.8054618382 Ext: Fax: Fax Ext: Email:wesselsch@tutanota.com

The jerks Registrar is:

Registrar WHOIS Server: URL: http://www.PublicDomainRegistry.com Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com IANA ID: 303 Abuse Contact Email: Abuse Contact Phone

Is there anything that can be done?

1 ACCEPTED SOLUTION

Accepted Solutions
New Contributor

Re: Is there a way to report the scammer responsible for the phony Firefox update redirect?

Just to followup, James -- Since I submitted the report at http://www.PublicDomainRegistry.com as you suggested, the phony update page has not come up even once for me.

I don't know if that means that the person named as registrant has been stopped or apprehended [if it was actually real info and not an alias], but I find it interesting that it hasn't happened since. Even if it just stops the jerk for a short time, it may be a way to keep knocking his phony update page off the web each time he tries bringing it back.

I greatly appreciate the responses you gave. It really helped.

Thanks.

Henry

Edited for spelling 2016.09.13@21:16

13 REPLIES
Site Moderator

Re: Is there a way to report the scammer responsible for the phony Firefox update redirect?

You can try to report the sites at https://publicdomainregistry.com/report-abuse-2/

Even if they deal with the sites registered by a person the persons or group behind this can just register with new details.

New Contributor

Re: Is there a way to report the scammer responsible for the phony Firefox update redirect?

I have no idea why the text layout changed. I'll try it again:


Showing results for: IERAIDREAMLAND.ORG Original Query: ieraidreamland.org Contact Information Registrant Contact Name: Chad N. Wessels Organization: NA Mailing Address: 4145 Diane Street, Atascadero California 93422 US Phone: +1.8054618382 Ext: Fax: Fax Ext: Email:wesselsch@tutanota.com

The jerks Registrar is:

Registrar WHOIS Server: URL: http://www.PublicDomainRegistry.com Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com IANA ID: 303 Abuse Contact Email: Abuse Contact Phone

BTW, I saved the complete whois listing page for both of the domains I mentioned above, so if any info is needed from it, I will be happy to put it up -- especially since the domain listings seem to disappear from the whois database within days of being created.

New Contributor

Re: Is there a way to report the scammer responsible for the phony Firefox update redirect?

James; I did fill out the form at the website you listed. I have no idea if they received it since there was no acknowledgement block - the page just went back to a blank submission for page. I hope they got it though.

I attached a text file that had the Raw WHOIS Record for today's 'domain'. While that info will probably be gone from the whois page in the next day or so, the owner info was the same as previously, so maybe that will help them narrow down who this jackass is.

Thanks for your assistance.

Henry

Edited for spelling @20:31

Support Forum Moderator

Re: Is there a way to report the scammer responsible for the phony Firefox update redirect?

FYI, there is a lengthy contributors support thread over here - https://support.mozilla.org/en-US/forums/contributors/712056 - where the topic of fake updates is being followed and updated by many support contributors here.

New Contributor

Re: Is there a way to report the scammer responsible for the phony Firefox update redirect?

Just to followup, James -- Since I submitted the report at http://www.PublicDomainRegistry.com as you suggested, the phony update page has not come up even once for me.

I don't know if that means that the person named as registrant has been stopped or apprehended [if it was actually real info and not an alias], but I find it interesting that it hasn't happened since. Even if it just stops the jerk for a short time, it may be a way to keep knocking his phony update page off the web each time he tries bringing it back.

I greatly appreciate the responses you gave. It really helped.

Thanks.

Henry

Edited for spelling 2016.09.13@21:16

New Contributor

Re: Is there a way to report the scammer responsible for the phony Firefox update redirect?

Well, the jackass is at it again and the whois info at ICANN is identical to previous.

For the moment, you can see it here:

https://whois.icann.org/en/lookup?name=raefughst.net

Too bad law enforcement is apparently content to let him spread his viral BS.

New Contributor

Re: Is there a way to report the scammer responsible for the phony Firefox update redirect?

Hopefully I am not speaking too soon but after again reporting the joker to his registrar, I also sent the information from the whois report to the FBI, and so far I haven't had the phony redirect come up once.

Of course that could also be because of the latest Firefox patches and, even though they have caused other issues, they may be the reason the phony update page hasn't come up.

New Contributor

Re: Is there a way to report the scammer responsible for the phony Firefox update redirect?

PDR has been the registering company for a long time. Their abuse department cancels the URL and there is no cost for the initial registration. The Name/address of the person has altered but is currently constant. Abuse said they would take steps to prevent reoccurance. They lied; new URL's daily. PDR has a NJ phone number but the fax is in Minn. The company seems to actually be in the middle east (Saudi or Amaridsomething) The trace always ends in NJ, and so far is always via the ISP of Coopa and their machines are in NJ and Chicago.

Reliable, and PDR refuse to give any info. I've asked. PDR has a legal requirement to know the person registering. Their legal department has not responded to my inquiry, nor their CS dept which has grown tired of my "cancel this URL with its spread of malware" emails.

I never filed anything with ICANN because of the complexity. And IMO they would do no more than say "stop it." As for legal action (FBI? Really? Any proof of $ loss? IMO that is what they would require), I would hope but think no aid is coming, and if anything is outside the US, well, the word impossible comes to mind. I've sent email to web sites asking about their advertisers and if they know of the orange screen. Their own forums are sometime mini-Mazolla forums. Denyability, silence, or a 'give us an example' have been read. The result so far, from trying to get the orange screen, is more sites are using multiple ads in one space which rotate and/or get downloaded. Puts a burden on my CPU and lags are like using a 56K dialup modum. My latest is waiting for a response from the httpS firm always involved, but you know privacy ....

New Contributor

Re: Is there a way to report the scammer responsible for the phony Firefox update redirect?

henry, the URL you supplied has been reregistered and ther server is in Austrilia. This happens routinely after a few days. I do not recommend going there - it downloads something new

altered url: aphocpreviewNULLyoursites.net