Fake online retailer - help!

RustPuppet

Active Member
Joined
May 6, 2007
Messages
59
#21
For future reference, never never never never never enter credit card details over standard HTTP connections. Always make sure there is a green lock icon in the address bar when at the checkout screen. While this isn't a way to see if the company is legit it does immediately tell you that they aren't.
I know, that was a stupid mistake. Lesson learnt.

I just hope they shut this **** down before he robs anyone else.
 

LazyLion

King of de Jungle
Joined
Mar 17, 2005
Messages
101,447
#25
reroutes to iwantit.co.za
what does that domain registration say?


Your query has generated the following reply:-

Search on touchstore (.co.za)
Match: One

Domain: touchstore.co.za

Accounting info....
Date |Type| Cost |Invoices are E-Mail to....|Paid Date |ICnt| TrkNo |Billing Info


Flashing RED indicates that payment has not been received - please
confirm with the ZACR accounting department, accounts@co.za, should this
not be according to your records. You have been sent 0 invoices/statements.


0a. lastupdate :
0b. emailsource :
0c. emailposted :
0d. emailsubject :
0g. historycount :
0h. invoiceno :
0i. contracttype :
0j. rcsversion :
1a. domain : touchstore.co.za
1b. action :
1c. Registrar : 1API GmbH
2a. registrant : Adam Hardman
2b. registrantpostaladdress: Edison Way, Century City, ,Cape Town, Western Cape, 7446, ZA
2c. registrantstreetaddress:
2d. amount :
2e. paymenttype :
2f. billingaccount :
2g. billingemail :
2i. invoiceaddress :
2j. registrantphone : +27.832409744
2k. registrantfax :
2l. registrantemail : info@1byte.co.za
2n. vat :
3b. cname :
3c. cnamesub1 :
3d. cnamesub2 :
3e. creationdate : 2015/05/04 19:32:07
4a. admin :
4b. admintitle :
4c. admincompany :
4d. adminpostaladdr :
4e. adminphone :
4f. adminfax :
4g. adminemail :
4h. adminnic :
5a. tec :
5b. tectitle :
5c. teccompany :
5d. tecpostaladdr :
5e. tecphone :
5f. tecfax :
5g. tecemail :
5h. tecnic :
6a. primnsfqdn : ns81.domaincontrol.com
6b. primnsip :
6c. primnsipv6 :
6e. secns1fqdn : ns82.domaincontrol.com
 

LazyLion

King of de Jungle
Joined
Mar 17, 2005
Messages
101,447
#31
Your query has generated the following reply:-

Search on 1byte (.co.za)
Match: One

Domain: 1byte.co.za

Accounting info....
Date |Type| Cost |Invoices are E-Mail to....|Paid Date |ICnt| TrkNo |Billing Info


Flashing RED indicates that payment has not been received - please
confirm with the ZACR accounting department, accounts@co.za, should this
not be according to your records. You have been sent 0 invoices/statements.


0a. lastupdate :
0b. emailsource :
0c. emailposted :
0d. emailsubject :
0g. historycount :
0h. invoiceno :
0i. contracttype :
0j. rcsversion :
1a. domain : 1byte.co.za
1b. action :
1c. Registrar : Afrihost
2a. registrant : 1Byte (Pty) Ltd
2b. registrantpostaladdress: 67 Wessels Str,Johannesburg, Western Cape, 2128, ZA
2c. registrantstreetaddress:
2d. amount :
2e. paymenttype :
2f. billingaccount :
2g. billingemail :
2i. invoiceaddress :
2j. registrantphone : +27.769399389
2k. registrantfax : +27.11612700
2l. registrantemail : info@1byte.co.za
 

RustPuppet

Active Member
Joined
May 6, 2007
Messages
59
#32
From his LinkedIn, he currently works at HardWorx. A whois of the site also reveals it to be Afrihost, exactly the same as above.

Maybe his employer would like to know who they've got on their staff.
 
Last edited:

SauRoNZA

Honorary Master
Joined
Jul 6, 2010
Messages
31,988
#37
I recently bought an item from an online retailer called Apple ZA. The site seems legit and even has a Thawte trust signature. I paid via credit card and received a confirmation email for my order.

After a week, I mailed them and asked what the status of the order was. I got a reply back saying that the imported goods take longer to arrive in the country. This seemed way too suspicious, so I tried contacting the retailer through another means, but of course there's no other contact method to be found anywhere.

FFS.

This
is the whois for the domain. The mail address used to register it is wwwowww.za@icloud.com, and the name of the registrar is Israfil Yilmaz aka the guy who joined ISIS :mad:

I've since contacted FNB to reverse my payment to the retailer; they should be in touch later today. In the meantime, is there anything else I can do to track down my cash? Surely I should be able to find out what banking details were used for the site?

Or, considering the guy obviously has a working iCloud account, could that be of use somehow? And would Apple not want to shut this site down immediately to prevent further fraud?

And help would be greatly appreciated.
Yes those should be clickable and take you to a page that proves that the signature is actually legit.

Considering they don't even have HTTPS there's no way they could have Thawte.

/schoolfees.
 

RustPuppet

Active Member
Joined
May 6, 2007
Messages
59
#38
How the hell do you get a domain registered without a contact person?
The guy who registered the domain is Trishan, 083 205 0862.

His WhatsApp reveals him to be a real human. Whether or not "Adam" works there is another story. Or is HE actually Adam?

The plot thickens.
 

dualmeister

Honorary Master
Joined
Oct 15, 2005
Messages
15,454
#40
This sort of thing has happened to a relative of mine.

They used his company name and contact details. Once people started looking for their stuff they then got hold of him.

Some very dodgy people out there :mad:
 
Top