Page 1 of 2 12 LastLast
Results 1 to 20 of 23

Thread: Bull-Crap Scamming Domain-Names!!!

  1. #1
    Banned
    Join Date
    Sep 2021
    Location
    3rd Rock from the Sun
    Posts
    178
    Thanks
    178
    Thanked 63 Times in 44 Posts
    Rep Power
    0
    Reputation
    1270

    Default Bull-Crap Scamming Domain-Names!!!

    While Googling something, I came across a so-called "Trusted Antivirus Compare" site... actually being
    I looked, thinking it would/should be some independent 'review' Site. The very top of their list, was 'TotalAV', resplendent with 100% good
    marks, including an "Editors Choice!"... Hmmm. All the other common ones scored poorly? (See 1st image below)...



    NOTE: I'm NOT promoting that product!! It's just what the 'Comparison' Site said...

    Anyway, as I often do, I performed a 'Who-Is' for that 'Comparison' Domain Name, and found this...



    Hmmm... The Registrar for the 'trustedantiviruscompare.com' is "ENOM".
    So I performed a 'Who-Is' for 'TotalAV', and surprise surprise...



    Their 'Registrar' is also 'ENOM'... Gee!, who would have 'thunk' it !!!
    It can obviously be a trap, to think that some Sites are 'independent' Reviewers, especially when there is nothing I could see that
    indicated any affiliation with certain companies, and especially when labeling items as "Editor's Choice" etc. !! I've since viewed
    more in-depth valid reviews & real customer complaints about that 'AV' product, but that's beside the point.



Look Here ->
  • #2
    LSemmens
    lsemmens's Avatar
    Join Date
    Dec 2011
    Location
    Rural South OZ
    Posts
    10,585
    Thanks
    11,867
    Thanked 7,061 Times in 3,338 Posts
    Rep Power
    3153
    Reputation
    132592

    Default

    Nothing new here. I usually look at reviews on sites that I am familiar with. Many good product sites (especially banks) are cloned to look like the "Good" site and use very similar names too. To catch the typos. Early in the piece I discovered that if I entered ten.com I'd be directed to a porn site when I was looking for ten.com.au which was our local TV station. They are even more sophisticated than that now. So this does not surprise me. A bit like Maccas "pulling out" of Russia. Call me skeptical.
    I'm out of my mind, but feel free to leave a message...

  • The Following User Says Thank You to lsemmens For This Useful Post:

    Ah-Those-Old-Days! (18-06-22)

  • #3
    Premium Member
    wotnot's Avatar
    Join Date
    Nov 2019
    Location
    Scenic Rim, SE Qld
    Posts
    3,236
    Thanks
    1,462
    Thanked 2,934 Times in 1,510 Posts
    Rep Power
    1334
    Reputation
    58690

    Default

    Quote Originally Posted by lsemmens View Post
    Nothing new here. I usually look at reviews on sites that I am familiar with. Many good product sites (especially banks) are cloned to look like the "Good" site and use very similar names too. To catch the typos. Early in the piece I discovered that if I entered ten.com I'd be directed to a porn site when I was looking for ten.com.au which was our local TV station. They are even more sophisticated than that now. So this does not surprise me. A bit like Maccas "pulling out" of Russia. Call me skeptical.
    Yeah, same old IT based ponzi/pyramid reselling scheme that's been around for 2 decades....they're getting good at it too....running their own DNS servers, this lot are even running their own whois server to taint results (above results are bogus), and if one was proficient in every language in the world you might be able to track down the other 20 thousand website resellers that look exactly the same. You have to laugh....they've even registered domains based on typos....ie; 'totalav_dot_com' is mentioned here (antivirus reseller)...logical human typo would be 'rotalav_dot_com' (also an antivirus reseller) & 'yotalav_dot_com' (parked domain owned by the same mob)....I'll award them the slow clap for such diligence =)

  • #4
    Banned
    Join Date
    Sep 2021
    Location
    3rd Rock from the Sun
    Posts
    178
    Thanks
    178
    Thanked 63 Times in 44 Posts
    Rep Power
    0
    Reputation
    1270

    Default

    Quote Originally Posted by wotnot View Post
    Yeah, same old IT based ponzi/pyramid reselling scheme that's been around for 2 decades....they're getting good at it too....running their own DNS servers, this lot are even running their own whois server to taint results (above results are bogus), and if one was proficient in every language in the world you might be able to track down the other 20 thousand website resellers that look exactly the same. You have to laugh....they've even registered domains based on typos....ie; 'totalav_dot_com' is mentioned here (antivirus reseller)...logical human typo would be 'rotalav_dot_com' (also an antivirus reseller) & 'yotalav_dot_com' (parked domain owned by the same mob)....I'll award them the slow clap for such diligence =)
    Hi. I agree in general, with what you are saying, but as to you saying (in Bold above) that my above results are bogus is not really fair.
    Firstly, I am aware that there are often false 'links' to the likes of 'whois' and/or 'who.is' etc etc, and I never trust any 'site' to direct me!
    Secondly, if you look back on my last 2 'images', they are from different official regulated analysis Sites, deliberately. I usually use more than
    one even 'official' site to verify things in order to cross check. And if they were 'bogus', then they shat in their own nest by pointing to the same
    Registrar. But yep, running their own DNS Servers, (Domain Name Server Server hahaha..) some assholes can bluff a lot of people!

  • #5
    Administrator

    Join Date
    Jan 2008
    Location
    Newcastle, Nsw
    Posts
    4,604
    Thanks
    815
    Thanked 2,531 Times in 1,138 Posts
    Rep Power
    1178
    Reputation
    41376

    Default

    Quote Originally Posted by Ah-Those-Old-Days! View Post
    (Domain Name Server Server hahaha..) some assholes can bluff a lot of people!
    Domain Name System

  • The Following 2 Users Say Thank You to WhiteOx For This Useful Post:

    Ah-Those-Old-Days! (22-06-22),wotnot (19-06-22)

  • #6
    Premium Member
    wotnot's Avatar
    Join Date
    Nov 2019
    Location
    Scenic Rim, SE Qld
    Posts
    3,236
    Thanks
    1,462
    Thanked 2,934 Times in 1,510 Posts
    Rep Power
    1334
    Reputation
    58690

    Default

    they are from different official regulated analysis Sites, deliberately. I usually use more than one even 'official' site to verify things in order to cross check
    While at the same time, achieving little, because one is reliant on these web based whois servers to run the command, and one can't do any manual introspection....ie;


    gcb@gallah:~$ whois
    Usage: whois [OPTION]... OBJECT...

    -h HOST, --host HOST connect to server HOST
    -p PORT, --port PORT connect to PORT
    -H hide legal disclaimers
    --verbose explain what is being done
    --help display this help and exit
    --version output version information and exit

    These flags are supported by whois.ripe.net and some RIPE-like servers:
    -l find the one level less specific match
    -L find all levels less specific matches
    -m find all one level more specific matches
    -M find all levels of more specific matches
    -c find the smallest match containing a mnt-irt attribute
    -x exact match
    -b return brief IP address ranges with abuse contact
    -B turn off object filtering (show email addresses)
    -G turn off grouping of associated objects
    -d return DNS reverse delegation objects too
    -i ATTR[,ATTR]... do an inverse look-up for specified ATTRibutes
    -T TYPE[,TYPE]... only look for objects of TYPE
    -K only primary keys are returned
    -r turn off recursive look-ups for contact information
    -R force to show local copy of the domain object even
    if it contains referral
    -a also search all the mirrored databases
    -s SOURCE[,SOURCE]... search the database mirrored from SOURCE
    -g SOURCE:FIRST-LAST find updates from SOURCE from serial FIRST to LAST
    -t TYPE request template for object of TYPE
    -v TYPE request verbose template for object of TYPE
    -q [version|sources|types] query specified server info


    I know exactly what I'm doing with the whois command, which server I'm querying/choose to query, and blablabla --- most all web based whois websites run a 'generic' pass, and use either whois.networksolutions.com for NIC handles or whois.arin.net (IPv4) ...ie; you get the same bogus results these dodgy sites emit to the main/root servers....and when I say 'bogus', I'm referring to the fact the names of real people and locations are hidden from public view. What isn't 'bogus' are the domain names associated ~ these are 'reseller' domain names, part of the whole scheme, which the parent company holds the records for...and subvert so nobody's real name/address ever comes out.

    Of course, TCP/IP has to be let behind when digging info on companies.... like Enom LLC

  • #7
    Premium Member
    wotnot's Avatar
    Join Date
    Nov 2019
    Location
    Scenic Rim, SE Qld
    Posts
    3,236
    Thanks
    1,462
    Thanked 2,934 Times in 1,510 Posts
    Rep Power
    1334
    Reputation
    58690

    Default

    Quote Originally Posted by Ah-Those-Old-Days! View Post
    Hi. I agree in general, with what you are saying, but as to you saying (in Bold above) that my above results are bogus is not really fair.
    Yes, it is 'fair'.. they are bogus...in as much as being of any use identifying business/corporate entities that own/run the domain hosted by Enom (and many others).

    That said, I really don't expect most ppl to actually know what they're looking at here wrt whois records, so in an effort to enlighten...

    ...the particular section(s) of the whois record(s) I'm referring to as bogus, is this (the domain ADMIN & TECH fields are the same) ;

    Registrant Name: Whois Agent (275716871)
    Registrant Organization: Whois Privacy Protection Service, Inc.
    Registrant Street: PO Box 639
    Registrant Street: C/O trustedantiviruscompare.com
    Registrant City: Kirkland
    Registrant State/Province: WA
    Registrant Postal Code: 98083
    Registrant Country: US
    Registrant Phone: +1.42527xxxxx
    Registrant Phone Ext:
    Registrant Fax: +1.42597xxxxx
    Registrant Email: (code redacted)_at_whoisprivacyprotect.com


    Now....the Registrant field is supposed to be filled in with the legal name, business/corporate contact details, of the actual person(s) who bought/runs the domain (ADMIN/TECH fields should contain name/contact details of the site administrator and network technical officer).

    Here as you can see, these fields have been filled in by a 3rd party (Registrant Organization), who acts as/by proxy to represent the real owners/responsible parties for the domain, to protect their (commercial) privacy, so there is no way(^) by any means to identify the *actual* entity owner of this domain, merely by viewing the whois records. The 3rd party here (Whois Privacy Protection Service, Inc.), is a fully owned subsidiary of Tucows, who acquired Enom back in 2016 or such ; neither of these parties have/need to have anything to do with totalav or trustedantiviruscompare ; the latter two just buy webhosting from Enom (just like all those other scam sites buy hosting on NameCheap). (^ the particulars of records as identified by their file number, may be disclosed to relevant parties in the instance of legal proceedings, matters of state, blabla)

    The lineage of 'totalav' is a lot easier to trace, because of it's founding in the UK, which has very stringent policies wrt business practices and open information....ie; if you go to Ebay UK, you'll see every seller has to disclose 'Business seller information' that contains legitimate contact address/phone# information, and the same goes for business/corporate entities (I do hope AU adopts a similar system someday)...it is 'stupid easy' to find a maps.google streetview of their software house in Hampshire, and a picture of the face of the guy who's behind the whole totalav thing...(hint: UK VAT records are a good place to start) Once you find the point of commonality between Totalav (the product) and other anti-virus programs so affiliated, I'd lay odds on the probability that the website trustedantiviruscompare_com could be owned by the same provider of (anti-virus) services, all the various anti-virus programs have in common. You think...'how does one draw that conclusion?'....well, the big standout is, all the 'worst' ranked anti-virus programs on their site, are -not- affiliated with the same provider of (anti-virus) services the other programs use ; they use some other provider/do it inhouse/are a provider themselves. It could be just coincidence, right..right? (=

    Anyhoo....I found 2 curios of interest....one I found the answer for, the other not....so we'll go with that first =)

    1. The FQDN of totalav(.com) has this record -- Creation Date: 1999-11-29T1200.00Z ....this is obviously yonks before totalav (the product we know today) existed ; Q. who was the first registrant of this domain? (I tried... and failed...miserably B^)

    2. If you and a number of other anti-virus software comparison/test websites out of .DE, Totalav (the product) is highly favoured ; Q. What does Totalav & all the other similarly highly ranked programs have in common? (hint: what does it take to implement 'real time virus protection'?)

    A footnote to all this, is a learned something I was not immediately aware of doing the google maps thang ....when I'm snooping about, I routinely invoke a firefox private session window, because I don't want to make it that easy for target sites to smash the cookie jar. I mean as it was, the totalav site did this, even before hitting the landing page...



    LOL...I mean, you gotta laugh....but anyway, I'd gleaned the street addresses for both their UK & US offices, popped another private browser tab for maps.google, and c&p the street address in, select street-view, hey presto I'm looking at their business premises from the vantage point of the google-cam-car. Next, pop another private tab for maps.google again, c&p the US address in, go to select street-view....wtf?...not there?...sat-view...yeah, that works sort of..wtf is going on...then I see it, top righthand corner of maps window, the little blue button...'Login'....oh ffs, when did they implement that? So you have to signin to an/your googleID, to be able to get street view of locations in the US now?...Orwellian thoughts right there...so back to a normal browser window and do it there, to find the US address is the top floor of a building, which is now vacant and up for lease - they either went bust or moved business address. Learning google maps was carrying on like that, was just insightful =)

    edit: LOL!...it parsed the creation date string into an emoji!...totally unintentional, I'll leave it be =)
    Last edited by wotnot; 20-06-22 at 05:34 PM.

  • #8
    Banned
    Join Date
    Sep 2021
    Location
    3rd Rock from the Sun
    Posts
    178
    Thanks
    178
    Thanked 63 Times in 44 Posts
    Rep Power
    0
    Reputation
    1270

    Default

    Dear wotnot... Firstly, I never claimed to be a professional at networks/diagnosing. (Nor am I saying that 'you' accused me of that, hahaha).
    I 'used' to use & know a lot more in years gone by, including having 'illegal?' diagnostic tools at my disposal, but my body/Brain is greatly failing now!
    And I understand, (in simple terms now), that if some general big 'Company' has a WebSite(s), that they are in the hands of 'expert' Web-Developers
    to do all that 'Registering' etc, on their behalf!! Of course the original 'client' may understand nothing of DNS servers, secondary Domains etc etc. and
    obviously relies on their 'Developer' to supply all of the legally required information etc, and so we hope that they are at least being honest!

    Then again, for Australia as an example, there are governing bodies to 'oversee' many things/companies that require true accreditation, like...

    The best that 'simple' folk like me can do in the meantime is to use the best tools we can find, to find Registrar/Owner information...

    So, are you saying that trustedantiviruscompare is 'NOT' biased towards TotalAV ?? Because it's obvious that they are.
    Anyway...
    I was only trying to point out / suggest something that seemed obvious!!

  • #9
    Premium Member
    wotnot's Avatar
    Join Date
    Nov 2019
    Location
    Scenic Rim, SE Qld
    Posts
    3,236
    Thanks
    1,462
    Thanked 2,934 Times in 1,510 Posts
    Rep Power
    1334
    Reputation
    58690

    Default

    Quote Originally Posted by Ah-Those-Old-Days! View Post
    So, are you saying that trustedantiviruscompare is 'NOT' biased towards TotalAV ?? Because it's obvious that they are.
    No, what I am saying is that in your opening post here, you've attempted to put forward a premise that simply does not exist and/or that you mistakenly proffer to be as fact...this started with unsubstantiated links (in your mind) based on whois lookups which I've detailed above to help clarify that situation -- now in particular, I have to bring your attention to this bit ;

    Quote Originally Posted by Ah-Those-Old-Days! View Post
    especially when there is nothing I could see that indicated any affiliation with certain companies, and especially when labeling items as "Editor's Choice" etc.
    I can only surmise, that you still haven't read the disclosure page on the trustedantiviruscompare website, to discover how incorrect your assertion is here? Would you have even started this thread, if you knew the exact opposite was the case? To be perfectly honest, when I first saw the trustedantiviruscompare.com landing page, my very first reaction was "just why in the hell have they made the disclosure page widget, look like that?"....



    I'm not entirely sure it's their intent, or what their intent might be (if any), but to me that stands out like the proverbial dog's balls ... the 'why?' of it becomes a read-me-first visual clue...

    I mean, 'common sense' dictates that should be the first page one would read on a comparison website, merely based on the premise of 'what do they have to disclose, that warrants the creation of a disclosure page on their website in the first place?'...had you have done that little, you would have discovered *why* trustedantiviruscompare is so obviously biased towards totalav...


    As default we list antivirus providers by top affiliated

    trustedantiviruscompare.com (receives) advertising revenue from some companies listed to showcase their products this are affiliate antivirus. They get listed higher, additional banner advertising and linking, and direct download buttons


    As default we list antivirus providers by top featured

    Top Featured positions are chosen by the webmaster, we receive advertising revenue from some antivirus providers and this impacts the order which the webmaster chooses


    citing sections of:
    This stuff is 90% social engineering and 10% software code --- you mention 'editors choice' but fail to identify there is no 'editor' ; how can one divine that situation? There's no name or 'by line'...that simple in the reading ; on the disclosure page it becomes apparent that it's the webmaster, not any editor that does the choosing, and whilst neither of these human beings likely exist, they are one in the same {ahem} person.


    Quote Originally Posted by Ah-Those-Old-Days! View Post
    I was only trying to point out / suggest something that seemed obvious!!
    Maybe so, but all you've effectively done is point out you don't know how to correctly interpret whois lookups, you've made it obvious you can't read disclosure notices (that disclose information you claim isn't disclosed), and to top it all off you didn't identify the *real* scam being enacted here on trustedantiviruscompare's website (and 100s if not 1000s of other both legitimate and bogus antivirus compare/review websites) ...because it's not obvious to you (and the millions of others this form of social engineering fools every day).

    Again, nothing personal, but I think you have to agree that readers of a technical forum such as this, deserve better researched topic material than what you've provided here? Don't fret it, knowledgeable members play tag-team here, and I can fill in the blanks for the readers and yourself =)

    Here, it's actually TotalAV who are the scammers as such...ie; the ublock warning popup I got, when I tried navigating to their site..that's enough to pique my curiosity ; there's one story out there that the writer of totalav, was previously a blackhat that used to write (and sell) malware to 'interested parties'...

    1. So far I've been able to trace totalav_dotcom back to 2001 when it was owned by a husband/wife chartered accountancy firm in the UK 8)

    2. ...an image teaser for next time (after I collate notes)...



    ...the plot thickens...

  • #10
    Banned
    Join Date
    Sep 2021
    Location
    3rd Rock from the Sun
    Posts
    178
    Thanks
    178
    Thanked 63 Times in 44 Posts
    Rep Power
    0
    Reputation
    1270

    Default

    Sorry about the delay here... but my unfortunate life does fortunately not revolve around the likes of 'wotnot'....

    wotnot
    ... What the hell is your real problem????? I think it would be obvious to anyone that you don't like me?... and that's your business!
    So why the heck don't you just Block me, so you don't have to see my 'diatribe', and simply don't respond either?? You always seem to go on & on as
    if you are writing a Thesis for a University Paper, while including denigrating 'words/phrases' that somehow seem to add to your self-appointed 'power'?

    In scrolling way back in your massive transcription, you first said... "in your opening post here, you've attempted to put forward a premise that simply
    does not exist and/or that you mistakenly proffer to be as fact...this started with unsubstantiated links (in your mind)..
    ." etc. W.T.F. ???

    And then the .... "I can only surmise, that you still haven't read the disclosure page on the website, to discover how incorrect your assertion is here? ... "
    Yes, I saw that, but i was referring to a normal persons response to 'viewing' such a Site's page, scrolling down and thinking it was legit!

    Then of course, you miss-read and denigrate with your statement that... "you mention 'editors choice' but fail to identify there is no 'editor' ; how can one divine that
    situation? There's no name or 'by line'...that simple in the reading ; on the disclosure page it becomes apparent that it's the webmaster, not any editor...
    "... Sigh...
    W.T.F. !!! You totally missed my actual 'point' that seeing the words "Editors Choice", obviously SHOWS that it is a fake report, as there is NO magazine editor etc. What the hell
    are you smoking?? I don't think anyone else here miss-understood what I was saying, about the obviously bull shit "Editors Choice" deliberate attempt to deceive people??????

    Then on page-24 of your Thesis, (yep, I'm exaggerating!!!), you eventually get on to... "you don't know how to correctly interpret whois lookups", and "and 100s if not 1000s of
    other both legitimate and bogus antivirus compare/review websites) ...because it's not obvious to you...
    ". However, you 'felt' a need to then say in a condescending
    way... "nothing personal..." (Yea... right...) followed by... "readers of a technical forum such as this, deserve better researched topic material than what you've provided here"...
    etc. etc. etc...

    I truly don't want to go on & on & on here, and make 'myself' sound like a 'wotnot', but I sure as hell have the right to defend myself!!! If you thought I was going to crawl under some
    table with my thumb in my mouth, then you are sadly mistaken. Keyboard Warriors & big-headed Bullies have ZERO power/control over me... now, or EVER!! The 'problem' is, that people
    like you probably don't even grasp what 'mere' humans like me are saying here??? There is NOTHING wrong with having various opinions in life, but MOST people on MOST forums etc, know
    how to convey a simple sentence in opposition, in a simple & non-condescending way... Whereas YOU, seem to actually 'delight' in belittling 'lesser' people than yourself??? And continue
    doing so paragraph after paragraph after paragraph, in the hope that us 'minions' will succumb and eventually Bow to your self appointed Greatness... Sigh......

    Maybe I'm going too far here?? but YOU started the obvious animosity. Maybe YOU are also house-ridden too, like me... but the difference being that in your case, you can't leave your
    room because your massive head can not fit through the doorway!!!!! Wow, I wish that was my only problem in life!!!!!! Throughout the life that I've had, I've been privileged to have met
    and worked with MANY people who are smarter than me, but there has always been a DUAL respect, involving lifelong friendships. It's not what people say, it's HOW they say it!!, and 'you'
    wotnot, fail miserably in the PR department... I 'Want' to be angry with you... but considering my time left, and what's important in life, I actually feel 'Sorry' for you!!!!!!
    Last edited by Ah-Those-Old-Days!; 29-06-22 at 10:43 PM.

  • #11
    Administrator
    admin's Avatar
    Join Date
    Jan 2008
    Location
    Victoria
    Age
    56
    Posts
    31,150
    Thanks
    2,238
    Thanked 13,731 Times in 5,823 Posts
    Rep Power
    4552
    Reputation
    165805

    Default

    And I can tell you Ah-Those-Old-Days! that my moderating time does not revolve around resolving to complaints about you. And no, ironically wotnot was not the reporter of your post.

    You have posted up a bog standard scam review site. The internet is full of them. If you struggle with them, I would suggest investing in some software that lets you know the difference.

    Reading your first post, I am not surprised to see the resulting replies. You found a fake review site, did a whois on it and seem excited that ENom is the register for some reason.
    Enom is a domain name register, hell, I think I might even have a domain with them. It's not big news, they probably have 20 million on the books.

    Unfortunately you think you have found something, but you haven't found anything. This has been pointed out nicely enough, but you don't seem to take any criticism too well.

    You can go and look up austech.info as well if you like, it might be with enom, I cant remember. Edit : It's actually Wild West Domains



    Austech.tv which I own is with enom.


    Anyway, apart from that, put a sock in it. I will leave your posts as is, and wotnot, I will ask you not to reply to the personal abuse. But by all means, if you have something technical to add related to the topic, go for it.

    Any further rants will attract the laws of the site given that I have nicely given a verbal warning.

  • #12
    Super Moderator
    eaglem's Avatar
    Join Date
    Jan 2008
    Location
    Perth Western Australia
    Posts
    1,635
    Thanks
    8,427
    Thanked 999 Times in 399 Posts
    Rep Power
    504
    Reputation
    12610

    Default

    Due to thread starters request.
    The Eagle Flies High!


  • #13
    Administrator
    admin's Avatar
    Join Date
    Jan 2008
    Location
    Victoria
    Age
    56
    Posts
    31,150
    Thanks
    2,238
    Thanked 13,731 Times in 5,823 Posts
    Rep Power
    4552
    Reputation
    165805

    Default

    Eaglem, I have reopened the thread.

    It cannot be closed out of fairness to all posters as I have given a verbal warning as to behaviour, rather than take action against anyone for breach of rules.

    But if Ah-Those-Old-Days! still wants it closed, they can have a 7 day ban for abusing another member instead, otherwise they are simply being allowed to abuse other members against the rules and close the conversation with no penalty at all.

    Or we can let wotnot abuse Ah-Those-Old-Days! for half a page and then close it before Ah-Those-Old-Days! gets to respond. That's the equivalent fair action.

    I will leave it open, but should you receive a request from the original poster to close it again, go ahead and close it and ban the original posters account for 7 days. Or he can contact wotnot and ask him if it would be alright if he posts half a page of abuse at him to even it up and it can then be closed. I am guessing that won't happen

  • The Following User Says Thank You to admin For This Useful Post:

    eaglem (02-07-22)

  • #14
    Premium Member
    wotnot's Avatar
    Join Date
    Nov 2019
    Location
    Scenic Rim, SE Qld
    Posts
    3,236
    Thanks
    1,462
    Thanked 2,934 Times in 1,510 Posts
    Rep Power
    1334
    Reputation
    58690

    Default

    Quote Originally Posted by admin View Post

    ....I will leave your posts as is, and wotnot, I will ask you not to reply to the personal abuse. But by all means, if you have something technical to add related to the topic, go for it.

    Any further rants will attract the laws of the site given that I have nicely given a verbal warning.

    Oh goodgrief, this blew up behind my back as it were ~ funnily enough I just now get home after helping a friend for a couple of days down in the local boonies, to find some other member is running point for me (#kudos), and unfortunately yourself & mods have been forced to act. FTR I can assure you, as I've demonstrated before, I don't reply to posts like that, and there has never, ever been any personal 'slight' in any of my posts towards anyone...except austpost, ebay, banks, petrol companies, politicians, teevee show personalities, ..the usual candidates =)

    Can you please leave it open at least long enough for me to complete my hanging ending of what I found after a quick examination into what this particular scam website is, what it's part of, and just how the 'mechanics' of this all works? It's quite the technical trail all told, and knowing how scams operate wrt the IT domain always makes for an interesting read IMO .. especially when it comes to social engineering practices & 'devices' as part of a complete (shonky) business product. I'll finish it off tonight if you'll allow?

    Thanks for the fair moderation.

  • #15
    Premium Member
    wotnot's Avatar
    Join Date
    Nov 2019
    Location
    Scenic Rim, SE Qld
    Posts
    3,236
    Thanks
    1,462
    Thanked 2,934 Times in 1,510 Posts
    Rep Power
    1334
    Reputation
    58690

    Default

    Not directly quoting Admin's words, but here using them with the context of the pronoun 'you' to be connoted in it's 2nd definition of being used to refer to any person in general.

    You have posted up a bog standard scam review site. The internet is full of them. If you struggle with them, I would suggest investing in some software that lets you know the difference.
    This is the fact of the matter, and even myself with IT training (sys-admin, netsec) 'struggle' with them -- that is to say, there are so many sites like this out there, one simply doesn't have the inclination/time to check out every one of them (even supposing one could =) while surfing the 'net.

    Even when one writes 'standard scam review site', folks often do not correctly construe the words -- wrt the trustedantiviruscompare website itself for instance, it would be more correct to say it's a (legitimate) 'standard paid review site advertising a scam'. Why did I include the word 'legitimate'? Due to the fact it more or less is, disclosure in place to indicate results are paid for etc et al, the site itself didn't set off a hit with uBlock Origin, I had a friend try it on their Windows box with some antivirus software installed and it didn't get flagged there either, and it's not on any blacklists and can't be reported just for disseminating 'mis-information'. They operate legally. Like flat-earther websites =)

    A real life analogy, would be akin food advertising/packaging ~ the (wholesome) look of food products in teevee ads and on packaging materials, actually looks nothing like the the food product we buy, and this would be particular so when considering 'fast foods'. I mean, even on the internet you see this...a big mac on macdonalds's website looks a whole lot more appealing than what you get in real life, right? Are these advertising items a 'scam'? Perhaps...are they legal? Absolutely =) I recently watched bigclivedotcom review a Fray Bentos steak&kidney pie and he was having a good old giggle about how the image on the can looked liked mum's home cooked best, but inside looked like dogshit..lol..

    I personally always use (and advise others to use) a browser that is supported by the . By doing that, I know that my web content has been vetted (filtered) against lists, that identify scam websites and other possibly dubious/malicious websites out there, and I get warned by uBlock when such a thing is so.

    Here...if I had stumbled across the trustedantiviruscompare website for whatever reason, and got convinced by the 'hype' and clicked on the link to TotalAV, I would then have been confronted with the uBlock warning page I showed above. At that moment, I can recognize something's wrong with TotalAV.

    Why didn't uBlock display a warning about trustedantiviruscompare? Simple - you can't spend (risk, waste) your money on that website, it doesn't have a 'pay-portal' -- it's a form of 'click bait' ; the TotalAV website does have a pay-portal, and that is the risk (to you, the end user).

    Even if one knows ten tenths of nothing about how the internet/websites work behind the scenes, uBlock allows you to investigate the cause, the reason(s) why you're seeing a warning page...quick demo ~ I enter into my browser address bar and get this;



    The filter string is '||totalav.com^$document' ...in plain speak any/all documents from that domain-name...the list is provided by Badware risks (



    If I click the link on the 'Found in:' line, another page opens up that lists the filter itself;




    I enter totalav.com into the search box, to get me to the exact list location;




    This yields me the reference of the github issue number responsible for this filter existing, and so one visits that page to find out the reason(s);




    From that, you get the issue initiators;








    Note that the last 2 URLs are known fake/scam referral/review sites, and they gain that distinction by *not* having a disclosure page ; it is that which makes them a scam. A rough analogy might be seeing ads and such on teevee, wherein you fail to hear the words "We wish to announce that the following is a paid presentation" or such'n'similar...yeah? That's the equivalent premise when it comes to millions of sites like trustedantiviruscompare ~ they're a 'paid presentation' on port :80 instead of teevee, and their disclosure page speaks the words we hear on teevee.."we wish to advise that the following is a page presentation"..it's just like that really. When there's no disclosure it's a scam =)

    Do folks who use uBlock Origin bother to use the introspection feature like above? Pffft!...of course not, I'm just demonstrating the curious folks can if they wish to ; in real life usage, if uBlock throws up a warning, you just trust the reference lists got it right and head the warning and act appropriately, because you know there'll be a proven, tacit reason behind the uBlock warning.

    With the uBlock extension, you don't see ads either ; makes for a better youtube experience. Even with all my skills/training wrt IT, every moment I'm browsing on the 'net, I'm still relying on the many thousands of contributors to the various lists uBlock relies upon to work to vet the web content I'm receiving ; 'more than one pair of eyes' so to speak, nanos gigantum humeris insidentes 8)

    That's the solution here -> sick and tired of hitting bogus websites and having to sit thru YT ads? Install uBlock Origin ; contribute to it if you can - it's open source...it's free.

    If you want to keep reading what I was able to dig up about the trustedantiviruscompare (and other) websites, TotalAV, and how folks are duped into thinking 'the wrong thing', then see below ~ I just wanted the solution at the top of this post, so readers can avail themselves of a free software tool that helps one automatically bypass all this BS 'Bidness'. IMO it's worth installing just to nut the YT ads 8)

    If readers should take any one thing away from this thread, I would have it be they install uBlock Origin.....not that the rest of this is /TLDR


    I'll go back to my line of this stuff being 90% social engineering and 10% software code -- the social engineering part starts here;

    * the 'portmanteau device'

    As I recall it, this all started happening with business/company names back in the days of telephone book listings and other lists that were sorted alphabetically...ie; business names prefixed with A or AAA or such and similar, so these listings appeared first. It preyed on ppl's innate complacency to accept the things at the top of the list to be the best, and not search further. There has always been a tendency to engender company names with literal meaning or pazzaz, a catchy name for a coffee shop for instance, what you name your motel.

    With the advent of the WWW and ecommerce technologies, domain-names and concantenation of words to form them, same which can/could infer back to a business or company venture, became the target of domain-name 'squatters' ...

    Quick sanity check -- I want 'besthousepaint.com' to set up a house paint review site ->

    In the modern context for example, if I google the string 'trusted antivirus compare site', the website trustedantiviruscompare.com is top hit. If I use the more English correct string of 'trusted antivirus comparison site', again trustedantiviruscompare.com is top hit.

    If instead I use the portmanteau 'trustedantiviruscompare', the top listing will be a base breakdown of the trustedantiviruscompare.com website...this is because the search string I used has a 100% character match, nothing more, and one cannot read in the usual ('normal') connotations of the words 'trusted', 'antivirus' or 'compare'.

    Another example, is if one was actually in need of antivirus software, and wanted some way to compare the multitude on offer, a good search string for google would be 'which is the best trusted antivirus comparison site?'...try it yourself, you'll have to click through many pages of results before finding trustedantiviruscompare.com =) I'll be citing the top returned site from this search string below.

    Google cannot read..yet. For example, the strings 'how to use soap correctly' and 'the correct use of soap' ...may appear equivalent, but feed each of them into google and see what you find (I was there at the Brisbane Uni Refect. in the late 70's and saw Magazine perform a few songs from the album live =)

    The whois lookup websites are akin to a scam, in that they rely on the premise that folks believe doing a whois lookup, is somehow going to disclose some 'truth', or make them 'safer' or 'smarter' in so doing ; this is folly, it's nigh on a total waste of time...it was an 'historical' method to help find the identities behind a FQDN registration, but since the advent of domain-name privacy protection services (some 20+ years ago), it's been about as useful as teaching our kinds how to use a rotary telephone dialer, and when to press the A or B buttons in a telephone booth =)

    Here's another view - if you're an antivirus program compare/review website, and then being totally unbiased with no commercial gain (results cannot be bought) from the owners of the products you review...who pays the bills to keep the lights on? It ends up looking like this - ...which is peppered with so many pay-per-click referral links, it looks like sheer desperation <grin>...hint: skip down to the bottom of that page, where reader's comments are recorded untouched, and you start to get the true feel of what TotalAV are all about...the PPC links below each negative comment made me laugh =) Don't wonder too much about the 'glowing' editorial reviews -- the moment you write a 'bad' review, your PPC links are useless/worthless...the great catch22.

    To myself, the trustedantiviruscompare.com website looks like a 'template'...one of those marketing web deployment kits, an ecommerce type of business-in-a-box, that hasn't been carefully editted/formated by it's owner. There's too many strange grammer and sentence errors that hard to imagine being caused by typos or sloppy c&p. Seeing as they're using the 'portmanteau device' and knowing they have a US presence it's not too hard to find a clone...

    ...from trustedantiviruscompare website disclosure...



    ...from the US website disclaimer of antivirussoftwareguide



    You'll find other similarities too, but clearly both are drawing on some same original source material. Like trustedantiviruscompare, the domain antivirussoftwareguide is hosted by a company (go-daddy), who also have their own privacy protection company (Domains By Proxy, LLC who is a subsiduary of Go-Daddy)...and if you get off the webports and traceroute both trustedantiviruscompare & antivirussoftwareguide website URLs, you'll find them both gobbled up by DigitalOcean cloud services....so even the geo-physical location of the server farms can't be ascertained that easily, regardless of which domain-name hosting they choose. Nice =)




    That is TotalAV and it's clones, all owned by the same person obviously ~ it's the same core software, but with different GUI graphics, look and feel, and each product has it's own website created with a different aesthetic and imagery, to target a different social demographic. They also have various other software products, including VPN clients (clones again) which are built on another VPN provider's network/tech.

    To answer question 2 I posed, TotalAV (+ it's clones) and a number of other antivirus programs out there, are built upon a software development kit named 'SAVAPI', which they buy/license from this company -> ...do I need to point out that Avira have their own antivirus software products as well?...of course they do. Any affiliate partner using this SDK, can pretty much also use these images like these as well on their website...



    ....as an antivirus company using this SDK, you pay the testing companies represented by those logos to check your product, and if your product passes certain scrutiny and tests good, your product becomes eligable to use those image files, and you pay an annual fee to use those images + the testing company reviews your product once a month...providing you are a paying customer...(man, the shit you dig up ..lol..) Your product is pretty much assured a pass, due to it using SAVAPI. So none of these antivirus are special or unique (at their core)...

    The results of my search string above 'which is the best trusted antivirus comparison site?', returns the truth about TotalAV ;





    What caught my eye, was antivirussoftwareguide had actually ranked/promoted the Norton antivirus product, just slightly above TotalAV by the tiniest margin - if that doesn't make sense...guess who owns Avira?...yep, Norton...hahaha, so it doesn't matter which or who's antivirus software program you buy out of the offerings gathered on these sites, or who's ontop of a comparison/survey site's lists, the money all goes to the same conglomerate. However, the fact that two sites, obviously using the same template, should appear like this, with one site's top choice being norton, while at the same time both sites are biased towards totalav ; this makes me question the ownership of these comparison/review sites...or rather, the actual disseminator of whatever 'ecommerce-business-in-a-box' I'm looking at here.

    Either way, it's a marketing tool upon a 3rd-party software product upon a business model B^) I was trying to figure out what TotalAV had to do with a particular UK soccer club, but I don't live there nor watch teevee, but if I had it would've been obvious..



    How do the supporters of that football club, behave towards the TotalAV product/sponsorship? What happens if they win the cup (while being sponsored by totalav)? This is preying on sports fans' dedication to their club, on those who watch tevee coverage of same, mass bombing of the familiarity with word campaign -- they might buy/subscribe to TotalAV thinking they're helping their club ; this would be so for any sport/team who got paid by TotalAV for advertising space --- comparatively speaking, I bet this advertising vehicle attacts more buyers than the trustedantiviruscompare website ever could 8)

    If anyone followed the links at the beginning of this post wrt why totalav made it's way onto a uBlock filter, you'll find the reference alleging the author of TotalAV used to be a blackhat/malware writer themselves. Hard to substantiate, but certainly credible...it's happened multiple times before where hackers have found 'gainful' employment as result of hacking a company, but because that is so, this could just as easily be rumour spread about to bolter the author's credibility ~ having skills wrt creating malware, would definitely be useful when it came to writing an antivirus software.

    Likewise, a comment in one of those links details all the companies/interests the owner of totalav was in holding at the time ; I checked that comment to find it correct, but since then and now, the owner of totalav has gotten rid of some of that portfolio. When I started poking about some of the many (publically available) company transactions the ppl behind this show have lodged in the past, you see business records detailing the transfer of hundreds of thousands of shares to give one person the majority holdings in a company...and the shares are valued at $0.00001 each..and then said company is dissolved/sold..lol...I'm no accountant, but this doesn't look like legitimate business to me 8)

    The so called 'free' version of TotalAV and friends does nothing -> Please watch and read the comments - they expound the business practices employed by those behind TotalAV and friends. Works like this...they can't futz with the core of the product, because they've already paid av-test a year in advance, to pass the test, get use of the acreditation logos, and av-test retest/review the product once a month, and if social media picked up on a story that an antivirus program was malicious, the product name (and sales) would take a dive ; you have to employ 'business practices' instead.

    Going by all available evidence, the 'business practices' employed by by those behind Totalav, is to use misleading advertising, and unduly or illegally direct debit customers CC accounts...and I'll word this very carefully...only to be seen to refund the 'mistakenly taken' funds, to those customers of their's who noticed the mistaken transaction had taken place on their account in the first place....ie; I cannot find any reference to totalav discovering their own mistake, and approaching customers voluntarily with apologetic refund =)

    There will be a few aspects to this..ie; ultra-short duration MMF perhaps - if you've got lots of ppl's money for say 14~28days which you know you have to payback/refund, you could for instance invest those funds in some money marketing, and actually make money (interest) on the principle, which you keep before paying back the original amount to the customer ...but another aspect I know for sure that's baked in, is by no means does everyone check the itemized account listings of their bank/CC credits/debits ; how many of us reading this, would be actually aware a random amount of money under $5 has be debited/taken from our CC account? Especially when you know you have recurring payments coming out of the same account?

    This is more social engineering...the practical societal reaction to the advent of the credit/debit card. I had this happen to me in industry decades ago - we had a subscription service, most customers setup a recurring payment on their CC for the service. Customers would cancel their subscription, move or go to a different service, and the company would stop invoicing them (remember, *not* billing them, just invoicing for payment received), but dingbat customers would fail to cancel the recurring payment from their bank/CC, and we the company were blithely unaware of this because we weren't looking for any payment from that customer anymore...until of course the EOFY came around, and reconcilliation showed we had too much money. It was staggering upon dissection, to realize some customers weren't even aware of the $40/mth coming out of their account...for more than a year in several cases. Our client book would've been around 20,000 customers, and iirc it was around 4% of same who'd paid us more money then they should've. For instance, there were -lots- of single month overpayments, we suspected because they hadn't cancelled their bank/CC arrangements, but then noticed it a month later.

    I had never considered/thought of that aspect of ebank/plastic money until that moment in time. This is why companies like TotalAV push for the subscription/auto-recurring payment schema - it can make money off something as simple as people's complacency and/or forgetfulness. You and I might not be like that, but their audience would be somewhere near .75 billion ppl. ...and we're talking not only desktop/laptop devices, but also android/ios mobilephones as well.

    So what's more important here? A portmanteau domain-name of a disclosed, paid advertising website, or what product is being advertizied?

    It's a trick question - the correct answer is 'neither' ; what's more important here is knowing that something like uBlock Origin (and others) would've warned you, the end user, that something wasn't right about the website totalav.com and every document on it, and that one or more of the honest, everyday folk from all around the world participating in these open source lists that enable uBlock's (and others) functionality, have already done the hard yards, and found proof of the scam involved, to be able to warn you about it.

    That way, end user doesn't need to know all of the above - they can just see the uBlock warning, and close the browser window to that site and get outta there ; it is too simple.

  • The Following User Says Thank You to wotnot For This Useful Post:

    lsemmens (02-07-22)

  • #16
    LSemmens
    lsemmens's Avatar
    Join Date
    Dec 2011
    Location
    Rural South OZ
    Posts
    10,585
    Thanks
    11,867
    Thanked 7,061 Times in 3,338 Posts
    Rep Power
    3153
    Reputation
    132592

    Default

    A very comprehensive analysis, wotnot. No I did not read it all. I gave up at your TLDR statement. Though I can well understand the complexities and the vagaries of sites such as the particular site in point.
    I'm out of my mind, but feel free to leave a message...

  • The Following User Says Thank You to lsemmens For This Useful Post:

    wotnot (02-07-22)

  • #17
    Premium Member
    wotnot's Avatar
    Join Date
    Nov 2019
    Location
    Scenic Rim, SE Qld
    Posts
    3,236
    Thanks
    1,462
    Thanked 2,934 Times in 1,510 Posts
    Rep Power
    1334
    Reputation
    58690

    Default

    Quote Originally Posted by lsemmens View Post
    A very comprehensive analysis, wotnot. No I did not read it all. I gave up at your TLDR statement. Though I can well understand the complexities and the vagaries of sites such as the particular site in point.
    Thanks, and yep...stopping at /TLDR is the correct play here ~ one doesn't need to know the minutia of details behind a/the scam, you just need to know it exists so you can avoid it at all cost ; that is the beauty of tools like uBlock Origin =)

    Incidentally...on one of those sites I looked at, I found this buried away....

    Cookies are many times used with a pixel tag on the Sites. Pixel tags (also known as web beacons or clear GIFs) are typically transparent graphic images placed on a website. These pixels are used in combination with cookies to measure the actions of visitors to their websites that arrive through the services. For example, we, or our business partners may use pixel tags to track interactions on the Site/s or to understand referrals to partners from our Site/s, or, for Retargeting purposes, as we described in the Privacy Policy, or other interest based advertising, as further explained in section 5 below.

    The is the cookie policy for one specific website..... why is 'Sites' plural? 8)

  • #18
    Banned
    Join Date
    Sep 2021
    Location
    3rd Rock from the Sun
    Posts
    178
    Thanks
    178
    Thanked 63 Times in 44 Posts
    Rep Power
    0
    Reputation
    1270

    Default


    I think I'm personally at a loss too, along with Wotnot a few replies back, as to why this has/had denigrated to this??
    What had initially totally confused/confounded me was a few replies back from... 'eaglem', saying ... "Due to thread starters request"
    after the 1st interjection from 'admin' ??? What??? I've never even heard of 'eaglem', and certainly never made ANY such 'request' to
    either block or re-instate? anything, to/about anyone??? Sorry, I must have had a 'Brain-Fart' or something!, but no, it never happened!

    If people actually re-read my prior 'offensive' post-thread, they would/could/should see that (as I said!) that I am not averse to people having
    many opinions, but spoke of "How they are said". For that, I make zero apologies. There are nothing wrong with 'Technical Facts', but that within
    the limits of 'text', there are 'ways' of saying things, whereby denigration & belittling is not an option in my simple mind.
    And this/here is NOT an isolated incident, going quite a way back, but none of this is/was ever my intention, and so many others 'Understand' me...

    Let's say I started a 'Topic', of say "Holden's are great, & Ford is crap!"... Do people think that I'm not going to 'expect' oppositional opinions?
    Of COURSE I would!! And accept the positive & negatives, including the "Read between the lines" humor & "Tongue in cheek" humor!!! But if someone
    said that "as a Holden lover, you are obviously inept at being a mechanic, and that you don't belong on this Forum", then I will bite back!!!!!!

    Again!, it is not about opinions or what was (repeatedly over many months!) said, but the way that some people think it's ok to talk to others!
    If 'people' want to hate me for that, then go for it!! There is NO skin off my nose. I will go to my Grave knowing that I've been Honest.
    'admin'... do what you think you must, Re: this whole Post, or my personal 'blocking' for a week?? Se-la-vie...
    Last edited by Ah-Those-Old-Days!; 02-07-22 at 10:04 PM.

  • #19
    Premium Member
    wotnot's Avatar
    Join Date
    Nov 2019
    Location
    Scenic Rim, SE Qld
    Posts
    3,236
    Thanks
    1,462
    Thanked 2,934 Times in 1,510 Posts
    Rep Power
    1334
    Reputation
    58690

    Default

    Quote Originally Posted by lsemmens View Post
    Though I can well understand the complexities and the vagaries of sites such as the particular site in point.
    The web side of it & content tracking etc etc, is actually helped along by google inc and the UK business standards,,,,you can do it all on your web-browser using freely available websites...if you know what to look for =)

    I did forget to share one of the funnier results I stumbled across sating my curiosity wrt totalav....like, keeping topic line in mind.... I found this.... ()



    ....and I'm sitting there scratching my head, looking at my search string...wtf has that got to do with totalav?....you know, those moments when you question google's sanity....however, google was right....



    LOL....finding that at the time, really made me laugh....you watch what happens when AI gets really good at this shit ...the analytical data's all there, you've just gotta hook an AI brain to it, and these sorts of review websites will be writing themselves, updating and changing content based on some other datapoint...it'd be close if not already there...the various cloud services have changed the complexion versus inet of a decade or 2 ago.

    Tell you another aspect as well....when a uBlock filter pops and it piques my interest....here, because an antivirus program is something ppl trust to keep them safe...yeah?...and if so and they're legit, why the warning?....although you didn't read it, once you understand who they are, what their product is, how it all works, the types of advertising methodology and business practices they're infamous for, and how they could possibly make money from their cotton candy machine, you leave on tidbit for last ...the company statement(s) made by the owner of TotalAV and friends, and in business legalese you can read the same thing as my plain English examination above...and see they've been operating at a multi million dollar loss for years ... ... (Hint: PARENT_ACC)

  • #20
    Premium Member
    wotnot's Avatar
    Join Date
    Nov 2019
    Location
    Scenic Rim, SE Qld
    Posts
    3,236
    Thanks
    1,462
    Thanked 2,934 Times in 1,510 Posts
    Rep Power
    1334
    Reputation
    58690

    Default

    Quote Originally Posted by Ah-Those-Old-Days! View Post
    Se-la-vie...
    No, that's incorrect ~ you'll just end up insulting the French and cause speakers of Francaise to disparaging mutter "Quel idiot..", especially if one hypenates the words together like that.

    Just so other readers of this forum who aren't familiar with the phrase don't make the same mistake,



  • The Following User Says Thank You to wotnot For This Useful Post:

    lsemmens (04-07-22)

  • Page 1 of 2 12 LastLast

    Bookmarks

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •