The notorious kelos-cis.com scam project of US domain registration and webhosting companies, such as iPower, DreamHost and Comodo. The latter provides authentication certificates, apparently, to the highest bidder. (www.iPower.com, www.DreamHost.com, www.Comodo.com).
This is a multi-billion scandal involving some of the most known brands in the industry. Prominent position holds the company Endurance International Group (www.endurance.com).
Not even Google managed to shut down the phishing sites that rip off people of their cash and dignity. And that takes place globally. Last year, more than 2 million people were successfully attacked in France at a cost to the innocent that may very well reach a billion Euro.
The valley giant could not stand as safekeeper of the internet in this case. Google may end being exceptionally harmed by this inadequacy. Needless to say, there are indications that people working for criminal entities may have already infiltrated the tech company and benefit from inside access. Evidence shows that way.
On the other hand, ICANN, the official regulatory authority, has created, very questionably indeed, a safe heaven for the thugs operating the scheme from the headquarters of such companies. Of course, other stakeholders are involved. ICANN looks like being the protector of the scammers instead of regulating the industry.
iPower and DreamHost both market and operate services where anyone could register a domain name without any details being disclosed. This service could be used by any criminal, common or terrorist, to launch attacks from active or dormant websites. But it served better internally, to registrars and webhosting companies, so they can cover tracks.
iPower runs the service Domain Privacy Service FBO and DreamHost runs the service Proxy Protection, via their entity Proxy Protection LLC.
The findings were overwhelming and deserved special attention. An attempt to reach out to Middlesex District Attorney, Marian T. Ryan - as Mrs. Ryan is believed to be the competent district prosecutor at the area of Endurance's headquarters - was fruitless.
There are indications about several domain registration and hosting companies and their affiliates, which collect data and contact details that later use to send out tons of fraudulent emails.They also run websites trying to deceive any way they can unsuspected visitors.
The companies, would not shut down their phishing sites or stop their activities no matter what. Again, to be noted, this is measured in billion (with a b).
In several occasions, the phishing emails originate from countries out of the ordinary, like Moldova, but from servers run by old buddies with American education and experience and several years in business. At least in one occasion, phishing emails came from IP address 188.8.131.52 that is used by Vesta.
Another expert, let us say, in Frankfurt, Germany, would remotely connect to the aforementioned server, so no harm done. Nonetheless, each case is unique.
Once your credit card details are stolen, they would forward immediately your data for evaluation and charges to other international scammers, for example businesses that are supposedly travel agencies, and may operate from Singapore or Europe, or any other place you can imagine. Companies like Supersaver and Seat24:
These merchants are open for business and then disappear as quickly as water on a sunny day. (Most of the links above would not work after a week or month).
By the way, who is behind the aforementioned scam websites?
This is another domain registration and web hosting company. You get the idea, right?
Kelos is the code name of the operation. They have built a sophisticated team of experts and a state-of-the-art platform to control and monitor operations. The moment you take any action on the internet, you leave your footprint, which these guys size and manipulate against you.
Accountability investigation led again towards the turf of Google.
In the case of kelos-cis.com, visitors are redirected, thanks to code that runs on the site, to other phishing websites, such as the following which specifically target French citizens:
And eventually visitors would end in something like this:
Kelos as a hub is just the play-maker. The internet domain receives links coming from emails and websites and distributes the workload according to the scam campaign that is on, each particular period.
There is only one line of code on www.kelos-cis.com:
Be aware. Do not disclose personal information under any condition on the internet. The malicious sites would trigger you with special offers and low prices to bend your resistance.
They are experts and very sophisticated criminals. Be very cautious.