Sunteți pe pagina 1din 12

 

This information is not organized too well. Just dropping it here as I dig it up. My apologies.

Feel free to add comments.


The more I dig, the deeper this rabbit hole goes.
Report Scammers who use GoDaddy Services

CompFixo, Ceylon-Tech, Ceylon Info Tech, Etc. 


Recently, individuals have started ​calling people​ (including ​myself​) reporting to be working on
behalf of Microsoft (​Microsoft’s Advice on Phone Scams​)[​1​]. They state that your computer has
not been properly receiving updates from Microsoft (or has received a virus), and that they
would like to assist you in resolving this otherwise dangerous problem.

● www.ceylon-tech.com tech support is a big scam


● Various complaints coming from 1-855-888-5881​ (CompFixo US Number)
● Various complaints coming from 0-800-068-9314​ (Ceylon Tech UK Number)

This is clearly garbage, so I thought I would set out to find out who is behind it. Here’s what I
have found - please supplement my findings with any of your own research. You can see a
recorded interaction with these individuals over on the ​Malware Bytes​ blog.

Company “CompFixo” (a.k.a. Ceylon-Tech?)

Domain http://compfixo.com

ipaddress 192.95.15.61

Sites with similar ipaddress:


● 192.95.15.60 ​http://www.solace-tech.com/
● 192.95.15.62 ​http://3techsolutions.net/

Registrant Sourav Gupta <​rick.sourav@gmail.com​>

Twitter @compfixo​, ​@ceylontech

Facebook https://www.facebook.com/Compfixo
https://www.facebook.com/ceylontechnicalsupport

Numbers listed for each company:


● CompFixo
○ 1-855-888-5881
○ 1-800-786-0970
● Ceylon Tech
○ 1-888-853-2145 (United States)
○ 1-800-626-749 (Australia)
○ 0-800-068-9314 (United Kingdom)
○ 0-800-452-144 (New Zealand)
○ +91 20 4149 5200 (India)

The email address associated with Ceylon Tech


(​souravgupta101@yahoo.com​) leaps over to another Facebook page, ​Lead
Bid Network​. The contact number of LBN is 1-800-626-749 – the same
number currently associated with Ceylon Tech in Australia.

LinkedIn www.linkedin.com/in/compfixo/
CompFixo has been endorsed by ​only one person​ on LinkedIn, ​Kunal
Deshmukh​ allegedly of Prerana Technologies. Kunal Deshmukh was
endorsed by CompFixo on LinkedIn for "CRM".

This same type of scam is reported as coming from a company called ​Ceylon-Tech​ (Google
reports bad SSL certificate - Expired). When searching for this, I found a ​YouTube promo​ for
this company on an account belonging to Sourav Gupta. Sourav can be found on twitter as
@SouravGupta​. Sourav follows @CompFixo. Sourav is following several “Call Center Today”
accounts on Twitter.

Ceylon Tech also has apparently spammed the heck out of ​pinterest​, again as Sourav Gupta.
Sourav lists Adicent Consulting (​http://www.adicentconsulting.com/​) on his Twitter account, as
well as on his LinkedIn account. This domain is currently privately registered, and does not list
Sourav in a WHOIS search.

Logo Similarities 

Sourav Gupta 

Sourav is the common denominator in all of these data points. This name is often times found
as the Admin or Technical Contact on WHOIS searches for various domains. It is also the name
used for setting up facebook pages, and pinterest accounts.
Sourav Gupta (April 26, 1983) has ​a Facebook profile​ that references Ceylon-Tech, as well as
some other related entities. Sourav’s primary profile is under the name “Simar.Sourav”. Sourav
also has ​a Facebook Page​ dedicated to himself.

E-mail rick.sourav@gmail.com

Skype simar.sourav

MSN simar.sourav

Gtalk rick.sourav

LinkedIn Sourav Gupta

Mobile 1-408-770-5950

1-408-689-2899 (No longer valid)


This number was found on an ​ActiveRain account​ created by Sourav, and used
to contact potential clients in 2009.

Sourav’s Facebook profile lists the following as his work history:

● Adicent Consulting
Founder · Pune, Maharashtra · Feb 4, 2012 to present
● Ceylon Infotech Pvt. Ltd.
Director Operations · Pune, Maharashtra · Feb 3, 2012 to present
● SGBS Corp
CEO & Founder · In 2007

SGBS Corp is ​accused of running its own scams​ as well.

On September 9, 2011 Sourav was seen on LinkedIn ​soliciting a call center​ to help sell Internet
service upgrades for a 20-40% discount. Sourav was also found to be ​requesting​ “premium
minutes for swiss mobile”.

Mail Online India ​reported on January 12 of 2013​ on a “Call Centre Fraudster” by the name of
Saurabh Gupta. This may be nothing more than a coincidence that somebody with a very
similar name was engaged in call-centre fraud.
Sourav ​has been seen​ representing “Simar World” (old ning site, ​simarworld.ning.com​) and
“Simar International Inc”, asking for 500 individuals to make calls from home. The email used
was ​simarinternationalinc@gmail.com​. Sourav also used ​sourav.gupta@simarinternational.com​.

Sourav gives a bit of ​insight into how his marketing mind works​, during a call for additional
companies/call-centers to work with him. New email is introduced: ​support.simar@gmail.com​.

Kunal Deshmukh 

Kunal is the only person to endorse CompFixo on LinkedIn.

Kunal lists contact details for himself in an ​older online exchange​:

Email: ​preranatechnologies@gmail.com
Phones: 0 982 341 3107, and 91 982 341 3107

Email: kunal.deshmukh@preranatechnologies.com
Email: ​kunal@preranatechnologies.com
Email: ​kddacraker@gmail.com
Skype: kddacraker
MSN: ​preranatechnologies@live.in
Mobile: +91 985 000 5522

Both phone numbers were provided in different messages. There is likely a typo among the two,
since they differ ever so slightly.

Kunal also operates under the name “kddacraker,” as seen in the older exchange above.
Additionally, this name is ​associated​ with his image, and Prerana Technologies. This name (or
nickname?) is familiar – it happens to be used in the ​DNS servers​ for CompFixo.
kddacraker.com is under ​private registration​.

On ​some forums​, “kddacraker” signs posts with a simple “kd,” which also happens to be Kunal
D’s initials. I suspect “KD The Cracker” is a nickname that Kunal has adopted online.

In 2009, Kunal ​revealed​ that his call center was trying to setup and use VICIdial, further allowing
themselves to dial to multiple countries with ease.

In another ​old exchange​, the kddacraker handle was used in a gmail address
(​kddacraker@gmail.com​) by “Vishidanand D,” also identified in the same thread as “Vishi1900”.
Kunal states that ​vishi1900@yahoo.com​ is his email address in ​another forum exchange​. A
skype username of Vishi1900 comes up when searching hddacraker@gmail.com.

Google ​reports​ nearly 90 posts on the callcentersindia.com domain mentioning kddacraker.


Some of Kunal’s ​interactions​ online suggest he work(s|ed) for a company called Corenix.
Corenix was hosted at corenix.net from ​2007 to 2008​; it is now offline and unavailable. Corenix
used the following contact options:

+91-982-341-3107 Yahoo sales@corenix.net


+91-942-276-7059 corenixsoftwares instantquote@corenix.net
+91-253-641-7095 MSN support@corenix.net
+91-989-016-4259 corenixsoftwares@hotmail.com
AIM
corenixsoftwares

It could very well be that Kunal is nothing more than gentleman providing a service to those
responsible for the Compfixo/Ceylon scams. He could be entirely innocent.

In 2006, it appears Kunal (kddacraker) had his ​interest in CAD​. This guy is looking less involved
the more I dig. Would love to know if anybody finds evidence to suggest otherwise. Just
appears to be a guy who has been involved in technology most (if not all) of his professional
career; starting with CAD, moving to hosting services, and most recently call center technology.

Rick Carter 

One report​ states that upon purchasing CompFixo’s services, they found that their money was
sent to “Rick Carter/CompFixo”.

People/Sites Of Interest 
Geek Support Live

Just came across ​another site​ that is performing the ​same scam​, using the same software
(Team Viewer), and operating under a very similar website. ​These calls​ are reportedly coming
from 1-888-214-5887. A WHOIS search shows that this domain was privately registered, and
therefore doesn’t reveal any information about who is behind the service. The service is hosted
with GoDaddy, as is the case for many (if not all) of the others.

Trius (Tech Support, or Calling Solutions)

http://triustechsupport.com/​ follows Sourav Gupta on pinterest, and has a very similar


service/site design. Could be yet another facade for their scam; don’t know. Will circle back on
this one later. They too are on Twitter; ​@TechTrius​. Listed Admin/Contact is Sumit Bahl
(​sumitbahl@gmail.com​).

Upon searching on Trius a litlte more I came across ​http://triuscalling.com/​, a provider of ​call
center services​. This domain is also registered, and apparently managed by, Sumit Bahl. They
are on twitter at ​@HRTrius​, and on LinkedIn as ​Trius Calling Solutions Ltd​.

Google Plus ​appears to be a means​ by which Trius spams through another name, Triu Tech.

Employees (Confirmed, and Potential)

Vijay Kumar​ (Manager, Advertising and Marketing)


Vijay appears to spam on ​stumbleupon​ as “innhotel” for Trius.

Vj Bansal​ (Ad Words Expert)

Kunal Bhatia?

Kunal Bhatia

Kunal liked many of the posts on the Trius facebook page. It appears that he is likely an
employee of Trius Tech Support. Kunal has a ​facebook account​ where he has posted images of
his team, and place of work. Relevant images are shown here.

“new year party in my office” – Kunal Bhatia


It may very well be that this is the call center (or at least one of them) from which Compfixo and
Ceylon are (or have been in the past) initiating their scams on so many individuals.

Tony Katavich​ (Haldeman, LLC, Facts and Information, LLC, Hogan Minings, etc)

Tony Wayne Katavich (born ​July 17, 1980​), of Haldeman, LLC. Connected to what are claimed
to be additional scams. The Haldeman, LLC company is reported as sharing the same physical
street address as Ceylon Tech, as stated below.

Katavich had to pay roughly $35,000 to an ex-employee (Mia Nelson) who said her job was to
create fake blogs to add noise to company search results, so as to keep people for reading
negative feedback about her past employer. See ​Behind the Nixon Statue​. See also ​Katavich
and TVWorks Ltd - 2010-064​. Haldeman, LLC logs news over at ​haldemanllc.wordpress.com​,
and​ ​haldemanllc.blogspot.com​ (Yes, two domains, maybe Mia was right…).

Katavich apparently had another company in the past, Hogan Minings, which he registered as
his handle on Twitter​. Hogan-Minings.com was ​registered by Facts and Information, LLC​. It too
shares the same common physical address on Hazelhurst in Houston, TX.

Geographical Curiosities 

Ceylon Tech lists the following as their contact address:


10685-B Hazelhurst Dr. #13407
Houston, TX 77043

Sourav Gupta, the individual who registered CompFixo.com and identifies himself as the
Director of Operations for Ceylon Tech, lists Houston as his city of residence on LinkedIn.

Interestingly enough, the Ceylon address above was related to ​another scam in 2010​, targeting
University students. Additionally, it is tied to an ​Oil Rig Job​ scam as well. The Oil Rig scam goes
back to a Haldeman, LLC (tied to ​other scams​, targeting Australians just as Ceylon Tech does).

Earlier in this document I noted that two other websites with ipaddress close in proximity to that
of compfixo.com had similar sites hosted: Solace-Tech, and 3techsolutions.net. Solace-Tech
lists the same address on its contact page.

Also at this location is a hosting service called ​M6​. It is, unsurprisingly, ​reported​ to provide very
poor service - even ​scamming​ individuals out of their money, according to some disillusioned
ex-customers. That being said, they have been offering hosting services since the late 90’s.

10685-B Hazelhurst Dr. #1353


Houston, TX 77043, USA

This is the building that ties these entities together – a simple warehouse:
10685-B Hazelhurst Dr. #6369 Houston TX 77043
Google Maps ​– © 2013 Google

This property appears to be managed by ​TNRG​ (​The National Realty Group, Inc.)​ of Houston,
Texas. It’s very likely that a query of their offices would reveal all present occupants of this
building.

Skype Accounts 

Out of curiosity I performed a search for accounts on Skype using some of the email addresses
collected throughout the duration of this research. The results follow.

Search Results
rick.sourav@gmail.com

hddacraker@gmail.com

preranatechnologies@live.in

Note the “att.dealer.oc” handle. I wonder what that account was used for.

Dates and Events 

Year Mo Day Event Title/Summary

2007 Oct 27 Sourav​ Gupta (“Simar.Sourav”) joins facebook

2009 June 23 Kunal Deshmukh creates kddacraker.blogspot.com

2010 Apr 08 First tweet from @hoganminings

2012 Feb 03 Sourav​ Gupta becomes Director of Ops at ​Ceylon​ Infotech

Feb 04 Sourav​ Gupta founds Adicent Consulting

Jun 26 First tweet from @​ceylon​tech

Jul 10 facebook.com/​ceylon​technicalsupport created


Sep 03 facebook.com/​ceylon​infotech created

Sep 05 triustechsupport.com record created

Dec 13 geeksupportlive.com record created

Dec 28 facebook.com/pages/Triustechsupport/309632545821684 created

2013 Jan 28 247PCGuard.com created

Feb 25 compfixo​.com record created

Feb 28 solace-tech.com record created

Mar 27 facebook.com/​compfixo​ created

Mar 31 facebook.com/AdicentConsulting created

Apr 11 Malwarebytes has first run-in

Apr 15 First tweet from @​compfixo

May 09 Malwarebytes has run-in with 247PCGuard.com

Jul 22 3techsolutions.net created

Sep 13 compfixo​ calls @jonathansampson

Sep 16 @jonathansampson confronts ​compfixo​ (recorded)

2015 Feb 02 Similar scam attempted on ​@KevinMitnick

Jun 23 @jonathansampson received another call from 932-726-5320