# Did the GVH site just get ripped by 'GreenValueNetworks'?



## Geek (Apr 29, 2015)

http://greenvaluenetworks.com/

I saw it somewhere this morning.  Domain is a day old and an obvious rip - *look at the source* before clicking shit or use a QA box.  There may be crap in there somewhere.

Maybe the old support guys are back with a vengeance ..or did I miss something since last night?


----------



## Robert (Apr 29, 2015)

Who cares?


----------



## Geek (Apr 29, 2015)

Uhm, damn near everyone up until a month ago, so don't give me that "who cares" crap.  Past threads show differently. You know as well as I do that people cared about it for a long-ass time.


----------



## DomainBop (Apr 29, 2015)

0 dc-71872821.greenvaluenetworks.com 107.190.143.146 5 min Blacklist Check      SMTP Test

ftp.greenvaluenetworks.com. 300    IN    A    107.190.143.146

TL;DR 1 hosted at HostDime

TL;DR another fine example of CloudFlare successfully hiding a site's IP address

The about us is humorous:



> Mohamed Anwar is Chief executive officer of Green Value Networks, Inc., the parent corporation of GreenValueNetworks.com. His responsibilities embrace general oversight of company finances, native advertising affairs, and strategic visionary designing. though he doesn't participate within the regular operations of GreenValueNetworks.com, Lance is always lurking and might be contacted simply whenever there's a tangle that needs his attention. His confidence and assurance is contagious to the corporate and he is galvanized our employees to not solely pride oneself in their work, however additionally to stay their heads held high and appearance forward to every and each day of serving to customers establish their on-line presence. In his free time, he enjoys cricketing and disbursal time with friends and family.


...and the contact address:



> Green Value Networks, Inc.
> Main Street
> Kankeyanodai, Arayampathi - 30150 Sri Lanka



edited to add:



> an obvious rip - *look at the source*


Well you have to give them some credit for taking the time to setup their own google analytics account and changing Lance to Mohamed and Illinois to Sri Lanka on the ripped template


----------



## KMyers (Apr 29, 2015)

DomainBop said:


> Well you have to give them some credit for taking the time to setup their own google analytics account and changing Lance to Mohamed and Illinois to Sri Lanka on the ripped template


Based on that... you can pretty much assume that they are in a position to give GVH a run for their money. 

It is no shock that they are also using a nulled copy of WHMCS (reported)


----------



## SaadIsmail (Apr 29, 2015)

Just found this: http://www.webhostingtalk.com/showthread.php?t=1216905


----------



## KMyers (Apr 29, 2015)

SaadIsmail said:


> Just found this: http://www.webhostingtalk.com/showthread.php?t=1216905


Hm, that was a post made in 2012. This makes no sense at all


----------



## al3xt (Apr 29, 2015)

gezzz, 'that' same guy again..  opcorn:


----------



## Geek (Apr 29, 2015)

Domain was probably owned by the real (pffft) GVH owner, whoever the hell it was, at some point or another, expired, and someone in Mumbai picked it up either at auction or right after the registrar released it.  Would have to see the whois history.  Either way seems like somebody's out for blood, or unknowingly picked the worst brand possible to mimic.


----------



## Geek (Apr 29, 2015)

DomainBop said:


> 0 dc-71872821.greenvaluenetworks.com 107.190.143.146 5 min Blacklist Check      SMTP Test
> 
> ftp.greenvaluenetworks.com. 300    IN    A    107.190.143.146
> 
> ...



I never understood that either. Cracks me up when a skid uses a defacer to promote their BS little factions or whatever, and their little club website has cloudflare NS...

# dig $domain any 

... oh lookie, an MX record.  Another reason I never fully trusted them....


----------



## Geek (Apr 29, 2015)

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8"/>
<title>About Us - GVN</title>
<meta name="keywords" content="SSD Shared Hosting, Shared Hosting, DDoS Protection, Master Reseller, Reseller Hosting, SSL Certificates, Domain Names"/>
<meta name="description" content="GreenValueHost: About Us"/>
<script type="text/javascript">
//<![CDATA[
try{if (!window.CloudFlare) {var CloudFlare=[{verbose:0,p:1430312104,byc:0,owlid:"cf",bag2:1,mirage2:0,oracle:0,paths:{cloudflare:"/cdn-cgi/nexp/dok3v=1613a3a185/"},atok:"372d9fc344491f70df3bdeceb4b91f31",petok:"31d69d98f53632e742888c819e5631de8d474e09-1430336276-1800",zone:"greenvaluenetworks.com",rocket:"0",apps:{"ga_key":{"ua":"UA-62389674-1","ga_bs":"2"}}}];CloudFlare.push({"apps":{"ape":"8d35e17c181f7693733f3ed15cae67fc"}});!function(a,b){a=document.createElement("script"),b=document.getElementsByTagName("script")[0],a.async=!0,a.src="//ajax.cloudflare.com/cdn-cgi/nexp/dok3v=7e13c32551/cloudflare.min.js",b.parentNode.insertBefore(a,b)}()}}catch(e){};
//]]>
</script>
<link rel="stylesheet" href="style.css" type="text/css" media="screen, projection"/>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.8/jquery.min.js"></script>
<script type="text/javascript" src="https://secure.******************/includes/jscript/jquery.js"></script>

http://greenvaluenetworks.com/aboutus.html

Oops, someone forgot to wash their hands after they took a piss....


----------



## Mayers (Apr 29, 2015)

Lol wow opcorn:. Those prices... someone will jump on them .


----------



## drmike (Apr 29, 2015)

Robert said:


> Who cares?


I care because I hate content theft folks.

This is even bad in GVH land this level of bullshit theft.

Mohamed Anwar or whatever fool is behind that should watch.   I guarantee that site is coming down.  Better go hide behind CF while you can bozo.


----------



## drmike (Apr 29, 2015)

Domain Name: GREENVALUENETWORKS.COM

Registry Domain ID: 1924042491_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.publicdomainregistry.com

Registrar URL: www.publicdomainregistry.com

Updated Date: 2015-04-28T13:28:31Z

Creation Date: 2015-04-28T13:28:29Z

Registrar Registration Expiration Date: 2016-04-28T13:28:29Z

Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com

Registrar IANA ID: 303

Registrar Abuse Contact Email: [email protected]

Registrar Abuse Contact Phone: +1-2013775952

Domain Status: clientTransferProhibited (http://icann.org/epp#clientTransferProhibited)

Registry Registrant ID: 

Registrant Name: Domain Admin

Registrant Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org

Registrant Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator  

Registrant City: Nobby Beach

Registrant State/Province: Queensland

Registrant Postal Code: QLD 4218

Registrant Country: AU

Registrant Phone: +45.36946676

Registrant Phone Ext: 

Registrant Fax: 

Registrant Fax Ext: 

Registrant Email: [email protected]

Registry Admin ID: 

Admin Name: Domain Admin

Admin Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org

Admin Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator  

Admin City: Nobby Beach

Admin State/Province: Queensland

Admin Postal Code: QLD 4218

Admin Country: AU

Admin Phone: +45.36946676

Admin Phone Ext: 

Admin Fax: 

Admin Fax Ext: 

Admin Email: [email protected]

Registry Tech ID: 

Tech Name: Domain Admin

Tech Organization: Privacy Protection Service INC d/b/a PrivacyProtect.org

Tech Street: C/O ID#10760, PO Box 16 Note - Visit PrivacyProtect.org to contact the domain owner/operator Note - Visit PrivacyProtect.org to contact the domain owner/operator  

Tech City: Nobby Beach

Tech State/Province: Queensland

Tech Postal Code: QLD 4218

Tech Country: AU

Tech Phone: +45.36946676

Tech Phone Ext: 

Tech Fax: 

Tech Fax Ext: 

Tech Email: [email protected]

Name Server: anna.ns.cloudflare.com

Name Server: matt.ns.cloudflare.com

DNSSEC:Unsigned

 

 

-------------------

 

So someone registered this yesterday... someone hiding behind CF....  Doubt it's the token Indian in photo - well I'd hope not.. But considering the track record of some Indians we've seen in these parts, nothing surprises me.


----------



## Geek (Apr 29, 2015)

KMyers said:


> Hm, that was a post made in 2012. This makes no sense at all


A little off-topic, but an interesting theory as it relates to the old WHT post.... someone once told me years ago that in this industry, when a provider is doing perfectly fine selling their initial product line at a reasonable price, that launching even more of a "budget" service/sister service is really an indication that the provider is likely in financial trouble and trying to recoup their losses with the introduction of a "budget" line that anyone can afford.  I've never really come up with an answer to that question, even thinking about if from both sides, but I'm leaning more towards the "not entirely true" opinion on this.

My credit goes to those providers comforably offering affordable/smaller VPS packages from day one, are still going strong, yet can keep out the skids and resource-hoggers that can often accompany such a service (@KuJoe comes to mind).  Starting small and getting big over time -- that makes sense.  Starting big and suddenly going small... well, just doesn't seem quite as "aligned" to me, and it's always prevented me from using some of my owned hardware to launch a line of "if you don't know me very well, test the waters if you'd like, with a $10/yr 512MB or $20/yr 1GB package first" sort of thing.  I'm also old school, in that I don't believe in getting greedy by launching a product line that I'm not as familiar with when I'm busy enough now.  If for some reason I was unable to manage it along with my existing line, becoming part of the problem, to me, is akin to taking food from his kid's plate, and I just don't roll that way.

Anyone else have an opinion about this?  Agree?  No?


----------



## Geek (Apr 29, 2015)

drmike said:


> I care because I hate content theft folks.
> 
> This is even bad in GVH land this level of bullshit theft.
> 
> Mohamed Anwar or whatever fool is behind that should watch.   I guarantee that site is coming down.  Better go hide behind CF while you can bozo.


I think he's under the impression that he's well protected, but a few simple queries show otherwise.  If he's not smart enough to steal, he sure as shit can't wall himself out completely.  If he does, I'm sure somebody will be able to sniff him out.


----------



## drmike (Apr 29, 2015)

SaadIsmail said:


> Just found this: http://www.webhostingtalk.com/showthread.php?t=1216905


So someone caught the expired domain from Jonny GVH 

This is classic... I was over here confused about that domain... I get it now...

Time to hit the research


----------



## drmike (Apr 29, 2015)

So I haven't figured out which usual suspect is behind this stunt yet.
 
But, someone is picking up domains that are expired.  That's clear from the greenvaluenetworks domain they snagged yesterday.
 
Big deal? right?   So who is doing what? oh here's a start 
 
https://greenvaluenetworks.com/
 
you get this:



> For abuse issues related to the web0host.com domain, please email your complaint with any relevant logs to [email protected]



Web0host, use to be a host.  But it went sketch recently.


Domain Name: WEB0HOST.COM
Registry Domain ID: 1891217105_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2015-02-25T15:44:16Z
Creation Date: 2014-12-19T09:19:28Z
Registrar Registration Expiration Date: 2015-12-19T09:19:28Z


Someone picked it up 12-19-2014.

Then they ran over here and probably other places pretending to be said company - well in name:

http://master-land.net/Thread-30-LIFETIME-OFF-Reseller-Hosting-With-Free-WHMCS-Domain-Reseller-at-5-60

Web0host though isn't online.  When you go to their site you get:

https://web0host.com/


For abuse issues related to the web0host.com domain, please email your complaint with any relevant logs to [email protected]

Same message.  Same box I'll bet.  Same jabroni.


----------



## raindog308 (Apr 29, 2015)

Love the picture of him:

http://greenvaluenetworks.com/aboutus.html

Looks like it was taken in front of his dad's convenience store.


----------



## HalfEatenPie (Apr 29, 2015)

Honestly I'm not surprised at all.

GVH, as much as we hate it, has a pretty good "presence" marketing wise.  However their delivery was absolute crap.  I am not surprised someone tried to ride on the coat tails of their recent buyout and try and cash in on their online presence.

This guy's a cheapshot.


----------



## drmike (Apr 29, 2015)

Here we go.. I know who generally the fools are on this skit shit.
 
  
link: https://lowpricehosts.com/discussion/26/30-lifetime-off-reseller-hosting-with-free-cpanel-whm-whmcs-domain-reseller-at-5-60
 



> *iFiHost *
> 
> 
> *March 6*
> ...


Earlier we saw Web0Host is hosted on same box / setup as greenvaluenetworks.  And that Web0Host and greenvaluenetworks are both domain expired snags.

*Who is iFi Host?*

We can start with this bitching summary:
https://www.kattankudy.lk/about-us/



> www.iFiHost.com
> 
> www.ecaresl.com.lk
> www.host.com.lk
> ...



Mohamed Anwar isn't the owners name.

It is:

Mohamed Zarook Rikash (iFiHost)

 

You go trace this guy down on Facebook:

https://www.facebook.com/iFiHostInc/info?tab=page_owners

 







 

We can see this guy commenting on Xfuse / GVH deal right here:

http://webcache.googleusercontent.com/search?q=cache:xDZoeopKijYJ:secure.greenvaluehost.com/announcements.php%3Fid%3D36+&cd=8&hl=en&ct=clnk&gl=us

 

 

 

You go to ifihost.com which is host he owns since last year (probably another expired domain con job):

 






MS Rikas
 

Founder, CEO & President
 

Rikas founded the iFi Host, Inc. in January of 2014. He quickly moved up the ranks and familiarized himself with the operations, marketing, financials and overall strategy of the corporate.

 



Two spaces over you see him again, playing a second role in his imaginary company:

Mohamed Zarook

 

Chief Operating Officer

 

Zarook started as a ticket technician at iFi Host in Apr 2014 and fewer than five months later, started serving as the company's Chief Operating Officer. As COO, He is responsible for making very best level of service is delivered to every client.

These folks are associated with this sketchy site:

lowpricehosts.com

This is Bharat's buddy,  you know the cloud4india and related funnies:


----------



## drmike (Apr 29, 2015)

Ifihost is behind Cloudflare also....

* ifihost.com 107.190.143.148*

Now for the fun ...

*107.190.143.146    web0host.com  [brand this fool bought from himself probably]*

*107.190.143.146    greenvaluenetworks.com  [domain he expire registered, and ripped content from GVH]*

BUSTED LOSER!!!!


----------



## Francisco (Apr 29, 2015)

Honestly.

Given the shit we saw with the database leak/mass emailing, I wouldn't doubt if this guy was being supported by GVH. Remember the 'hackforums worker' guy? I got a pizza bet on that one being the same.

Francisco


----------



## drmike (Apr 29, 2015)

107.190.143.148 = HostDime is where these clowns are hosting.  HostDime Florida.


----------



## drmike (Apr 29, 2015)

Francisco said:


> Honestly.
> 
> 
> Given the shit we saw with the database leak/mass emailing, I wouldn't doubt if this guy was being supported by GVH. Remember the 'hackforums worker' guy? I got a pizza bet on that one being the same.


Nah this isn't the HF guy(s)... these are the PITA India / Sri Lanka sketch bunch.  

Jonny knows these folks from prior or at least their close sketch friend. 

There are so many of these companies throwing brands out like photocopies, ripping stuff, etc.


----------



## Rikas (Apr 29, 2015)

Hello Guys,

i'am rikas. GVN is not my company ok. that is owned by anwar. yesterday he purchased that domain in our system. so why all are kidding me.


----------



## Francisco (Apr 29, 2015)

drmike said:


> Nah this isn't the HF guy(s)... these are the PITA India / Sri Lanka sketch bunch.
> 
> Jonny knows these folks from prior or at least their close sketch friend.
> 
> There are so many of these companies throwing brands out like photocopies, ripping stuff, etc.


Misquoted, not the same guy, but more 'same drama'.

But, guess I owe another pizza 

Francisco


----------



## XFS_Duke (Apr 29, 2015)

Rikas,

Are you sure about that? How about you tell Anwar to stop stealing peoples design and stop trying to make something off of a name that's already shit. Being fake on a "business" is worthless.

Curious though, if this isn't yours, why is it hosted on the same IP as some of your sites?

Tell Anwar to get on here and defend himself.


----------



## drmike (Apr 29, 2015)

Francisco said:


> Misquoted, not the same guy, but more 'same drama'.
> 
> 
> But, guess I owe another pizza


You never owe pizza.... You being you is enough of a treat.



Rikas said:


> Hello Guys,
> 
> i'am rikas. GVN is not my company ok. that is owned by anwar. yesterday he purchased that domain in our system. so why all are kidding me.


Anwar, who is Anwar?  I'd look but your site seems down.


----------



## drmike (Apr 29, 2015)

XFS_Duke said:


> Rikas,
> 
> Are you sure about that? How about you tell Anwar to stop stealing peoples design and stop trying to make something off of a name that's already shit. Being fake on a "business" is worthless.
> 
> Curious though, if this isn't yours, why is it hosted on the same IP as some of your sites?


Let's be clear about the IP issue:

*107.190.143.146    web0host.com  [brand this fool bought from himself probably]*

*107.190.143.146    greenvaluenetworks.com  [domain he expire registered, and ripped content from GVH]*

*= same IP.   Both are domains snagged after expiration for intent purpose of utilizing inbound and name to pretend to be said companies.  Web0host.com is OWNED by Rikas' company *ifihost.com *as described in my earlier posts --- said he bought it on another forum in March.*


----------



## drmike (Apr 29, 2015)

It's not just you! http://greenvaluenetworks.com looks down from here.

*That's progress.*


----------



## Rikas (Apr 30, 2015)

Yes. I tolled with anwar he just removed all contents.

some bad guys ddos on our node. so main sites down.

anwar purchased a vps in our company. that's all.


----------



## drmike (Apr 30, 2015)

That's a shame.  Bad clients cause drama like that.  I'll let that slide and won't give you a hard time.

I thought you guys have DDoS protection?  Advertised on your site....  Which provider is failing to protect this time? HostDime?


----------



## Rikas (Apr 30, 2015)

Hey. we have only standard anti ddos protection. not advanced. we never say lie.

now we got heavy ddos.


----------



## drmike (Apr 30, 2015)

Rikas said:


> Hey. we have only standard anti ddos protection. not advanced. we never say lie.
> 
> now we got heavy ddos.


Where do they (HostDime) offer standard anti DDoS protection? They don't.  This is CloudLinux + Cloudflare + lots of prayer candles.

Your site says:

"Standard DDoS Protection & Cloudflare"

Later in page it says:

 


> Anti DDoS Available
> Our All SSD Based *High Quality Hosting* plans comes with Anti DDoS Without No Extra Cost. It's Powered By *CloudLinux* & *CloudFlare*



Unsure about this anti DDoS approach.  Seems like it doesn't work.  CF has things not working and HostDime probably spat out nulls.   This isn't DDoS protection it's grossly ignoring what protection is and selling vapor to customers.

Clearly the CF protecting the IP from being known is also no longer useful either.


----------



## drmike (Apr 30, 2015)

and forgive my inquiry.... But ifihost.com website says this:
 



> CHEAP AND BEST HOSTING SERVICESSINCE 2014
> 
> 
> 
> Since our cheap and best pure ssd web hosting services in 2014 January 23,


 
 
But down the page on the footer it has this:
"


Our 
Awards"
2 graphics over it has this circle for an award, and in there is the year: *2012*

Folks at home can see this:

http://webcache.googleusercontent.com/search?q=cache:qWR07i-FQFoJ:https://ifihost.com/+&cd=1&hl=en&ct=clnk&gl=us

No lying ehh?  Your marketing guy is just sloppy.  I know.


----------



## Rikas (Apr 30, 2015)

that is newly designed template. so we are working to change it. that is sample image


----------



## Rikas (Apr 30, 2015)

Have a Good News guys,

we are going to suspend anwar's (greenvaluenetworks) because we don't need bad records. before we never get bad records right now. so we do this action.


----------



## drmike (Apr 30, 2015)

Rikas said:


> Have a Good News guys,
> 
> we are going to suspend anwar's (greenvaluenetworks) because we don't need bad records. before we never get bad records right now. so we do this action.


That's proper action before HostDime perma-smacks or boots you out.  Obviously they want to sell real filtering instead of eating bad packets, fielding outright theft charges, etc.



Rikas said:


> that is newly designed template. so we are working to change it. that is sample image


I can't disprove that right now... well played.

Ask Anwar to make contact with GVH over here: https://portal.gvhclientarea.com/submitticket.php?step=2&deptid=2

I am sure Jonny GVH will pay for his sloppy non renewal fail... and the domain sale / hand over should prevent a stunt like this again and calm things.

We give second chances around here.


----------



## Rikas (Apr 30, 2015)

Anwar said he also submit a support ticket.


----------



## drmike (Apr 30, 2015)

Meanwhile in Windham, New Hampshire, in the Live Free or Die State:


----------



## Geek (Apr 30, 2015)

drmike said:


> and forgive my inquiry.... But ifihost.com website says this:
> 
> 
> But down the page on the footer it has this:
> ...


I the cached page was all chopped up, and I couldn't see the 2012.  Try it from this angle.

It sure looks like 2012 to me...


When they say "free website transfer" ... they forgot to add a few details...


----------



## Rikas (Apr 30, 2015)

Hello,

Have a good news for all friends.

greenvaluenetworks.com deleted by us. because we never make dispute with our hosting friends.


----------



## drmike (Apr 30, 2015)

and now the greenvaluenetworks.com domain is unregistered 

 

*whois greenvaluenetworks.com*

 

Whois Server Version 2.0

 

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.

 

*No match for "GREENVALUENETWORKS.COM".*

 

----------------------------

 

Confirmed!  This will conclude tonight's entertainment.  I am glad this could be resolved without further implications.


----------



## drmike (Apr 30, 2015)

and confirmed that GVH is in possession of the domain now:


```
Domain Name: GREENVALUENETWORKS.COM
Registry Domain ID: 1924621393_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2015-04-30T06:12:47Z
Creation Date: 2015-04-30T06:12:47Z
Registrar Registration Expiration Date: 2016-04-30T06:12:47Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID: 
Registrant Name: Jonathan Nguyen
Registrant Organization: 
Registrant Street: 6 Copps Hill Rd
Registrant City: Windham
Registrant State/Province: New Hampshire
Registrant Postal Code: 03087
Registrant Country: United States
Registrant Phone: +1.6033392886
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: [email protected]
---- snip ---
```


----------



## Rikas (Apr 30, 2015)

jon you need to thank me. but my true friends never say thanks.


----------



## drmike (Apr 30, 2015)

@Rikas, thanks for resolving this.  I thank you since Jonny can't, as he's banned from vpsBoard.

Little shoutout to vpsBoard:


----------



## Rikas (Apr 30, 2015)

so. we are friends mike.


----------



## drmike (Apr 30, 2015)

Rikas said:


> so. we are friends mike.


Yeah, we hope to see more of you around here and get that website edited   I hate seeing deceptive things.  You like every business has legitimate advantages or angles.  Don't lie to customers or ride the slippery slope.  It's not marketing and in many countries you could be held liable for fraud.

At the end of the day I want honest companies.  Good for legitimate competition, good for customers.


----------



## Rikas (Apr 30, 2015)

yes. that's good.


----------

