# Buffalo Shill Shell Companies



## drmike

(parts redacted to help protect the legitimate brand!)

It appears we have another Buffalo shell company that looks dirtier than most.

There have been some mentions here and there of crazy annual pricing from name-ripoff m!n!vps.us.  Something like $4 annual OpenVZ horror. 

A cursory whois view of m!n!vps.us:



> Domain Name:                                 M!N!VPS.US
> Domain ID:                                   D44538712-US
> Sponsoring Registrar:                        ENOM, INC.
> Sponsoring Registrar IANA ID:                48
> Registrar URL (registration services):       whois.enom.com
> Domain Status:                               clientTransferProhibited
> Variant:                                     M!N!VPS.US
> Registrant ID:                               2FD2D4B3677D0BC8
> Registrant Name:                             Anthony Colao
> Registrant Address1:                         300 corporate parkway
> Registrant Address2:                         suite 116n
> Registrant City:                             niagara falls
> Registrant State/Province:                   NY
> Registrant Postal Code:                      14226
> Registrant Country:                          United States
> Registrant Country Code:                     US
> Registrant Phone Number:                     +1.5794345
> Registrant Email:                            [email protected]


To note:

1.    Anthony Colao = ??? unfound big picture.

2.  300 corporate parkway, suite 116n, niagra falls, ny 14226

     --> 14226 zipcode is Amherst (outside of Buffalo city)

How does someone get city name wrong on domain???

3.  2houndscom  --- > who are they?



> Selected Entity Name: TWO HOUNDS, LLC
> 
> Selected Entity Status Information Current Entity Name: TWO HOUNDS, LLC DOS ID #: 4490540 Initial DOS Filing Date: NOVEMBER 21, 2013 County: ERIE Jurisdiction: NEW YORK Entity Type: DOMESTIC LIMITED LIABILITY COMPANY Current Entity Status: ACTIVE
> Selected Entity Address Information DOS Process (Address to which DOS will mail process if accepted on behalf of the entity) TWO HOUNDS, LLC
> 300 CORPORATE PARKWAY
> SUITE 116N
> AMHERST, NEW YORK, 14226



Dead end?

300 Corporate Parkway in Amherst is a private business park road off of Maple... The address is likely a Regis desk rental / maildrop box setup. Maple is parallel to ... Sheridan, that's ColoCrossing's road.  ColoCrossing's office is ~ 6 miles away, while Fabozzi's home office is ~ 5 miles away.

------------------------------------------------------------------------------------------

So a view of m!n!vps.us website, at the very bottom:

Partners

TinyCloud

*ColoMart*
DollarVPS

TinyCloud = same company/owners.  The domain has private WhoIs info... but the name server info links it up:



> Name Server: NS1.2HOUNDS.NET
> Name Server: NS2.2HOUNDS.NET


DollarVPS = same company/owners - but discloses another name, from the whois info:



> Registry Registrant ID:
> Registrant Name: ANTHONY COLAO
> Registrant Organization:
> Registrant Street: 256 3RD ST
> Registrant City: NIAGARA FALLS
> Registrant State/Province: NY
> Registrant Postal Code: 14304
> Registrant Country: US
> Registrant Phone: +1.5794345
> Registrant Phone Ext:
> Registrant Fax: +1.5555555555
> Registrant Fax Ext:
> Registrant Email: [email protected]



Tying these loose ends together some more ---> M!n!VPS.us and TinyCloud.net use the very same icon:




> http://minivps.us/favicon.ico
> https://www.tinycloud.net/favicon.ico



*SO WHAT IS LEFT OVER????*

One "partner", colomart.net, which is second in that 3 partner stack. A whois on colomart.net:



> Domain Name: COLOMART.NET
> Registrar URL: http://www.godaddy.com
> *Registrant Name: Chris Fabozzi*
> Registrant Organization:
> Name Server: NS21.DOMAINCONTROL.COM
> Name Server: NS22.DOMAINCONTROL.COM


Colomart.net is suddenly offline (it was online earlier)...  What you should know about Colomart.net is

1. There don't appear to be offers out there from them.

2. Their ordering system didn't work earlier (i.e. not functioning to take orders)

3. Their website had been updated very recently to reflect that new Atom server CC is all hot for...

4. Colomart.net was part of the AzzaVPS/AzzaVPS deal with Fabozzi.  Google: http://www.google.com/search?hl=en&source=hp&q=azzavps+fabozzi

Screen of the homepage:

https://web.archive.org/web/20140517035226/http://colomart.net/#

Here's the thing, M!n!VPS.us and that partner list isn't some old lingering artifact of the past.  M!n!vps.us was registered RECENTLY:

*Domain Registration Date:                    Sat Mar 15 14:44:08 GMT 2014*

Smells like we have more CC puppet companies going on.


----------



## drmike

Have to love the spamming, SEO, hacker fringe to M!n!VPS.us mess:

http://pastebin.com/XKciJJYc



> ...
> 
> Hacker Friendly
> 
> Seeder Friendly
> 
> Adult Friendly


Another elsewhere:



> .. $3.95/year mini vps. very minimal TOS, thousands of ip's avaliable.


and....



> I am new to ... just registered actually. We are looking for some skilled people to help us advertise our site.


----------



## DomainBop

> 1.    Anthony Colao = ??? unfound big picture.


Mid 50's restaurant owner.  Probably a friend of Daddyfabozo who was convinced to invest in this low end conglomerate.



> DollarVPS = same company/owners


The WHOIS lists Calao as the owner but the TOS lists "Data Access Group" as the owner (the copyright notice on the pages also lists Data Access Group and is linked to dataaccessgroup.com).

Enter the former COO of Data Access Group and current CTO of a trucking company in Niagara Falls...



> Domain Name: DATAACCESSGROUP.COM
> Registry Domain ID: 1691794071_DOMAIN_COM-VRSN
> 
> 
> Registrar WHOIS Server: whois.enom.com
> 
> 
> Registrar URL: www.enom.com
> 
> 
> Updated Date: 2013-12-10 07:57:50Z
> 
> 
> Creation Date: 2011-12-12 22:16:00Z
> 
> 
> Registrar Registration Expiration Date: 2014-12-12 22:16:26Z
> 
> 
> Registrar: ENOM, INC.
> 
> 
> Registrar IANA ID: 48
> 
> 
> Registrar Abuse Contact Email:
> 
> 
> Registrar Abuse Contact Phone: +1.4252744500
> 
> 
> Reseller: NAMECHEAP.COM
> 
> 
> Domain Status: clientTransferProhibited
> 
> 
> Registry Registrant ID:
> 
> 
> Registrant Name: JASON ZORNEK
> 
> 
> Registrant Organization: DATA ACCESS GROUP
> 
> 
> Registrant Street: 471 77TH ST
> 
> 
> Registrant City: NIAGARA FALLS
> 
> 
> Registrant State/Province: NY
> 
> 
> Registrant Postal Code: 14304
> 
> 
> Registrant Country: US
> 
> 
> Registrant Phone: +1.7165252912
> 
> 
> Registrant Phone Ext:
> 
> 
> Registrant Fax: +1.5555555555
> 
> 
> Registrant Fax Ext:
> 
> 
> Registrant Email:




Dr Mike said:



> Colomart.net is suddenly offline (it was online earlier).


suddenly as in Skylar posted that Fabozo was the owner of Colomart on WHT and the site was pulled down within the hour...google cache is your friend.



> There have been some mentions here and there of crazy annual pricing from name-ripoff minivps.us.


Offers and mentions of the site posted on various places like ComputerShopper and LowEndTalk (posted on May 14th and then deleted by moderators.  google cache copy


----------



## drmike

Oh boy...

DATAACCESSGROUP.COM, that's a real interesting one...  I left it and the Jason fellow out....  So here we go...

 



> jason zornek
> COO at Data Access Group Services
> 
> *Gainesville, Florida * (Gainesville, Florida Area) Computer Networking
> 
> 0 Connections
> 
> (from LinkedIn)


Now Jason Zornek does or supposedly did exist in Niagra Falls:



> Jason Zornek 1998 graduate of Niagara Falls High School in Niagara Falls, NY


That makes him roughly 33 years of age.

DATAACCESSGROUP.COM has undergone some revisions.

2013/06/01 snapshot shows on the homepage:



> Location
> 
> Country:USA
> City:Buffalo
> State:New York
> Phone716) 555-5555


Current Google Cache of dataacessgroup.com shows some weird DIY sounding hosting and odd mis-terms:

http://webcache.googleusercontent.com/search?q=cache:AAbx4VvIvyoJ:http://dataaccessgroup.com/index.php%2B%22dataaccessgroup.com%22&hl=en&gbv=2&&ct=clnk

Standard
hosting


*Intel i5 4x 3.4ghz*

200 GB Disk Space
8 GB DDR3 Memory
24/7 Support
*100m Data Link*
Unlimited Transfer
Free Basic Support
$39/mo

and the site contained filler data:



> Recent blog posts
> 
> 
> 
> 
> 
> 
> Lorem Ipsum dummy _March 01, 2013
> No Comments_
> 
> 
> 
> 
> 
> There are variations _March 01, 2013
> No Comments_
> 
> 
> 
> 
> 
> Slightly to believable _March 01, 2013
> No Comments_


On that it lists another number:

772-579-7751

Which comes back as a Verizon Wireless numbers in Deerfield Beach, Florida.  That's just south of Boca Raton, which may have been front and center a while back with a funding amount filing to ColoCrossing parent company.   Interesting overlapping geography. To the south 8 miles of Deerfield Beach is Pompano Beach, where the infamous  Velocity 1 is docked.   This is Biloh stomping grounds.

Unsure what the fark is going on with Zornek and these offers, but I smell a friend/front man/whatever...  These folks have a history of putting people in "charge" of companies and having them ghost operate such as a front to insulate them from the beatdown.

As-is m!n!vps.us and other related entities have gone and masked themselves with mail drops,  private WHOIS, etc.  There is no disclosure externally that they are related, even though I showed they clearly are one in the same.   This is very much the same skit as the ServerMania/N3/Chris N. crew was running last year.


----------



## MannDude

Just for reference and to make things clear, this should *not* be confused with MiniVPS.co.uk, which is @MartinD 's company, and was established and running well before minivps.us

Just thought I should point that out so there is no confusion and to also put this into perspective.


----------



## Nett

+1.5794345

Yeah. Funny phone number.


----------



## drmike

+1.5794345

Well someone forgot their area code 

*716*

http://www.google.com/search?hl=en&source=hp&q=716-579-4345

3rd result =



> Tinycloud - Internet Cafe | Facebook
> https://www.facebook.com/tinycloud333?filter=1
> ‎
> 
> 
> 
> 
> Tinycloud. 2 likes. Internet Cafe · 300 corporate parkway, Amherst, New York 14226(*716) 579-4345*. About · Photos · 2. Likes. Posts by Page. Highlights · Posts  .



9th result =



> User reviews of zornek.com - SiteTrail
> www.sitetrail.com/zornek.com
> ‎
> 
> 
> 
> 
> Registrant Phone: *716-579-4345*. Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: Registry Admin ID: Admin Name: Zornek, Jason


... which is funny.. because... that number was on WHOIS for minivps.us, but comes back for Tinycloud....  a company that has PRIVATE WHOIS INFO....

Their garbage ass website, contact page lacks any numbers.  Just lists the office location maildrop.

https://www.tinycloud.net/index.php/contact/

GIGANTIC TIP to everyone... Don't buy from hosts or support companies that lack a phone number.  Don't buy from companies that can't say anything about who or what they are.  This hosting group fails on both points in an ugly way.


----------



## Nett

drmike said:


> GIGANTIC TIP to everyone... Don't buy from hosts or support companies that lack a phone number.  Don't buy from companies that can't say anything about who or what they are.  This hosting group fails on both points in an ugly way.


And also call the number first to make sure it's not a dead number or voicemail box.


----------



## MartinD

MannDude said:


> Just for reference and to make things clear, this should *not* be confused with MiniVPS.co.uk, which is @MartinD 's company, and was established and running well before minivps.us
> 
> Just thought I should point that out so there is no confusion and to also put this into perspective.


I was gonna say... in my capacity as a Joe-Bloggs user (and not admin) can we please stop typing in 'mini v p s' please? It only needs mentioned once... all we're doing here is giving credence to the rip off name and they'll start coming up in searches for us... 2 + 2 will be added and yeah, shit happens. Ta


----------



## drmike

I only glanced at the low end, but saw there were issues with some ad they ran over there....  there are other offers/posts in places that have been pulled for this shady ripoff of a company.

Like usual, I think this is just the meat of the matter and there is more lurking, perhaps more related shell companies.

There are more odd things with this company and their locations.  A slew of them including two non CC locations (for a change).  This dumbfounds me, as to how a faint dot of a company can be out there in like oh 8~ datacenter locations offering services as per one of their websites.   That doesn't financially add up.


----------



## Hxxx

So @drmike ,what is the issue exactly? !>.>


----------



## DomainBop

hrr1963 said:


> So @drmike ,what is the issue exactly? !>.>



The main issue I see is that 2 of the domains have "funny phone numbers" and ICANN doesn't like that shit (as proven by their suspension of the ugvps and digthemine domain names last year for invalid contact info).



> 300 Corporate Parkway



Perfect location! See the building site plan on page 3 of this brochure.  They're building a daycare center there!


----------



## Nett

Daycare datacenters are the best 

99.9% downtime SLA and N+1 heating.


----------



## Virtovo

You're like a dog for this stuff.  Do you actively scan providers or just get a sense when something isn't right?


----------



## jarland

I have a response, but I felt I needed a visual aid to express it accurately.


https://i.chzbgr.com/maxW500/3544281600/h52E6A770/


----------



## drmike

Virtovo said:


> You're like a dog for this stuff.  Do you actively scan providers or just get a sense when something isn't right?


Both.  I am trying to write automated agents to do some of the "scanning" and storing of masses of data for later analysis.  Slow going there.

In this case, I saw $4 a year and that's a clue something is wrong.  So I looked at the WHOIS info and what datacenter the offer was in, IP relationships, etc.

If something smells way wrong, like this did, yeah I go looking.   Sometimes people have legit info or seemingly.   I usually cross check the initial street address info and if it is a maildrop I recognize or in proximity to some things, I continue.

This matter went way wrong at each step and on a field trip from Niagra Falls to Amherst to Tallahassee to South Florida...

and... there is more...


----------



## drmike

So this is from roughly January 10th, 2013, and is taken from a hacking forum called engimagroup.org.

The post is by an administrator of that forum by the name of psychomarine.

Source: http://www.enigmagroup.org/forums/general-hacking/hacking-safety/5/



> *psychomarine*
> Administrator
> Veteran
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> Instant Messenger
> 
> 
> 
> Online
> 
> Posts: 1457
> 
> Respect: +1337
> 
> 
> 
> 
> 
> 
> 
> The Creator, Owner
> 
> 
> 
> 
> 
> 
> 
> Re: hacking safety
> 
> « *Reply #6 on:* January 10, 2013, 09:59:47 PM »
> 
> 0
> 
> I no longer control *dollarvps.com*
> 
> *I was released of my duties, because they couldnt afford to pay me to run it, nor the server connection.   So they say.
> 
> After it was "sold" to another person,  all hell went wrong.*
> 
> 
> 
> for the record, I do not recommend dollarvps.  it is the same owner.  they lied to me.
> *The owner,  jason,  brought his friend in, and let him work off his debt,  so he didnt actually have to pay cash out.*
> 
> hes greedy, and a liar.   If you buy from dollarvps, then I cannot protect you any longer.  If they scam you or ignore your support tickets,  youre on your own.
> 
> 
> thank you.


DollarVPS.com is one of the m!n!vps.us related companies (refer to my initial post).

This working off of debt and sketchy sale, this sounds identical to the UGVPS strange dealing...


----------



## drmike

and... oddly... www.enigmagroup.org bears currently an ad on their homepage for tinycloud.net, a brand that is related to DollarVPS/owned by the same people.

In the site HTML code for engima:

 http://content.enigmagroup.org/clients/tinycloud.swf

The ad is for a $6 a year 128MB VPS from TinyCloud in the Buffalo DC.


----------



## drmike

Well looks like minivps.us has been *rm -rf 'd*.  It had been offline for days, but now a notice message:



> We are performing server maintenance, please check back with us at a later time.


Over on LET one customer isn't very happy 



> harry77 Member
> 
> 5:40PM
> 
> 
> 
> 
> 
> 
> 
> @
> 
> CVPS_Chris
> 
> said: harry77 I am not affiliated with that website. Sorry I can't help, not sure why you think that is a brand I own .
> 
> 
> 
> Hey thief and lier. this is the ip of my minivps.us http://whois.domaintools.com/23.95.0.68
> 
> isn't this yours? you are just fucking lier and thief, nothing else. never think to be the smarter. I bought a vps 1 week ago paid yearly, I tell you here in front of everybody if don't give back my money, I'll go to the lawyer and I fuck you up.
> 
> If it's not owned by you tell me what is this fucking lier


----------



## DomainBop

drmike said:


> Well looks like minivps.us has been *rm -rf 'd*.  It had been offline for days, but now a notice message:
> 
> Over on LET one customer isn't very happy


Mini vps us  A records changed from Fabozo IPs to OVH/BHS IP

dig minivps.us


; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> minivps.us


;; global options: +cmd


;; Got answer:


;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42931


;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0


;; QUESTION SECTION:


;minivps.us.            IN    A


;; ANSWER SECTION:


minivps.us.        300    IN    A    198.27.115.228


;; AUTHORITY SECTION:


minivps.us.        155623    IN    NS    ns-1380.awsdns-44.org.


minivps.us.        155623    IN    NS    ns-1617.awsdns-10.co.uk.


minivps.us.        155623    IN    NS    ns-417.awsdns-52.com.


minivps.us.        155623    IN    NS    ns-702.awsdns-23.net.

It's sibling dollarvps.com is still hosted by Fabozo

dig dollarvps.com


; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> dollarvps.com


;; global options: +cmd


;; Got answer:


;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10435


;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0


;; QUESTION SECTION:


;dollarvps.com.            IN    A


;; ANSWER SECTION:


dollarvps.com.        300    IN    A    198.23.136.11


;; AUTHORITY SECTION:


dollarvps.com.        300    IN    NS    ns-1460.awsdns-54.org.


dollarvps.com.        300    IN    NS    ns-1833.awsdns-37.co.uk.


dollarvps.com.        300    IN    NS    ns-185.awsdns-23.com.


dollarvps.com.        300    IN    NS    ns-583.awsdns-08.net.


----------



## DomainBop

DomainBop said:


> Mini vps us  A records changed from Fabozo IPs to OVH/BHS IP
> 
> dig minivps.us
> 
> 
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> minivps.us
> 
> 
> ;; global options: +cmd
> 
> 
> ;; Got answer:
> 
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 42931
> 
> 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
> 
> 
> ;; QUESTION SECTION:
> 
> 
> ;minivps.us.            IN    A
> 
> 
> ;; ANSWER SECTION:
> 
> 
> minivps.us.        300    IN    A    198.27.115.228
> 
> 
> ;; AUTHORITY SECTION:
> 
> 
> minivps.us.        155623    IN    NS    ns-1380.awsdns-44.org.
> 
> 
> minivps.us.        155623    IN    NS    ns-1617.awsdns-10.co.uk.
> 
> 
> minivps.us.        155623    IN    NS    ns-417.awsdns-52.com.
> 
> 
> minivps.us.        155623    IN    NS    ns-702.awsdns-23.net.
> 
> It's sibling dollarvps.com is still hosted by Fabozo
> 
> dig dollarvps.com
> 
> 
> ; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> dollarvps.com
> 
> 
> ;; global options: +cmd
> 
> 
> ;; Got answer:
> 
> 
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10435
> 
> 
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 0
> 
> 
> ;; QUESTION SECTION:
> 
> 
> ;dollarvps.com.            IN    A
> 
> 
> ;; ANSWER SECTION:
> 
> 
> dollarvps.com.        300    IN    A    198.23.136.11
> 
> 
> ;; AUTHORITY SECTION:
> 
> 
> dollarvps.com.        300    IN    NS    ns-1460.awsdns-54.org.
> 
> 
> dollarvps.com.        300    IN    NS    ns-1833.awsdns-37.co.uk.
> 
> 
> dollarvps.com.        300    IN    NS    ns-185.awsdns-23.com.
> 
> 
> dollarvps.com.        300    IN    NS    ns-583.awsdns-08.net.


..and after a brief journey to OVH IP space the mini v p s u s site has returned on Fabozo IP space

http://bgp.he.net/ip/198.46.135.230#_whois



Code:


New Wave NetConnect, LLC CC-198-46-135-224-28 (NET-198-46-135-224-1) 198.46.135.224 - 198.46.135.239
ColoCrossing CC-13 (NET-198-46-128-0-1) 198.46.128.0 - 198.46.255.255


----------

