Tracking  the  Spammers
DanHatesSpam.com® – Dedicated to Cleaning Up the Internet

 



















Secretary of State Websites





 

 

How to Track a Spammer

Sometimes it’s easy, sometimes it’s difficult.  Often, you’ll see that the domain names are registered in Hong Kong or someplace else that’s, practically speaking, unreachable.  But not always.

The keys to tracking a spammer – at least the ones in the U.S. – are:
1) The spammer’s own website.  Sometimes they actually give contact information that’s legitimate.
2) The WhoIs lookup function on the domain registrars’ websites.
3) The store locator website for The UPS Store (formerly Mailboxes Etc.) – Lots of spammers register their business addresses at Commercial Mail Receiving Agencies.  In California, at least, anyone who takes out a private mailbox de facto agrees that the operator of that mailbox is the Agent for Service of Process (Business and Professions Code Section 17538.5).  (As an aside – and I haven’t tested this – Florida Title VI Civil Practice and Procedure 48.181, paragraph 1, says that anyone who tries to conceal their whereabouts constitutes an appointment of the Secretary of State for service of process. So, I wonder if registering your business at a UPS Store mailbox qualifies as trying to conceal… )
4) The Secretary of State websites.  Very useful information.  Click here for my list of all 50.
5)
The registrars themselves!  Don't you hate it when spammers use private registration services to hide their true identity when registering domain names that they use to send spam?  It's a violation of federal law to do this, 18 U.S.C. § 1037(a)(4), but then again, since when have spammers been interested in following the law?  I recently learned that under the registrars' agreement with ICANN, if you present the registrar with proof of "actionable harm" (i.e., if your state laws allow for damages for false and deceptive spam), then the registrar has to provide the REAL identity of the spammer, otherwise the registrar itself becomes liable!  Click here for a sample letter to the registrar Demand Media (better known as eNom and Bulk Register) that was successful... the registrar gave me the spammer's real identity.

I use all of these tools together to track them down.  Following are a few examples, as well as tricks that alleged spammers use to hide their websites, and then some advanced techniques for tracing IP addresses.  Note, I say “alleged” on this page because to the best of my knowledge, no one has proven in Court that these parties are spammers, or hire spammers, or enable spammers to sign up as affiliates, and then obtained a judgment against them.


Example 1

This is the easiest kind of spam to trace – when the alleged spammer actually tells who they are.  Just as an aside, the resume-blast spammers really piss me off because they scrape email addresses from Hotjobs, Monster, etc., which is an explicit violation of those websites’ terms of service.
 

Here’s the spam from WSACorp, as it appears in the inbox.

Don’t worry, I’ve disabled the links.

Note that a visit to the Kansas Secretary of State’s website confirms that address, but more on that later.

From: AHanson@WSACorp.com                                                Sent: Tue 6/3/2003 12:49 PM
To: [REDACTED]
Cc:
Subject: Your Resume Submittal?

Dear Job Seeker,

I saw your resume online and felt that my firm, WSACorp, might be able to help you. I know how difficult this market can be for a professional at your level. Recently, WSACorp helped place a couple of people whose results I thought might be of interest to you.

Dennis was a general manager, downsized from his company during consolidation. He wanted to stay in Colorado or Utah, but preferred not to be in Denver or Salt Lake City. He selected WSACorp to write his resume and produce a targeted mailing to 3,000 companies. Within 2 weeks, he accepted a position at a 40% increase with a company in Logan, Utah. You can see his resume by visiting WSACorp.com.

Jayne was a consultant with a sales and marketing background earning $175K. WSACorp mailed 3,800 letters. She had 20+ calls and accepted a $300K package offer from a major US corporation. You can see her resume by visiting WSACorp.com.

These are only 2 examples of our recent success, but you can see many more by visiting our Website at www.wsacorp.com.

If you wish to accelerate your job search, perhaps you should take advantage of WSACorp's offer to provide you a NO OBLIGATION resume critique and market evaluation. We have been writing resumes since 1976, and we are in-tune with the current market conditions. Don't delay. This time of year generally provides a bubble of hiring that you do not want to miss. To quote Dennis, "I wish I had started doing this 20 years ago."

Give me a call or send me an email, and I will be happy to set a time to have you visit with one of our Senior Advisors for your free resume critique.

Sincerely,
Anna Hanson, Scheduling Coordinator
WSA Corporation
11933 Johnson Drive, Shawnee, KS 66216
Toll Free Phone: 1-800-972-2677 (913-631-3800)
Toll Free Fax: 1-877-972-3294 (913-631-9898)
www.wsacorp.com

 

 


Example 2

Sometimes it’s not quite as obvious, especially in graphical spams that come from gibberish email addresses, or at any rate email addresses that do NOT match the merchant or even the sender.  Then you need to look at the HTML source code and/or the message headers to see what the links/domains really are.
 

Here’s the spam as it appears in the inbox.

Don’t worry, I’ve disabled the links.

Note the long text at the bottom beginning with “You are receiving…”.  If this were a legitimate email, that text would have been sent AS text.  What spammers are doing now is sending the text as a graphical image.  That way, a text-based filter that would have automatically trashed any email with text like “you have opted-in to receive” won’t work.

From: randyu10d@email.com.cn                                     Sent: Fri 5/2/2003 6:21 PM
To: Undisclosed.Recipients@oracle.icm.co.kr
Cc:
Subject: print cartridges, 8o% off today.    e


 


Next, I look at the email headers.  Sometimes they’re revealing.  But here, as you can see, it’s from a nonsense email address that doesn’t immediately tell you who the sender or the beneficiary of the spam actually are.

“.cn” means China, incidentally.  You could create a filter in Outlook that automatically trashes any email with a .cn in it and you’d be pretty safe.


X-Apparently-To: [REDACTED] via 66.218.79.74; 04 May 2003 09:27:32 -0700 (PDT)
X-YahooFilteredBulk: 61.82.164.54
Return-Path: <randyu10d@email.com.cn>
Received: from 61.82.164.54  (EHLO oracle.icm.co.kr) (61.82.164.54)
  by mta121.mail.scd.yahoo.com with SMTP; 04 May 2003 09:27:31 -0700 (PDT)
Received: from www.email.com.cn ([61.82.164.173])
          by oracle.icm.co.kr (8.11.6/8.11.6) with ESMTP id h4327W402643;
          Sat, 3 May 2003 11:07:37 +0900
Message-ID: <0000111b31c8$000048a2$000041a2@www.email.com.cn>
To: <Undisclosed.Recipients@oracle.icm.co.kr>
From: randyu10d@email.com.cn
Subject: print cartridges, 8o% off today.    e
Date: Fri, 02 May 2003 18:21:15 01700
MIME-Version: 1.0
Content-Type: text/html;
          charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: AOL 5.0 for Windows sub 138
Sensitivity: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
 
 


Next, look at the html source code.  There has to be a link in here… look for whatever follows “<A HREF=”.  That indicates where the link points… i.e., the spammer’s website.  Note that you’ll sometimes see “<IMG SRC=”.  That indicates the server for the images (see next example), which may or may not be the same… particularly in the case of affiliate programs.

Anyway, in this simple case, Ignore everything after the .com… the destination website is www.34bolohouse.com.

But alleged spammers are doing tricky things these days to disguise the website identification… see “Spammer Tricks” towards the end of this page.


<HTML>
<div align="center">
  <TABLE WIDTH=450 BORDER=0 CELLPADDING=0 CELLSPACING=0><!-- u vmiwca zeavss dfwxy-->
    <TR>
    <TD> <A HREF="http://www.34bolohouse.com/r17.html"> <IMG SRC="http://www.34bolohouse.com/images/1.gif" WIDTH=290 HEIGHT=50 BORDER=0></A><!-- v gymqq ouftj zcu--></TD>
    <TD ROWSPAN=4> <A HREF="http://www.34bolohouse.com/r17.html"> <IMG SRC="http://www.34bolohouse.com/images/2.gif" WIDTH=118 HEIGHT=183 BORDER=0></A><!-- k zojjdsad mtdonwep ptboo--></TD>
    <TD ROWSPAN=4> <A HREF="http://www.34bolohouse.com/r17.html"> <IMG SRC="http://www.34bolohouse.com/images/3.gif" WIDTH=42 HEIGHT=183 BORDER=0></A><!-- l spwgbx vrb--></TD>
    </TR>
    <TR>
    <TD> <A HREF="http://www.34bolohouse.com/r17.html"><!-- x evtfqaql bxifgs--> <IMG SRC="http://www.34bolohouse.com/images/4.gif" WIDTH=290 HEIGHT=51 BORDER=0></A></TD>
    </TR>
    <TR><!-- g wjtvl gekjm wwun-->
    <TD> <A HREF="http://www.34bolohouse.com/r17.html"> <IMG SRC="http://www.34bolohouse.com/images/5.gif" WIDTH=290 HEIGHT=51 BORDER=0></A></TD><!-- y imauafemi pwhiwyqk-->
    </TR>
    <TR>
    <TD> <A HREF="http://www.34bolohouse.com/r17.html"> <IMG SRC="http://www.34bolohouse.com/images/6.gif" WIDTH=290 HEIGHT=31 BORDER=0><!-- o kzzdjo--></A></TD>
    </TR>
    <TR>
    <TD COLSPAN=3><!-- c sazmkct xzahiph zot--> <A HREF="http://www.34bolohouse.com/r17.html"> <IMG SRC="http://www.34bolohouse.com/images/7.gif" WIDTH=450 HEIGHT=68 BORDER=0></A></TD>
    </TR><!-- l eqitkhz jlxehhs j-->
    <TR>
    <TD COLSPAN=3> <A HREF="http://www.34bolohouse.com/r17.html"> <IMG SRC="http://www.34bolohouse.com/images/8.gif" WIDTH=450 HEIGHT=51 BORDER=0></A><!-- t oaxyux sooxwf ajoqab a--></TD>
    </TR>
    <TR>
    <TD COLSPAN=3> <A HREF="http://www.34bolohouse.com/r17.html"><!-- k csjlm--> <IMG SRC="http://www.34bolohouse.com/images/9.gif" WIDTH=450 HEIGHT=49 BORDER=0></A></TD>
    </TR>
    <TR><!-- d msvzel xvrd-->
    <TD COLSPAN=3> <A HREF="http://www.34bolohouse.com/r17.html"> <IMG SRC="http://www.34bolohouse.com/images/10.gif" WIDTH=450 HEIGHT=48 BORDER=0></A></TD><!-- s zjkziig yadusar gwz-->
    </TR>
    <TR>
    <TD COLSPAN=3> <A HREF="http://www.34bolohouse.com/r17.html"> <IMG SRC="http://www.34bolohouse.com/images/11.gif" WIDTH=450 HEIGHT=101 BORDER=0><!-- z vvqje sounc aaidw --></A></TD>
    </TR>
  </TABLE>
  <br>
</div>
<div align="center">
  <table width="117" border="0" cellpadding="0" cellspacing="0">
    <tr>
      <td width="117" height="20" valign="top">
        <div align="center"><a href="http://www.34bolohouse.com/s17.html"><img src="http://www.34bolohouse.com/s40.gif" width="409" height="170" border="0"></a></div>
      </td>
    </tr>
  </table>
</div>
</BODY>
</HTML>
 


Now it’s time for a WhoIs lookup.  I usually start with
Network Solutions or AllWhoIs, since they can often grab registration information from other registrars’ databases.  See sample to the right:

If Network Solutions doesn’t have the information or if it doesn’t accept the code entry – which often happens – then try
Internic.  That site won’t have the registration data but it will tell you who the registar is – spammers often use bulkregister, dotster, enom, godaddy, and tucows.  Then go that that website and do a WhoIs lookup.

The WhoIs lookup will tell you the domain name you just searched on (34bolohouse.com), who the registar is (10-Domains.com); and phone number/address/email.  Often the address is fake and/or a PO Box at The UPS Store (formerly Mailboxes Etc.).  You can check that at http://go.mappoint.net/ups/PrxInput.aspx

You should forward a copy of the spam to abuse@[registar.com] and tell them that the domain holder is a spammer and the domain name should be cancelled.  I’ve done this successfully a couple times.

Incidentally, get used to seeing Florida in WhoIs lookups… I think about 2/3 of my domestic spam is from Florida.  As an aside, one great way to stop the spam problem would be to cut all Internet connections to the Sunshine State.  Too bad we probably can’t do that. 
 


http://www.networksolutions.com/en_US/whois/index.jhtml






Domain Name: 34BOLOHOUSE.COM
Registered by: $10-Domains
Domain Registration as low as 6.75
V
isit: www.10-Domains.com
Cheap domain registration and Hosting

The Data in Parava Networks' WHOIS database is provided by Parava Networks for information purposes, and to assist persons in obtaining information about or related to a domain name
registration record. Parava Networks does not guarantee its accuracy. By submitting a WHOIS query, you agree that you will use this Data only for lawful purposes and that, under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail (spam); or (2) enable high volume, automated, electronic processes that apply to Parava Networks (or its systems). Parava Networks reserves the right to modify these terms at any time. By submitting this query, you agree to abide by this policy.

Registrant:
Greg Numark
2198 Princeton St.
Sarasota FL 34231
US

EvoClix

gregn@evoclix.com
+1.9419545922
Domain Name Created On: 2002-11-05 11:01:00.0
Domain Name Expires On: 2003-11-04 23:00:00.0

Name Servers:
Name Server 1: ns1.theinkspot4u.com
Name Server 2: ns2.theinkspot4u.com
 


Finally, go to the Secretary of State website for whatever state you’ve determined the spammer is located in and search on the business name.

If you can’t find a business name on the WhoIs lookup, sometimes you can go to the website and click links like “Contact,” “About Us,” or even “Privacy” or “Legal” – and sometimes you’ll see a company name that you can find with the Secretary of State.

Click
here for my list of Secretary of State websites.

Often the Secretary of State website has good (i.e., not UPS Store) addresses for the business.  More importantly, they have addresses for Registered Agents.  When suing an alleged spammer (or any corporate entity for that matter), you can have papers served on the Registered Agent instead of the alleged spammer. 


http://ccfcorp.dos.state.fl.us/corpweb/inquiry/cormenu.html






Florida Profit


EVO CLIX, INC.


PRINCIPAL ADDRESS
2198 PRINCETON STREET
SARASOTA FL 34237


MAILING ADDRESS
2198 PRINCETON STREET
SARASOTA FL 34237
 

Document Number
P01000115856

FEI Number
900001210

Date Filed
12/05/2001

State
FL

Status
ACTIVE

Effective Date
12/03/2001

Registered Agent

Name & Address

DRAKE, J. KEVIN
1432 FIRST STREET
SARASOTA FL 34236


Officer/Director Detail

Name & Address

Title

TASMAN, LARRY
2198 PRINCETON STREET
SARASOTA FL 34237

D

 


Example 3

Sometimes, even when it’s an alleged spammer acting on behalf of a principal, you can find the URL for the principal right in the HTML source code.  As you can see in the html code, even though the alleged spammer routes you back through his own website (for tracking/commission purposes), the email serves up images hosted on the principal’s server – expertsatellite.com.

 

Here’s the spam, as it appeared in my inbox.

Don’t worry, I’ve disabled the links.
 

From: Football Madness [em@emailselections.com]                   Sent: Tue 7/29/2003 7:20 PM
To: [REDACTED]
Cc:
Subject: Free 4-Room DIRECTV System Installed



You must use promo code LABCD to receive this special promotion!

If you do not wish to receive special presents from our affiliates in the future, you may delete your email from our list by clicking here
 


Here’s the message header, referencing emailselections.com.   


X-Apparently-To: [REDACTED] via 66.218.79.81; 29 Jul 2003 18:20:20 -0700 (PDT)
X-YahooFilteredBulk: 64.253.207.32
Return-Path: <4-729031-yahoo.com?[REDACTED]@stderr.emailselections.com>
Received: from 64.253.207.32  (HELO select2.emailselections.com) (64.253.207.32)
  by mta127.mail.sc5.yahoo.com with SMTP; 29 Jul 2003 18:20:16 -0700 (PDT)
From: Football Madness <em@emailselections.com>
Subject: Free 4-Room DIRECTV System Installed
To: [REDACTED]
X-Mailer: 3.1.76-XP/NG [Jun 30 2003, 07:15:19]
MIME-Version: 1.0
Content-Type: multipart/alternative;
           boundary="------------105951693432265";
           class-id=4:19L6KLYhLuJ0Lcrr4Zru:729031
Date: Tue, 29 Jul 2003 21:20:12 EST
Message-ID: <244$6vfz8fFbfhNJfL00P70h@select2.emailselections.com>
 


Here’s the WhoIs lookup, showing that emailselections.com is registered to Ultimate Corner in St. Louis, MO.


http://www.networksolutions.com/en_US/whois/index.jhtml





emailselections.com

Domain Name.......... emailselections.com
Creation Date........ 2003-07-16
Registration Date.... 2003-07-16
Expiry Date.......... 2004-07-16
Organisation Name.... UltimateCorner
Organisation Address. P.O. Box 28336
Organisation Address.
Organisation Address. St. Louis
Organisation Address. 63146
Organisation Address. MO
Organisation Address. UNITED STATES

Name Server.......... DNS1.CYBERXHOST.NET
Name Server.......... NAME2.CYBERXHOST.NET


The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than Network Solutions.
Network Solutions, therefore, does not guarantee its accuracy or completeness. 
 


Look up Ultimate Corner with the MO Secretary of State and you find full legal information.

Incidentally, Ultimate Corner has admitted to violating California's 2003 anti-spam law by
not starting subject line with “ADV:”, 2) continuing to send spam even after I notified them to stop, and 3) increasing the rate of spamming after I unsubscribed via weblink and their own systems confirmed I would be removed from their database.


https://www.sos.mo.gov/BusinessEntity/soskb/csearch.asp



 


Here’s the HTML source code for the email.  Note that emailselections.com appears here too… and the numbers & codes that follow the domain name – which I redacted here – are what the alleged spammer uses to track YOU specifically.

The alleged spammer is routing the click through the emailselections.com website to put an affiliate tracking code on your click… in other words, when you click the link it redirects you though emailselections.com, adds an affiliate ID, and then sends you to the principal’s website.  So you might not know who the principal beneficiary is…

Except…

Also in the code is the URL for the principal – expertsatellite.com.  The “img src=” just before it means that the email is grabbing the image from the expertsatellite.com servers, instead of the spammer hosting the images himself. 

The point is, you now know who’s benefiting from the spam… the “principal.”


<html>
<body BGCOLOR="#FFFFFF">
<table WIDTH="323" BORDER="0" CELLPADDING="0" CELLSPACING="0" ALIGN="CENTER"><tr></tr><tr>
<td><img src="http://www.expertsatellite.com/email/nfl_stripes_email.gif" width="450" height="486" border="0" usemap="#Map"></td>
</tr><tr><td><div ALIGN="CENTER"><font FACE="Verdana, Arial, Helvetica, sans-serif" SIZE="1"><b>You must use</b></font><font SIZE="1" FACE="Verdana, Arial, Helvetica, sans-serif"><b> promo code <font COLOR="#3333FF"><u>LABCD</u></font> to receive this special promotion!</b> </font></div></td></tr></table><br>

<map name="Map">

<area shape="rect" coords="305,143,372,152" href="http://emailselections.com:8080/track?m=[REDACTED]&l=0&.e=[REDACTED]" target="_blank">
<area shape="rect" coords="7,156,448,480" href="http://emailselections.com:8080/track?m=[REDACTED]&l=0&.e=[REDACTED]" target="_blank">
<area shape="rect" coords="3,371,5,375" href="http://emailselections.com:8080/track?m=[REDACTED]&l=0&.e=[REDACTED]">
<area shape="rect" coords="5,4,445,138" href="http://emailselections.com:8080/track?m=[REDACTED]&l=0&.e=[REDACTED]" target="_blank">
</map>
</body>
</html><P><FONT size=2><FONT face=Verdana>If you do not wish to receive special presents from our affiliates in the future, you may delete your email from our list by <a href="http://emailselections.com/unsub.php?e=[REDACTED]&m=[REDACTED]">clicking here</a> <FONT color=#000000><P/>
<br>
<br><font color='#ffffff' face='arial,helvetica' size='-5' style='font-size: 1px;'>TM: <4;2x51q5JU5jRr5eYY8TYj;729031></font>
emg src="http://emailselections.com:8080/clickopen?msgid=[REDACTED]&email=[REDACTED]" width="1" height="1" alt="">

 
So now, a WhoIs lookup on expertsatellite.com shows:


http://www.networksolutions.com/en_US/whois/index.jhtml





expertsatellite.com


Organization:
      Jaserp Satellite, Inc.
      Expert Satellite
      1060 Millbury St
      Worcester, MA 01607
      US
      Phone: 508-752-7230
      Fax..: 508-752-9964
      Email: webmaster@expertsatellite.com

Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com

Domain Name: EXPERTSATELLITE.COM

     Created on..............: Tue, Apr 03, 2001
     Expires on..............: Sat, Apr 03, 2004
     Record last updated on..: Wed, Apr 09, 2003

Domain servers in listed order:
   NS5.ZONEEDIT.COM                                  not needed       
   
NS7.ZONEEDIT.COM                                  216.111.123.5    
   
NS14.ZONEEDIT.COM                                 209.126.159.80   
 


Look up “Expert Satellite” on the Massachusetts Secretary of State website and you’ll see:

 


http://www.sec.state.ma.us/cor/coridx.htm


 


Example 4

One last thing.  Sometimes you want to look at the domain name servers in the WhoIs lookup.  It often reveals interesting information on who else is involved in the spamming – either directly or indirectly.  “Indirectly” in this context might mean the marketer who runs the website for a non-technologically-sophisticated company.  The marketer who possibly contracted out to do an email blast to (allegedly) opt-in consumers.
 


Here’s the spam, as it appeared in my inbox.

Don’t worry, I’ve disabled the links. 


From: Steaks of St. Louis [em@emailselections.com]                          Sent: Tue 8/19/2003 8:14 PM
To: [REDACTED]
Cc:
Subject: Get a free Cookbook and Andria's Steak
 

 

 


Here’s the HTML source code.

I already traced emailselections.com to Ultimate Corner of St. Louis, MO (in example 3).

Let’s focus on steaksofstlouis.com, the beneficiary.

 
<html>
<body bgcolor="#ffffff">
<table width="500" border="0" align="center" cellpadding="0" cellspacing="0" bgcolor="#ffffff">
<tr>
<td><a href="http://www.steaksofstlouis.com/?promo_id=11846" target="_blank">
<img src="http://www.emailselections.com/Steaks/email_030716_r1_c1.jpg" width="279" height="400" border="0">
<img src="http://www.emailselections.com/Steaks/email_030716_r1_c2.gif" width="221" height="400" border="0"></a></td>
</tr>
</table>
</body>
</html><P><FONT size=2><FONT face=Verdana>If you do not wish to receive special presents from our affiliates in the future, you may delete your email from our list by <a href="http://emailselections.com/unsub.php?e=[REDACTED]&m=[REDACTED]">clicking here</a> <FONT color=#000000><P/>
<br>
<br><font color='#ffffff' face='arial,helvetica' size='-5' style='font-size: 1px;'>TM: <4;9s25u2eK2MYD29bb7.bM;1246031></font>
<img src="http://emailselections.com:8080/clickopen?msgid=[REDACTED]&email=[REDACTED]" width="1" height="1" alt="">
 


Here’s the WhoIs lookup.  The registrant is Crown Foods, which can be traced through the Missouri Secretary of State website, coming right up.

But look at the bottom: the domain servers are “epointmarketing.com.”  What that means is, Crown Foods may own the domain name “steaksofstlouis.com” but you wouldn’t necessarily expect a food company to be very tech-savvy.  It looks like Crown Foods allows the www.steaksofstlouis.com website to be hosted by epointmarketing.  Let’s go find ‘em.


http://www.networksolutions.com/en_US/whois/index.jhtml






steaksofstlouis.com



Registrant:
Crown Foods, Inc. (STEAKSOFSTLOUIS-DOM)
5243 Manchester
St Louis, MO 63110
US

Domain Name: STEAKSOFSTLOUIS.COM

Administrative Contact, Technical Contact:
Lotz, Karla (KLB311) lotzk@CROWNFOODS.COM
Crownfoods
5432 Manchester Ave
St.Louis, MO 63100
US
(314) 645-5300 fax: 999 999 9999

Record expires on 15-Mar-2004.
Record created on 11-Sep-2002.
Database last updated on 20-Aug-2003 11:20:43 EDT.

Domain servers in listed order:

NS.EPOINTMARKETING.COM 64.119.192.25
NS2.EPOINTMARKETING.COM 64.119.192.26
 


Here’s the legal information on Crown Foods, which is actually a previous name… current name is M.C.S. Investments, Inc..

Now, on to epointmarketing… 

 
https://www.sos.mo.gov/BusinessEntity/soskb/csearch.asp



 

Business Name History


 

Name

Name Type

M.C.S. INVESTMENTS, INC.

Legal

CROWN FOODS, INC.

Prev Legal

STEIN EGG AND POULTRY COMPANY, INC.

Prev Legal


 

Charter Number:

00082170

Status:

Good Standing 

 

 

Entity Creation Date:

2/8/1954

 

 

State of Business.:

MO

Principal Office Address:

No Address

Principal Mailing Address:

No Address

Expiration Date:

Perpetual

Last Annual Report Filed Date:

10/23/2002

Last Annual Report Filed:

2002

Report Period:

08/01 : 07/31


 

Registered Agent

Agent Name:

MARSHALL STEIN

Office Address:

14225 FOREST CREST DRIVE
CHESTERFIELD MO 63017

Mailing Address:

 

 


A WhoIs lookup on the Tucows domain registrar website – opensrs.org – for epointmarketing.com shows the following.

Guess what, the address 8170 South Eastern Ave in Las Vegas is a UPS Store.  A pretty clear indicator that ePoint Marketing is NOT a legitimate business.

But, on the assumption that the company really is incorporated in Nevada, let’s go to the Nevada Secretary of State website and find them.


http://opensrs.org/cgi-bin/whois.cgi
 

OpenSRS Whois Lookup Utility

Whois info for, EPOINTMARKETING.COM:


Registrant:
 ePoint Marketing, Inc.
 8170 South Eastern Ave
 Suite 4-506
 Las Vegas, NV 89123
 US

Domain name: EPOINTMARKETING.COM


Administrative Contact:
    Webmaster, Webmaster  webmaster@epointmarketing.com
    8170 South Eastern Ave
    Suite 4-506
    Las Vegas, NV 89123
    US
    702-407-0062
Technical Contact:
    Webmaster, Webmaster  webmaster@epointmarketing.com
    8170 South Eastern Ave
    Suite 4-506
    Las Vegas, NV 89123
    US
    702-518-3972    Fax: 702-518-3950


Registration Service Provider:
    This company may be contacted for domain login/passwords,
    DNS/Nameserver changes, and general domain support questions.


 Registrar of Record: TUCOWS, INC.
 Record last updated on 28-Mar-2003.
 Record expires on 08-Dec-2004.
 Record Created on 08-Dec-2001.

Domain servers in listed order:
    NS.EPOINTMARKETING.COM   64.119.192.25
    NS2.EPOINTMARKETING.COM   64.119.192.26


And here’s the full legal information.


http://sos.state.nv.us/corpsrch.asp


 

© 2002-present, Daniel Balsam