Domain Empire

Gerald Gorman, NJDomains, Easy Link - Major domainer, Spammer or Both?

Spaceship Spaceship
Watch
Ronald Regging

Ronald Regging

Ex-PresidentVIP Member
VIP
★★★★★★★★★★
Impact
162
I've been getting a lot of casino and viagara spam lately. The reason it is irritating me is because I am getting the exact same messages over and over using different links. So I decided to do a bit of research. The links in the emails are direct links to domains, which I am certain are merely then redirected to masked affiliate links. The domains themselves are all recently registered and are obviously throw away names. And even though the contact info is all fake, they have one surprising thing in common.... They all have similiar Admin emails. The actual domains vary, but the username is always [email protected] (domain.com is an example).

So I decided to do some more research on the specific domains used as the admin emails. These domains are all premium domains and include:

Minister.com
Lobbyist.com
Comic.com
Paris.com
Legislator.com

Surprisingly I found that every single one is owned by the same person.

Gerald Gorman
33 Knightsbridge Rd.
Piscataway, NJ 08854


I'd like to know if anyone else has heard of him as he seems to be a major domainer. It also seems that the emails these spams are being sent to are being harvested from Whois lookups.

Now this may be some huge coincidence, but it just seems odd that every single throw away spam domain would somehow be linked back to him.

Also upon further searches for his name, he appears to be the CEO of EasyLink.com and theres also some WIPO and various other legal filings on him.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
The views expressed on this page by users and staff are their own, not those of NamePros.
Sort by date Sort by points
I thought there were laws against this in the States with hefty penalties?
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
I appreciate all of your research and your help getting some discussion going on this. It was my hope that maybe someone knows something or that Mr. Gorman himself might come across this thread and comment on the matter. At this point, I'm not trying to accuse anyone, I'm merely hoping that someone can shed some light on the matter.

As far as a course of action, who knows... Fighting spam isn't really my bag, but I know we all hate spammers and the last thing this industry needs is another black eye.

Just for some additional info, these are some of the throwaway domains being used:

topluxgame.com
ohyeahcasino.com
yourluxgaming.com
balletcasino.com
richusaplayer.net

among others...

These are all using domains owned by Mr. Gorman as the admin emails.

Another interesting fact is that they are all using the same NS... broken-dns.com. The Whois for this domain states it is owned by someone in China, yet the admin email for that domain is 3535.com. 3535.com is owned by Oakwood Services Inc (in TX) who also happens to own a large number of some very premium domains...

This is shaping up to be one hell of a mystery :)
 
Last edited by a moderator:
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Post the full headers

post the email headers please
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
There are others, but these are just 2 examples.

Return-path: <[email protected]>
Envelope-to: *****
Delivery-date: Fri, 14 Dec 2007 22:52:22 -0600
Received: from 166.red-88-22-191.staticip.rima-tde.net ([88.22.191.166]:15961 helo=pcangel)
by gator295.hostgator.com with smtp (Exim 4.68)
(envelope-from <[email protected]>)
id 1J3P0f-0003PV-SU
for ******; Fri, 14 Dec 2007 22:52:22 -0600
Message-ID: 16a2c401c83ed5$dfe21130$0301a8c0@pcangel
From: "Club VIP Casino" <[email protected]>
To: <*****>
Subject: 750 USD Free only for you!
Date: Sat, 15 Dec 2007 05:42:48 -0100
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Antivirus: AVG for E-mail 7.5.503 [269.17.1/1183]
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original
Click to expand...

Return-path: <[email protected]>
Envelope-to: ******
Delivery-date: Sun, 16 Dec 2007 18:02:16 -0600
Received: from [190.50.186.183] (port=25671 helo=pc10)
by gator295.hostgator.com with smtp (Exim 4.68)
(envelope-from <[email protected]>)
id 1J43R2-0007zo-Ft
for ******; Sun, 16 Dec 2007 18:02:16 -0600
Message-ID: 1dc3001c84040$14aebe20$7e01a8c0@pc10
From: "ClubVIP Casino" <[email protected]>
To: <******>
Subject: 750 dollars Free to welcome you!
Date: Sun, 16 Dec 2007 19:00:27 +0500
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
X-Antivirus: AVG for E-mail 7.5.503 [269.17.2/1185]
Mime-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original
Click to expand...


Heres an example of an actual email.


Play at ClubVIP Casino and you can be sure of an exhilarating experience

U.S.A Gamblers are welcome!

Join right now and feel the action in minutes.

750 dollars Free to welcome you!

yourluxgaming.com
Click to expand...

It used an actual direct link to the above domain, but I didn't want it to link in this post..
 
Last edited:
Click to expand...
Reply
0
0 Like
0 Thanks
•••
??

confused.
so what domains are being used to spam then. . . .
sdsmarketing.com and thermo.com ??
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
strong said:
confused.
so what domains are being used to spam then. . . .
sdsmarketing.com and thermo.com ??
Click to expand...

Well I imagine these are either originating from unsecured email servers / scripts or they're being forged. I don't really know a lot about how that works.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Ronald Regging said:
I appreciate all of your research and your help getting some discussion going on this. It was my hope that maybe someone knows something or that Mr. Gorman himself might come across this thread and comment on the matter. At this point, I'm not trying to accuse anyone, I'm merely hoping that someone can shed some light on the matter.
Click to expand...

The more I find out about him the more impressed I am.

He was mentioned Here In DnJournal a few months ago a long side some of the biggest names in domaining.

Some of the quick things learned:

He was the CEO of mail.com and his shares at the time were worth over $250 Million. (not sure if he cashed out in time) He also owned (or his company owned) over 1200 premium domain names all regged in the 90's.

He has 3 or 4 spots on the top 100 domain names ever purchased spread out over a few years dating back to I think 2000.

He entered into an agreement to take control of another 1,100+ premium domain names from a failing business in late 2004 for $1,000,000.00 with option for them to repurchase them in the future. Within 6 months from making this deal (if memory serves me correctly) the company defaulted on the deal and for another million (on good terms) he walked away with names valued at that time, worth over $4,500,000.00

He went head on fighting for the rights to aroma.com and won hands down and basically proved the company was trying to highjack this name after they attempted to buy it first.

Not sure about the email thing that seems to have been plaguing him for sometime. I read a few threads in forums from a few years ago and most end in the conclusion he was real big with giving out free email accounts for some REAAALY Good Names that seems more then a few people have taken advantage of it over the years.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Hi, I found this thread by means of a google search for Gorman. This is because I earlir found the following:

http://pakg1.blogspot.com/2007/04/ok-i-deserved-it-but-i-still-want-to.html

This person was scammed for $1,700. Part of the scam was a fake email from
someone in control, apparently, of insurer.com. This person then did a whois on insurer.com

Registrant Contact:
NJDomains, Abuse Contact: abuse<at>mail.com
Gerald Gorman (abuse<at>mail.com_gerald.gorman<at>att.net)
9086960929
Fax: none
33 Knightsbridge Rd.
Piscataway, NJ 08854
US

Is this someone pretending to be Gerald Gorman or the real one, I can't say with 100% certainy, but it does make one wonder!

I wanted to share this information and see what people think.

On another topic, the reason I found the page of the person scammed for 1700
is because it was one of the four links from another page which spoke about
the spam?? about receiving many emails saying "I want to buy an advert
on your web page, please tell me how much i will cost" which I had just received.
Is that a scam going around?

Thanks.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Received: from 166.red-88-22-191.staticip.rima-tde.net ([88.22.191.166]:15961 helo=pcangel)
by gator295.hostgator.com with smtp (Exim 4.68)
(envelope-from <JeffreyStanley@sdsmarketwatch.com>)
Click to expand...

Received: from [190.50.186.183] (port=25671 helo=pc10)
by gator295.hostgator.com with smtp (Exim 4.68)
(envelope-from <PatGoff@thermo.com>)
Click to expand...

From what I see in those headers, the originating IP doesn't match the domain they claim to be from and a tracert doesn't go through any of the same routing. However tracert's to 88.22.191.166 and 190.50.186.183 both appear to go through telefonica-wholesale.net. (Argentina?)

I say forged - really easy to do that. You'll see the same kind of mismatch if you look at the headers for one of those appraisal scam emails.
 
Last edited:
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Hi,
Were you resonding to my post? Where did you get that header stuff,
the page I'm referring to,
http://pakg1.blogspot.com/2007/04/ok-i-deserved-it-but-i-still-want-to.html

doesn't have any "port=" or "jeffreyStanley" etc, (even did a search-within-a-page in firefox in case I'm blind trying to skim the post too quickly) but it's not there....Could you clarify if you were replying to my post?

Also while revisiting I read one of the three comments left there (above url) more carefully, it's disturbing as well:

He tried to scam me on ebay by winning my auction, canceling his winning bid (by telling ebay his account was hacked), then immediately emailing me poorly spoofed emails from ebay telling me that he would pay an additional $100 to global ship the item to his son in Nigeria. I saw the fake email address from @accountant.com. Same registrar.
Click to expand...

so at the vey least, a scammer or scammers are showing
a pattern of repeatedly using Gorman's domain names (in this case accountant.com, the commenter is indicating is another one) for scams.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Thanks for clearing this up Mark (and RJ in the other thread). If all of these domains are available for free email accounts, that explains everything. Unfortunately, I didn't come across this fact in my searching.
 
Click to expand...
Reply
0
0 Like
0 Thanks
•••
Log in or sign up to reply here.

Similar threads

outman
alert Preventing fraud,Be careful of this scammer
7 replies
1K views
AbdulBasit.com
AbdulBasit.com
Zilvinas
Lists daily with value, stats and drop catching service - how to price such services?
3 replies
632 views
Zilvinas
Zilvinas
A1EX
security WARNING: Stay away from Namecheap for Domains, Web, and E-Mail Hosting!
2 replies
1K views
alcy
A
cpnames
Dynadot transactional email blocked
4 replies
608 views
Naming
N
A
My Nightmarish Experience with Mitsu Inc - The Great Indian Domain Heist
11 replies
4K views
aliterateman
A

We're social

Latest news

Escrow.com

New posts

Auction activity

Domain Recover

What non .com extensions have you sold in 2024?

Polls of interest

Popular this week

Catchy

Community favorite

Popular this month

Blog favorites

  • The sidebar remains visible by scrolling at a speed relative to the page’s height.
Back