Friday, July 28, 2017

TeeSpring Is An Awful Company

It seemed like a good idea. I run a Facebook page with over 400,000 followers, and selling a few t-shirts to make a few bucks seemed like a good thing to do. We ran a few campaigns, we sold a few t-shirts--everything seemed fine.

Our fans got their t-shirts, TeeSpring made the money, but they never paid us. Their payouts page says "payouts can take up to 4 days to process".

When I requested the payout, their system sent me an email:

There's a little "contact support" link in the payout message, so after a week passed by, I clicked on the link and got the screen below, saying the payment support page had been moved to provide better service, with a link to the generic contact form, which gives a long list of reasons why you're contacting support, and they all look like they are geared towards the buyers, and not the sellers.

So, I used the generic contact form to describe my problem. They replied that they were upgrading their computer systems, and that it would take a couple more days, and to try back then if I still hadn't received the payment. I tried this a couple more times, each time waiting a few days, as instructed. The reply email gave a seller support email, so after a few times of using the general support form, I started emailing them directly.

Thus far I've received a few variations on  "we are working on this site wide problem" which they have been working on for a month.

Even though I took my campaigns down, they continued to sell my t-shirts, and so I continued to request more payouts. I'm now up to 4 unpaid payouts, and it's safe to say I won't be using TeeSpring any more. I think TeeSpring is an awful company.

*** Update 8/1/2017 ***

They paid 2 of the smaller payouts a few days ago. So, I waited a few days to see if they were going to pay the bigger one (and the other, smaller one), and ... nothing. I replied to one of the payout emails and got this back.

They couldn't just look that up on their computer system? I replied with the payout numbers and amounts, but didn't receive a reply after a day.

So ... I tried their live chat, with no better luck.

They didn't respond to the last comment, though it says "seen." It doesn't seem like I'm even dealing with a real company...

*** Update 8/1/2017 ***

TeeSpring finally got us the last two payouts, after a month of telling me they'd provide an update once it is available. Our first test run with TeeSpring did pretty with sales, but I don't thin it was ultimately worth the hassle. We know a couple other Facebook page owners who have experienced similar problems with TeeSpring, so we're going to stay with SunFrog for now.

Thursday, January 12, 2017

DISTRACTIFY.COM Serving Up Malware

Legitimate sites serving up malware is nothing new. Some of the ad networks the big sites use don't scrutinize ads like they should, because money. They make lots and lots of money from ads, and sometimes these ads are malicious, like the ones I was getting from IMDB for a while.

What I've been seeing a lot of lately is the "Urgent Chrome Update" where an ad on a site redirects the browser to something that looks very important for the user to click on.

This one came from an article linked on George Takei's Facebook page on, which redirected me to this page, after sitting open in my browser for about 10 minutes.

Here's the malicious URL--I wouldn't advise visiting it:

The domain was probably created today, like most of the malicious domains my browser has tried to redirect me to:

>>> Last update of WHOIS database: 2017-01-12T09:20:32Z <<<

I'm surprised the owner of the domain didn't pay to anonymize the domain like most people do, and here is the WHOIS lookup:

Domain ID: D402200000001269594-LROR
WHOIS Server:
Referral URL:
Updated Date: 2017-01-10T23:00:14Z
Creation Date: 2017-01-10T23:00:09Z
Registry Expiry Date: 2018-01-10T23:00:09Z
Sponsoring Registrar: PDR Ltd. d/b/a
Sponsoring Registrar IANA ID: 303
Domain Status: clientTransferProhibited
Domain Status: serverTransferProhibited
Domain Status: addPeriod
Registrant ID: DI_62599609
Registrant Name: Glenn A. Molina
Registrant Organization: N/A
Registrant Street: 4370 Southern Street
Registrant City: Lynbrook
Registrant State/Province: New York
Registrant Postal Code: 11563
Registrant Country: US
Registrant Phone: +1.5165994142
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Admin ID: DI_62599609
Admin Name: Glenn A. Molina
Admin Organization: N/A
Admin Street: 4370 Southern Street
Admin City: Lynbrook
Admin State/Province: New York
Admin Postal Code: 11563
Admin Country: US
Admin Phone: +1.5165994142
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Tech ID: DI_62599609
Tech Name: Glenn A. Molina
Tech Organization: N/A
Tech Street: 4370 Southern Street
Tech City: Lynbrook
Tech State/Province: New York
Tech Postal Code: 11563
Tech Country: US
Tech Phone: +1.5165994142
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:
DNSSEC: unsigned

Friday, December 2, 2016

Phishing Attempts On My Facebook Fan Page

Right about the time my Facebook fan page started blowing up, all the scammers came out of the woodwork. It's pretty much what you'd expect, from the "hey I wired you a bazillion dollars so make me admin and I'll give you the codez" to the "hey i luv ur page make me admin plz,"

This one was novel because it took me a couple glances to read the domain name. There's so new top level domains nowadays that you have to mentally parse the URL, which is good for all the phishing scams.

The message begins with an ominous warning that your page has violated someone's terms.

Wе hаvе rесеivеd mаny rероrts frоm yоur fаn раgе. Plеаsе rеviеw yоur раgе аnd yоur роsts fоr rеаsоns thаt yоu hаvе viоlаtеd оur tеrms.

‌Y‌о‌u‌r‌ ‌c‌a‌s‌е‌ ‌і‌d‌ ‌і‌s‌:‌ ‌59382774

Here's the full URL they linked. I wouldn't advise following it. I sure didn't.

A quick WHOIS search for shows it was bought from namecheap and they paid for the "whois guard" which pretty much anonymizes them.

Yeah, it's pretty much a throw-away domain technically registered tomorrow haha! Scammers in different time zones for the win!

Domain Name: 110741904325873.REVIEW
Domain ID: D428254-REVIEW
WHOIS Server:
Referral URL:
Updated Date: 2016-08-17T22:05:09Z
Creation Date: 2016-08-17T22:01:41Z
Registry Expiry Date: 2017-08-16T23:59:59Z
Sponsoring Registrar: NameCheap, Inc.
Sponsoring Registrar IANA ID: 1068
Domain Status: clientTransferProhibited
Registrant ID: C428250-REVIEW
Registrant Name: WhoisGuard Protected
Registrant Organization: WhoisGuard, Inc.
Registrant Street: P.O. Box 0823-03411
Registrant City: Panama
Registrant State/Province: Panama
Registrant Postal Code: 00000
Registrant Country: PA
Registrant Phone: +507.8365503
Registrant Fax: +51.17057182
Registrant Email:
Admin ID: C428251-REVIEW
Admin Name: WhoisGuard Protected
Admin Organization: WhoisGuard, Inc.
Admin Street: P.O. Box 0823-03411
Admin City: Panama
Admin State/Province: Panama
Admin Postal Code: 00000
Admin Country: PA
Admin Phone: +507.8365503
Admin Fax: +51.17057182
Admin Email:
Tech ID: C428253-REVIEW
Tech Name: WhoisGuard Protected
Tech Organization: WhoisGuard, Inc.
Tech Street: P.O. Box 0823-03411
Tech City: Panama
Tech State/Province: Panama
Tech Postal Code: 00000
Tech Country: PA
Tech Phone: +507.8365503
Tech Fax: +51.17057182
Tech Email:
Billing ID: C428252-REVIEW
Billing Name: WhoisGuard Protected
Billing Organization: WhoisGuard, Inc.
Billing Street: P.O. Box 0823-03411
Billing City: Panama
Billing State/Province: Panama
Billing Postal Code: 00000
Billing Country: PA
Billing Phone: +507.8365503
Billing Fax: +51.17057182
Billing Email:
DNSSEC: unsigned
>>> Last update of WHOIS database: 2016-12-03T02:26:27Z <<<

Wednesday, November 30, 2016

More Malware From IMDB

Just like last time, I was looking up a movie (yeah, I watch a lot of movies) on IMDB when it redirected me to the URL below. Same "Urgent Chrome Update" message, and this time I noticed that it still says "Miller's Crossing (1990)" on the tab.

The domain is new: and the domain registration is locked down this time, so it's hard to follow up on like the last one. Others on Reddit have mentioned this type of malware redirect from large sites. My guess is that IMDB is still serving up infected ads.

I did notice from the WHOIS record that it looks like the domain was created today. Talk about zero day malware!

Here's the URL:

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to
for detailed information.

Sponsoring Registrar IANA ID: 303
Whois Server:
Referral URL:
Status: clientTransferProhibited
Updated Date: 29-nov-2016
Creation Date: 29-nov-2016
Expiration Date: 29-nov-2017

>>> Last update of whois database: Wed, 30 Nov 2016 10:17:30 GMT <<<

Sunday, November 27, 2016

IMDB Serving Up Malware?

This is the second time in less than a week where I was looking at a movie on IMDB and it suddenly redirected me to an obvious malware link. Every couple of months I get a popup from Frontier asking to complete a customer satisfaction survey. Big ISPs often use what would best be described as a Javascript injection attack for all sorts of reasons.

So, I looked on my machine for an infection--there was none--and wondered where it came from. But this time I was paying better attention. It redirected to the following URL when I was just sitting there looking at an Al Pacino movie. Exact same site, exact same screen.

My guess is that IMDB is serving up a shady ad from whatever ad network they use.

Doing some digging, it doesn't seem like anyone else is reporting this issue. There's no way for me to say definitively that this came from IMDB--there's lots of ways to attack a computer--but it sure looks like it!

Malware scans come back clean and I haven't had any issues or anything suspicious with this Windows 10 / Chrome install. Uh, yeah, don't think I'll be clicking on this.

A WHOIS search shows the domain to be registered in California.

Registrant ID: DI_49692548
Registrant Name: Chad N. Wessels
Registrant Organization: NA
Registrant Street: 4145 Diane Street
Registrant City: Atascadero
Registrant State/Province: California
Registrant Postal Code: 93422
Registrant Country: US
Registrant Phone: +1.8054618382
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email:
Admin ID: DI_49692548
Admin Name: Chad N. Wessels
Admin Organization: NA
Admin Street: 4145 Diane Street
Admin City: Atascadero
Admin State/Province: California
Admin Postal Code: 93422
Admin Country: US
Admin Phone: +1.8054618382
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email:
Tech ID: DI_49692548
Tech Name: Chad N. Wessels
Tech Organization: NA
Tech Street: 4145 Diane Street
Tech City: Atascadero
Tech State/Province: California
Tech Postal Code: 93422
Tech Country: US
Tech Phone: +1.8054618382
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email:

The admin contact for this domain seems to be a German encrypted email service. Searching the email shows this person, Chad Wessels is associated with over 100+ domains, most of which look shady to me. But there's more. The email search also links to a discussion forum post about phony Firefox updates, so it seems like good ole Chad has been quite busy.

I'm a software engineer but security really isn't my specialty, so I'm interested to see how this plays out and whatever people have run into this phony Chrome update.

Friday, July 29, 2016

Using Bluetooth To Share Files Between Your Phone And Desktop Or Laptop

Many laptops come with Bluetooth built-in, but it's super easy to add a cheap Bluetooth dongle to your USB port and use your computer to listen to music, or share files, which is the subject of this article.

This article assumes you are using Windows 10, but I believe it would work similarly on Windows 8 or Windows 8.1, though Windows 10 is the version that finally got Bluetooth right as far as I'm concerned.

Step 1 - Make sure you have a Bluetooth adapter and that it's running.

Whether it's a USB dongle like the the one below, or whether Bluetooth is built into your system, you should see a little Bluetooth icon on your system tray, located on the bottom right of the screen.

 Clicking on the arrow on the system tray will show you the logo:

Click on the Bluetooth icon and choose "Show Bluetooth Devices" and you should see the Bluetooth settings screen similar to below. Notice I have my headphones already paired.

Step 2 - Allow Connections To Your PC

Windows 10 doesn't trust any Bluetooth devices out of the box, so first you'll need to click on "More Bluetooth options" and you will see this popup dialog box:

Step 3 - Get Your PC Ready To Share Files

Make sure the "Allow Bluetooth devices to find this PC" is checked and then press the OK button.

Next, choose the "Send or receive files via Bluetooth" option on the Bluetooth settings screen, and you will see a new popup:

For this example, I will be receiving files to my PC sent from my Android 6 (Marshmallow) phone, which is probably the most common usage.

At this point, Windows will wait for an incoming connection from my phone.

Step 4 - Share From Your Phone

Choose some files or photos to share on your phone, such as a photo of a cute little dog, like my Zoey.

Pressing the little share icon in the lower right hand corner, I get a list of a whole bunch of ways I can share this photo. For this example, you'll want to click the Bluetooth icon.

You should then see your PC on the list of devices to share with. In this example, only my PC shows up on the list, clicking on the device name will start the process of sending the files, but you still have to go back to your PC to receive them.

Step 5 - Receive on your PC

At this point you should see a box pop up on your PC showing you the files being downloaded, like so:

Once your files are received, you see the finish screen:

My photo of Zoey is now on my PC! Notice I could put the file(s) somewhere else, but I just clicked the Finish button and put the file in my Documents folder.

Thursday, February 25, 2016

Disney To Employees: Pay Us To Influence Politicians

In a letter to its employees, Disney recently asked its employees to help corrupt politicians through the millions of dollars it spends on lobbying. Apparently that's not enough, because they are asking their employees to take payroll deductions to help fund DisneyPac, the IP protectionist Super PAC long known for getting laws favoring Disney literally rubber stamped.

The letter, according to Ars Technica, brags about getting the TPP treaty passed, among other things. The TPP for people who haven't heard of it, is an awful trade agreement which was negotiated in complete secrecy, lest anyone find out how bad it was, and quietly ratified by its member countries before anyone realized what was going on.

A few years back when ICE (yes, the immigration service) launched a campaign to stamp out file sharing sites (which it failed at,) it kicked everything off from Disney headquarters just to show everyone how corrupt our political system is.

So, if you work for Disney, they'd sure appreciate if you'd feed their political machine, which for some reason reminds me of this episode of South Park, where Mickey Mouse beats up the Jonas Brothers!