A friend of EPJ, who knows how to dig around the internet, was able to find out quite a bit about the owner of the site. It appears that the owner is running many sites, possibly to just generate web traffic to profit via Google adsense and it is apparently profitable to slander Professor Block as a racist.
But aside from learning a bit more why the attack was posted, what is most fascinating to me is what can be learned about a person on the internet, even when that person takes steps to protect his identity. Here is the full report that I received from Doctor Big Search:
Voice4America.com resolves to 75.126.38.19
Several whois sites and sites such as domaincrawler list 174.121.180.253 instead as the IP.
Since most of those sites don't collect data in real time, we can assume that Voice4America.com was
only 'recently' transfered from 174.121.180.253 to 75.126.38.19.
Whois records for Voice4America.com show the whois record was updated only a few weeks ago
(could be related, but not necessarily):
Updated Date: 12-sep-2012When we look at the Google Adsense code that is being used on Voice4America.com, we see the
Adsense pub id is
4116250856560048Now let's do a Google search for that id:
http://www.mustat.com/pub-4116250856560048 returns:
toyotacarsforsale.comThis domain resolves to 174.121.180.250 (same Class C as the IP address Voice4America.com used to use)
and http://www.websitelooker.com/adsense/pub-4116250856560048returns:
nflsystems.comThis domain also resolves to 174.121.180.250
Whois records for toyotacarsforsale.com are protected by Domains By Proxy.
Whois records for nflsystems.com:
Cempron, Pascual gensanmarketing@gmail.comFor more domains owned by that guy, see
Gensan Internet Marketing
065 Salazar Street
General Santos City, South Cotabato 9500
Philippines
http://www.webboar.com/whois-email/gensanmarketing@gmail. com
Now let's take a closer look at 174.121.180.250 and 174.121.180.253 and see if we can find any other domains
pointing to those IPs.
citycrosstabs.comThose all point (or at one moment in time pointed) to 174.121.180.253.
clintonpolls.com
congresspolls.com
consequencesofglobalwarming.com
deedtolease.com
diggronpaul.com
election2008polls.com
election2012polls.com
electionpollofpolls.com
electionpolls.mobi
favorableratings.com
floridapresidentialpolls.com
giulianipolls.com
immigrationpolls.com
iowacaucuspolls.com
iranwarplans.com
jindal2020.com
nationalelectionpolls.com
nationalpolls.com
obamapollslatest.com
polling101.com
pollingarchive.com
pollingnumbers.com
presidentelectionpolls.com
presidentialpollsbystate.com
presidentpolls2008.com
presidentpolls2012.com
presidentpollsusa.com
reagancoalition.com
usastrawpolls.com
vatechshootingspree.com
voice4america.com
warpolls.com
(btw: Jindal in 2020? :) oh and iranwarplans.com was registered in 2007.)
The same "Gensan Internet Marketing" seems to be popping up in the whois records for those domains.
A few more domains I found:
carsforsale411.comcarsforsale411.com is an interesting one. It used the same Adsense pub id as Voice4America.com
whois record:
Bhattacharyya, Proloy ebaytix@gmail.comNow let's do a Google search for "Bhattacharyya, Proloy"
4223 Old Grove Road
Oceanside, California 92057
United States
that name shows up in the whois record for
usaelectionpolls.com resolves to 174.121.180.251. So we've got 174.121.180.250, 174.121.180.251 and 174.121.180.253usaelectionpolls.com
Looks like Mr Bhattacharyya (from now on Mr B) used to live in Thailand.
Whois record for usaelectionpolls.com shows:
Administrative Contact:Mr Bhattacharyya is mentioned here http://washington-times.vlex.
Proloy Bhattacharyya
Proloy Bhattacharyya
Petchburi Road
Bangkok, TH 2528
TH
Phone: +1.1013622528
Email: ebaytix@gmail.comcom/vid/undecideds-flock- consistently-favored-194886583
And turns out he has/used to have an email address at that nflsystems.comdomain:
proloy@nflsystems.comhttp://www.superseventies.com/infobank/diving/home-field- advantage-in-the-mlb-part-1. html
nflsystems was/is some kind of sports betting site:
NFLSystems.com is a website that was launched in 2004 by a group of engineers and science majors from UC Irvine. They specialize in producing quality free football picks utilizing some very key and important nfl betting systems and basketball betting systems. Their expertise is in pro football NFL and NBA.Mr B also has a marketing company:
http://www.corporationwiki.com/California/Oceanside/ bhattacharyya-marketing-inc/ 45006256.aspx
Bhattacharyya Marketing, Inc has a location in Oceanside,CA. Active officers include Proloy Bhattacharyya. Bhattacharyya Marketing, Inc filed as a Articles of Incorporation on Thursday, July 17, 2008 in the state ofCalifornia and is currently active. Proloy Bhattacharyya serves as the registered agent for this organization.The company's line of business includes Management Consulting Serviceshttp://www.manta.com/c/mt1c05q/bhattacharyya- marketing-inc
some more digging into Mr B:
http://www.whois365.com/en/ip/174.121.180.250
%rwhois V-1.5:003fff:00 rwhois.softlayer.com (by Network Solutions, Inc. V-1.5.9.5)So the hosting company, The Planet has allocated the following IP addresses to Mr B:
network:Class-Name:network
network:ID:NETBLK-THEPLANET-BLK-16
network:Auth-Area:174.120.0.0/14
network:Network-Name:TPIS-BLK-174-121-180-0
network:IP-Network:174.121.180.248/29
network:IP-Network-Block:174.121.180.248 - 174.121.180.255
network:Organization;I:Bhattacharyya Marketing Inc.
network:Street-Address:N/A
network:City:Oceanside
network:State:CA
network:Postal-Code:92057
network:Country-Code:USA
network:Tech-Contact;I:abuse (at) theplanet.com
network:Admin-Contact;I:abuse (at) theplanet.com
network:Created:20100407
network:Updated:20100407
174.121.180.248
174.121.180.249
174.121.180.250 <--already knew about that one
174.121.180.251 <--and that one
174.121.180.252
174.121.180.253 <--and that one
174.121.180.254
174.121.180.255
We could keep going and going. If you do a search for one of those domains, IPs or Mr B's name, you'll find a lot more sites.
Like on http://www.pageinsider.com/nflsystems.com for example.
In short:
- We have 2 names Gensan Internet Marketing and Proloy Bhattacharyya
- Voice4america.com used to resolve to an IP addresses used by Mr B for several of his domains.
- Voice4america.com used to resolve to an IP addresses allocated to Mr B.'s marketing company.
- Voice4america.com uses the same Google Adsense account as a site Mr B used to be involved in (nflsystems.com) and at least
one site he owns or used to own (carsforsale411.com).
- A lot of domains that list Gensan Internet Marketing as owner, point to IPs allocated to Mr B.'s company.
- A few domains that once listed Mr B. as owner, now list Gensan Internet Marketing as owner.
- Mr.B apparently is some kind of election poll specialist.
- Mr B and/or Gensan Internet Marketing own a lot of political domain names (on all sides of the spectrum?)
- They also own a bunch of adult and gambling domains (that's probably not relevant).
So looks like Mr B is involved. The 'why', I can only speculate about. To be honest, I wouldn't rule out the possibility
that those sites are simply part of network of low quality sites that target high traffic keywords in an attempt to get Adsense clicks.
One thing that did stand out is the low quality, unprofessional design of the websites. Not something I'd expect from a
professional marketing company. 99% of all free wordpress designs will even look better
I hope this helps.
On the internet, everyone can hear you sneeze! :)
ReplyDeleteAs a person who works in the hosting industry, I think I might have a couple of other insights to add here.
ReplyDelete1. The Planet no longer exists as a host. They got bought by SoftLayer some time ago, but much of the records associated have not been changed (if it ain't broke don't fix it).
2. People who have tons of websites like this, and who seem to be link-farming or engaging in some other sort of sleazy SEO scheme tend to be on shared hosting accounts (it's cheaper). As such, many unrelated sites may be associated with the same IP, as many different users host sites on the same server.
So, you have to be pretty careful when investigating these sorts of things -- Just because two sites have the same IP doesn't mean they have the same owner. Many with disparate interests will contract for an account with the owner of a server and not care about sharing an IP, if they even know what one is.
Thankfully, it seems your investigator here cross-referenced the WHOIS entries to filter out the unrelated sites; but that data is not guaranteed to be accurate. As you know from investigating voice4america, domains can be purchased by proxy, which means that though there is a very strong pattern in the WHOIS records we do not have ironclad proof that it is the same party behind all these sites.
Considering the evidence that those domains have jumped IPs quite a bit, it sounds like our mystery man is just one of many users on a server handled by configuration middleware like cPanel or Plesk. Users of such systems are routinely packaged up and shuffled around servers as a part of regular hardware maintenance.
"tend to be on shared hosting accounts"
DeleteSoftlayer specializes in dedicated servers and does, as far as I know, not offer virtual or shared hosting. It is however possible that whoever is renting the dedicated server is using it to sell shared/virtual hosting, but that's very unlikely in this case.
"Just because two sites have the same IP doesn't mean they have the same owner."
True. However in this case the connections run deeper than that. Proloy Bhattacharyya for example is not only listed as owner in the whois records for some of those domains. On other, unrelated sites, his name is mentioned in connection with those domains.
Besides, if these were shared hosting accounts with shared IPs, it would be extremely unlikely that the host would list one of the customers using those IPs as thé entity those IPs were allocated to.
Looks to me like Bhattacharyya has been renting a dedicated server for years now. (He started at The Planet and he's now simply paying the bill to the new owners (Softlayer))
Then there's the issue of the Adsense accounts. The person who was making money running nflsystems.com (A site Bhattacharyya admitted working for/at) is the same person who's making money off of the Adsense ads on voice4amaerica.com. And the registrant for nflsystems.com is that Cempron Pascual person from Gensan Internet Marketing.
It's also interesting to note that the user that posted the Block story on voice4america.com was 'paulbrown'. Now Paul Brown was a famous NFL football coach. Coincidence? Or did whoever posted the story, have a similar love of football as the nflsystems people (Bhattacharyya and Cempron) have?
"it sounds like our mystery man is just one of many users on a server"
Like I said, everything points in the direction of a dedicated server, not a shared hosting account.
Further, all domains hosted on that server either have Bhattacharyya or Cempron listed as registrants. Almost all sites have extremely similar designs. In most cases the same template was obviously used.
The only sites that look different are managed by a guy named David Terr.
From an article on an unrelated site:
"My name is David Terr. I have a Ph.D. in mathematics from UC Berkeley and I currently work as a web designer. I am the co-owner of three websites: presidentpolls2008.com, usatravelpal.com, and yourmoviepal.com. My homepage is davidterr.com"
Those sites are hosted on the same server. They list Cemrpon as registrant (even Terr's personal homepage). And Terr appears to be some kind of election poll 'specialist' like Bhattacharyya. Bhattacharyya also links to presidentpolls2008.com and another domain on the same server in for example this article: http://www.prweb.com/releases/2007/05/prweb524382.htm
Gensan Internet Marketing (Cempron Pascual) and Proloy Bhattacharyya's fingerprints are all over the domains mentioned in Bob's original post. The IPs were allocated to a company owned by Bhattacharyya. Bhattacharyya's name is mentioned in connection with the actual websites (and not jsut the registration of the domains) in articles such as http://www.upi.com/Top_News/2008/04/21/Undecided-voters-could-hand-Pa-to-Clinton/UPI-44201208791967/
Another example of information that points to a close relationship between Gensan Internet Marketing (Cempron Pascual) and Proloy Bhattacharyya:
Deleteeasybaseballbetting.com
Bhattacharyya used to be listed as registrant.
Gensan Internet Marketing (Cempron Pascual) is now listed as registrant, but the site itself is accepting payments for Baseball Picks using a PayPal account that belongs to Bhattacharyya Marketing.
http://www.easybaseballbetting.com/Contact-Us.html lists ebaytix@gmail.com (Bhattacharyya's email address)...
Here's another example:
Deletetexancars.com
Proloy Bhattacharyya is listed a registrant. ( http://www.whoismind.com/whois/texancars.com.html )
Whois records were updated on Sept 23 and the site has been down since that day. However, most of the site is still available in Google's Cache. There you can see that this site, owned by Bhattacharyya, used the same Google Adsense account as nflsystems.com and voice4america.com
This is not a case of a hosting company selling space on the same server to different clients.
DeleteAll domains pointing to those IP addresses have at least 2 things in common besides the IP address.
David Terr's personal site for example lists Gensan Internet Marketing as registrant. On his resume (available on his personal site), David Terr lists 4223 Old Grove Road Oceanside as his address. That's the same address where Bhattacharyya Marketing, Inc is located and Proloy Bhattacharyya himself lives.
A Google search for those names reveals articles about election polls Terr and Bhattacharyya worked on.
And on http://www.nationalpolls.com/press/ (a site on the same server) we find David Terr and a "Proloy Bhatta" (short for Proloy Bhattacharyya?).
David Terr's name, picture and an article can also be found on ConsequencesOfGlobalWarming.com (again same server. Registrant: Gensan Internet Marketing).
All sites on that server can be traced back to Proloy Bhattacharyya and Gensan Internet Marketing.
Any connection to Young Americans for Liberty Development Executive (and Koch Fellow) Piyali Bhattacharya?
ReplyDeletehttp://www.yaliberty.org/about/staff
Good catch on the names.
ReplyDelete"Well, this is the internet age and the owner was using the internet and it is really hard to hide."
ReplyDelete.. or it can be easier via obfuscation. I don't know, your friend may be chasing down the wrong hole. Like Unknown mentioned above, it could be that they are using a shared server, even for free, provided they allow ads whose adsense id happens to belong to this Bhattacharyya fellow.
nice
ReplyDelete