Tinder(or Tinder Social which has been discontinued in August 2017) is a great place to conduct social experiments especially when someone needs to sharpen his OSINT skills. It’s also a great place for scammers to exploit victims(mostly male) by luring them into giving their credit card details to pay for scam services like one on one massage sessions.
While browsing Tinder explicitly for sharpening my OSINT skills(yeah right!) I stumbled into a local profile of a woman who’s profile description had a tempting promise for erotic massage sessions. That user who promoted herself as Xcassysmith shared her Instagram profile and urged anyone who wanted to contact her and learns more about her to add her to his/her Instagram list where they could talk about “business”.
Even though the idea would work without any scam involved it’s always easier to make money out of thin air by scamming any person who wanted to use her services by asking his/her credit card details and submitting as small payment as a security deposit for booking the massage session.
Scammer selling his/her massage services on Instagram
Instagram offers private messaging so it’s a scammers paradise for these kinds of frauds. Once I connected with her and send a “Hello world” message she replied almost instantly with details about her service. I followed along and asked some generic questions about her current location and any rules I need to follow to book her. At first, the scammer’s replies seem like they were created but bots but as our communication evolved I understood that he/she was online replying to my messages in realtime.
After a few minutes scammer seems like he ignored my latest questions and in return send a message with the service rates along with the trap asking me to secure the booking by sending an online payment of 3 euros on a site that would act as a payment gateway. The site is the one found below(hidden under a short link):
The homepage is a landing page with some generic info(actually the rates scammer provided in the messages were more expensive than the ones listed in the referred site.
The site’s booking form had two options but I was suggested to use the credit card payment gateway instead. This way the scammer would have both my payment and my credit card details which could re-use or sell.
Once I entered my account details I was forwarded to the next step of the booking procedure where I was asked to give my credit card details so I did just that(used a fake cc generator). Once I submitted my cc details the verification process failed and I knew that it was time to do some OSINT research on the site which hosted this scam service.
Finding more info about the scammer’s site
The first thing I’ve tried was to see if there were any other pages or static content under the site’s directory. It seems like they have created a bunch of other landing pages with similar content, probably this would be a way for the scammer or scammers to track their success and income.
Next, I’ve searched about the domain trying to find more info about its reputation and probably be able to see if others have tracked it down before me. Of course, they did!
Doing Domain Research Intelligence
Security Trails is my goto service for domain OSINT and research so I run a search for pampering-people.com with it. What I wanted to see is if they had any IPs which would lead me to other sites or services and if I was lucky to track down the domain owner email id. In this case, GDPR is not our friend so we can’t check those details through a simple domain whois and we need to rely on historical records which Security Trail can provide.
Even though Security Trails didn’t help a lot to find any details about the scammer’s email id it did reveal that he is using Namecheap as his hosting service which is actually a smart move since they can hide behind a huge network of sites that point to the same IP under Namecheap’s network.
I also used who.is to find and crosscheck that Namecheap is the domain registry as well.
Domain was first registered on 2020–05–07 so it’s a fairly new service. But, how long has the site has been running and trying to scam Tinder and Instagram users? Archive.org is a great tool for finding a site’s historical records by providing cached snapshots throughout the years. Pampering-people.com had only one snapshot stored under Archive.org back in 2020–07–23. So, the site has been online at least from that date and on, in fact, its content didn’t change at all compared to today’s content.
Similar sites or services under the same IP or using the same content
My final step would be to associate this site and its content with other similar services under the same IP or ASN by using URLScan.io.
It’s not a surprise that the scammer(or scammers) replicated their scam on a number of other sites and services, for example:
- http://deeptouchspa.com
- https://divinebooking.com/bookme/
- https://purefondlespa.com/
- https://trustedescape.com/
- https://heavenly-aura.com/
End of our Story(until the next one)
So, next time you stumble into a promising Tinder account read the long description and try to stay away from the Tinder massage scam and avoid any further contact with that user either through Tinder or Instagram.
You can read more stories from people who were already scammed in Tinder’s subreddit room.
