close

Demand the FCC ban telemarketer spam!

Hucksters.net
Exposing spam, fraud, corruption, censorship, and propaganda
search
menu
search

Prolific Craigslist “Carfax” Scammer Exposed

Jesse Nickles | Oct 14, 2021

Hucksters can exclusively reveal the man behind a years-long scam targeting thousands of Craigslist users who were buying and selling used vehicles, and asked to “order” a vehicle history report from one of dozens of temporary websites used in the scheme.

The mastermind is Hairuddin Ali, a Muslim Indonesian man who lives in Jakarta, Indonesia with his wife and young children, who moonlights as a technology blogger for websites and .

While it’s certain possible (and probable) that more than one person is involved with similar schemes, we were able to connect Ali with dozens of domains being used in the “Carfax” fraud, proving that he is one of the most prolific actors in this popular scam, including domains like , , , and several others.

Interestingly, a quick-thinking Reddit user documented a similar rash of fraudulent domains last year with almost the exact same usage of keywords. Based on the private messages he published on Reddit.com that are worded very similarly to the private messages reviewed by Hucksters.net in October 2021, we strongly believe Mr. Ali is also connected to the domains exposed by that Redditor either directly or indirectly.

In fact, many of those domains exposed on Reddit used the Name.com registrar (which is not extremely popular), the same registrar that Ali used on some of his “newer” websites too. To stay ahead of abuse reports, he appears to have moved most of these domains around to different hosting providers at different times, which is how we connected the domains to him.

(To avoid tipping him off about exactly how we caught him, we are not going to explain every last detail of our OSINT research here.)

Although we reached out to Ali several times via email and social media, he refused to respond. However, immediately afterwards he changed the WHOIS data on some of his fraudulent websites to be public, listing the owner of the sites as “Suhiman Salman” from “Bandung, Jawa Barat, Indonesia”, an apparent desperate attempt at distancing himself from the scam, and/or perhaps one of his partners who is involved and accidentally set the WHOIS to be public while moving to a new registrar (WebNic.cc). Although we did find a man who uses that name and appears to be a web developer capable of putting together this type of scheme, he doesn’t appear to be very active online.

Ali continues a trend we see regularly especially from Pakistan and Indonesia, where devout Muslims have no problem committing extensive crimes online against Americans, apparently because they think it’s okay to steal from non-Muslims — even though they would never consider doing a similar thing against their fellow countrymen where the punishment would be severe.

The U.S. FTC agency has been warning the public about this very Craigslist scam since at least 2018, which begs the question why nobody in law enforcement has bothered to track down who was behind the scheme when it only took us a few hours to do so. In the comments section of the announcement, several Americans also mentioned specific URLs and domains that had been used to scam them, further expanding the list of websites likely connected to Indonesian scammers — again, why the government refused to list these does not make sense to us.

Tags:

Leave a Reply

*The vast majority of people listed in this database are just “normal” business people, therefore no negative connotation is insinuated nor should misdeeds be assumed based on existing in our business directory. Our underlying goal is exposing misdeeds and fraud, but to accomplish this we often must first identity “honest” business people. This is because of things like similar names, impersonation, copyright infringement, and other reasons. Thus, the vast majority of people in our database are not being accused of anything shady. For this reason, profiles are now “noindexed” by default until comments exist on any given profile, since many of them are unnotable.

DISCLAIMER: ALL INFORMATION ON THIS WEBSITE WAS OBTAINED LEGALLY VIA PUBLIC RECORDS AND WEB PAGES. This public interest website functions as a transparency engine to expose relationships between individuals and entities (e.g. brands and organizations). Under no circumstances do we publish confidential data about an individual such as ID numbers, medical records, health status, or financial information, including contact details such as personal email addresses and phone numbers, residential addresses, or personal media (e.g. photos/videos). If you discover any such information on our website (including in public comments or reviews), please let us know so that it can be removed immediately. (This does not apply to business-related phone/email, office locations, or other contact information that was used as part of a spam/fraud/etc campaign.) We explicity discourage using this internet directory in any effort to harm or harass any individual or entity, regardless of the reason. We also do not accept or solicit payments or other forms of value in exchange for removing or altering pages that are published here. Anyone is allowed to register a free account on Hucksters.net and publish reviews at anytime, as long as they use their real name and abide by our Terms, as well as all relevant laws of the United States and any local jurisdictions. Reviews can be edited or deleted at anytime at the discretion of the review author, and we strongly encourage updating the content whenever appropriate (e.g. if no longer accurate, or if new information exists). Users are also allowed to review themselves. Any comments that do not include the author’s full (real) name will be deleted. By posting on this site (under your real name), you therefore take legal responsibility for your words, and you understand that other people might therefore choose to dispute the nature of your words in a relevant court of law (thus commenters shall not hide behind Section 230). Reviews should be relevant to the subject’s career and not mundane/personal events. We encourage honesty, humility, and good humor, whenever possible.

Common searches: owner, founder, ceo, boss, associate, whois, info, huckster, scammer, spammer, liar, true, reviews, experiences, reputation, before, known for, profile, deadname, real name, birth name, original name, who was, gender, beliefs, history, etc.

Be brave! Login now and report any spam, fraud, or censorship you have witnessed. If you don’t say something, then nothing changes.

Legal caution: we fight (and expose) all fraudulent DMCA+ takedown notices submitted against our website. Any agency, freelancer, or lawyer who is party to “takedown” fraud will be aggressively exposed by our team. Please do not assist the scumbags in our directory unless you’re willing to be publicly exposed, thank you.