PayPal Community

Pete15 · ‎Dec-22-2017

Hello,

I recently was told that I was issued a refund for a paypal transaction by a seller, preferring to resolve the issue with them.

The screenshots I have taken from the support tickets in which they state the refund has already been made.
In the past, if there has been an issue, the refund has shown within a day.

However, one of the support staff has stated that it may take 1-2 months, they don't care - another has stated that it has been issued and all I must do is wait.

I am unsure if this is trustworthy, as the service for which I paid was not that which was advertised. In some regards, I believe it was a scam of sorts and therefore do not believe that there is a refund issued nor will there be.

Understanding that there is 180 days from transaction to make a claim - would it be wise to simply wait a few months as the support staff (who didn't care how long it took) has said, or would this be something to take action upon now?

It is a service that is supposed to provide facilitated stress testing for evaluating server-side security against certain cyber-attacks.
However, it appears more to be a "ddos for hire" site - and, from my logs, doesn't appear to undertake any of the actions it says it performs, as it does.
In their terms and conditions, it states "if I am to raise an issue with paypal then they will leak my information / you can't raise an issue with paypal for a refund, as it's a digital service and not a physical product".

The first is not exactly good practise and the second - as far as I can tell - is not true.

Teach me to try something new and take the easy way (and use a site that accepts bitcoins as payment)...

Thanks for any feedback or advice!First ticket raised with support, ambiguous response from miha.

Clarified action, from seemingly more professional support staff.

Pete15 · ‎Dec-22-2017

After reading the Paypal user agreement - it appears that it may be argued that the seller is in breach of this due to the nature of their service, being far from advertised.

https://en-gb.facebook.com/webstresser.org/photos/a.358357607891025.1073741828.193788284347959/47029...

[NSFW] https://en-gb.facebook.com/webstresser.org/photos/a.358357607891025.1073741828.193788284347959/45932...

https://www.facebook.com/webstresser.org/photos/a.358357607891025.1073741828.193788284347959/4470095...

In fact, that whole page appears to be devoted to demonstrating attraction through digital social proofing, and makes no attempt to hide the fact that the service provided is aimed at providing an illegal service, ie, Distributed Denial of Service attack, without any disclaimer nor agreement that the service is to be used only within the confines of legal penetration testing of remote systems.

(A SKID is a "script kiddie", someone who doesn't know what they're doing but will "hack" sites, unethically, using services such as this - the SKID in the link appears to have been using it for legitimate reasons, as they appear to have been testing their own servers in order to generate such a report to show that the service is a sham. The reply? Ad hominem and invasive humiliation).

I don't know why I didn't notice this from the very beginning - it took only a few minutes to figure out once I had paid and seen the services offered.

Not accepting Paypal for larger packages..? Cryto-currency only..? For business reasons 😉

The whole thing stinks of Black Hat and malicious intent.

Leads me to start to believe that there will be no refund forthcoming, as stated.

Teach me to not research social media and only technews...

Pete15 · ‎Dec-25-2017

Escalated as

PP-006-475-254-341

Fake service: https://www.scamadviser.com/check-website/webstresser.org

Pete15 · ‎Dec-25-2017

Their Paypal ToS:

By purchasing WebStresser you agree 1. General

By establishing an paid account with webstresser.org ("WebStresser") and by purchasing addons, you ("You") agree to and accept our terms of service.

We hardened the current rules because some of our "customers" are abusing paypal gateway.
We offer refunds at our discretion. We can refuse anyone a refund.
We offer a virtual service. This is not covered under the PayPal Buyer Protection.
If you purchased our service less than 24 hours ago, and you are a first time customer you reserve the right to ask for a refund at our support center.
You need ask for a refund before your account with us surpasses total 7 launched boots.
Charging back after using the service for a while will result in the termination of your account, and a leak of your information online.
We are only major ddos service with thousand of customers that accepts paypal payments, therefore these rules must be obeyed so we can keep our paypal gateway in great shape, for many more years to come in doing successful business with our customers.

Pete15 · ‎Dec-25-2017

Noticing I still had access to the site's "services" after a refund (subscription not cancelled), I suggested that it be good practise to cancel a person's subscription once a refund is issued - so that the person could not take advantage of the service while "not paying for it".

Immediately, the support staff went offline.

I have done a little investigation.

Logged as Scamsite: https://uk.trustpilot.com/review/webstresser.org

Current iteration: https://www.scamadviser.com/check-website/webstresser.org

Example previous iteration: https://www.scamadviser.com/check-website/webstresser.co

The amount of visitors to the site is in great disparity to what is reported in "active users".

Here is their Christmas message: [NSFW] https://www.facebook.com/webstresser.org/photos/a.358357607891025.1073741828.193788284347959/5003493...

Pete15 · ‎Dec-25-2017

What is also interesting, is that the server host does not offer the bandwidth for the services that the site claims to provide:

https://whois-ip.net/webstresser.org
https://www.namecheap.com/support/knowledgebase/article.aspx/103/21/can-i-order-more-bandwidthspacem...

Taking a 3 month initial renewal suggests a scam site.
It is claimed that the site has been running for years, however - the evidence proves contrary. It was created only 6 months ago and will expire in another 6 months.

Webstresser.org (a domain name reserved for charities, usually), is claiming to provide 350Gb/s stress tests.
According to their bragging on their social media pages, there have been 100 concurrent tests, over 5 million tests (in 6 months) and have garnered 100,000 users (which is well below recorded traffic to the site).
An average of 9000 a day, for anywhere from 1200-7200 seconds, meaning a max bandwidth requirement of 2520000Gb/s for a single stress test, 350,000Gb/s bandwidth at "their peak" and a potential total of 22.60 Exobytes transferred per day.

That is really impressive... That is rougly a quarter of the global cellular data transfer per day.

They must have some extremely impressive system to be able to rival such a thing!

Considering the server hosts restrictions on such high bandwidth, through "fair use", along with their list of prohibited activities - it would be safe to conclude that this service is not only in breach of Paypal's user agreement, providing a service that greatly differs from that advertised, but also in violation of its hosting services legal agreements by offering a service, for example:

"not to engage in or to instigate actions that cause harm to Namecheap or other customers. Such actions include, but are not limited to, actions resulting in blacklisting any of Our IPs by the any online spam database, actions resulting in DDOS attacks for any servers, etc.".

https://www.namecheap.com/legal/hosting/aup.aspx

In particular:
Section 8: Prohibited Activities
Section 10: Acceptable use policy for virtual accounts (which is in gross disparity to the service's reported abilities).

The site is offering a service that can be be said to be unable to provide / is not what is advertised.

The server on which the site is hosted - sniffing the activity - it is fake. It is nothing but countdown timer and there is no activity nor connection to any other server behind the cloudflare Ddos protection that would suggest that this service is able to provide anything near that which is advertised.

Therefore, I conclude that a site that claims to have 100,000 users would have more than an average of 15-20 likes per post on its facebook page.

The service advertised - I have performed the same "attacks" on a network, "the proper way" and it does show a TCP or SYN flood or even a series of incomplete http requests, slowly filling up every socket on a server until legitimate users are unable to connect.

Low grade, basic, entry level stress testing.

"Level 7" tests that ought to be able to deny access to their own site (eg, break through cloudflare's anti-ddos protection)... I wonder why no-one has even attempted to take down the site itself, considering the mentality of the users.

https://www.facebook.com/webstresser.org/photos/a.358357607891025.1073741828.193788284347959/3987201...

(this image also establishes link to the previous scam-site to offer illegal-activity-for-hire, webstresser.co).

Pete15 · ‎Dec-25-2017

Advertised as a "stresser", for facilitating network security - it is nothing more than a "booter" or "Ddosser / botnet for hire" and a perfunctory of cyber-criminal activity:

https://www.incapsula.com/ddos/booters-stressers-ddosers.html

A gross misrepresentation of the service offered.

Pete15 · ‎Dec-28-2017

Their web server is not as secure as they would like to think, perhaps.

A photograph of the "Administrator".

I'm going to guess this is supposed to be Mixa, who doesn't care if you receive a refund or not.

Although, this is a photograph of Paul Glen:

Who is a CEO of an educational institution, and so... it makes me wonder - why is "mixa" trying to pass themselves off as a tech guru..?

It makes me wonder, how a site that has been active for on 17th May 2017 and claims to have received over 100,000 users and 5 million uses - has their "support staff" impersonate reputable figures and... the day after I file a dispute and escalate it - makes announcements on their social media such as:

//

26th Dec at 02:59am

Dear customers, we have to announce that we had to terminate our L7 stress testing option because few of our users were disrespecting terms of agreement and abused it. We dont want anyone of us to be involved in legal issues so because of everyone's safety we decided to suspend L7 for now. Best regards

Name and 10 others like this.

Comments

Name: You think ddos is a legal thing? I think everyone is using it for illegal ddossing lol

Webstersser: We present our website as a legal tool with acceptable user policy and terms of service, nothing more nothing less.

// I've never once seen a user policy nor terms of service. Wasn't even asked to verify an email...

Name: you know Damn Well that people using it for bad stuff Lolz but for you not Too get in trouble i would say that Too

Name: Well yer everyone uses it to hold people offline n doss thats what its 4 im not going to lie

//

Now, I wonder why they would suddenly try to cover themselves and not want to get involved in legal disputes, when someone has started to investigate their service and contacted their domain provider and hosts to report facilitating illegal activity..?

Wouldn't it be easier to simply issue me the refund as stated, rather than for me to have to contact the domain provider and hosts in order to report the site as facilitating illegal activity - perhaps even take it to the IC3: https://complaint.ic3.gov/

Pete15 · ‎Dec-28-2017