TST Management

Mode of Operation

You get an an instant message from your friend with just a link provided. Something like this http://yourfriendsaccount.hdd5.imagehosters.info. Following the link will yield a site like this.

Note: I am not affiliated with TST Management. This is a Phishing like site and I am posting their Policy so everyone can read it clearly, and be aware of their operations.

Please do not fill out their form unless you want to surrender some of your privacy!!!

TST Management Website image
TST Management Website image

Their Policy and Terms and Conditions

Note: Italics are my comments pointing out critical points with Bold highlighted areas.

Terms of Use / Privacy Policy:

By filling out this form, you authorize TST Management, Inc to spread the word about this 100% real and upcomming Messenger Community Site. You will receive your share of the credit in helping us spread the word. This is a harmless Community site which is offering users a platform to meet each other for free. Harmless and you provided them your email account and password. Amazing how the cons stress their innocence.

We do not share your private information with any third parties. By using our service/website you hereby fully authorize TST Management, Inc to send messages of a commercial nature via Instant Messages and E-Mails on behalf of third parties via the information you provide us. This is not a "phishing" site that attempts to "trick" you into revealing personal information. Everything we do with your information is disclosed here. If you are under eighteen (18), you MUST obtain permission from a parent or guardian before using our website/service.

Not a direct phishing attempt, but then why do you want confidential information like a password, from there they can get some your credentials and guess what your identify could be compromised.

This page is not affiliated with or operated by Microsoft(tm) or MSN Network(tm).

ANY LIABILITY, INCLUDING WITHOUT LIMITATION ANY LIABILITY FOR DAMAGES CAUSED OR ALLEGEDLY CAUSED BY ANY FAILURE OF PERFORMANCE, ERROR, OMISSION, INTERRUPTION, DEFECT, DELAY IN OPERATION OR TRANSMISSION, COMMUNICATIONS LINE FAILURE, SHALL BE STRICTLY LIMITED TO THE AMOUNT PAID BY OR ON BEHALF OF THE SUBSCRIBER TO THIS SERVICE.

We may temporarily access your MSN account to do a combination of the following:

1. Send Instant Messages to your friends promoting this site.

2. Introduce new entertaining sites to your friends via Instant Messages.

This is a free service. You will not be asked to pay at any time. You will not be subscribed to anything asking for payment. This service is made possible by many hours of human effort. You will pay for it by the spam and sacrificing your privacy.

TST Management, Inc reserves the right to change the terms of use / privacy policy at any time without notice. To view the latest version of this privacy policy, simply bookmark this page for future reference.

You understand that this agreement shall prevail if there is any conflict between this agreement and the terms of use you accepted when you signed up with MSN. You also understand that by temporarily accessing your msn account, TST Management, Inc is NOT agreeing to MSN's terms of use and therefore not bound by them. Huh!? overriders since when and how is this legat?

This agreement shall be construed and governed by the law of the republic of Panama. You expressly consent to the exclusive venue and personal jurisdiction of the courts located in the Republic of panama for any actions arising from or relating to this agreement. Want to take a trip to Panama to contest this, or fight it?

If any provision of this agreement is held to be invalid, illegal or unenforceable for any reason, such invalidity, illegality or unenforceability shall not effect any other provisions of this agreement, and this agreement shall be construed as if such invalid, illegal or unenforceable provision had not been contained herein.

Copyright 2008 TST Management, Inc

Other Aliases.

Now TST Management sites have come under many different name. Here is a list, from what I can gather from a few other blog and websites. It isn't a complete listing, but at least some of their aliases.

pooop.info, srys.info,rkntbp.info, vnxpkf.info, yzxvsn.info, jcyhzr.info, vnxpkf.info, xrsnbt.info, dytgms.info, qpcbkt.info, yqbzfj.info, yxwzmq.info, psnkcq.info, sxwmkr.info, tqxycj.info, wcmbsj.info, rhqwcp.info, qmnfct.info, rsbkdg.info, zjdgxq.info, mxbpkr.info, xjctsp.info, rhqwcp.info, mgtwdn.info, kfytsj.info, dsbpzg.info, gmnzby.info, dbnyzc.info, jcyhzr.info, dsbpzg.info, dbnyzc.info, bzjnxd.info, zjdgxq.info, qvsgwy.info, cdystp.info, hmybqw.info, yvmjzc.info, vmytks.info, nhcswv.info, ztmrcj.info, wkfbmt.info, fvkgcz.info, zcxrjb.info, jtyqkv.info, xhzsrg.info, hqnxmv.info, srbgxz.info, pghzvq.info, bgpmwr.info, ndkzcy.info, tpyhzx.info, etc...

According to the followup links: The whois on these sites lead to Panama and from there to the Blue China Group, Ltd located in Hong Kong. There is a possibility that it is a virus by some of the sources too.

So pass the word along. And here are some links to followup with.

Your Defense - Revision 2009/01/09

Alright: From the comments and from observation.

What happens if you got toke by this site.

1.  Immediately - Without delay - change your password.

2. Tell your friends, odds are they are going to get spimmed from this from now on.  If TST got your friends email addresses from your accounts, they have now added your friends email accounts to their list.

As to virus infection, I don't think so.  But there are dangerous Websites out there with hacker HTML scripts.  But it would be a good idea to run an antispyware like Lavasoft, Spybot S&D, and antivirus program on your computer.

Your greatest defense is 'Don't give out your password' , don't submit it to any website asking you for it (except your email site).  This isn't a bad rule even for social network sites like Facebook, Twitter, and so on.  No needs access to your accounts.  If they say find your friends - do yourself a favor enter them manually. 

Updates on new TST Sites.

 

This is just recent within the week of May 29 2008

  • snapsh0t.info

Update for June16, 2008 The following sites can be added to the growing list:

  • adp0int.info h0t-pics.into

Summary of Sites provided by comments:

  • <MSN name>.xmas-party-pics.com
  • pics.upicx.com/?your_friend_msn_mail
  • uimgx.com
  • (MSNAccount).yoimgz.com
  • [myusername].checkapics.com
  • <myMSNname>.foundthis.com
  • sickdude.1ik5.info

2009/01/05 Update

  • real-cool-newyear-party-pics.com

2009/01/06

  • <MSN-my name>.holliday-pics.com
  • happy-new-year-awesomeofferz.com
  • awesomeofferz.com

2009/01/25

  • <MSN-my name>.zopblob.com

2009/01/29

  • <MSN-my name>.all-part-pics.com

2009/02/19

  • <MSN-my name>.gone-wild-party-pics.com

2009/03/

  • <MSN-my name>.new-year-party-pics.com




More by this Author


Comments 44 comments

JAY 7 years ago

WELL DONE WHOEVER PUT THIS INFO UP, PPL LIKE YOU KEEP US SAFE. HEROES IN MY EYES.


jordan 7 years ago

the ip for crazy-new-year-party-pics.com is 202.64.61.208


jordan 7 years ago

how do you get the ip


eaglegordon profile image

eaglegordon 7 years ago Author

kay, they are very much alive and keep changing sites. No your friends aren't up to any nonsense, but they got caught by them. So pass the word along, that your friends have just compromised themself and now all their contacts are going to get some spim.


Kay 7 years ago

I thought one of my friends was trying to steal my password or something.

2/19/09 - their site's still running strong, with new and inproved <your name here>linkage


eaglegordon profile image

eaglegordon 7 years ago Author

Thanks Dave.

TST Managment has been very busy this last month.

Usually they come up under Blue China group.


Dave 7 years ago

Had some problems with employees here getting scammed. Although I do believe none of them gave their MSN data to one of the sites, it seems TST has now found a more advanced way to get at it (Thank god I don't use Windows).

Two further domains

quickgiftz.com, checkdizz.com ... it seems they create a new phishing site every day, possibly because the previous gets removed. The last two domains were registered at namecheap.com and redirected to some site that tries some hacking attempts (like "nmap xmas scan") on the machine viewing it, counts the hit and then redirects again (all in a split second) to a real msn.com site.

The sites have already been taken down, but I managed to find the counter the TST Scammers were using... amazing how many hits they made in just one day.

<!-- @page { size: 21cm 29.7cm; margin: 2cm } P { margin-bottom: 0.21cm } --> http://www.ipcounter.de/stats.php?u=59154169&a...


eaglegordon profile image

eaglegordon 7 years ago Author

CH - odds are the only thing they got is whatever info is on you email account if you gave them your email and password. Plus all your contacts, so then they will IM your friends.

Odd thing they do IM when the person that compromised their accounts is offline.

kjbprincess Thanks for the links. And yes they are scammers.


CH 7 years ago

Thanks for all the info...

I met two "friends" on the internet and as I put them on MSN I started to get these strange links.

I found it strange that they only send me these links without writing anything. The first link I tried to open didn't work and the second led me to PICS for MSN Friends... I found it strange that I had to enter my password so I looked immediately for info and found you.

I changed my passwords and ID questions like you advised.

Could they have come into my files or you think it's okay like this?


kjbprincess 7 years ago

I got these from one of my contacts (I knew it was a scam before I clicked the link, because they came from someone I hardly know), and when I clicked the link and saw it asking for my username and password... then I knew for sure it was definitely a scam!

Here are some of the links I was sent:

http://nuyear.awesomeofferz.com

crazy-new-year-party-pics.com

http://happy-new-year.awesomeofferz.com

piclooks.com

xtra-cool-newyear-party-pics.com


eaglegordon profile image

eaglegordon 7 years ago Author

ANK

That's good you are trained. Our best defense against scams is recognizing their tactics.

Unfortunately if you are getting those hot-party-pics, a friend who has your email was compromised, or taken in by them.

For scam detections: I depend on Yahoo or Google. Enter the company's name and search for them and I look for reports such as scams, "pro con" . If they are legit you seldom see the negative reports Or I may but in the word scam, or words pro con along with their name.

This flushes them out quickly


ANK 7 years ago

for 4 months i'm getting this type of message... <MSN-my name>.new-year-party-pics.com (most recent), <MSN-my name>.holliday-pics.com etc...

"I'm trained" by my boyfriend not to fall for this kind of junk and more, I know where I've been, so, "out-of-the-blue-parties-events"pictures can't make me curious.

Ignore these kind of TST messages, if You know what's best for you and your identity.


eaglegordon profile image

eaglegordon 7 years ago Author

Jon Thank you. Panama. Yes I have been getting those pics-from-the-party due to young friend who compromised their account. Needless to say they get all the othre legit accounts that account holder have and just take yours and paste and make a link for you. Another way to spim.

Tony - hopefully you didn't compromise yourself. Computers are fast, but at least you recognized what was happening.

Thank you BJ and pens:

Main thing to remember Never ever give out your password to your account to anyone and unless you wish to share your account with the world. Facebook and similar social sites may promise just to get your contacts list to see if your friends on are their systems. Don't do it. Do you know everyone at those places? at a personel level?

Well if these social sites are respectable and I wouldn't give them my info. Then what about these phishing/spimmers that come along? Parading like a social site.

End policy don't trust anyone with your account info. Or be prepared to switch passwords and or get a new account name.


Tony 7 years ago

I just got a the <MSN name>.xmas-party-pics.com link also. Watch out for that link. I got the pop up from MSN that I was being logged off because I signed in to another computer. S#*$! I immediately logged back on and changed my secret question and password. Hopefully nothing happens.....


BJ 7 years ago

Just got done by the xmas-party-pics site... changed password immediately, changed my MSN name to "Please do not go to any links I send you"... maybe that will make a difference spybot and antivirus straight away as well...


pens 7 years ago

another alias of this phishing site, just in time for the christmas season: <MSN name>.xmas-party-pics.com

whois lookup gives the same data as Jon's post above.

google doesn't turn up much on this domain yet, so hopefully this will help someone...


Genol 7 years ago

i getting this ! Is someone getting this before?

http://pics.upicx.com/?your_friend_msn_mail


Jon 7 years ago

pics-from-the-party.com hosted in 202.64.61.208 (pacnect.com) China. ssh port 22 is open please try to hacks it ;-).

Whois about the domain pics-from-the-party.com:

Registrant: Peter Call Edificio Magna Corp. 5th Floor, Office 511 Ave. Manuel Maria Icaza y Calle 51 Panama City Panama 0000 PA Administrative: Peter Call Edificio Magna Corp. 5th Floor, Office 511 Ave. Manuel Maria Icaza y Calle 51 Panama City Panama, 0000 PA Phone: +507.2021577 Fax: +1.5555555555 tstmanagementinc@yahoo.com Technical: Peter Call Edificio Magna Corp. 5th Floor, Office 511 Ave. Manuel Maria Icaza y Calle 51 Panama City Panama, 0000 PA Phone: +507.2021577 Fax: +1.5555555555 tstmanagementinc@yahoo.com nameserver: DNS1.REGISTRAR-SERVERS.COM DNS2.REGISTRAR-SERVERS.COM DNS3.REGISTRAR-SERVERS.COM updated-date: 2008-12-20 20:25:26.000 created-date: 2008-12-20 20:25:17.000 registration-expiration-date: 2009-12-20 20:25:17.000 status: registrar-lock domain: pics-from-the-party.com


eaglegordon profile image

eaglegordon 7 years ago Author

Danny6167,Flupke, ToSp.de.vu

Thank you guys for those points. These people are still at it.

To Hazel: Sorry I'm late in responding been away for awhile.

Can you get it again? Only if you give them your email account and password.

However your friends email addresses are now known to these people so expect them to get spimmed.

It doesn't seem to be a virus deal, just a Phishing attempt to get personal information. Facebook uses something similar too, in saying lets us into your account to get your friends emails and see if they are on Facebook. I wouldn't do it for Facebook either, I don't know the stranger at the other end, and I certainly don't share my password with friends on my email accounts so someone I don't know? Nada.

It's wise to never give out your passwords to anyone. No matter who they are. A person could be honest and straight today and tomorrow crooked and against you.

Take care and beaware.


Hazel 7 years ago

i reinstalled msn, changed my password. do you think it will happen to me again? i ran my norton virus scan too


Flupke 8 years ago

2 new TST Management domains for today: <YourName>.uimgx.com and <YourName>.upicx.com

As always coming from 'friends' who thought they were gonna win an xbox, laptop. scooter, car, yacht, airplane or spaceshuttle and just give away their usernames and passwords


ToSp.de.vu 8 years ago

Hi, now a new URL: h++p://(MSNAccount).yoimgz.com

greetingz from Germany! :)


eaglegordon profile image

eaglegordon 8 years ago Author

To all my commentars: I apologize for not responding earlier to your comments. Been busy and away for awhile.

I have been monitoring TST Management.

First I don't what the FBI could do about these guys as they are offshore.

Secondly it seems once they got your info, they keep it and use it to send more spim via IM. This needs to be confirmed, but it's a suspicion.

Changing ones password to a strong one is a good idea, but it's still better to avoid even tinkering with these Guys. They are criminals (their conduct and lack of respect, and continue usage of infiltrating other peoples personal lives are definitly of criminal nature).


Kerno 8 years ago

I'd suggest that whoever you have recieved the message from has been duped. Send them a message to change their password to a new strong password that has a mix of upper case and lower case letters, digits and punctuation characters.


Mark 8 years ago

What I don't get is how they send the message from one of the friends on my list...does that mean the person I received the message from has already been had by this scam or that I have some kind of virus?

Like Mole before, my link was to http://[myusername].checkapics.com


ave 8 years ago

your beter off reporting to microsofti meen bill gates is so rich he will probly sue them lolz


Mole 8 years ago

TST Management going strong still, sadly. Got a message on MSN from a close friend, didn't suspect must until I called him and he said he hadnt been online all day. Suspicions were confirmed when I read the T&Cs. No genuine company uses lower case lettering in their terms where they're needed: "panama" and "msn" both deserve capitals I believe. Imagine my suprise when i Googled the name and found nothing but articles about these scammers.The URL I was sent was http://[username].checkapics.com

Giving this scum your details gives them unlimited access to your account, don't ever risk it. If your friend wants to show you pictures them can e-mail them to you. There's no need for any third party to be involved.



AgoodguyHacker 8 years ago

This site needs to be shut down and not only that it needs to be reported. Has anyone ever thought of going to the FBI website and fill out a internet crime complaint. Even though your giving the guy or girl your info, in return your not getting a thing but crap.

Second if no one wants to do that, maybe there is a guy on here that knows what to do with his ip. 210.56.53.224 ---yes i got the ip of the guy so someone tell his isp provider or the FBI its not that hard.


jo 8 years ago

does changing your password always work?

i dont think it worked for me


kiereann 8 years ago

New address... same con

http://<myMSNname>.foundthis.com ... my mate has it. I read the T&C's ... ;o)


averes 8 years ago

This site one bullshit. Spam, trojan etc... Parasite


eaglegordon profile image

eaglegordon 8 years ago Author

QYJ

It seems that they replicate your email name and contacts to all their subsidary sites too.


QYJ 8 years ago

Argh! I gotten it too! That stupid virius, infected my 60++ contacts! *SLASH*


eaglegordon profile image

eaglegordon 8 years ago Author

Ivy - that's right

Don't compromise yourself ever. Giving out your email at site puts one at risk for getting spam.

But when asked for confidential information like your password - it's like giving the key to your house to a stranger you don't know.

Remember this most companies (banks included ) they won't ask for your information - unless you call them, and depending on your need and which level of official you are talking with.

Chris - some of us learn by the school of hard knocks and some learn by this Pilot's adage = "learn from the mistakes of others for you won't live long enough to make them all yourself"


ivy 8 years ago

Chris, If you got tricked by this, then sad to say it's the first of many for you. Why would ANY other website need your MSN credentials? Never EVER give that stuff out to any other site than MSN. Lrn2interweb.


Chris 8 years ago

...it also produces https' with the first part of the E-Mail of your friends. So it looks as if you are in with it. Like http://sickdude.1ik5.info

Was tricked first time via internet! GRRR!


Memphis 8 years ago

I never entered any details, like you i googled it and came here ;) I've also told everyone else NOT to enter any details and to change passwords etc.

Lets hope that's stopped it for now.


eaglegordon profile image

eaglegordon 8 years ago Author

Unfortunately if your friends took into it too. You are on their friends list, so guess what you get it coming back to you, but from them.

So maybe pass the word along to your friends.

I first received this from a young friend of mine, but being a little older and hopefully wiser. At least I believe a little more internet savvy, I googled what was sent me, plus I have seen similar exploits like this before (red flag is when they ask for my email password. I sent my friend a warning, and advisd her to change her password. That seem to have ended it, but we will see.


Memphis 8 years ago

Password changed, spybot run (and cleared some crap!) anti virus found nothing. Lets hope that got it! :-)

Only problem now is im getting the link from other people! :S Oh well, we cant win them all.

Thanks for the advice eaglegordon :D


eaglegordon profile image

eaglegordon 8 years ago Author

First step is to change your password if you haven't.

Second like what you are doing run Spybot Search and destroy plus Lavasoft program.

Third if everything still seems to be producing a send links is uninstall and reinstall your messenger or switch messengers.

Fourth I ran out of suggestions, so a good Google research might come up with something. If it's virus as some suspect - run your Antivirus program - if you don't have one Commodo or AVG free are good bets (my favorites)


Memphis 8 years ago

Thanks for the info. I seem to be sending this link from my msn :S Any ideas on how to stop it!? Im trying spybot... fingers crossed :)


eaglegordon profile image

eaglegordon 8 years ago Author

another Blue China Group listing - thank you


no one 8 years ago

    Sign in or sign up and post using a HubPages Network account.

    0 of 8192 characters used
    Post Comment

    No HTML is allowed in comments, but URLs will be hyperlinked. Comments are not for promoting your articles or other sites.


    Click to Rate This Article
    working