Data Privacy Company Onerep.com The company describes itself as a Virginia-based service that helps people remove personal information from nearly 200 people search sites. However, an investigation into the history of onerep.com found that the company operated in Belarus and Cyprus and that its founders had launched dozens of people search services over the years.
Onerep’s “Protect” service starts at $8.33 per month for individuals and $15 per month for families, and promises to remove your personal information from nearly 200 people search sites. Onerep also markets its services to companies that want to provide employees with the ability to continually remove material from people search sites.
Recommended on onerep.com.
Customer case studies posted on onerep.com indicate that it has an agreement to provide services to employees of the following companies permanent medicinerepresenting physicians within the health insurance giant Kaiser Permanente. Onerep also says it has made inroads with U.S. police departments.
But a review of Onerep’s domain registration records and those of its founder revealed a different facet of the company. Onerep.com says its founder and CEO is Dimitri Shelest The same goes for Shelest’s LinkedIn profile from Minsk, Belarus. Historical registration records indexed by DomainTools.com show Mr. Shelest as the registrant of onerep.com using that email address dmitrcox2@gmail.com.
Searching for the name Dimitri Shelest on Constella Intelligence, a data breach tracking service, will show the email address dimitri.shelest@onerep.com. Constella also discovered that the email address was used by Dimitri Shelest from Belarus d.sh@nuwber.comand Belarusian phone numbers +375-292-702786.
Nuwber.com is a people search service whose employees appear to be from Belarus and is one of dozens of people search companies that Onerep says it targets with its data removal services. Onerep.com’s website denies any relationship with Nuwber.com, stating clearly: “Please note that OneRep is not affiliated with Nuwber.com.”
However, there is considerable evidence that Mr. Shelest was in fact the founder of Nuwber. Constella found that the Minsk phone number (375-292-702786) was used multiple times along with the email address dmitrcox@gmail.com. Recall that domain registration records for Onerep.com from 2018 list the email address dmitrcox2@gmail.com.
Mr. Shelest appears to have attempted to reshape his online identity in 2015 by adding a “2” to his email address.Searches for Belarus phone numbers related to Nuwber.com show up in domain records askmachine.orgDomainTools indicates that the domain is bound to dmitrcox@gmail.com and dmitrcox2@gmail.com.
Dimitri Shelest, CEO and founder of Onerep.com, as shown on the “About” page of onerep.com.
A search of the email address dmitrcox@gmail.com in DomainTools shows that the address is associated with registrations for at least 179 domains, including dozens of people search companies targeting citizens of Argentina, Brazil, Canada, Denmark, and France, most of which are now No longer exists. , Germany, Hong Kong, Israel, Italy, Japan, Latvia and Mexico, etc.
These include nuwber.fr, a website registered in 2016, which was the same as Nuwber.com’s homepage at that time. DomainTools shows that the same email and Belarusian phone number exist in the historical registration records for nuwber.at, nuwber.ch, and nuwber.dk (all domains linked here point to cached copies on archive.org (if available)) .
Nuwber.com, circa 2015. Image: Archive.org.
A review of historical WHOIS records for onerep.com revealed that the site had been registered as a completely unrelated site for many years by a resident of Sioux Falls, South Dakota. But around September 2015, the domain switched from registrar GoDaddy.com to eNom, and the registration records were hidden behind a privacy protection service. DomainTools indicates that onerep.com began using the domain servers of the DNS provider constellix.com around this time. Similarly, Nuwber.com first appeared in late 2015, also registered through eNom, and started using constellix.com as DNS almost at the same time.
The former product manager listed on LinkedIn as OneRep.com from 2015 to 2018 is Dimitri Bucuazzo, who said his hometown is Warsaw, Poland. Although this LinkedIn profile (linkedin.com/in/Dezmitribukuyazau) does not mention Nuwber, and a Google search for the name turns up a 2017 blog post from privacyduck.com, which lists numerous reasons to support the conclusion that OneRep and Nuwber.com are the same company.
“Anyone searching for a profile on Nuwber.com that contains your personally identifiable information will have the same mirrored image on OneRep.com, including the names and address history of relatives,” Privacyduck.com writes. The post continued:
“Both sites offer the same immediate opt-out process. Both sites have the same general contact and support structure. They were, and still are, the same company (even PissedConsumer.com promotes this fact: https:// nuwber.pissedconsumer.com/nuwber-and-onerep-20160707878520.html).”
“In early 2016, things changed and OneRep.com began offering a private deletion service while displaying your personal information publicly. At this time, when you find yourself visiting Nuwber.com or OneRep.com, you can choose to delete it on their website for free. website to opt-out of your data, but we strongly recommend that you pay to have them removed from the bulk of your data. Other sites (part of this payment is to remove you from their own site, Nuwber.com, as part of their service benefit).”
Contacted via LinkedIn, Mr Bukuyazau declined to answer questions such as whether he had ever worked at Nuwber.com. However, Constella Intelligence discovered that nuwber.com employees have two interesting email addresses: d.bu@nuwber.com and d.bu+figure-eight.com@nuwber.com, which are registered as “Dezmitri”.
PrivacyDuck’s account of how onerep.com emerged and behaved in its early days is not easy to verify because the domain onerep.com has been completely excluded from archive.org’s Wayback Machine. The Wayback Machine will honor such requests if they come directly from the owner of the domain in question.
Nonetheless, Mr. Sheleste’s name, phone number, and email also appear in domain registration records for a bewildering number of services, including Programspplcrwlr.fr, pplcrwlr.dk, pplcrwlr.jp, peepl.br.com, peepl.inpeepl.it and peepl.co.uk.
The same details also appeared in the WHOIS registration records of the now-defunct people search sites waatpp.de, waatp1.fr, azersab.com and ahavoila.com, which provided people search services to French citizens.
German people search website waatp.de.
A search of the email address dmitrcox@gmail.com revealed that Mr. Shelest had previously been involved in fairly aggressive email marketing campaigns. In 2010, an anonymous source leaked to KrebsOnSecurity spamwhich was undoubtedly the largest Russian-language pharmacy spam affiliate program in the world at the time.
Spamit pays the spammer a huge commission every time someone buys male enhancement drugs from a spam advertising website. Mr. Shelest’s email address stands out because immediately after the Spamit database was leaked, KrebsOnSecurity searched all Spamit-affiliated email addresses to determine if any of them corresponded to social media accounts. Facebook.com (At the time, Facebook allowed users to search personal data by email address).
That map was done largely by generous graduate students at my alma mater George Mason University, revealed that dmitrcox@gmail.com is used by Spamit affiliates, albeit not very profitably. Mr. Shelest’s Facebook profile is still active and shows that he is married and lives in Minsk (last updated: 2021).
Italian people search website peepl.it.
Scroll down Mr. Shelest’s Facebook page and see posts from over a decade ago that show he likes the Facebook profile pages of many other people search sites, including findita.com, findmedo.com, folkscan.com, huntize.com, ifindy.com, jupery.com, look2man.com, lookerun.com, manyp.com, peepull.com, perserch.com, persuer.com, pervent.com, piplenter.com, piplfind.com, piplscan.com, popopke. com, pplsorce.com, qimeo.com, scoutu2.com, search64.com, searchay.com, seekmi.com, selfabc.com, socsee.com, srching.com, toolooks.com, upearch.com, webmeek.com, and the many country code variations of viadin.ca (such as viadin.hk, viadin.com, and viadin.de).
People search website popopke.com.
Domaintools.com found that all of the domains mentioned in the previous paragraph are registered to the email address dmitrcox@gmail.com.
Mr. Sheleste has not responded to multiple requests for comment. KrebsOnSecurity also sought comment from onerep.com, which also did not respond to inquiries about its founder’s many apparent conflicts of interest. Regardless, these practices appear to contradict Onerep’s stated goals on its website: “We believe that no one should compromise personal online security and profit from it.”
People search website findmedo.com.
Last week, KrebsOnSecurity published an analysis of the people search profile brokerage giant on the radarwhose consumer profiles are deep enough to rival the more protected profile broker resources available to U.S. police departments and other law enforcement officials.
The story revealed that the co-founders of Radaris are two native-Russian brothers who run multiple Russian-language dating services and affiliate programs. Many of the Radaris founder’s businesses also appear to be tied to a California marketing firm that works with a Russian state-run media group that is currently subject to U.S. government sanctions.
KrebsOnSecurity continues to investigate the history of various consumer profile brokers and people search providers. If any readers have inside knowledge of the industry or the key players within it, please consider contacting krebsonsecurity at gmail.com.
