Wednesday, September 7, 2011

Strange Bedfellows on 66.249.137.55

The server on the IP 66.249.137.55 has a very interesting mix of legitimate business sites, obvious porn related sites and fake shipping and escrow sites.
I wonder what the owners of those web sites would say if they know this was happening?
66.249.137.55 is the IP mainly used by
:
Domain Name: DWHS.NET
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com/
   Name Server: NS1.DWHS.NET
   Name Server: NS2.DWHS.NET
   Name Server: NS3.DWHS.NET
   Status: ok
   Updated Date: 02-may-2011
   Creation Date: 31-may-2002
   Expiration Date: 31-may-2012
The actual hardware for that IP is owned by:
OrgName:        Blacksun Technologies LLC
OrgId:          BTL-24
Address:        7108 Katalla Ave
Address:        Suite 422
City:           Stanton
StateProv:      CA
PostalCode:     90680
Country:        US

However, in the mix listed below, are these fraud sites:

New site added on 9-20-11:
logisticsdivisioninc.com  http://whois.domaintools.com/logisticsdivisioninc.com

expertdivisioninc.com   active fraud shipping and escrow  http://whois.domaintools.com/expertdivisioninc.com

cargowebinc.com  active fraud shipping and escrow  http://whois.domaintools.com/cargowebinc.com

incspedition.com   active fraud shipping and escrow  http://whois.domaintools.com/incspedition.com
logistics-intlgroup.com  active fraud shipping and escrow  http://whois.domaintools.com/logistics-intlgroup.com

usacourierexpert.com suspended? fraud shipping and escrow  http://whois.domaintools.com/usacourierexpert.com

usadivisioninc.com   active fraud shipping and escrow  http://whois.domaintools.com/usadivisioninc.com

usaelitecourier.com   active fraud shipping and escrow  http://whois.domaintools.com/usaelitecourier.com

usaextrafreight.com   active fraud shipping and escrow  http://whois.domaintools.com/usaextrafreight.com

usglobalcargo.com   active fraud shipping and escrow  http://whois.domaintools.com/usglobalcargo.com

All these fraud sites are hosted on space leased (by who?) to the person running whoisnameservers.com.
http://whois.domaintools.com/whoisnameservers.com
The domain is registered to an email account
graychris04@hotmail.com
The domain WHOISNAMESERVERS.COM also violates ICAAN policy for domain registrations:
http://wdprs.internic.net/
Apparently the Registrar: ENOM, INC doesn't care.
If you google the email graychris04@hotmail.com  you get the dead domain:
http://networktools.nl/whois/graychris.com
http://whois.domaintools.com/graychris.com
shows that the domain was registered using
Registration Service Provided By: NVH Inc
http://www.nvhserver.com/
A known scam hosting company run by people in Vietnam.
The domain is mentioned here:
http://www.malwareurl.com/ns_listing.php?ns=ns1.graychris.com
that nameserver hosted a fake shipping and escrow site
deliveryusainc.com
mentioned here:
http://forum.aa419.org/viewtopic.php?t=53229
deliveryusainc.com was previously hosted by nvhserver.com, mentioned above.
Cached version of the original page showing some fraud sites on the same NHV server is here:
http://webcache.googleusercontent.com/search?q=cache:b-LBvUmRaHcJ:www.malwareurl.com/listing.php%3Fip%3D173.192.221.44+%22deliveryusainc.com+
%22&cd=19&hl=en&ct=clnk&gl=us
This url shows the same site and others which were hosted and assumingly suspended:
http://webdetail.org/ip/173.192.221.44
Domain Name: WHOISNAMESERVERS.COM
   Registrar: ENOM, INC.
   Whois Server: whois.enom.com
   Referral URL: http://www.enom.com/
   Name Server: NS1.WHOISNAMESERVERS.COM
   Name Server: NS2.WHOISNAMESERVERS.COM
   Status: clientTransferProhibited
   Updated Date: 12-jul-2011
   Creation Date: 11-jul-2011
   Expiration Date: 11-jul-2012

Using a reverse search for the domain whoisnameservers.com you get this information:
Reverse IP Lookup Results—322 domains hosted on IP address 66.249.137.55 Web Site
I am only providing information about the known scam sites and I am not saying all these sites are fraud.
I just find the mix of domains interesting.

19thcenturymining.com
3313-1.com
4nall.com
8packabroutine.com
abdistributor.com
adulthostingprovider.com
adulthostweb.com
adultsiteaffiliateprogram.com
agapemusicacademy.org
airsistemi.com
allamericandance.com
amateur382.com
americanforeigner.com
angeldesire.com
animeenlinea.com
anjofael.com.br
aquacondovacation.com
archania.com
arieldunesvacation.com
asiancumdump.com
ataripirates.com
ataripirates.net
atlanticguernsey.com
atlantictelevision.tv
atvguernsey.com
aussex.info
barstarstv.com
beachadventurevacations.com
bestvaginareviews.com
bestxtgp.com
biagiodanelli.info
blackwhitetube.com
blessingforall.com
bmobile.vg
bound-dolls.com
boundesign.com
bradfordrdavisasla.com
britishrealitysites.com
britishsoftcoresites.com
britishspankingsites.com
britishstockingsites.com
britishstraponsites.com
bronzetree607.com
brytodd.com
bwtube.com
cassinewayvacation.com
cecodestin.com
chinacallboys.com
chinamineralco.com
chinamineralco.net
chinamineralcompany.com
christian-web-hosting.com
chs1982.org
clarkmedicine.com
classifiedcandles.com
clip2clipproductions.com
collegemodeljobs.com
comato5e.com
comato5e.it
communityconcepts.net
consignmintllc.com
cougarsex.co.uk
cougarukdating.co.uk
covergirlpix.com
craps-bets.com
crystalbeachvacation.net
curiouspleasure.com
cw.vg
cybagirl.com
cybagirl.net
cyclonehobbies.com
damnbigboobs.info
darkrebel.com
datinganduk.co.uk
datingservicesuk.co.uk
davelangthefraud.com
davisviewspa.com
degustando.net
destinbikerentals.com
destinbikes.com
destinclosers.com
destinclosings.com
destinescrow.com
destinlandandtitle.com
dirtyhighness.com
display68.com
dnsadministrators.com
dominalist.com
downloadspot.com
drbrownshealthcare.com
drunkcfnmsexparty.com
dschomes.com
dullestriangles.com
dvd-athlete.com
dwhswebsite.com
e-dell.biz
ecchi.es
ectdestin.com
enchanted-hills.net
englishdatingsites.co.uk
englishpornsites.com
eroticpirates.com
eruditecafe.com
eruditecafe.net
euro-nylons.com
expertdivisioninc.com   active fraud shipping and escrow  http://whois.domaintools.com/expertdivisioninc.com
fantasyalbum.com
feralsorcery.com
fetishwebtubes.com
financialandtradeinvestments.com
free-xxx-gallery.com
freeadultdatinguk.co.uk
freecamtocamsex.co.uk
freecougardatinguk.co.uk
freesexpersonalsuk.co.uk
freeukpersonals.co.uk
freeukpornsites.com
fucktoyland.com
fully-fashioned-nylons.com
game-port.com
gargano.es
gbukk.com
getlaidto.co.uk
giordanasali.info
gmztv.com
gnetsecurity.com
gold-snipper.com
golddiggerdates.com
goodgovernanceliberia.org
greatbigtitsblog.info
greedypimp.com
greenhill.family.name
gulfcoastyouthservices.com
hchottubs.com
hcspas.co.uk
hissyfitdiapercreations.com
hoangbaoson.net
holler51.com
hot-cat.com
hotdesirables.net
howtodating.co.uk
howtofixsaggingface.com
hugebreastsrus.info
i-snuggie.com
incspedition.com   active fraud shipping and escrow 
http://whois.domaintools.com/incspedition.com
innatseacrestvacation.com
internationalventurepartners.com
jackvault.com
jacopopandolfi.com
jbcomputerfreelancing.com
jimslipvideo.com
jmacoil.com
jnsproductreviewers.com
jnsprofitmachine.com
johnashtonthomas.com
justesmeralda.com
kaleshphpscripts.com
karaokexxx.com
kdmanitou.com
kinkywebdesigns.com
knicksoff.com
kouporns.com
kpharmaceuticalsupplies.com
ladyjasmina.com
lafemmefatales.com
largebreastsrus.info
liana-aerial.com
linkbuildinghowto.com
linkingyourwebsite.com
liquidmonkeybrain.com
livecamssex.co.uk
logistics-intlgroup.com  active fraud shipping and escrow 
http://whois.domaintools.com/logistics-intlgroup.com
lospazzacamino.info
louise-in-nylons.com
louise-nylon-heaven.com
louiseinnylons.com
louises-nylonheaven.com
louises-nylons.com
louisesnylon.com
louisesnylonparadise.com
louisesnylons.com
louisesplace.com
lyons.vg
manitou-na.com
manitounorthamerica.com
marebluresidence.com
masbackllc.com
mbhproductions.com
mensgalleries.com
mikeswildxsite.com
mistresshellena.com
mnadealers.com
mnafileserver.com
modelfrost.com
monikiaa.net
mtusaequipment.com
mtusavoip.com
muebleriamontiel.com
mvfsales.com
myfamily.vg
mynylonheaven.com
mysecretmodels.com
nassaublu.com
newswithsex.com
nicevillecclumber.com
nightgirlsinvite.com
novamediaeurope.com
novamedialondon.com
nudismmagazines.com
nudistwonderland.com
nylon-toplist.com
nylonbabelouise.com
nylonheaven.net
nylontoplist.com
ocwebteam.com
oldenlighting.com
orangeparadigm.com
orderofdragonsanddamsels.com
palazzovacation.com
paranormalparadox.com
playersonlinebootycall.com
pleasureground.net
pne84.net
pointyheels.com
porno-snatch.com
porno-teenz.com
pornocallgirls-mallorca.com
pornochismes.com
pornsitesuk.com
pornturn.com
portablechurchsound.com
postbkonline.com
privatesexdelight.com
privatsexdelight.com
promocionespaez.com
psdelight.com
puttsaway.com
qboas.com
randomarkpartcleaners.com
randomarkprecisioncleaning.com
realestateagent365.com
rebcam.net
rebeccalove.com
reservations.vg
rightsfordad.com
rightsfordad.org
rugfactoryplus.com
samtaylorpa.com
seaalert.com
seaalert.net
seagrovevacation.net
sexairline.com
sexbonbons.com
sexxxcouple.com
sexyshemale.net
shaysights.com
sideas.com
sigmadc.org
sincityassistant.com
sirtodd.com
sjsalestrak.com
slaveorders.com
softgirlz.com
soundideasinc.com
speedcityhobbies.com
spookyholler.com
srnbentertainment.com
statemediaweb.com
sweetnnaughtygirl.com
swingset.tv
syyessa.com
talonenterprisespc.com
tangerinesdream.com
tasteoftori.com
teenslutstoday.com
teethwhiteninglamp.com
templeofsin.com
tennislv.com
thegoogleofporn.com
themcmartinherd.com
therebeccalove.com
thetempter.com
threethirteens.com
tiedyeshak.com
timandelsa.com
topshamburgers.com
translationtechniques.net
translationtechniques.org
tylermacy.com
uenofilms.com
ukadultdate.co.uk
ukfreechatrooms.co.uk
uksexdating.co.uk
ukxxx.tv
ura-ou.com
usacourierexpert.com suspended? fraud shipping and escrow  http://whois.domaintools.com/usacourierexpert.com
usadivisioninc.com   active fraud shipping and escrow
usadult.tv
usaelitecourier.com   active fraud shipping and escrow  http://whois.domaintools.com/usaelitecourier.com
usaextrafreight.com   active fraud shipping and escrow  http://whois.domaintools.com/usaextrafreight.com
usglobalcargo.com   active fraud shipping and escrow  http://whois.domaintools.com/usglobalcargo.com
valkenpro.com
velvetmedia.net
verocom.com
vieste.es
virtuallanguage.com
virtuallanguage.net
vivehentai.com
wandereronline.info
washingtonafrican.com
webhostingxxx.com
whoisnameservers.com
wildthingsdallas.com
wildthingsfun.com
witchescastle.com
wolfhillpa.com
womenslair.com
woofylegs.com
xxx-louise.com
xxxlouise.com
yahoogroupmail.com
youraffairnow.com

Here are some of these scammers older sites and their previous nameservers:

jameslar.com  173.192.221.44

Records 1 to 7 of 7
  Url   Site Name   Status   Date Added (down)  Updated  
 http://www.usafreightinc.com/  USA Freight Inc   dead  2011-07-18 21:15  2011-07-31 20:37 
 http://www.logistics-intlgroup.com/  Logistics Intl Group  active  2011-07-05 17:02  2011-07-05 17:02 
 http://www.tws-logistics.com/  TWS Logistics  dead  2011-05-26 16:39  2011-06-26 14:54 
 http://www.transworld-solution.com/  Trans World Solution  dead  2011-05-12 22:00  2011-05-14 20:23 
 http://www.transglobal-inc.com/  Trans Global Inc  dead  2011-04-17 07:15  2011-04-21 19:33 
 http://www.globaltrans-safe.com/  Global Trans & Logistics Ltd  dead  2011-03-13 06:24  2011-04-02 07:22 
 http://www.cargoexpress-group.com/  Cargo Express Group  dead  2011-02-05 13:08  2011-03-12 15:46 

graychris.com  173.192.232.147

Records 1 to 6 of 6
  Url   Site Name   Status   Date Added (down)  Updated  
 http://www.freightdevision.com/  Freight Devision  dead  2011-07-07 14:02  2011-07-31 16:35 
 http://www.deliveryusainc.com/  Delivery USA Inc  dead  2011-07-02 10:19  2011-07-31 16:25 
 http://www.fastusacargo.com/  FastUSAcargo.com  dead  2011-06-18 15:17  2011-07-14 11:12 
 http://www.usatransportinc.com/  USA Transport Inc  dead  2011-05-30 19:05  2011-06-21 07:58 
 http://www.cargousainc.com/  cargousainc.com  dead  2011-05-20 13:18  2011-07-03 20:02 
 http://www.usadeliverys.com/  Usa Deliverys  dead  2011-04-15 21:01  2011-05-24 11:10 

maonli.com  173.192.221.51
Records 1 to 5 of 5
  Url   Site Name   Status   Date Added (down)  Updated  
 http://www.usaglobalcargo.com/  USA Global Cargo  dead  2011-07-05 17:04  2011-07-14 09:39 
 http://www.cargocorpinc.com/  Cargo Corp Inc  dead  2011-06-22 06:57  2011-07-14 10:58 
 http://www.cargoserviceinc.com/  Cargo Service Inc  dead  2011-06-05 17:21  2011-06-18 17:09 
 http://www.cubelogisticsinc.com/  Cube Logistics Inc  dead  2011-05-28 10:27  2011-07-09 16:24 
 http://www.logisticsistem.com/  Logistic Sistem Inc.  dead  2011-05-12 22:02  2011-05-22 20:25 

Oh! what a tangled web we weave When first we practise to deceive! Sir Walter Scott NEVER use instant payment services like Western Union or MoneyGram to buy items on the internet

0 comments:

Post a Comment