Blog for hpHosts, and whatever else I feel like writing about ....

Wednesday, 23 September 2009

YoHost/Piradius (again): max-apprais.com and top-name.net scam

Seems Piradius never learn.

max-apprais.com and top-name.net appear to be two fake domain appraisal companies being "recommended" to domain owners as part of a long-running scam which we have touched on many times before.

max-apprais.com was created on 12th September to an anonymous registrant, hosted on 202.157.181.9 at Katz Global Singapore. It's a copy of max-appraisal.com which is hosted on 124.217.231.209 at well-known black hat hosts YoHost.org.


http://www.dynamoo.com/blog/2009/09/max-appraiscom-and-top-namenet-scam.html

He mentions the spams originating IP as being 74.55.131.10, which of course, has a PTR pointing to a range on ThePlanet (a.83.374a.static.theplanet.com). Hosts:

intellove.com (now fails to resolve)
allrichestmen.com

allrichestmen.com is a copy of loveandfate.com and loveismy.name, which are at 74.55.131.7 and 74.55.131.8 respectively.

74.55.131.10 is also listed on the following blacklists;

b.barracudacentral.org
dnsbl.sorbs.net
web.dnsbl.sorbs.net
dnsbl-1.uceprotect.net

Ref:
http://robtex.com/ip/74.55.131.10.html

I did a little digging on the CNET, and found quite a few malicious domains, including a few that have been reported to the IWF.

No comments: