Sponsored by..

Wednesday 23 September 2009

max-apprais.com and top-name.net scam

max-apprais.com and top-name.net appear to be two fake domain appraisal companies being "recommended" to domain owners as part of a long-running scam which we have touched on many times before.

max-apprais.com was created on 12th September to an anonymous registrant, hosted on 202.157.181.9 at Katz Global Singapore. It's a copy of max-appraisal.com which is hosted on 124.217.231.209 at well-known black hat hosts YoHost.org.

top-name.net is a very familiar template hosted on 66.7.196.186 (Hostdime, Florida) also to an anonymous registrant (although it appears to be a Canadian resident behind all of this spam).


sedo.com are a well-known and wholly legitimate company and are nothing do to with the spam or scam.

The "pitch" email looks like this:

From: "Domain Trade LLC"
Date: Wed, September 23, 2009 4:26 am

Dear sir,
we are interested to purchase your domain [redacted] and offer between 50% and 65% of the appraised value.
We accept appraisals from companies such as

http://www.sedo.com/
http://top-name.net/
http://max-apprais.com/


If you already have an appraisal please forward it to us.

Please let us know whether you are interested. Upon review of your valuation and in case of an agreement we send payments via PayPal for amounts less than $2,000 and via Escrow.com for amounts above $2,000, as well as further instructions on how to complete the transfer of the domain name.

We appreciate your business,

Domain Trade LLC
Originating IP for the spam is 74.55.131.10

Of course, once they have taken your money for the appraisal, then you will never hear from them again.

If you have been conned by these scammers then start a PayPal dispute to get your money back. We understand that Sedo may offer a refund in any case as they are well aware of this scam. You might also want to file a complaint with the police, especially if you live in Canada where the perp appears to be based.

2 comments:

MysteryFCM said...

IP you referenced as the spam origin = The Planet;

http://hosts-file.net/?s=74.55.131.10

IP PTR: a.83.374a.static.theplanet.com

Hosts:

intellove.com
allrichestmen.com

allrichestmen.com is a copy of loveandfate.com and loveismy.name, which are at 74.55.131.7 and 74.55.131.8 respectively.

IP is also listed on the following blacklists;

b.barracudacentral.org
dnsbl.sorbs.net
web.dnsbl.sorbs.net
dnsbl-1.uceprotect.net

There's more malicious sites at 74.55.131.50-74.55.131.87 and I'm sure even more on the CNET (don't have too long to spend on it).

Conrad Longmore said...

I can see odns.org and gonk.net in that IP address range, is that some sort of web forwarding service or something?