Domain registration renewal scams

[c۞g]

A [url=https://www.mywot.com/user/3520718 t=_self]user[/url] posted a warning - Thanks!
Which contained identifiable information about them - prohibited in the [url=http://www.mywot.com/forum/4908-forum-guidelines t=_self]Forum Guidelines[/url]

Here is a screen capture of a link received through spam email which attempts to acquire credit card information for a "domain renewal"
[url=http://www.mywot.com/w/images/9/9c/Regisdomaiurl.png t=_blank][img]http://www.mywot.com/w/images/1/17/Regisdomaiurl_tn.png[/img][/url]

The sender / site is not the recipients registrar, nor a registrar at all.
The data is collected on a non-secure protocol; HTTP
The domains are relatively new, certainly not "since 2004" as one would have you believe. (iglobalmerchantservice.com)

The domains have bogus whois registrant data; different names / email addresses referencing similar address in Beverly Hills, CA USA

AS4134 - CHINANET Zhejiang province network
Registrar: MONIKER ONLINE SERVICES, INC.

Phishing / scams

List of domains/hosts

annualregistrat.com
annualurl.com
annualurldom.com
annuladomai.com
annularegistra.com
domaiannula.com
domairegistra.com
domaiurlregis.com
domannual.com
domannualurl.com
domurlannual.com
iglobalmerchantservice.com
regisdomaiurl.com
urlannualdom.com
urldomannual.com
urlregisdomai.com

Cataloged on [url=http://www.mywot.com/wiki/Scams t=_self]Wiki Forum Discussion Scams[/url] page

[Jennifer_33]

This company is a scam I do not have anything to do with them yet they send me reminder with my details. Want then to know I'm a Jamaican born and cannot be fool easily.
Bill To: Novelette Novalis
Southwark,
,
+44.02072528734
PROCESS SECURE PAYMENT

Domain Name
NOVELETTEE-NOVALIS.COM
Registration
Apr 20, 2012 - Apr 20, 2013
Price
$75.00
Term
1 Year

Domain Name: NOVELETTEE-NOVALIS.COM

To: Novelette Novalis

Your order #22932758 has been received and is currently processing. Registration includes SE submission for NOVELETTEE-NOVALIS.COM for 12 months. There is no obligation to pay for this order unless you complete your payment by May 5, 2012. SE Services provides submission services and search engine ranking organization for domain owners.

Failure to complete your search engine registration by May 5, 2012 may result in the cancellation of this order (making it difficult for your customers to locate you using search engines on the web).
For Domain Name:
NOVELETTEE-NOVALIS.COM
PROCESS SECURE PAYMENT


UNSUBSCRIBE INSTRUCTIONS

You have received this message because you elected to receive special notifications and offers for NOVELETTEE-NOVALIS.COM. If you no longer wish to receive our special notices, please unsubscribe here

, or mail us a written request to the attention of: Customer Contact Manager, Po Box 5111 Astra, Ontario K0K 3W0. Please allow up to four weeks for the complete unsubscribe process to take place. NOTE: If you have multiple accounts with us, you must opt out for each one individually in order to fully stop receiving these notifications.

Please do not reply to this email, as we are not able to respond to messages sent to this address.

[c۞g]

redirects to:

Code: Select all

http://<red>iglobalmerchantservice.com</red>/contact

60.190.222.224

invoicetracking6549830f.com
invoicetracking775hdkj567.com
invoicetracking875hjf.com
invoicetrackingfjghjk4787.com

[NotBuyingIt]

"iGlobal Merchant Services" 1-866-438-2434

220.164.140.243
hdf573rjhdvjf.com
hdhh72jsu179yd.com
order-tracking032128.com
order-tracking203512.com
order-tracking34682.com
securetrans20953.com
securetrans78922.com
securetrans92175.com

screenshot: (source: https://www.phishtank.com/phish_detail.php?phish_id=2238843 )
[img]http://phishtank-screenshots.e1.usw1.opendns.com.s3-website-us-west-1.amazonaws.com/2238843.jpg[/img]

See also:
https://www.phishtank.com/phish_detail.php?phish_id=2238804
https://www.phishtank.com/phish_detail.php?phish_id=2238840

[c۞g]

<quote user="notbuyingit">
"iGlobal Merchant Services" 1-866-438-2434
220.164.140.243[/quote]
more domains residing on IP: 220.164.140.243

List of domains/hosts

185hdfjjarubc47.com
gs528uyehsjk27.com
jdjf73vbjdo746.com
order-tracking18254.com
order-tracking426813.com
order-tracking428903.com
order-tracking73167.com
order-tracking825277.com
order-tracking83112.com
order-tracking89234.com
securetrans12113.com
securetrans50998.com
securetransaction18263.com
securetransaction28470.com
securetransaction38934.com
securetransaction67655.com
securetransaction81306.com

[c۞g]

<quote user="notbuyingit">
"iGlobal Merchant Services" 1-866-438-2434[/quote]

iglobalmerchantservices.com
(866) 438-2434
1516 Elmhurst Road, #171, Mount Prospect, IL 60056

source:
[url=http://www.bbb.org/south-east-florida/business-reviews/credit-cards-and-plans-equipment-and-supplies/iglobal-merchant-services-in-mount-prospect-il-90037476 t=_self]BBB - FL[/url]
[url=http://www.bbb.org/chicago/business-reviews/credit-card-processing-service/iglobal-merchant-services-in-mount-prospect-il-88489564 t=_self]BBB - IL[/url]

210.87.246.15
imsbiz.com
aka:
biznetvigator.biz
biznetvigator.com
businessnetvigator.net

providing:
server:
223.197.12.169

hosting:

List of domains/hosts

185hdfjjarubc47.com
gs528uyehsjk27.com
hdf573rjhdvjf.com
hdhh72jsu179yd.com
jdjf73vbjdo746.com
order-tracking032128.com
order-tracking18254.com
order-tracking203512.com
order-tracking234534.com
order-tracking34682.com
order-tracking34682.com
order-tracking426813.com
order-tracking428903.com
order-tracking73167.com
order-tracking73167.com
order-tracking825277.com
order-tracking83112.com
order-tracking83112.com
order-tracking876534.com
order-tracking89234.com
order-tracking975749.com
securetrans6575222.com
securetrans7733452.com
securetrans9823189.com
securetransaction18263.com
securetransaction28470.com
securetransaction38934.com
securetransaction67655.com
securetransaction81306.com

[NotBuyingIt]

Whilst the "iGlobal Merchant Services" webpage template is mostly the same, a different telephone number is being displayed for the newly discovered sites hosted at IP 220.164.140.243 (Yunnan province) and IP 210.87.246.15 (Hong Kong):

"iGlobal Merchant Services" 1-855-572-8396

[A440]

Here is another one that popped up today:
domainsregora.com

[williKi]

Traces to Wuhou, China. Wherever that is. Per ICANN, the domain admin contact address is a residential area in China. "xiang zou qu cui xiang jie dao 716, zhu hai Guangdong 519000". Wherever that is.

[c۞g]

<quote user="a440">
Here is another one that popped up today:
domainsregora.com
[/quote]
The domain "Make Payment" opens up a form via:

Code: Select all

https://secure.authorize.net/gateway/transact.dll

IP: 103.193.149.189

List of domains/hosts

domainsregblog.com
domainsregco.com
domainsregeo.com
domainsregie.com
domainsregify.com
domainsreging.com
domainsregio.com
domainsregit.com
domainsregme.com
domainsrego.com
domainsregora.com
domainsregsy.com
domainsrinator.com
idomainsreg.com

This one's been around for a few years; [url=https://encrypted.google.com/#q=%22Domain+SEO+Service+Registration+Corp.%22 t=_blank]Googled[/url]