[SCAM] dmvhistoryreport.com and 801-396-8519
Reported scammer phone numbers:
Reported scammer email addresses:
Reported scammer websites:
Reported scammer names:
Example fake reports:
Example text messages:
Update, Jan 6, 2018: I was hit for a second time by a “Raj” by a 435-250-7154 phone number with a BrandonUnderwoodLU@yahoo.com email address. Insisted I run a report from vinautochecks.com — tried getting more information out of him since I knew it was a scam immediately but they must have caught on as they stopped responding.
I recently listed a car for sale on a local classified (ksl.com) here in Salt Lake City, Utah.
I proceeded to receive text messages from a guy named “Mark” at 801-396-8519. After the usual questions, he was all of a sudden, extremely interested in my car and practically told me we “have a deal”. Very strange at first, but I wasn’t going to object over someone being that interested in buying the vehicle I was selling.
Alright. I am just at work its why i can’t call you now. I am quite interested my choice is between yours or another one but prefer yours since it has lower miles. Just sold my vehicle earlier this week so i need to get out of this rental. Can we setup a time tomorrow or day after? What time works for you?
Things got weird after I received this text message:
Oh one more thing i forgot to ask.. can you send me the report as well? I just want to have a look at it before i make arrangements.
I then inquired as to what “report” he was speaking of and got this in return:
I am talking about the report that shows recall, title, mileage verification and history info. You can pull it online www.dmvhistoryreport.com
I politely responded and let him know that I’ve never used and/or heard of that website but I’d be more than happy to purchase a Carfax or AutoCheck report. That struck a chord…
Look, its not my vehicle to be purchasing a report for. You are selling the vehicle.. I didn’t haggle or negotiate nor do i need too. Just need to see a report before i pay someone to drive me and take a day off my work.
I was then strung out for another day, promising he would stop by and see the car. A few hours before he was suppose to show up, I sent him another text verifying we were still on for our appointment. 10 minutes before he was suppose to be there, he replied:
hey , yes i am just going to call my friend and let you know when i leave
Several hours went by and I did not hear back. I called several times, sometimes got a voicemail other times infinite rings. At this point, I knew he “pulled a fast one” over me. So I started digging…
If you visit dmvhistoryreport.com and go to the contact page, the address listed is:
1521 Concord Pike, Suite 201
Wilmington, DE 19803
If you do a reverse search of this address, it’s a virtual office address. FAKE!
dmvhistoryreport.com whois report
what really stood out to me was the creation date: 2017-04-28 — as of writing this article, it is 2017-05-09, such a new website, already being used by people in Utah? no way…
Domain Name: dmvhistoryreport.com
Registry Domain ID: 2118767830_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com/
Updated Date: 2017-05-09
Creation Date: 2017-04-28
Registrar Registration Expiration Date: 2018-04-28
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Registrar Abuse Contact Email: email@example.com
Registrar Abuse Contact Phone: +1.4805240066
Registrant Name: Domain Administrator
Registrant Organization: See PrivacyGuardian.org
Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Registrant City: Phoenix
Registrant State/Province: AZ
Registrant Postal Code: 85016
Registrant Country: US
Registrant Phone: +1.3478717726
Registrant Email: firstname.lastname@example.org
A quick “what would the average idiot do” search turned me to scamadviser.com — and even their basic service said TEN FOOT POLE THIS WEBSITE!
just for the fact that the hosting server is based in FRANCE and the whois information is private
rbls.org doesn’t like anything about 22.214.171.124 — there are more than 10 warnings with four messages from providers actually saying “hosts found sending phishing mails”, “hosts found sending virus mails” and “host found sending mail containing spam images”
I then did a reverse lookup of the domain name to find it’s primary IP address: 126.96.36.199
If you visit the domain name directly in your browser, you get some bizarre login page with the only recognizable data being an author meta tag with “Amarnath S”
Server headers are returning:
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Date: Wed, 10 May 2017 04:04:27 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=5vsumh154f1tkb54qhjbn49o81; path=/
This IP address maps to a domain name = ip248.ip-79-137-113.eu listed in FRANCE?
A lookup for the domains hosted on this server returns some very questionable websites:
each of these websites pull up a similar service, all asking $25 for a “REPORT” on your used car — some accept credit cards, others accept paypal
BUT! they all have a few things in common:
- the registrar is NameSilo, LLC with privacy enabled
- the domain name registration date is within the last 30 days
- the hosting ip address is the same
- the listed physical contact address is the same
- the listed phone number (if listed at all) is the same
- use a live chat service called tawk.to with the same agent name of “Zack”
I then did a reverse search on the phone number listed: (800) 935-6792
this returned some other domains/websites that did not show up in my reverse IP search
these domains were registered through enom.com and date back to August 2016 but the whois information is still protected
What’s probably the most concerning issue for all of these domains, is they are “HTTPS” with a green secure bar in Google Chrome. Upon further inspection, the SSL certificate was issued by letsencrypt.org — while that is a valid SSL authority, this service is completely free so anyone with or WITHOUT an identity can create a website and have the general population perceive it as a “trusted” and “secure” website (or service provider is this case), which couldn’t be further from the truth…
In closing, I’d recommend anyone who finds this article to steer clear of any and all of these services. Something shady is definitely going on with that many “cloned” or look-a-like website templates pitching the same service. Do yourself a favor and go to Carfax or AutoCheck.
Food for thought: in a world full of evolving technology, are we just enabling those who know how to manipulate technology against those who don’t?
Someone else posted on Craig’s list — looks like these guys are hitting all major cities pretty hard…