The Official Blog of Richard Ricketts
  • Android
  • Apple
  • Automotive
  • Business
  • Cooking
  • Domaining
  • Gadgets
  • Internet Favorites
  • Personal
  • Smart Home
  • Software
  • Technology
  • Tutorials
  • VeryFunny
  • Wallpaper
  • WebApp

[SCAM] dmvhistoryreport.com and 801-396-8519

Posted May 9, 2017
In Domaining
3
0

Updated 03/11/2018

Reported scammer phone numbers:

  • 801-217-3203
  • 801-396-8519
  • 801-890-3278
  • 801-890-5886
  • 801-980-0506
  • 206-212-1246
  • 213-302-7141
  • 213-374-3578
  • 346-301-4276
  • 406-200-8736
  • 406-201-6085
  • 435-250-7154
  • 720-463-7570

Reported scammer email addresses:

  • fredmarcus8383@gmail.com
  • brandonunderwoodlu@yahoo.com

Reported scammer websites:

  • vehiclecheckpro.com
  • dmvhistoryreport.com
  • dmvverification.com
  • instantautoreports.com
  • vinhistoryfacts.com
  • vincheckexperts.com
  • vinautochecks.com

Reported scammer names:

  • brian
  • frank
  • george

Example fake reports:

  • https://www.dmvhistoryreport.com/viewreport.php?vin=1FTRX14W55NB66273
  • https://www.dmvverification.com/viewreport.php?vin=1C4PJMCB5FW768014

Example text messages:

fdb90c19f05fd8743a06781576806a2283beb8e9d86dfbc18fc19fd9442389d9


Update, Jan 6, 2018: I was hit for a second time by a “Raj” by a 435-250-7154 phone number with a BrandonUnderwoodLU@yahoo.com email address. Insisted I run a report from vinautochecks.com — tried getting more information out of him since I knew it was a scam immediately but they must have caught on as they stopped responding.


I recently listed a car for sale on a local classified (ksl.com) here in Salt Lake City, Utah.

I proceeded to receive text messages from a guy named “Mark” at 801-396-8519. After the usual questions, he was all of a sudden, extremely interested in my car and practically told me we “have a deal”. Very strange at first, but I wasn’t going to object over someone being that interested in buying the vehicle I was selling.

Alright. I am just at work its why i can’t call you now. I am quite interested my choice is between yours or another one but prefer yours since it has lower miles. Just sold my vehicle earlier this week so i need to get out of this rental. Can we setup a time tomorrow or day after? What time works for you?

Things got weird after I received this text message:

Oh one more thing i forgot to ask.. can you send me the report as well? I just want to have a look at it before i make arrangements.

I then inquired as to what “report” he was speaking of and got this in return:

I am talking about the report that shows recall, title, mileage verification and history info. You can pull it online www.dmvhistoryreport.com

I politely responded and let him know that I’ve never used and/or heard of that website but I’d be more than happy to purchase a Carfax or AutoCheck report. That struck a chord…

Look, its not my vehicle to be purchasing a report for. You are selling the vehicle.. I didn’t haggle or negotiate nor do i need too. Just need to see a report before i pay someone to drive me and take a day off my work.

I was then strung out for another day, promising he would stop by and see the car. A few hours before he was suppose to show up, I sent him another text verifying we were still on for our appointment. 10 minutes before he was suppose to be there, he replied:

hey , yes i am just going to call my friend and let you know when i leave

Several hours went by and I did not hear back. I called several times, sometimes got a voicemail other times infinite rings. At this point, I knew he “pulled a fast one” over me. So I started digging…


If you visit dmvhistoryreport.com and go to the contact page, the address listed is:

1521 Concord Pike, Suite 201
Wilmington, DE 19803

If you do a reverse search of this address, it’s a virtual office address. FAKE!

https://www.davincivirtual.com/loc/us/delaware/wilmington-virtual-offices/facility-419


dmvhistoryreport.com whois report

registered by namesilo.com with privacy enabled (no duh at this point) and their own dns service called dnsowl.com

what really stood out to me was the creation date: 2017-04-28 — as of writing this article, it is 2017-05-09, such a new website, already being used by people in Utah? no way…

Domain Name: dmvhistoryreport.com
Registry Domain ID: 2118767830_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.namesilo.com
Registrar URL: https://www.namesilo.com/
Updated Date: 2017-05-09
Creation Date: 2017-04-28
Registrar Registration Expiration Date: 2018-04-28
Registrar: NameSilo, LLC
Registrar IANA ID: 1479
Registrar Abuse Contact Email: abuse@namesilo.com
Registrar Abuse Contact Phone: +1.4805240066
Status: clientTransferProhibited
Registrant Name: Domain Administrator
Registrant Organization: See PrivacyGuardian.org
Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255
Registrant City: Phoenix
Registrant State/Province: AZ
Registrant Postal Code: 85016
Registrant Country: US
Registrant Phone: +1.3478717726
Registrant Email: pw-f4aeccf16a1f808f2612d75c0d05309a@privacyguardian.org


A quick “what would the average idiot do” search turned me to scamadviser.com — and even their basic service said TEN FOOT POLE THIS WEBSITE!

just for the fact that the hosting server is based in FRANCE and the whois information is private

https://www.scamadviser.com/check-website/dmvhistoryreport.com


rbls.org doesn’t like anything about 79.137.113.248 — there are more than 10 warnings with four messages from providers actually saying “hosts found sending phishing mails”, “hosts found sending virus mails” and “host found sending mail containing spam images”

https://www.rbls.org/79.137.113.248


I then did a reverse lookup of the domain name to find it’s primary IP address: 79.137.113.248

If you visit the domain name directly in your browser, you get some bizarre login page with the only recognizable data being an author meta tag with “Amarnath S”

Server headers are returning:

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Encoding: gzip
Content-Length: 3172
Content-Type: text/html
Date: Wed, 10 May 2017 04:04:27 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache/2.4.7 (Ubuntu)
Set-Cookie: PHPSESSID=5vsumh154f1tkb54qhjbn49o81; path=/
Vary: Accept-Encoding
X-Powered-By: PHP/5.5.9-1ubuntu4.21

This IP address maps to a domain name = ip248.ip-79-137-113.eu listed in FRANCE?


A lookup for the domains hosted on this server returns some very questionable websites:

autofactreport.com
autoproofcheck.com
autoproofreport.com
autoproofvin.com
autoreportfacts.com
canadacarfacts.com
canadacarhistory.com
carhistoryfacts.com
carhistoryverification.com
detailedautoreport.com
detailedcarfacts.com
dmvautoreport.com
dmvhistoryreport.com
dmvverification.com
instantautoreport.com
instantcarfacts.com
instantvehiclereport.com
instantvehiclereports.com
myhistoryreport.com
myvehiclereports.com
rapportauto.com (french)
vehiclefact.com
vehiclehistory.report

each of these websites pull up a similar service, all asking $25 for a “REPORT” on your used car — some accept credit cards, others accept paypal

BUT! they all have a few things in common:

  • the registrar is NameSilo, LLC with privacy enabled
  • the domain name registration date is within the last 30 days
  • the hosting ip address is the same
  • the listed physical contact address is the same
  • the listed phone number (if listed at all) is the same
  • use a live chat service called tawk.to with the same agent name of “Zack”

I then did a reverse search on the phone number listed: (800) 935-6792

this returned some other domains/websites that did not show up in my reverse IP search

these domains were registered through enom.com and date back to August 2016 but the whois information is still protected


What’s probably the most concerning issue for all of these domains, is they are “HTTPS” with a green secure bar in Google Chrome. Upon further inspection, the SSL certificate was issued by letsencrypt.org — while that is a valid SSL authority, this service is completely free so anyone with or WITHOUT an identity can create a website and have the general population perceive it as a “trusted” and “secure” website (or service provider is this case), which couldn’t be further from the truth…


In closing, I’d recommend anyone who finds this article to steer clear of any and all of these services. Something shady is definitely going on with that many “cloned” or look-a-like website templates pitching the same service. Do yourself a favor and go to Carfax or AutoCheck.

Food for thought: in a world full of evolving technology, are we just enabling those who know how to manipulate technology against those who don’t?


Update 5/16/2017

Someone else posted on Craig’s list — looks like these guys are hitting all major cities pretty hard…

3506_01

https://roswell.craigslist.org/cto/6135038043.html

Was this blog post helpful for you?

Support my blog and donate!

My blog is open to the public and will always be freely available. With your donation, we can help others learn, together.

Donate in Bitcoin:

13PtvsxGbkbUDAtMzxk1wPeWEECx6jKM8f

Recent Posts
  • Top Meal Kit Delivery Services for 2019
  • centurylink 1gig up/down, residential/consumer product, actual speedtests from riverton utah (84065)
  • Apache Error: Starting httpd: (98)Address already in use: make_sock: could not bind to address [::]:80
  • Door to Door Sales – Riverton City Code (Utah)
  • MAN PAGE: Android, ADB, am
  • Stop S.B. 130 Cannabidiol (CBD) Product Act in Utah
  • How to troubleshoot a full hard drive from the command line (CentOS)
  • How to setup Rollbar (real time error reporting/tracking) on any Android app
  • Happy New Year 2017!
  • Merry Christmas!
Tweets by @richardricketts