Canadian Scam Fighter: Meghan Markle Fake News Farm (Creme/Pink Diamond): IPWHOIS Info

This is some info related to the newest CHK/Creme/Pink Diamond fake news farm: the Meghan Markle scam. They are trying to capitalize off the upcoming Royal Wedding using a fake People Magazine article. The domain WHOIS isn't accurate, so I used an IP-lookup tool on the "checkout" subdomains (used to store the fake news itself) and then used an IPWHOIS tool on the resulting IP addresses.

theterraingym.com:

inetnum 94.23.179.0 - 94.23.179.127

netname OVH_58178988

descr OVH

country IE

org ORG-AG110-RIPE

admin-c OTC9-RIPE

tech-c OTC9-RIPE

status ASSIGNED PA

mnt-by OVH-MNT

created 2014-03-27T23:06:07Z

last-modified 2014-03-27T23:06:07Z

source RIPE

organisation ORG-AG110-RIPE

org-name Adboom Group

org-type OTHER

address 750 B Street

address San Diego, CA

mnt-ref OVH-MNT

mnt-by OVH-MNT

created 2014-03-21T18:34:58Z

last-modified 2017-10-30T16:27:33Z

source RIPE # Filtered

role OVH IE Technical Contact

address OVH Hosting Limited

address 5 Fitzwilliam Place

address Dublin 2

address Ireland

admin-c OK217-RIPE

tech-c GM84-RIPE

nic-hdl OTC9-RIPE

abuse-mailbox abuse@ovh.net

mnt-by OVH-MNT

created 2009-09-16T15:41:10Z

last-modified 2009-09-16T15:41:10Z

source RIPE # Filtered

route 94.23.0.0/16

descr OVH ISP

descr Paris, France

origin AS16276

mnt-by OVH-MNT

created 2008-07-15T16:59:42Z

last-modified 2008-07-15T16:59:42Z

source RIPE # Filtered

thefitbuzz.com:

inetnum 54.36.68.64 - 54.36.68.127

netname OVH_150179966

country FR

descr Failover Ips

org ORG-NE28-RIPE

admin-c OTC2-RIPE

tech-c OTC2-RIPE

status LEGACY

mnt-by OVH-MNT

created 2017-09-01T08:48:25Z

last-modified 2017-09-01T08:48:25Z

source RIPE

organisation ORG-NE28-RIPE

org-name Nordyke Eric

org-type OTHER

address 390 North Ave

address 15301 Houston

address US

phone +1.4122166063

mnt-ref OVH-MNT

mnt-by OVH-MNT

created 2016-06-29T07:16:03Z

last-modified 2017-10-30T16:50:51Z

source RIPE # Filtered

role OVH Technical Contact

address OVH SAS

address 2 rue Kellermann

address 59100 Roubaix

address France

admin-c OK217-RIPE

tech-c GM84-RIPE

tech-c SL10162-RIPE

nic-hdl OTC2-RIPE

abuse-mailbox abuse@ovh.net

mnt-by OVH-MNT

created 2004-01-28T17:42:29Z

last-modified 2014-09-05T10:47:15Z

source RIPE # Filtered

route 54.36.0.0/16

origin AS16276

mnt-by OVH-MNT

created 2017-10-06T07:57:47Z

last-modified 2017-10-06T07:57:47Z

source RIPE

themastermuscle.com:

inetnum 94.23.179.0 - 94.23.179.127

netname OVH_58178988

descr OVH

country IE

org ORG-AG110-RIPE

admin-c OTC9-RIPE

tech-c OTC9-RIPE

status ASSIGNED PA

mnt-by OVH-MNT

created 2014-03-27T23:06:07Z

last-modified 2014-03-27T23:06:07Z

source RIPE

organisation ORG-AG110-RIPE

org-name Adboom Group

org-type OTHER

address 750 B Street

address San Diego, CA

mnt-ref OVH-MNT

mnt-by OVH-MNT

created 2014-03-21T18:34:58Z

last-modified 2017-10-30T16:27:33Z

source RIPE # Filtered

role OVH IE Technical Contact

address OVH Hosting Limited

address 5 Fitzwilliam Place

address Dublin 2

address Ireland

admin-c OK217-RIPE

tech-c GM84-RIPE

nic-hdl OTC9-RIPE

abuse-mailbox abuse@ovh.net

mnt-by OVH-MNT

created 2009-09-16T15:41:10Z

last-modified 2009-09-16T15:41:10Z

source RIPE # Filtered

route 94.23.0.0/16

descr OVH ISP

descr Paris, France

origin AS16276

mnt-by OVH-MNT

created 2008-07-15T16:59:42Z

last-modified 2008-07-15T16:59:42Z

source RIPE # Filtered

As you can see, the scammers are using OVH, a cloud hosting company that doesn't have write access to their own cloud servers, to store their fake news articles.

Canadian Scam Fighter

Saturday, 20 January 2018

Meghan Markle Fake News Farm (Creme/Pink Diamond): IPWHOIS Info

No comments:

Post a Comment