As mentioned in the previous post, a scam site has recently popped up at www.autostempest.com, with an extra ‘s’. They have stolen the AutoTempest name and logos to appear legitimate, and are scamming people out of payments for non-existent vehicles. Specifically, they appear to be posting listings for high-end vehicles such as a Tesla Model S P85D to craigslist with below market prices, then directing people to their website to complete the purchase. They have their victims wire money, and then stop replying, obviously not providing a vehicle.
We have gathered some additional information about these guys:
- The autostempest.com domain is registered with Namecheap (which is also coincidentally where we registered the actual autotempest.com)
- Their traffic is proxied through Cloudflare
- According to Cloudflare, their hosting provider is “QUASINETWORKS, NL”, or “IP Volume Inc.”, which has an abuse contact of [email protected]
- They are apparently accepting wire transfers to an account at Chase Bank in the US.
We have contacted Namecheap, who are not willing to remove the domain without a court order, but say they will be willing to assist law enforcement. (We reported this to the FBI’s Internet Crime Complaint Center (IC3) and to the FTC, but have not yet heard back.) Cloudflare provided us with the name of the hosting provider, but is not willing to take other action. We attempted to contact “Quasi Networks” via their posted abuse email address and via other means, but have not received a reply.
We then did a bit of research into Quasi Networks, and discovered that their business model appears to be hosting malicious and illegal sites and services that others won’t. They have gone through a number of names and legal entities in the past, including Ecatel, Quasi Networks, possibly Novogara, and now IP Volume Inc. There are many documented cases of them ignoring or stonewalling abuse claims:
Quasi Networks and the Exploitation of Women
BREIN is Taking Infamous Piracy Hosting Provider Ecatel to Court
Ecatel -> Quasi Networks
Repeated Attacks From Quasi Networks
A Conversation with RIPE NCC Regarding Quasi Networks
I have provided this information to Cloudflare and Namecheap to see if either is willing to act to stop this abuse, since Eca-Quasi-Volume clearly won’t.