So this falls into spam calls.
Last year, I started getting Final Insurance spam calls. Eventually I ID’d the company and settled for about 1500 dollars for the calls.
Recently, I’ve started getting the same calls. I contacted the original company I settled with and was like WTF. I asked if they’d give me who they contract to direct business to them and they said no.
But, they did give me this website https://funeralinsurancecoverage.com/ as the place where “consent” was apparently given by me to be transferred to the original insurance company.
From what I gather, the initial spam calls from Pakistan or where ever, call you, then fill out this website that will direct you to a specific insurance company. I’m assuming the website owner gets a kick back for directing traffic.
Just curious if anyone is any good at sluething. I did a WHO IS and I can ID the company that hosts but thats about it.
Can’t help with the ownership, but looking in the html of the website I find these campaign ID’s pretty interesting. I would follow those.
s.src = '//create.lidstatic.com/campaign/d856ba18-cdcd-25ee-c1bf-699ca2e33230.js?snippet_version=2';
<img src='//create.leadid.com/noscript.gif?lac=B5DC630C-6FF8-62C1-A7B6-8F712199222F&lck=d856ba18-cdcd-25ee-c1bf-699ca2e33230&snippet_version=2' /
Since the domain is not behind CloudFlare, the DNS for the website shows hosting at Namecheap & starsolarsavings. A lawyer could probably contact them for more information.
$ dig +short funeralinsurancecoverage.com
66.29.134.201
$ curl ipinfo.io/66.29.134.201
{
"ip": "66.29.134.201",
"hostname": "server1.starsolarsavings.com",
"city": "Los Angeles",
"region": "California",
"country": "US",
"loc": "34.0522,-118.2437",
"org": "AS22612 Namecheap, Inc.",
"postal": "90009",
"timezone": "America/Los_Angeles",
"readme": "https://ipinfo.io/missingauth"
$ dig @ns1.starsolarsavings.com funeralinsurancecoverage.com
; <<>> DiG 9.10.4-P1 <<>> @ns1.starsolarsavings.com funeralinsurancecoverage.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35430
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;funeralinsurancecoverage.com. IN A
;; ANSWER SECTION:
funeralinsurancecoverage.com. 14400 IN A 66.29.134.201
;; AUTHORITY SECTION:
funeralinsurancecoverage.com. 86400 IN NS ns1.starsolarsavings.com.
funeralinsurancecoverage.com. 86400 IN NS ns2.starsolarsavings.com.
Thanks. Really this part of figuring out how the entire SPAM call eco system works.
Like, they hire call centers to use their referral website it seems.