Morgan Investment Co. Fraud
Report
Active
Domain
Don't Bear Internet Fraud
Home
Bobbear Icon

Morgan Investment screenshot

Morgan Investment Co. is the latest of a selection of fraud sites that have the one function - of presenting a convincing front for the usual money laundering mule job. Previous aliases include Alpha Quest Inc. and Madison Liquidity Investors, LLC, both of which have been shut down and both of which were registered with Melbourne IT (Yahoo as reseller) and hosted on the Yahoo small business network. The latest domain of this criminal, (morganinvestments.cn), is hosted on a 10-IP zombie botnet as detailed below which confirms the criminality beyond doubt. The botnet also hosts phishing links and the attack domain 2j1f.net. At present it is hosted on a Comcast end user IP - 76.126.193.226 [c-76-126-193-226.hsd1.ca.comcast.net]). Clearly a zombie or criminal owned machine. The criminal's nameserver domain myboomdns.com status is 'ClientHold' but the criminal seems to have no problem using it for his botnet controller - Network Data.
This fraud should not be confused with any other company of the same or similar name - the above website screenshot and the following fraud evidence refer to this company alone and no other. This fake company trades on the genuine Morgan name.
Evidence of Criminal Fraud:

The criminal changes the data on his website - please let me know of any inaccuracies but see changes logged below first.

i) According to the Company profile on the 'Services' page:

"Morgan Investment Co. is an international private equity company which has been successfully in operation since its inception in 1996".

However, their domain morganinvestors.com was only registered with MELBOURNE IT, LTD. (Yahoo) on 24-may-2008. Clear evidence of fraudulent misrepresentation. *Update - 10-Oct-2008* All previous domains suspended - latest domain dmorganinv.com registered with MELBOURNE IT, LTD. (Yahoo as reseller) on 08-Oct-2008. See domain tables below for even more recent zombie botnet hosted domains. Clear evidence of fraud

ii) The website carries the following clear money mule criminal solicitation under the 'Careers' tab:
In-Home Assistants ($2,500 USD monthly + 5% per closing assignment)
Ref: AQ231 (Click Here To Apply Now)

The processing assistant manages transactions from clients on behalf of Morgan Investment to ensure the investing client with privacy and security. You will be required to ensure the investing client with simple and quick means to expediently invest their funds in a timely manner. Human resources has recently put out the message for new assistance in the North American region of the world (USA).

Applicants interested in an administrative assistant position are required to submit an application for employment. All fields of the application should be completed. One aspect of the employment application consists of an assessment section. There is also a resume section for future assistants to provide their previous work experience and/or education. Both the assessment and resume, will assist manangement in selecting a worthy candidate for the available position(s). The assistant will not be responsible for any out of pocket expenses while employed with Morgan. Our primary source of communication with assistants are by e-mail, online assistant support area, cell phone and home phone (in this particular order) it is the assistant's responsibility to upkeep daily accountability and communication with Morgan Investment.

The processing assistant will be compensated in the amount of 5% per closing assignment on top of the guaranteed $2,500 USD monthly salary. Assistants will be receiving 3-5 assignments weekly that shall be processed via one of the preferred processing methods available at that time. All assistants will undergo online training to become familiar with all the preferred processing methods of the clients. The online assistant course will be initiated after hire. The information supplied by each applicant is extensively verified by our Human Resources department.

Essential skills required:

    * You must be at least 21 years old
    * Basic understanding of the PC and its services (e-mail, internet, ...)
    * US bank account
    * Strong verbal and written communication and interpersonal skills
    * Ability to develop and manage relationships
    * Attention to detail, and the ability to multi-task and self-manage

What are my hours of operation?

Company hours are 9.00am to 5.30pm EST Monday to Friday. Typically assistants will work 5-10 hours per week, this will be composed of a 1-2 hour work day. All staff receives a minimum of 25 days holiday per year + bank holidays.
Can I really work at home?

Morgan Investment is a firm believer and supporter of family and advancement opportunities. This is why the positions available with us give assistants and representatives the opportunity to work from home. It is believed that if a person is given the chance to work in a comfortable environment, the employee is more likely to perform at their maximum potential. Studies have shown that business overhead expenses are reduced drastically when allowing employees to work from home.
Do I need to pay anything out of my pocket to be able to work for Morgan?

Absolutely NOT. We do not require you to pay anything out of pocket.
Who will the transactions be made out to and does this require a license?

The transactions will be made out directly to you by our finance department. You are not required to have a license for this position, you are an independent contractor and you are responsible for claiming gross annual income on your annual tax filings. At the end of each fiscal year you will receive a total of your processed transactions in order to file an individual income tax form and provide your income to the United States government. We will be glad to assist you on this matter. You will only need to pay taxes on your monthly salary and commissions.
Why is a bank account required?

A personal checking account is required in order to receive your salary deposits, this also guarantees all the investor funds to be FDIC insured.
Why aren't online banks acceptable?

Online banks are not permitted because each assistant will need take occasional trips to their financial institution.
iii) That is a crystal clear illegal money mule function of accepting funds into a private account and transferring them back out less a percentage and on its own defines the company without doubt as criminal and bogus and is clear evidence of criminal fraud.

iv) No legitimate company is going to advertise for this sort of illegal part time, 'work from home' money transfer position among the untrained, inexperienced and uncertified general population overseas, to do so defines the company as both bogus and criminal.
The Spam:
Your resume and or contact details were automatically screened by the US free classifieds and you were selected for possible consideration of employment with the following Corporation.

Morgan Investment offers a motivating and exciting work environment. Work is organized around clear performance goals and expectations, and every employee, regardless of background, tenure or position, is given the opportunity to be a key contributor. This is an outstanding opportunity to join a stable, yet dynamic, entrepreneurial and growing company. Morgan Investment offers a challenging and rewarding work environment, competitive wages and full benefits (medical, dental, vision, flexible spending account, accidental death insurance and 401K).

The Company:
Morgan Investment Co. is an international private equity company which has been successfully in operation since its inception in 1996. Morgan Investment builds portfolios around a set of fundamental investment tenets that make up the foundation of the programs we deliver to our clients. We believe institutions and wealthy families should benefit from access to the same investment approach and investment talent utilized by the largest university endowment programs.

Job Description:
The position available with Morgan Investment is an administrative assistant position. Assistants and representatives are given the opportunity to work from home. It is believed that if a person is given the opportunity to work in a comfortable environment, the employee is more likely to perform at their maximum potential. Studies have shown that business overhead expenses are reduced drastically when allowing employees to work from home. The position pays a guaranteed $2,500 USD per month + 5% commission on each closing assignment. We provide a team environment, and a focused, hard working atmosphere essential for success in the financial world.

Requirements:
# You must be at least 21 years old
# Basic understanding of the PC and its services (e-mail, internet, ..)
# Strong verbal and written communication and interpersonal skills
# Ability to develop and manage relationships
# Attention to detail, and the ability to multi-task and self-manage

Benefits include medical, dental, vision, flexible spending account, accidental death insurance and 401K after a 1 month probationary period. Senior assistants will be given the chance to apply for a management position at one of our worldwide locations.

Morgan Investment presents a significant opportunity for growth; this is your chance to get in on the ground floor.

Please visit our site for consideration of this position. Browse the site to become more familiar with the company and the position available. If you feel you will be a good candidate for this position ensure to view the careers section and submit an application for employment.

- Visit Now!
Once again a clear illegal money mule function.
v) Initial Fake 'Contact Us' Details from website: (N.B. The criminal changes his contact details, (in itself a clear indicator of fraud) - see entries below for 17th. June 2008 and 10th. October 2008)

Morgan Investment is a private limited liability, VAT registered company.

Full company name: Morgan Investment Co.
Corporation number: 03143351
Registered in: United States, Russia, England and Wales

Registered US office: 350 E. 54th St. Suite 1H, New York, NY 10022
Registered RU office: 19/33 Michurinskaya Street, Saint Petersburg 197046, Russia
Registered UK office: Wixford Business Park, George's Elm Lane, Bidford on Avon, Warwickshire B50 4JS, UK

Telephone: +1 (210) 807-4278
Fax: +1 (800) 783-8284
VAT number: 470 6754 34

• - The address "350 E. 54th St. Suite 1H, New York" Googles as the address of the "Modeling Association of America INTL"
• - The EU VAT number lookup tool confirms the VAT number 470 6754 34 is invalid.
• - Using the Reverse Phone Detective, the US telephone number (210) 807-4278 traces to San Antonio, Texas but they claim their US office is in New York.
• - A Royal Mail postcode address check shows that there is no such company at the postcode B50 4JS.

All clear evidence of fake contact details and fraud.

vi) Although they claim to be based in New York, this particular company are not listed in the New York State 'Corporation and Business Entity Database' - clear evidence of fraud.

 vii) A UK Companies House webcheck shows that although there are several Morgan Investment Companies registered in the UK, this particular one at the supposed UK address is not registered with the UK Companies House, and a similar webcheck shows that neither are they registered with the UK FSA, (Financial Services Authority), which they would have to be to be able to legally trade in the financial sector in the UK. Clear & absolutely irrefutable evidence of criminal fraud.  
The above evidence clearly demonstrates beyond any doubt that the Morgan Investment Co. website has been set up very recently by money laundering criminals purely for the purpose of spamvertising an illegal money laundering 'mule' job. If you are an abuse team that has received an abuse report regarding these fraudsters, please consider immediate termination of their services in view of the absolutely undeniable evidence of criminal activity - please don't delay - these criminals will not respond to any communication from you, (all their whois data is false), but will simply take advantage of any attempt at communication as a delaying tactic to allow them time to carry on their criminal activity and prepare their next network.
 
Known Website Domains

morganinvestors.com (Inactive)
morganportfolio.com (Inactive)
morganinvest.net (Inactive)
morgantrustfund.net (Suspended)
morgantrustfund.cn (Suspended)
dmorganinv.com (Suspended)
morganinvestments.cn (Suspended)
morganhedgefund.com (Active)

 Registrar

MELBOURNE IT, LTD. (Yahoo) (24-may-2008)
MELBOURNE IT, LTD. (Yahoo) (06-jun-2008)
MELBOURNE IT, LTD. (Yahoo) (26-may-2008)
BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN (21-jun-2008)
北京新网互联科技有限公司 - Beijing Xinwanghulian Technology Co. Ltd. (30-Aug-2008)
MELBOURNE IT, LTD. (Yahoo) (08-Oct-2008)
Xin Net Technology Corp. (02-Nov-2008)
MELBOURNE IT, LTD. (Yahoo) (01-Oct-2008)

Criminal Registered
Nameserver Domains

mywowdns.com (Suspended)
foly3troso.com (Suspended)
myboomdns.com (Active)

Registrar


BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN (05-Nov-2007)
BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN (14-Jul-2008)
Xin Net Technology Corp. (23-Oct-2008)
Host


-
Zombie Hosted
Zombie Hosted

Network Data

(Valid for domains morganinvestors.com, morganportfolio.com, morganinvest.net)

 How I am searching:

Searching for morganinvestors.com A record at m.root-servers.net [202.12.27.33]: Got referral to D.GTLD-SERVERS.NET. (zone: com.)
Searching for morganinvestors.com A record at D.GTLD-SERVERS.NET. [192.31.80.30]: Got referral to yns2.yahoo.com. (zone: morganinvestors.com.)
Searching for morganinvestors.com A record at yns2.yahoo.com. [66.196.84.168]: Reports morganinvestors.com. Response:
DomainTypeClassTTLAnswer
morganinvestors.com.AIN120068.180.151.20
morganinvestors.com.AIN120068.180.151.21
morganinvestors.com.AIN120068.180.151.22
morganinvestors.com.AIN120068.180.151.23
morganinvestors.com.AIN120068.180.151.24
morganinvestors.com.AIN120068.180.151.25
morganinvestors.com.NSIN86400ns8.san.yahoo.com.BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN (21-jun-2008)
morganinvestors.com.NSIN86400yns2.yahoo.com.
morganinvestors.com.NSIN86400yns1.yahoo.com.
morganinvestors.com.NSIN86400ns9.san.yahoo.com.
yns1.yahoo.com.AIN180066.218.71.205
yns2.yahoo.com.AIN1800216.109.116.20
ns8.san.yahoo.com.AIN180066.218.71.205
ns9.san.yahoo.com.AIN1800216.109.116.20

Looking up at the 2 morganinvestors.com, morganportfolio.com. parent servers:

ServerResponse
yns2.yahoo.com [66.196.84.168] 68.180.151.17 68.180.151.18 68.180.151.19 68.180.151.20 68.180.151.21 68.180.151.22
yns1.yahoo.com [66.218.71.205] 68.180.151.58 68.180.151.59 68.180.151.60 68.180.151.80 68.180.151.81 68.180.151.82

The host for this fraudster is the Yahoo small business network often used by these criminals.
Fraud Log

28th. May 2008
Webpage created
17th. June 2008
New website domain notified by site contact: morganportfolio.com
 They have changed their supposed contact details to:

Registered details

Morgan Investment is a private limited liability, VAT registered company.

Full company name: Morgan Investment Co.
Corporation number: 02144358
Registered in: United States, Russia, England and Wales

Registered US office: 350 E. 54th St. Suite 2H, New York, NY 10022
Registered RU office: 19/34 Michurinskaya Street, Moscow, 123056, Russia
Registered UK office: 25 Cabot Square, Canary Wharf, London E14 4QA, United Kingdom

Telephone: +1 (315) 370-4368
Fax: +1 (347) 438-3119
VAT number: 470 3745 67

It all goes even further to prove the bogus nature of these crooks:
   - More or less the same Russian address (19/34 instead of 19/33) but a totally different post code.
   - Totally different corporation number.
   - Totally different bogus UK address - it's actually the address of the genuine Morgan Stanley Funds (UK)
   - Totally different VAT number but it still comes up as bogus using the EU VAT number lookup tool.
   - The telephone number +1 (315) 370-4368 maps to Auburn, NY state which is about 200 miles away from the supposed firm's New York           location.
17th. June 2008
The criminal's domain morganportfolio.com has been disabled by Yahoo domains.
18th. June 2008
New domain notified by site contact - morganinvest.net
23rd June 2008
Domain morganinvest.net has been disabled by Yahoo - new domain reported by site contact: morgantrustfund.net registered with BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN (21-jun-2008) and hosted on the following network:
Network Data (Valid for morgantrustfund.net)

How I am searching:

Searching for morgantrustfund.net A record at g.root-servers.net [192.112.36.4]: Got referral to F.GTLD-SERVERS.net. (zone: net.)
Searching for morgantrustfund.net A record at F.GTLD-SERVERS.net. [192.35.51.30]: Got referral to ns10.mywowdns.com. (zone: morgantrustfund.net.)
Searching for morgantrustfund.net A record at ns10.mywowdns.com. [67.189.82.129]: Reports morgantrustfund.net. Response:
DomainTypeClassTTLAnswer
morgantrustfund.net.AIN18086.22.144.151
morgantrustfund.net.AIN18024.147.248.55
morgantrustfund.net.AIN180121.209.132.169
morgantrustfund.net.AIN18070.135.208.219
morgantrustfund.net.AIN180219.19.208.26
morgantrustfund.net.AIN18069.176.39.23
morgantrustfund.net.AIN18076.213.136.99
morgantrustfund.net.AIN18076.102.250.192
morgantrustfund.net.AIN18083.131.59.250
morgantrustfund.net.AIN18086.3.107.101

Looking up at the 4 morgantrustfund.net. parent servers:

Zombie Botnet NameserversBotnet Nameserver 'A' Records (Zombie Site Host IPs)
ns6.mywowdns.com [71.147.53.129] 24.20.25.226 65.189.204.23 68.84.32.74 69.73.4.250 70.135.208.219 71.92.146.196 76.18.239.54 83.131.59.250 85.180.138.236 99.232.236.219
ns5.mywowdns.com [72.51.154.63] 24.20.25.226 65.189.204.23 68.84.32.74 69.73.4.250 70.135.208.219 71.92.146.196 76.18.239.54 83.131.59.250 85.180.138.236 99.232.236.219
ns2.mywowdns.com [75.71.227.182] 24.20.25.226 65.189.204.23 68.84.32.74 69.73.4.250 70.135.208.219 71.92.146.196 76.18.239.54 83.131.59.250 85.180.138.236 99.232.236.219
ns10.mywowdns.com [67.189.82.129] 24.20.25.226 65.189.204.23 68.84.32.74 69.73.4.250 70.135.208.219 71.92.146.196 76.18.239.54 83.131.59.250 85.180.138.236 99.232.236.219

The data shows a slightly different from usual 10-IP site hosting zombie botnet where the criminal owned nameservers ns6.mywowdns.com, ns5.mywowdns.com, ns2.mywowdns.com and ns10.mywowdns.com all appear to be hosted on zombies or dsl connected criminal owned machines and are acting as a zombie botnet controllers 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT).
***Latest News*** 6th. September 2008
New domain notified by site contact - morgantrustfund.cn
The criminal's nameserver domain mywowdns.com has been suspended and he has registered a new one - foly3troso.com with obvious bogus whois data.

The criminal has a new 10-IP botnetwork for this fraud:
How I am searching:

Searching for morgantrustfund.cn A record at e.root-servers.net [192.203.230.10]: Got referral to NS.CERNET.NET. (zone: cn.)
Searching for morgantrustfund.cn A record at NS.CERNET.NET. [202.112.0.44]: Got referral to ns1.foly3troso.com. (zone: morgantrustfund.cn.)
Searching for morgantrustfund.cn A record at ns1.foly3troso.com. [76.189.142.3]: Timed out. Trying again.
Searching for morgantrustfund.cn A record at ns4.foly3troso.com. [76.116.28.39]: Reports morgantrustfund.cn. Response:
DomainTypeClassTTLAnswer
morgantrustfund.cn.AIN18069.236.161.80
morgantrustfund.cn.AIN18076.116.28.39
morgantrustfund.cn.AIN18072.129.27.234
morgantrustfund.cn.AIN18075.70.206.199
morgantrustfund.cn.AIN18012.202.128.95
morgantrustfund.cn.AIN18085.197.238.216
morgantrustfund.cn.AIN18067.171.88.176
morgantrustfund.cn.AIN180130.111.234.114
morgantrustfund.cn.AIN18069.148.71.61
morgantrustfund.cn.AIN18076.196.1.142

Looking up at the 4 morgantrustfund.cn. parent servers:

Zombie Botnet NameserversBotnet Nameserver 'A' Records (Zombie Site Host IPs)
ns4.foly3troso.com [76.116.28.39]12.202.128.95 130.111.234.114 67.171.88.176 69.148.71.61 69.236.161.80 72.129.27.234 75.70.206.199 76.116.28.39 76.196.1.142 85.197.238.216
ns2.foly3troso.com [75.71.71.210]12.202.128.95 130.111.234.114 67.171.88.176 69.148.71.61 69.236.161.80 72.129.27.234 75.70.206.199 76.116.28.39 76.196.1.142 85.197.238.216
ns3.foly3troso.com [66.220.109.230]12.202.128.95 130.111.234.114 67.171.88.176 69.148.71.61 69.236.161.80 72.129.27.234 75.70.206.199 76.116.28.39 76.196.1.142 85.197.238.216
ns1.foly3troso.com [76.189.142.3]Timeout

The data shows a 10-IP site hosting zombie botnet controlled by in-house nameservers that are themselves hosted on compromised end user machines, or zombies. The criminal remotely controlled nameservers ns1.foly3troso.com, ns2.foly3troso.com, ns3.foly3troso.com and ns4.foly3troso.com are acting as a zombie botnet controllers 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site, (as determined by TRACERT). RDNS checks on the zombies show them on a wide variety of networks, but where the data is clear, you will see DSL ADSL and Cable end users who have been dumb enough to download & run the Asprox or other trojan or are victims of a 'drive by' website exploit and need to be disconnected by their ISPs until their machines are cleaned.

For a general explanation of this form of hosting, please see The Zombie Botnet 'Host By Proxy'
***Latest News*** 10th. October 2008
New domain notified by site contact: dmorganinv.com registered with MELBOURNE IT, LTD. (Yahoo) on 08-Oct-2008 and hosted on a Yahoo IP address (68.180.151.74)
Network Data (Valid for dmorganinv.com)
How I am searching:

Searching for dmorganinv.com A record at i.root-servers.net [192.36.148.17]: Got referral to K.GTLD-SERVERS.NET. (zone: com.)
Searching for dmorganinv.com A record at K.GTLD-SERVERS.NET. [192.52.178.30]: Got referral to yns1.yahoo.com. (zone: dmorganinv.com.)
Searching for dmorganinv.com A record at yns1.yahoo.com. [66.218.71.205]: Reports dmorganinv.com. Response:
DomainTypeClassTTLAnswer
dmorganinv.com.AIN120068.180.151.74
dmorganinv.com.NSIN86400yns2.yahoo.com.
dmorganinv.com.NSIN86400ns9.san.yahoo.com.
dmorganinv.com.NSIN86400yns1.yahoo.com.
dmorganinv.com.NSIN86400ns8.san.yahoo.com.

Looking up at the 2 dmorganinv.com. parent servers:

ServerResponse
yns2.yahoo.com [66.196.84.168] 68.180.151.74
yns1.yahoo.com [66.218.71.205] 68.180.151.74

Once again the crook has changed his contact details, (last recorded 17th. June 2008 see log above), in an attempt to obfuscate the evidence. Here are the third set of contact details from the website:

Registered details

Morgan Investment is a private limited liability, VAT registered company.

Full company name: Morgan Investment Co.
Corporation number: 02144358
Registered in: United States, England and Wales

Registered UK office: 25 Cabot Square, Canary Wharf, London E14 4QA, United Kingdom

Telephone: +1 (720) 385-0596
Fax: +1 (832) 383-8194
VAT number: 470 3745 67

It all goes even further to prove the bogus nature of these crooks: (Click on the links to check the data)
   - They have removed the Russian address.
   - They have removed the USA address.
   - The corporation number 02144358 actually belongs to the UK company MID ESSEX GRAVEL LIMITED. Check for yourself.
   - Same bogus UK address - it's actually the address of the genuine Morgan Stanley Funds (UK). Check for yourself.
   - Same bogus VAT number, (it comes up as bogus using the EU VAT number lookup tool). Check for yourself.
   - Supposedly also registered in Wales, but no listed address for that location.
   - The telephone number +1 (720) 385-0596 maps to Denver Colorado, but the Fax. Number (832) 383-8194 maps to Houston Texas. They          must have a big office... Check for yourself.

You don't often get a clearer set of fake details than that - Clear evidence of fraud.
Later: Yahoo have suspended the domain dmorganinv.com - Please notify me of any active domains for this criminal.
***Latest News*** 6th. November 2008
New domain reported by site contact - morganinvestments.cn.
DNS Data:
How I am searching:

Searching for morganinvestments.cn A record at m.root-servers.net [202.12.27.33]: Got referral to A.DNS.cn. (zone: cn.)
Searching for morganinvestments.cn A record at A.DNS.cn. [203.119.25.1]: Got referral to ns5.myboomdns.com. (zone: morganinvestments.cn.)
Searching for morganinvestments.cn A record at ns5.myboomdns.com. [76.126.193.226]: Reports morganinvestments.cn. Response:
DomainTypeClassTTLAnswerRDNS
morganinvestments.cn.AIN180221.128.195.190221-128-195-190.static.exatt.net
morganinvestments.cn.AIN180201.160.226.240201.160.226.240.cable.dyn.cableonline.com.mx
morganinvestments.cn.AIN180128.171.70.126hpwl62.ifa.hawaii.edu
morganinvestments.cn.AIN18098.172.26.54wsip-98-172-26-54.dc.dc.cox.net
morganinvestments.cn.AIN18072.136.137.1CPE001d7d954aea-CM00195ed20474.cpe.net.cable.rogers.com
morganinvestments.cn.AIN18067.149.133.182d149-67-182-133.col.wideopenwest.com
morganinvestments.cn.AIN18074.137.211.8174-137-211-81.dhcp.insightbb.com
morganinvestments.cn.AIN18075.177.88.187cpe-075-177-088-187.triad.res.rr.com
morganinvestments.cn.AIN18066.212.155.13566.212.155.135.nauticom.net
morganinvestments.cn.AIN18012.216.54.17712-216-54-177.client.mchsi.com

All the above IP addresses are addresses of compromised end user machines, or zombies.

Looking up at the 2 morganinvestments.cn. parent servers:

ServerResponse
ns5.myboomdns.com [76.126.193.226]12.216.54.177 128.171.70.126 201.160.226.240 221.128.195.190 66.212.155.135 67.149.133.182 72.136.137.1 74.137.211.81 75.177.88.187 98.172.26.54
ns2.myboomdns.com [0.0.0.0]Timeout

The data shows a standard 10-IP 'fastflux' site hosting zombie botnet where the criminal owned nameserver ns5.myboomdns.com, (currently hosted on the Comcast Cable Communications, Inc. zombie IP 76.126.193.226 [c-76-126-193-226.hsd1.ca.comcast.net]), is acting as a zombie botnet controller 'herding' the rotating zombies, (as determined by RDNS), in the 'A' records list which are hosting the fraud site (as determined by TRACERT). N.B. - the zombies rotate, (including the nameserver host), so the above is just a snapshot in time - every lookup will be different.
***Latest News*** 11th. December 2008
The domain morganinvestments.cn is suspended - Please notify me of any active domains for this criminal.
***Latest News*** 19th. December 2008
New domain notified by site contact - morganhedgefund.com registered with Melbourne IT (Yahoo as reseller) and hosted by Yahoo as follows:
How I am searching:

Searching for morganhedgefund.com A record at b.root-servers.net [192.228.79.201]: Got referral to I.GTLD-SERVERS.NET. (zone: com.) [took 53 ms]
Searching for morganhedgefund.com A record at I.GTLD-SERVERS.NET. [192.43.172.30]: Got referral to yns1.yahoo.com. (zone: morganhedgefund.com.) [took 161 ms]
Searching for morganhedgefund.com A record at yns1.yahoo.com. [66.218.71.205]: Reports morganhedgefund.com. [took 48 ms] Response:
DomainTypeClassTTLAnswer
morganhedgefund.com.AIN120068.180.151.74
morganhedgefund.com.NSIN86400ns8.san.yahoo.com.
morganhedgefund.com.NSIN86400ns9.san.yahoo.com.
morganhedgefund.com.NSIN86400yns1.yahoo.com.
morganhedgefund.com.NSIN86400yns2.yahoo.com.

Looking up at the 2 morganhedgefund.com. parent servers:

ServerResponse
yns2.yahoo.com [66.196.84.168]68.180.151.74
yns1.yahoo.com [66.218.71.205]68.180.151.74

The host of this criminal fraudster is Yahoo on IP 68.180.151.74