Looking for owners of crooked website.

B

balanga

This organisation GRANDACCESSINVESTMENT.COM has robbed me of lots of money.

How can I find them?

Domain Name: GRANDACCESSINVESTMENT.COM
Registry Domain ID: 2858911223_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.crazydomains.com
Registrar URL: http://www.crazydomains.com.au
Updated Date: 2026-01-15T19:09:40Z
Creation Date: 2024-02-26T22:38:41Z
Registry Expiry Date: 2027-02-26T22:38:41Z
Registrar: Dreamscape Networks International Pte Ltd
Registrar IANA ID: 1291
Registrar Abuse Contact Email: abuse@dreamscapenetworks.com
Registrar Abuse Contact Phone: +61 894 220 890
Domain Status: ok https://icann.org/epp#ok
Name Server: NS1.SERVER145.ISEENCLOUD.COM
Name Server: NS2.SERVER145.ISEENCLOUD.COM
Name Server: NS3.SERVER145.ISEENCLOUD.COM
Name Server: NS4.SERVER145.ISEENCLOUD.COM
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of whois database: 2026-02-18T21:08:01Z <<<

For more information on Whois status codes, please visit https://icann.org/epp

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.


Domain Name: GRANDACCESSINVESTMENT.COM
Registry Domain ID: 2858911223_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.syrahost.com
Registrar URL: http://www.crazydomains.com
Updated Date: 2026-01-15T00:00:00Z
Creation Date: 2024-02-26T00:00:00Z
Registrar Registration Expiration Date: 2027-02-26T00:00:00Z
Registrar: Dreamscape Networks International Pte Ltd
Registrar IANA ID: 1291
Registrar Abuse Contact Email: abuse@dreamscapenetworks.com
Registrar Abuse Contact Phone: +65.69147880
Domain Status: ok https://icann.org/epp#ok
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: LONDON
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: GB
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext:
Registrant Email: https://www.crazydomains.com.au/whois/grandaccessinvestment.com/contact_form/
Name Server: NS1.SERVER145.ISEENCLOUD.COM
Name Server: NS2.SERVER145.ISEENCLOUD.COM
Name Server: NS3.SERVER145.ISEENCLOUD.COM
Name Server: NS4.SERVER145.ISEENCLOUD.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2026-02-19T00:03:47Z <<<
Click to expand...
 
balanga said:
This organisation GRANDACCESSINVESTMENT.COM has robbed me of lots of money.
Click to expand...
That's too bad. Sorry to hear.

balanga said:
How can I find them?
Click to expand...
In general, that is difficult. It depends on how much information you have. If all you have is the domain name, you'd need to force the domain registrar to disclose who is the owner of the domain. In most western countries, that requires a court order, which in turn requires starting a lawsuit. In your case, it seems the registrar is located in Singapore (judging by their country telephone code), so you need to hire a lawyer in Singapore, file a court case there, and have the lawyer serve the registrar with a discovery order.

There are also central registries of all businesses that exist in a country or state. Judging by the information you posted, the company itself might be in Britain, so find the central register of corporations there (I know it exists, it was in the news a few days ago), and inquire there. In California, that would be done with the Secretary of State (of California, has nothing to do with the US federal government foreign policy body); they have an online searchable database on the web.

Given what eternal_noob just posted, they might be indeed located in California, in the city of Fremont that's near me. However, that address "4763 Hide A Way Road" does not actually exist. A quick web search also finds an address in England for the same companies that use that non-existing address.

Given that they took your money, there must be some more information, which was exchanged when the money flowed. For example, if the money was sent from your bank account, your bank must know how it was transferred. Banks are usually very unwilling to disclose such things, unless presented with a court order or subpoena, so again it might be time to start a lawsuit in whatever jurisdiction is involved.

In general, I keep repeating: Time to get a lawyer.
 
That sucks. Seriously. Lawyer up, that's all you can do.

Please don't fall for any "hacker" that might be sending emails your way, promising to get your money back. For a nominal fee of course. They'll take whatever was left. There are very few things I genuinely hate, defrauding people out of their hard earned money is certainly high up that list.

eternal_noob said:
Hide A Way Road
Click to expand...
🤔 I mean. Nobody spots the obvious fake?
 
SirDice said:
🤔 I mean. Nobody spots the obvious fake?
Click to expand...
Funny though there is such road in Utah. But neither full address exists according to google.
Interestingly enough chatgpt cannot access it to analyse either.

Lawyer up is probably the best advice.

edit: I tried to create an account there (after sniffing around a bit with webdev tools) and if anything is red flag on that page: terms and conditions for user account creation don't even exist. I guess not many people read them, they were relying on that.
 
If it was a bank transaction and you have solid evidence, maybe your bank cooperates by providing account holder details to a judge. If it was crypto, forget it.
 
Second instance (that I'm seeing on these Forums) of someone not having a tight leash on their own money, and getting defrauded out of it. The first one was a rather lengthy thread in which OP took a long time to confess to being careless with a phishing email. You'd think others would read and learn to be careful with their money. This thread's OP just walked into trouble all by himself, no phishing even needed.

But yeah, it's pretty amazing that you can register a .com domain with an unverifiable address. That's how most scams on the Internet operate. The domain may be up for a couple months, and then GoDaddy.com or a government-sponsored Internet registrar will simply delete that name, it will become NOT findable, and you'll get ads saying that the domain name is for sale. So OP actually doesn't have much time to track down who put up the scam site. Not impossible to use a cheap throwaway laptop to throw something together, and then format the SSD and pretend they're not the ones who did it.

I mean, even on LinkedIn, people are brazen and open about money laundering!
 
balanga said:
It was crypto :(
Click to expand...
Yeah, that stuff is really unregulated. The crypto gold rush of 2010s is over, so now I look at crypto as a technical toy to play with at some point, not something to be equated with real money that you use to stake your very survival on. These days, becoming involved in cryptocurrency is either extremely expensive (you have to be able to put up the same kind of cash as Trump or Altman) or a scam. And the scam you fell for - it was awfully old-school, one that takes maybe an hour to set up if you know what you're doing.
 
Do an nslookup of the site. The whois of the IP address says the netblock owner is in Montreal, QC. Depending on the size of the loss the various authorities (Secret Service or FBI) do have a good relationship with the RCMP. They don't have much tolerance for this.

A traceroute of the IP suggests its somewhere in Asia after hopping around Europe: routed through Canada, US (NY), UK, France, to Asia, back to France and back to Asia with APNIC registered IPs registered to a Montreal company (hosting provider). The final router before it packets go into the abyss is in Asia.

Having said that, many of the intrusion attempts and SPAM I receive come from AWS and Google cloud networks. This makes it difficult to impossible to use geoblocking. It's not surprising that they use cloud services. Bad actors use these cloud services because it makes it most difficult to find them as the services are subscribed to by numbered companies owned by other numbered companies and so on to protect the perpetrators from discovery (without much effort).
 
balanga said:
It was crypto
Click to expand...
I don't want to upset you, but it's unlikely you'll be able to get your crypto back. My colleagues here are right about crypto: it's either the likes of Trump and Altman who are involved, or it's criminal activity. I'll also add that the lion's share of crypto transactions are handled by fraudulent centers and exchanges. I clearly understand that you invested in crypto as a "reliable" channel, but, unfortunately, it only made things worse. I'm not an expert in these matters, but I think the classic methods for catching crypto scammers (via online tools) ARE NO LONGER WORKING! cy@ was right when he said that the era of new schemes has arrived. The old classic internet and technologies are dead. The cyber police can't find anyone or prove anything either. The internet has become a dumpster. And you've climbed into a dumpster called "crypto." Is it any wonder that millions of US dollars' worth of crypto are being stolen from banks? They're stealing from banks! And in most cases, the criminals are not found.
 
cy@ said:
Do an nslookup of the site. The whois of the IP address says the netblock owner is in Montreal, QC. Depending on the size of the loss the various authorities (Secret Service or FBI) do have a good relationship with the RCMP. They don't have much tolerance for this.

A traceroute of the IP suggests its somewhere in Asia after hopping around Europe: routed through Canada, US (NY), UK, France, to Asia, back to France and back to Asia with APNIC registered IPs registered to a Montreal company (hosting provider). The final router before it packets go into the abyss is in Asia.

Having said that, many of the intrusion attempts and SPAM I receive come from AWS and Google cloud networks. This makes it difficult to impossible to use geoblocking. It's not surprising that they use cloud services. Bad actors use these cloud services because it makes it most difficult to find them as the services are subscribed to by numbered companies owned by other numbered companies and so on to protect the perpetrators from discovery (without much effort).
Click to expand...
[root@W520 ~]# nslookup grandaccessinvestment.com
Server: 192.168.1.1
Address: 192.168.1.1#53

Non-authoritative answer:
Name: grandaccessinvestment.com
Address: 51.79.193.101
Click to expand...

How do you get the connection to Quebec?

Registrar: Dreamscape Networks International Pte Ltd

They appear to be in Singapore.

I have sent an email to:

Registrar Abuse Contact Email: abuse@dreamscapenetworks.com

No reply so far.

Registrar WHOIS Server: whois.crazydomains.com

crazydomains appears to be based in Sydney, Australia.

So I'm a bit lost trying to work out who looks after the website.
 
elephant said:
cy probably issued a whois on the IP address. Try whois 51.79.193.101 ...
Click to expand...
# whois.arin.net

NetRange: 51.79.0.0 - 51.79.255.255
CIDR: 51.79.0.0/16
NetName: HO-2
NetHandle: NET-51-79-0-0-1
Parent: RIPE-ERX-51 (NET-51-0-0-0-1)
NetType: Direct Allocation
OriginAS:
Organization: OVH Hosting, Inc. (HO-2)
RegDate: 2019-01-10
Updated: 2019-01-10
Ref: https://rdap.arin.net/registry/ip/51.79.0.0



OrgName: OVH Hosting, Inc.
OrgId: HO-2
Address: 800-1801 McGill College
City: Montreal
StateProv: QC
PostalCode: H3A 2N4
Country: CA
RegDate: 2011-06-22
Updated: 2025-09-04
Ref: https://rdap.arin.net/registry/entity/HO-2


OrgTechHandle: NOC11876-ARIN
OrgTechName: NOC
OrgTechPhone: +1-855-684-5463
OrgTechEmail: noc@ovh.net
OrgTechRef: https://rdap.arin.net/registry/entity/NOC11876-ARIN

OrgAbuseHandle: ABUSE3956-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-855-684-5463
OrgAbuseEmail: abuse@ovh.ca
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE3956-ARIN
Click to expand...
I'm thoroughly confused now as I've seen links to Canada, Australia and Singapore.

Looks like I should contact:

OrgAbuseEmail: abuse@ovh.ca
 
As I understand it the domain name GRANDACCESSINVESTMENT.COM is owned by crazydomains.com from Australia, but the actual website runs on an IP address controlled by ovh.ca of Canada.

Does that sound correct?
 
balanga said:
How do you get the connection to Quebec?
Click to expand...

Traceroute. Of course the FQDNs don't necessarily have to match the actual location on the globe but on the face of it, it appears so. This will take a lot more investigation than I'm willing to put into it.

balanga said:
Registrar: Dreamscape Networks International Pte Ltd

They appear to be in Singapore.
Click to expand...

The TLDs were .eu and .asia. I didn't look any further.

balanga said:
I have sent an email to:

Registrar Abuse Contact Email: abuse@dreamscapenetworks.com

No reply so far.

Registrar WHOIS Server: whois.crazydomains.com

crazydomains appears to be based in Sydney, Australia.

So I'm a bit lost trying to work out who looks after the website.
Click to expand...
I'd be surprised if you get any replies.

I'm sure they purchased some cloud service somewhere registered their domain from somewhere else. Typical. You may never find out who. And those who do have the resources (shoes on the ground) won't put the effort into it if the loss is a small sum.

This is why I stay clear of crypto. Even a reputable vendor of crypto is a gamble because of the wild swings in price (I hesitate to use the word value). You may as well go to the casino. At least the meals are cheap there. ;)
 
Uhhh.... if OP is persistent, the best thing that can happen is that they can learn to use the network monitoring tools, and what the limitations of those tools are. But y'know, it really looks like the scammer tried to cover their tracks, and did a decent job of it if tracking tools turn up such inconsistent information.

But frankly, even if OP manages to technically untangle all those inconsistent details, it's still a pain to build a case that will get attention of pertinent authorities. It kind of has to be the kind of money you'd put up to buy a whole private island in the Caribbean before authorities get involved with a scam. Otherwise, don't count on much of anything happening any time very soon, sorry. This is why small fry like us need to be aware of the situation we're in, and to know enough to avoid danger.
 
You must log in or register to reply here.
Back
Top