In this thread on LET there are quite a few affected by the closure of more than 20 low-end VPS companies. The providers gave only 3 days notice to everyone to move their data.
This sometimes happens but not on such a big scale or with such a short notice and right after the Black Friday/Cyber Monday sales. So everyone is wondering is this an exit scam and are those shell companies related. And who is the owner?
There are a lot of speculations and a big list of companies provided in the forum thread above so I decided to look for a pattern. First I ran the list trough HostingChecker to find the hosting and IP/ASN and Whois information, then I ran it trough the reverse IP lookup to check if there are other domains hosted on these IPs. Then I checked the Whois info in each registrar. The results are in the table below.
There is a clear pattern that most companies on the list are registered at GoDaddy, they use Domains by Proxy as private Whois, use WHMCS and are hosted on Linode or Vultr.
From this list, the companies that seem as exception and not related to the rest are hostflyte.com, stockservers.com, virmach.com,
umaxhosting.com, losangelesvps.com. And the last two look like they are closely related to each other.
The only company clearly hosted on ColoCrossing is hudsonvalleyhost.com.
Now there is no doubt the companies are related. As user Solaire looked in the Google Analytics code and found they are shamelessly connected. You can do it too if you open the source. Here is a screen:
I have updated the spreadsheet with the GA info.
There has been official statement from ColoCrossing employee who says it was a single client of the company that is going down on Monday. (screenshot with link to the thread below)
Apparently ColoCrossing do not admit these are their own sites and they are behind those shell companies. They do however admit that they knew it is a single company that is posting the offers on their own forum. They have approved and advertised the offers.
Indicators for a scam
When I checked all the domains of the closing VPS companies they had in common that there was no visible information on who owned the company, address or contact data. All they had is the default WHMCS contact form with captcha turned on or off that looks like this:
And no indication of who owns the company or an address in the footer or anywhere on the about or company pages. It is just generic information like this and the default pages:
Another clue is that if you go on archive.org and type in the web site of the VPS provider, unlike the real businesses all will look like this:
Most of the domains had snapshots of as late as July 2019 and they were with the default for sale of parking pages.
Clearly this looks like an organized exit scam that involved a lot of planning. Who is behind it is yet to be revealed.
But be careful when shopping for web hosting and always check if the business behind the website is real, if they can be trusted, if they had web presence for more than a few years and if they do not hide their company details on their website or their Whois info.