I don't know the domains in question. I doubt there really are any because the referrer is never anything other than the domain of the company offering the service.
This company say they redirect traffic from these expired domains (I presume they mean bought up ones). So I would expect the user host ip address to be the users address even if all the domains were hosted on the same server.
The sequence as I see it would be:
1. User browser requests page on expired domain. The referrer would be either empty if the request was via a bookmark or just from typing in the url in the browser address field. If the request came via a page that contained a link to the expired domain then the browser would set the referrer to the page containing the link.
2. The server hosting the expired domain sends a response back to the browser telling it to try another address (the redirect to my page).
Now the traffic to my site has legitimate looking user host ip addresses but the referrer is always the service providers own domain. I can't see any way they could do this apart from if they are spoofing the ip addresses and originating requests themselves.
It all seems a bit dodgy to me.