Now, from my initial research I noticed Mariya/Maria kept her whois information pretty consistent. But then there's the phone/fax number +7.8312951414. A quick search to analyze the phone number on International Numbering Plans (link here if you want to analyze it yourself) gives us the following information about the phone number -Domain Name: RINGTONS.CC Registrar: KEY-SYSTEMS GMBH Whois Server: whois.rrpproxy.net Referral URL: http://www.key-systems.net Name Server: NS1.RINGTONS.CC Name Server: NS2.RINGTONS.CC Name Server: NS3.RINGTONS.CC Status: ACTIVE Updated Date: 11-jan-2011 Creation Date: 11-jan-2011 Expiration Date: 11-jan-2012DOMAIN: RINGTONS.CC owner-contact: P-MVE719 owner-fname: Mariya owner-lname: Egorova owner-street: ul.Petrischeva d.14 kv.560 owner-city: Dzerzhinsk owner-state: Nizhegorodskaya oblast owner-zip: 606037 owner-country: RU owner-phone: 7.8312951414 owner-fax: 7.8312951414 owner-email: aaron@cheapbox.ru source: centralops.net
Information on phone number range +7 831 2XXXXXX
| Number billable as | geographic number |
| Country or destination | Russia |
| City or exchange location | Nizhniy Novgorod |
| Original network provider* |
Nizhiniy Nvogorod is where this number should dial to as far as a city, yet where does Mariya claim residence? Dzerzhinsk, that is the first sign of falsified whois with criminal intent. Secondly, we have a legitimate hotel (Hotel Volna) that uses the VERY same phone number (7.8312951414 OR +7 831 295 14 14) as a fax line -
Front office departmentHands down, this shows falsified whois registrant details for criminal intent. In fact, there's two whole pages here of google hits showing the Volna Hotel owns this number. Notice on that last google search how I told google to not show any results that had the term Maria in it (e.g. -Maria)? What happens when I google without the -Maria? We come across a google search front page filled with domains used in fraud and malware dispersal. Suprised? I'm not, we know the whois registrant details have been intentionally falsified for criminal intentions.
booking
Tel. +7 831 295 19 00
Fax +7 831 295 14 14
reception@volnahotel.ru
Address:98, Pr. Lenina,
Nizhny Novgorod 603004 Russia
Website: http://www.volnahotel.ru/en/about/contacts
So with the whois registrant details proven falsified for ringtons.cc, lets show why they falsified them with a quick google search... also showing how the domain ringtons.cc is being used -
Fraud:
http://db.aa419.org/fakebanksview.php?key=56024
link here (too long)
link here (too long)
http://ddanchev.blogspot.com/2011/01/keeping-money-mule-recruiters-on-short.html
http://forum.419eater.com/forum/viewtopic.php?t=198424&view=next
http://www.fraudwatchers.org/forums/archive/index.php/t-39271-p-3.html
Malware:
http://amada.abuse.ch/?search=lilac-groupllc.cc
link here (too long)
http://support.clean-mx.de/clean-mx/viruses.php?domain=fintec-ltd.cc&sort=first%20desc
Again, there were pages of examples showing how the domain ringtons.cc is being used as a name server to promote fraud and malware attacks. Why put them all here though, we've proven beyond a shadow of a doubt that the true owner of ringtons.cc (the RBN) is using the domain to spread their cyber crime. We've also shown that their whois registrant details have been intentionally falsified for these illegal purposes. KEY-SYSTEMS GMBH helped register it, they should clean it up by placing the domain on ClientHold.
In fact, Key-Systems you should probably check your registry to see if the same person, via any of the details they gave you when registering ringtons.cc, have registered other sites with your registrar services. If they have, save yourself the time and headache and just place all of their domains on client hold.
No comments:
Post a Comment