A google search on Maksim's street address shows some hits for other domains he's register, among those quite a few fake pharmacies. This would show Maksim is no stranger to cyber-crime, meaning that the whois registrant information for the domain/nameserver ukdns.cc is definitely falsified. However lets prove it. Lets google his phone number (+7.4959385996 with "-Maksim"). Upon doing so, we come up with the following information -Domain Name: UKDNS.CC Registrar: ENOM, INC. Whois Server: whois.enom.com Referral URL: http://www.enom.com Name Server: NS1.UKDNS.CC Name Server: NS2.UKDNS.CC Name Server: NS3.UKDNS.CC Status: CLIENT-XFER-PROHIBITED Updated Date: 08-dec-2010 Creation Date: 08-dec-2010 Expiration Date: 08-dec-2011Registrant Contact: Maksim Artemiev Maksim Artemiev () Fax: ul.Belorechenskaya d.13 k.1 kv.124 Moscow, Moscow 109559 RU Administrative Contact: Maksim Artemiev Maksim Artemiev (append@free-id.ru) +7.4959385996 Fax: +7.4959385996 ul.Belorechenskaya d.13 k.1 kv.124 Moscow, Moscow 109559 RUSource: centralops.net
Registrant:
Alexey Komarov domendiplomy@googlemail.com +7.4959385996
Alexey Komarov
Teply Stan str. d.21 kv.251
Moscow,Moscow,RU 117133
Domain Name:diplomy.comThis site has been registered nearly 6 years! That would suggest diplomy.com is legitimate... and it would be hard to tell as diplomy.com is written in Russian. Thank God for google translate though (insert cynical laugh here, English version of diplomay.com here). What's do we find on diplomay.com? It's a site for counterfeiting fake documents! Looks like Alex's site isn't that legitimate and he uses the same phone number that "Maksim" used to register ukdns.cc. They both have different names and addresses though, showing that this is hands down, legitimately and intentionally falsified whois registrant information on ukdns.cc. We also find "Alex" registering a fake phramacy here (also another fresh one here) and another site for dispersing malware here. It looks like Alex and Maksim ARE in the same business after all!
Record last updated at 2009-07-13 05:59:00
Record created on 2004/9/22
Record expired on 2010/9/22
Source: http://www.webtrafficagents.com/Whois/diplomy.com
So, this definitely proves beyond a shadow of a doubt the whois registrant information for ukdns.cc has been intentionally falsified for criminal purposes. Now lets show how this domain/name server is being used by the RBN to host their wonderful sites with a quick google search -
Fraud:
link here (too long)
http://scamfraudalert.wordpress.com/2011/01/12/avon-products-plc-journey-financial-cc/
http://ddanchev.blogspot.com/2011/01/keeping-money-mule-recruiters-on-short.html
Malware:
link here (too long)
link here (too long)
http://amada.abuse.ch/?search=lilac-antique.cc
http://amada.abuse.ch/?search=west-view-art.cc
There were plenty of other hits for fraud and malware being dished up by the RBN via their usage of the domain ukdns.cc as a name server. However, point in case is we have sufficiently proven the whois information on ukdns.cc has been intentionally falsified for criminal purposes. Enom, I would suggest you look at the registrant information I gave in this blog post thoroughly. Go through your registry, find any sites you registered for the "Alexey Komarov" OR "Maksim Artemiev" talked about here, and just place those domains on client hold. This has to be the fourth time you've come up in my blog spot, as I tied in this same cyber crime gang/fraud ring to other domains you've helped register: AUSTDEC.CC, OLIVAU.CC, & pageredns.cc
Time to clean up house Enom.
No comments:
Post a Comment