Ninel, another Russian with faked whois registrant information serving up nothing but the RBN's finest forms of fraud and malware. Proving the whois registrant details falsified on this one actually wasn't that hard. Take "Ninel's" phone number and google it (with "-Ninel), and you get this -Domain Name: UKNSSPACE.CC Registrar: BIZCN.COM, INC. Whois Server: whois.bizcn.com Referral URL: http://www.bizcn.com Name Server: NS1.UKNSSPACE.CC Name Server: NS2.UKNSSPACE.CC Name Server: NS3.UKNSSPACE.CC Status: CLIENT-XFER-PROHIBITED Status: CLIENT-DELETE-PROHIBITED Updated Date: 08-dec-2010 Creation Date: 08-dec-2010 Expiration Date: 08-dec-2011Domain name: uknsspace.cc Registrant Contact: Ninel Popakina Ninel Popakina gravy@ca4.ru +73842523612 fax: +73842523612 ul.Suvorova d.2 kv.59 Tashtagol Kemerovskaya oblast 652990 RU Source: centralops.net
Look at that! A company that uses the same phone number! Centralops.net shows that kuzbass.net was registered in April of 1997 and has a registration period set until April of 2014. This makes kuzbass.net sound like a legitimate site, and it is (it's a Telecom company). That said, this proves hands down that the whois registrant information for uknsspace.cc has been intentionally falsified. It uses the same phone number as kuzbass, but the registrant information such as address and registrant name are totally different! Let's show why the whois on uknsspace.cc has been intentionally falsified for criminal purposes with a quick search -
Oktyabrsky 10
- WHOIS для kuzbass.net:
Registrant:
Join-stock company Electrosvyaz
Kemerovo 650066
RU
Domain Name: KUZBASS.NET
Administrative Contact:
Alexander, Berdnikov
Joint-stock company Electrosvyaz
Oktyabrsky 10
Kemerovo 650066
RU
+73842523612 fax: +73842524310
Source: http://www.rutag.net/site/kuzbass.net (click whois tab)
Fraud:
http://scamfraudalert.wordpress.com/2010/12/19/whois-ns1-nnsque-cc/
http://scamfraudalert.wordpress.com/2011/01/12/avon-products-plc-journey-financial-cc/
Link here (too long)
http://ddanchev.blogspot.com/2011/01/keeping-money-mule-recruiters-on-short.html
http://www.delphifaq.com/faq/scams/f1057.shtml?p=68
http://www.fraudwatchers.org/forums/showthread.php?p=127376
Malware:
Link here (too long)
Link here (too long)
There were quite a few other hits for criminal activity the domain/name server uknsspace.cc, however this is (point in case) an RBN name server with intentionally falsified whois information for the sole purposes of cyber criminal activity. BizCN, this is another one that needs to go down. In fact, I would just kill any sites you registered from the very same registrant of uknsspace.cc. They're just going to provide headaches in the long run.
No comments:
Post a Comment