Useful information, interesting links, and much more.
You are visiting  
Please choose a

Use the menu to view your

Choose an article with these menus. To return to your last choices use your browser's BACK button.
Special Links
American Patriotism
Short Cut Menu
God Bless America
 
Home Page

Click Picks
Internet & Security
Loading

   • Enter search text below.
   • Press the "Search" button.
   • Click "X" to return here.

17. A Special Notice = Phishing
Can a letter from your domain registrar be troublesome?
Next Page
See also

An Important Notice

On 10/31/08 we received the letter below from Network Solutions. At first glance it seemed to be a routine matter related to one of our Websites.

Letter

Our Websites are registered through own service, PlanetEagle.Com, which uses the services of GoDaddy. It seemed odd that Network Solutions would write to us. A quick check of our registration information showed the domain contact information to be correct.

  • Whenever you receive a suspicious letter with a link, remember not to click the link.
  • If you wish to visit the site, always type the address into your browser manually.

A quick check of the Network Solutions Website revealed that they were already aware of the problem. They had posted a warning notice on their home page with a link to a a well-worded description of the problem.

Alert!
Notice


Clicking on the link in letter would not have taken you to the Network Solutions site. Part of the code from the e-mail message is reproduced below, clarified so it is easier to understand. Item 1 in the list is the most important one.

To change the WHOIS Administrative Contact Information for any of your domains, please login to Account Manager: <br />

1. Log in to Account Manager at:
<a ref="http://www.networksolutions.com.sys57.biz">   Note 1
http://www.networksolutions.com</a>. <br />  Note 2

2. Click on the "Profile & Accounts" tab in the left navigation menu to be taken to a page listing your account details. <br />

3. Click on "Accounts" and select the account you wish to edit. <br />

4. Click "View/Edit WHOIS Contacts" to make your updates. <br />
<br />

The <br> codes are line breaks.

Note 1: The <a ref> code is a link. The part after the = sign (in "quotes") is the actual link. The actual Website is sys57.biz. The rest of the name is two sub-domains, used ont doubt to confuse people.

Note 2: The text outside of the <a ref > tag is descriptive text. Since it is a Web name it shows as a link in the e-mail.

In the next section is the "Whois" information for sys57.biz.

Domain Name: SYS57.BIZ
Domain ID: D27952919-BIZ
Sponsoring Registrar: REGTIME LTD.
Sponsoring Registrar IANA ID: 1362
Domain Status: clientHold
Domain Status: clientUpdateProhibited

Registrant ID: CO379358-RT
Registrant Name: Matvey Kisten
Registrant Organization: Matvey Kisten
Registrant Address1: 32 po box
Registrant City: Moskow
Registrant State/Province: MSK
Registrant Postal Code: 100172
Registrant Country: Russian Federation
Registrant Country Code: RU

Registrant Phone Number: +7.2239928220
Registrant Facsimile Number: +7.2239928220
Registrant Email: ad4@safe-mail.net

Administrative Contact ID: CA379358-RT
Administrative Contact Name: Matvey Kisten
Administrative Contact Organization: Matvey Kisten
Administrative Contact Address1: 32 po box
Administrative Contact City: Moskow
Administrative Contact State/Province: MSK
Administrative Contact Postal Code: 100172
Administrative Contact Country: Afghanistan
Administrative Contact Country Code: AF

Administrative Contact Phone Number: +7.2239928220
Administrative Contact Facsimile Number: +7.2239928220
Administrative Contact Email: ad4@safe-mail.net

Name Server: NS1.NAMESELF.COM
Name Server: NS2.NAMESELF.COM
Created by Registrar: REGTIME LTD.
Last Updated by Registrar: BDADANT
Domain Registration Date: Fri Oct 31 01:02:25 GMT 2008
Domain Expiration Date: Fri Oct 30 23:59:59 GMT 2009
Domain Last Updated Date: Fri Oct 31 19:13:50 GMT 2008

This domain was registered on10/31/08 to Matvey Kisten in Russia.

While the country of origin for the Registrant is listed as RU (Russia), part of the Administrative, Billing, and Technical contact information is listed as AF (Afghanistan).

  • Billing and Technical contacts are not shown here.

 

Domain name: nameself.com

Punycode: nameself.com

Name servers:
ns1.nameself.com (195.161.113.218)
ns3.nameself.com (80.93.50.149)
ns2.nameself.com (217.16.27.36)

Registrar: RegTime.net Limited
Creation date: 2003-08-26
Expiration date: 2009-08-04

Registrant:
Sergey Charikov
Email: s.shar@regtime.net
Organization: RegTime.net Limited
Address: Avrora, 181
City: Samara
State: Samara
ZIP: 443045
Country: RU
Phone: +7.8462788201
Fax: +7.8462788201

Registry Status: clientDeleteProhibited
Registry Status: clientTransferProhibited

Notice the name servers at Nameself.Com. That company is also in Russia.

These servers are owned by RegTime.Net.

Contact information is the same for the Registration, for Administrative, for Billing, and for Technical.

  • Administrative, Billing, and Technical contacts are not shown here.

 

http://www.networksolutions.com

Visit AboutUs.org for more information about SAFE-MAIL.NET
AboutUs: SAFE-MAIL.NET
Registrant:
almond systerms international Ltd.
2-26-23-701 Minami-Otsuka,Toshima-ku
Tokyo 170-0005
JP

Domain Name: SAFE-MAIL.NET

Administrative Contact:
Ofir, Amiram Amiram@Safe-mail.net
Safe-mail Ltd.
P.O.Box 39001
Givat-Ram
Jerusalem 91390
IL
+972 2 648 0066 fax: +972 2 648 0180

Technical Contact:
Ofir, Amiram Amiram@SAFe-mail.net
Galiad Computers Limited
P.O.Box 39001
Givat-Ram
Jerusalem 91390
IL
+972-2-648-0066 fax: +972-2-648-0180

Record expires on 09-Oct-2017.
Record created on 10-Oct-1998.
Database last updated on 1-Nov-2008 12:41:23 EDT.

Domain servers in listed order:

NSA.SAFE-MAIL.NET 213.8.161.228
NSB.SAFE-MAIL.NET 213.8.192.78
LS1.SAFE-MAIL.NET 213.8.192.77
NS.BARAK.NET.IL
EGOZ.GALIAD.CO.IL

Registry Status: clientTransferProhibited

Matvey Kisten's e-mail appears to be hosted in Japan. Clicking on the "AboutUs" link brings up a dummy page with advertising.

The contacts for this domain are located in Jerusalem, Israel (IL, not to be confused with Illinois in the US).

Note the five name servers. The last two would probably yield even more interesting information but we did not choose to paw through it..

  • NSA.SAFE-MAIL.NET 213.8.161.228
  • NSB.SAFE-MAIL.NET 213.8.192.78
  • LS1.SAFE-MAIL.NET 213.8.192.77
  • NS.BARAK.NET.IL EGOZ.GALIAD.CO.IL

 

So, what happens if you click on the link in the e-mail? Or, what happens if you visit sys57.biz? We don't know and we are not about to find out.

It is very likely that you will be asked for some personal information. It is also possible that you could pick up a piece of malicious software for your efforts. We may be curious but we are not stupid.

Our guess is that since they have attacked a well-known domain registrar, none of those addresses will be any good for very long.


Next Page
See also


11/01/08
rev 12/27/10

   
www.Eagle-Wing.Net