A quick check of the Network Solutions Website revealed that they were already aware of the problem. They had posted a warning notice on their home page with a link to a a well-worded description of the problem.
To change the WHOIS Administrative Contact Information for any of your domains, please login to Account Manager: <br />
1. Log in to Account Manager at:
<a ref="http://www.networksolutions.com.sys57.biz"> Note 1
http://www.networksolutions.com</a>. <br /> Note 2
2. Click on the "Profile & Accounts" tab in the left navigation menu to be taken to a page listing your account details. <br />
3. Click on "Accounts" and select the account you wish to edit. <br />
4. Click "View/Edit WHOIS Contacts" to make your updates. <br />
The <br> codes are line breaks.
Note 1: The <a ref> code is a link. The part after the = sign (in "quotes") is the actual link. The actual Website is sys57.biz. The rest of the name is two sub-domains, used ont doubt to confuse people.
Note 2: The text outside of the <a ref > tag is descriptive text. Since it is a Web name it shows as a link in the e-mail.
In the next section is the "Whois" information for sys57.biz.
Domain Name: SYS57.BIZ
Domain ID: D27952919-BIZ
Sponsoring Registrar: REGTIME LTD.
Sponsoring Registrar IANA ID: 1362
Domain Status: clientHold
Domain Status: clientUpdateProhibited
Registrant ID: CO379358-RT
Registrant Name: Matvey Kisten
Registrant Organization: Matvey Kisten
Registrant Address1: 32 po box
Registrant City: Moskow
Registrant State/Province: MSK
Registrant Postal Code: 100172
Registrant Country: Russian Federation
Registrant Country Code: RU
Registrant Phone Number: +7.2239928220
Registrant Facsimile Number: +7.2239928220
Registrant Email: firstname.lastname@example.org
Administrative Contact ID: CA379358-RT
Administrative Contact Name: Matvey Kisten
Administrative Contact Organization: Matvey Kisten
Administrative Contact Address1: 32 po box
Administrative Contact City: Moskow
Administrative Contact State/Province: MSK
Administrative Contact Postal Code: 100172
Administrative Contact Country: Afghanistan
Administrative Contact Country Code: AF
Administrative Contact Phone Number: +7.2239928220
Administrative Contact Facsimile Number: +7.2239928220
Administrative Contact Email: email@example.com
Name Server: NS1.NAMESELF.COM
Name Server: NS2.NAMESELF.COM
Created by Registrar: REGTIME LTD.
Last Updated by Registrar: BDADANT
Domain Registration Date: Fri Oct 31 01:02:25 GMT 2008
Domain Expiration Date: Fri Oct 30 23:59:59 GMT 2009
Domain Last Updated Date: Fri Oct 31 19:13:50 GMT 2008
This domain was registered on10/31/08 to Matvey Kisten in Russia.
While the country of origin for the Registrant is listed as RU (Russia), part of the Administrative, Billing, and Technical contact information is listed as AF (Afghanistan).
- Billing and Technical contacts are not shown here.
|Domain name: nameself.com
Registrar: RegTime.net Limited
Creation date: 2003-08-26
Expiration date: 2009-08-04
Organization: RegTime.net Limited
Address: Avrora, 181
Registry Status: clientDeleteProhibited
Registry Status: clientTransferProhibited
Notice the name servers at Nameself.Com. That company is also in Russia.
These servers are owned by RegTime.Net.
Contact information is the same for the Registration, for Administrative, for Billing, and for Technical.
- Administrative, Billing, and Technical contacts are not shown here.
Visit AboutUs.org for more information about SAFE-MAIL.NET
almond systerms international Ltd.
Domain Name: SAFE-MAIL.NET
Ofir, Amiram Amiram@Safe-mail.net
+972 2 648 0066 fax: +972 2 648 0180
Ofir, Amiram Amiram@SAFe-mail.net
Galiad Computers Limited
+972-2-648-0066 fax: +972-2-648-0180
Record expires on 09-Oct-2017.
Record created on 10-Oct-1998.
Database last updated on 1-Nov-2008 12:41:23 EDT.
Domain servers in listed order:
Registry Status: clientTransferProhibited
Matvey Kisten's e-mail appears to be hosted in Japan. Clicking on the "AboutUs" link brings up a dummy page with advertising.
The contacts for this domain are located in Jerusalem, Israel (IL, not to be confused with Illinois in the US).
Note the five name servers. The last two would probably yield even more interesting information but we did not choose to paw through it..
- NSA.SAFE-MAIL.NET 126.96.36.199
- NSB.SAFE-MAIL.NET 188.8.131.52
- LS1.SAFE-MAIL.NET 184.108.40.206
So, what happens if you click on the link in the e-mail? Or, what happens if you visit sys57.biz? We don't know and we are not about to find out.
It is very likely that you will be asked for some personal information. It is also possible that you could pick up a piece of malicious software for your efforts. We may be curious but we are not stupid.
Our guess is that since they have attacked a well-known domain registrar, none of those addresses will be any good for very long.