Browsed by
Author: Artists Against 419

An open letter to Godaddy: Whois Service

An open letter to Godaddy: Whois Service

Quick links: Update 2017-09-27 Update 2017-11-04 Update 2017-11-23 Update 2017-11-24 Dear Godaddy Artists Against 419 has been champions for the consumer since 2003. In our efforts at fighting advance fee fraud, we use various data sources to enable threat identification and mitigation. Let us be extremely clear on this issue, Artists Against 419 has no commercial ambitions. All our efforts are done with trusted volunteer assistance and self funded. Here is the problem we are addressing: The consumer has no…

Read More Read More

Security broken. WHOIS it?

Security broken. WHOIS it?

As a consumer of WHOIS data in our attempt at fighting cyber fraud, we noticed WHOIS lookups failing the past day and a bit. This failure was noticed using various utilities across various platforms and locations. Further investigations shows the gTLD registry data format had changed for .net and .com domains, specifically the format line to the registrar’s WHOIS server. As per the ICANN specifications, and how it was, this should be the registry format (bold for the sake of…

Read More Read More

Malicious Domains: Heroes and Facilitators

Malicious Domains: Heroes and Facilitators

In a new pending report from the United States Better Business Bureau, they are looking at a new plague that’s hit the United States and the world. While we will not steal their thunder in this most excellent report and the revelations contained in it, it does illustrate certain underlying issues, malicious domains controlled from West Africa. Let’s get some facts straight: A domain registered by a malicious party for malicious purposes, is malicious. This is simple undeniable logic. Such…

Read More Read More

Alert: fastweedonline.com: What you might need to know

Alert: fastweedonline.com: What you might need to know

Domain fastweedonline.com  is currently registered with ICANN accredited registrar Namesilo: Domain Name: fastweedonline.com Registry Domain ID: 1944472965_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namesilo.com Registrar URL: https://www.namesilo.com/ Updated Date: 2017-05-10 Creation Date: 2015-07-04 Registrar Registration Expiration Date: 2020-07-04 Registrar: NameSilo, LLC Registrar IANA ID: 1479 Registrar Abuse Contact Email: abuse@namesilo.com Registrar Abuse Contact Phone: +1.4805240066 Status: clientTransferProhibited This domain is shielded via Namesilo’s associated PrivacyGuardian.org proxy service. Registrant Name: Domain Administrator Registrant Organization: See PrivacyGuardian.org Registrant Street: 1928 E. Highland Ave. Ste F104…

Read More Read More

Understanding the Cameroonian Pet Scam

Understanding the Cameroonian Pet Scam

In a previous article we mentioned that not much is known about the Cameroonian Pet Scam or this type of fraud emanating from West Africa. We mentioned the pet scam, the weed scam and stolen credit card details. This article quickly looks at one scammer found that will illustrate this type of cyber-crime.

A Tale of Two Fraud Facilitators: Ladette and Guy

A Tale of Two Fraud Facilitators: Ladette and Guy

The question has often been asked: How large are the scammers nests? In the previous post, From Benin: A Loan Scam Syndicate, we explored a syndicate operating from Benin, defrauding consumers mainly in Europe, the United Kingdom and Canada, having over 300 domains. To show this is not an isolated incident and that domain fraud abusing fake domain registration details is rife, we will now look at two identified facilitators in Nigeria working in concert. First a female was identified…

Read More Read More

From Benin: A Loan Scam Syndicate

From Benin: A Loan Scam Syndicate

In November 2016,  the On-line ADR Center of the Czech Arbitration Court (CAC) made a UDRP ruling on the domain CREDIT-BOURSORAMABANQUE.COM, where this domain was found to be violating Bourorama SA’s rights. Ref: http://udrp.adr.eu/adr/decisions/decision.php?dispute_id=101308. In the notable portions in this judgment, we find the following: Factual Background FACTS ASSERTED BY THE COMPLAINANT AND NOT CONTESTED BY THE RESPONDENT: The Complainant, BOURSORAMA S.A., is a French company founded in 1995 and is active in online brokerage, the provision of financial information…

Read More Read More

Whoisguard: A proxy for crime targeting the USA from the USA?

Whoisguard: A proxy for crime targeting the USA from the USA?

 Background: A domain proxy is a system whereby a domain owner, the registrant,  hides his or her details for a domain registration behind a registrar or reseller’s proxy. The proxy owner substitutes his own details for those of the registrant, the domain owner. This is a great shield for legitimate users wishing to protect their privacy, but also attracts malicious registrants using fake registration details.

Web.com – wrong excuse

Web.com – wrong excuse

Web.com and Consumer Harm This blog post will illustrate what happens when Network Solutions is made aware of serious issues on their service. Network Solutions is a leading US based registrar, a member of the Web.com Group, Inc. For any abuse issues with their service, they insist the abuse form at https://abuse.web.com/ be completed. Also for fake domain registration details. So what happens if this route is followed? The domain and the scam Let’s first consider the malicious domain hyperchems.com…

Read More Read More

Introducing WHOIS flaky factor

Introducing WHOIS flaky factor

AA419 has introduced a new toy for internet researchers. Background When looking up the registration details (WHOIS) for a domain, in the thin domain gTLD model, we are reliant on registrars to supply these services. Essentially the access should be freely available and meet the following specifications as per ICANN Registrars and registries [PDF, 649 KB] are obligated to provide access to WHOIS data through registration data publication services. It must be publicly available in a specific format and on…

Read More Read More