Domains hijacked by fake brand spammers

Spammer who set up fake websites offering brand name products to sell counterfeit merchandise or to steal credit card details of would-be buyers often hack third party websites to host ads and shopping websites on them.

On top of that we’ve also come across many cases of them taking over control of existing domains, whose names then don’t make any mention of the brands being offered.

For example the domain “itelekom.net”, which currently hosts a site selling Nike shoes, has been around since 2004 and apparently was previously owned by a telecommunications company in Nigeria. Looking up its current ownership using WHOIS, it still has a 2004 creation date but appears to be owned by someone in China:

[CODE]Domain Name: ITELEKOM.NET
Registry Domain ID: 119763324_DOMAIN_NET-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2014-06-22T11:19:59Z
Creation Date: 2004-05-11T08:50:26Z
Registrar Registration Expiration Date: 2015-05-11T08:50:26Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.480-624-2505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID:
Registrant Name: gina zipperian
Registrant Organization:
Registrant Street: pu tian
Registrant Street: fu jian
Registrant City: fujian
Registrant State/Province: jiao wei
Registrant Postal Code: 351253
Registrant Country: China
Registrant Phone: +86.15860339007
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 157505829@qq.com
Registry Admin ID:
Admin Name: gina zipperian
Admin Organization:
Admin Street: pu tian
Admin Street: fu jian
Admin City: fujian
Admin State/Province: jiao wei
Admin Postal Code: 351253
Admin Country: China
Admin Phone: +86.15860339007
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 157505829@qq.com
Registry Tech ID:
Tech Name: gina zipperian
Tech Organization:
Tech Street: pu tian
Tech Street: fu jian
Tech City: fujian
Tech State/Province: jiao wei
Tech Postal Code: 351253
Tech Country: China
Tech Phone: +86.15860339007
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 157505829@qq.com
Name Server: NS47.DOMAINCONTROL.COM
Name Server: NS48.DOMAINCONTROL.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/[/CODE]

We suspect that that phishing and malware were used to enable a domain transfer away from the legitimate owners to the scammers. Having to reinstall your PC to get rid of a malware infestation is one thing. Losing an established domain that you spent years promoting on the web is another.

Protecting yourself from phishing and malware is more important than ever.

Leave a Reply

Your email address will not be published.