Site logo

     


Advert.
Switch to full style
Report any emails with fake links attempting to steal your ID, and any fake sites used by scammers.
Post a reply

Fake sites used in Russian romance scams

Mon Jan 11, 2016 10:11 pm

Note: Despite not being typical for romance scams originating from the Eastern Europe area, the scammers there are also using fake domain names in their scams without a website. There is a difference: while scammers from other areas are building active sites to lure victims and get more credibility, the FSU (former Soviet Union) scammers are registering domains only for the email address. In this topic we keep track of those domains. In most of the cases, the fake sites makers registering those domains are using the privacy protection given by the registrar to hide their identity. If the person you are checking online sent you an email from one of these domains, you can be 100% sure that person is part of a scam network located in the FSU area.

split from http://scamsurvivors.com/forum/viewtopi ... 11&t=41679, where the site is reported for being used by a Russian romance scammer

gma1il.com - domain used to impersonate gmail.com

WHOIS:

IP: 37.1.192.68

Domain Name: GMA1IL.COM
Registrar: ONLINENIC, INC.
Name Server: NS1.GMA1IL.COM
Name Server: NS2.GMA1IL.COM
Updated Date: 20-jul-2015
Creation Date: 19-jul-2015
Expiration Date: 19-jul-2016


Registry Registrant ID:
Registrant Name: Domain ID Shield Service
Registrant Organization: Domain ID Shield Service CO., Limited
Registrant Street: 5/F Hong Kong Trade Centre, 161-167 DesVoeux Road Central, Hong Kong
Registrant City: Hong Kong
Registrant State/Province: Hong Kong
Registrant Postal Code: 999077
Registrant Country: CN
Registrant Phone: +852.21581835
Registrant Fax: +852.30197491
Registrant Email: 5487617993304@domainidshield.com

Update: The fake site was renewed for another year, under the same privacy protection.

Updated Date: 19-jul-2016
Creation Date: 19-jul-2015
Expiration Date: 19-jul-2017

Update: the site was renewed for another year, under the same privacy protection:

Domain Name: gma1il.com
Updated Date: 2017-06-27
Creation Date: 2015-07-19
Registrar Registration Expiration Date: 2018-07-19
Registrar: Onlinenic Inc

Re: yahnool.com - impersonating yahoo.com

Fri May 13, 2016 7:09 pm

Split from viewtopic.php?f=11&t=17349

Fake site used: yahnool.com - impersonating yahoo.com

IP: 92.53.123.104

From the fake site details - http://db.aa419.org/fakebanksview.php?key=113965:
Domain Name: YAHNOOL.COM
Updated Date: 2016-04-24
Creation Date: 2016-04-25
Registrar Registration Expiration Date: 2017-04-25

Registrar: REGTIME LTD.

Domain Status: OK
Registry Registrant ID:
Registrant Name: Pavel Nikitin
Registrant Organization: Pavel Nikitin
Registrant Street: ul. Centralnaya 29
Registrant City: Krugloozerka
Registrant State/Province: Novosibirskaya obl.
Registrant Postal Code: 632000
Registrant Country: RU
Registrant Phone: +7.9262301309
Registrant Fax: +7.9262301309
Registrant Email: freemailz2006@yahoo.com

Update: the fake site is suspended by the Registrar.

Re: ynahoo.com - impersonating yahoo.com

Fri May 13, 2016 7:12 pm

Split from viewtopic.php?f=11&t=17349

Fake site used in scam: ynahoo.com - impersonating yahoo.com:

IP: 176.57.209.92

From the fake site details - http://db.aa419.org/fakebanksview.php?key=113967
Domain Name: YNAHOO.COM
Updated Date: 2016-04-13
Creation Date: 2015-03-24
Registrar Registration Expiration Date: 2017-03-24
Registrar: REGTIME LTD.

Domain Status: OK
Registry Registrant ID:
Registrant Name: Pavel Nikitin
Registrant Organization: Pavel Nikitin
Registrant Street: ul. Centralnaya 29
Registrant City: Krugloozerka
Registrant State/Province: Novosibirskaya obl.
Registrant Postal Code: 632000
Registrant Country: RU
Registrant Phone: +7.9262301309
Registrant Fax: +7.9262301309
Registrant Email: freemailz2006@yahoo.com

Update: the fake site is dead now.

pro-email.info

Sun Apr 30, 2017 9:22 pm

Split from viewtopic.php?f=11&t=45538

IP: 37.25.108.148

From the fake site details:

Domain Name: PRO-EMAIL.INFO
Updated Date: 2017-04-06
Creation Date: 2016-02-22
Registry Expiry Date: 2018-02-22
Registrar Registration Expiration Date:
Registrar: Hosting Ukraine LLC
Domain Status: clientHold
Registry Registrant ID: C167651889-LRMS
Registrant Name: Privacy Protection

mailspb.info

Sun Apr 30, 2017 9:37 pm

Split from viewtopic.php?f=11&t=34118

mailspb.info

Domain Name: MAILSPB.INFO
Updated Date: 2016-03-11
Creation Date: 2015-03-03
Registry Expiry Date: 2017-03-03
Sponsoring Registrar: Center of Ukrainian Internet Names (UKRNAMES)

Registrant Name: Alex Bar
Registrant Street: Urb Ponce de Leon
Registrant City: Guaynabo
Registrant State/Province: PR
Registrant Postal Code: 00969
Registrant Country: US
Registrant Phone: +1.7876050327
Registrant Email: rhqq222@yahoo.com

MailsPb.info is hosted in Kharkiv, Kharkivs'ka Oblast', UA at 91.231.86.19 and expires on 2018-03-03, after the last update.

The same registrant was using few previous fake sites for the same actions, most of those ones being deleted now:

- internetcafespb.com / rentserv.in / spbmail.org - reported also in http://scamsurvivors.com/forum/viewtopi ... 11&t=28499 and http://scamsurvivors.com/forum/viewtopi ... 11&t=30174
- Supp2.com - expired

omskcli.com - omskclin.com

Sun Apr 30, 2017 10:00 pm

Split from viewtopic.php?f=11&t=57868


omskcli.com - omskclin.com are both impersonating the Omsk Clinic, where the scammer fake character is supposedly working.

IP: 5.255.216.200 - Yandex

From the fake site details - https://db.aa419.org/fakebanksview.php?key=122920:
Domain Name: OMSKCLI.COM
Updated Date: 2017-04-24
Creation Date: 2017-04-24
Registrar Registration Expiration Date: 2018-04-24
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com

Registry Registrant ID: Not Available From Registry
Registrant Name: Sergey A Soloviev
Registrant Organization:
Registrant Street: ul.Sovetskaya, 22, kv.38
Registrant City: Samara
Registrant State/Province: Samarskaya Oblasti
Registrant Postal Code: 443011
Registrant Country: RU
Registrant Phone: +7.8465302087
Registrant Fax: +7.8465302087
Registrant Email: solovjev.solovievserg@yandex.ru

The same registrant has a second domain - omskclin.com, now suspended.

From the fake site details - https://db.aa419.org/fakebanksview.php?key=122921:
Domain Name: OMSKCLIN.COM
Updated Date: 2017-04-04
Creation Date: 2017-04-04
Registrar Registration Expiration Date: 2018-04-04
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com

Registry Registrant ID: Not Available From Registry
Registrant Name: Sergey A Soloviev
Registrant Organization:
Registrant Street: ul.Sovetskaya, 22, kv.38
Registrant City: Samara
Registrant State/Province: Samarskaya Oblasti
Registrant Postal Code: 443011
Registrant Country: RU
Registrant Phone: +7.8465302087
Registrant Fax: +7.8465302087
Registrant Email: solovjev.solovievserg@yandex.ru
Name Server: ns1.verification-hold.suspended-domain.com

Update: omskcli.com got suspended by the Registrar and it will be impossible for the scammer to use it anytime soon.

kuzclinic.com

Sun Apr 30, 2017 10:05 pm

Split from viewtopic.php?f=11&t=57866

Same story as in the previously reported case - kuzclinic.com pretends to be Kuz Clinic, the place where the scammer fake character is supposedly working.

IP used: 176.198.112.34 - Bonn, Germany

From the fake site details:

Domain name: KUZCLINIC.COM
Domain idn name: KUZCLINIC.COM
Updated Date:
Creation Date: 2017-03-24
Registrar Registration Expiration Date: 2018-03-24
Registrar: Registrar of domain names REG.RU LLC
Registrant Name: Protection of Private Person

neosurgmed.com

Sun May 14, 2017 3:01 am

Split from https://www.scamsurvivors.com/forum/vie ... 11&t=57868

IP used: 185.26.122.11 - Saint Petersburg, Russia (the hoster IP)

The site was created after the previous ones - omskcli.com and omskclin.com got suspended.

From the fake site details - https://db.aa419.org/fakebanksview.php?key=123509:
Domain Name: NEOSURGMED.COM
Updated Date: 2017-05-04
Creation Date: 2017-05-04
Registrar Registration Expiration Date: 2018-05-04
Registrar: PDR Ltd. d/b/a PublicDomainRegistry.com

Registry Registrant ID: Not Available From Registry
Registrant Name: Gavrilov S Ivan
Registrant Street: Tipografskaya ul 11-13
Registrant City: Butovo p
Registrant State/Province: Moskovskaya oblasti
Registrant Postal Code: 113623
Registrant Country: RU
Registrant Phone: +7.4951384960
Registrant Fax: +7.4951384960
Registrant Email: iwangowrilow@yandex.ru

Update: neosurgmed.com was suspended by the Registrar, being on client hold now.

sergievclinic.com

Sat May 27, 2017 12:05 am

Split from viewtopic.php?f=11&t=58590

The fake site impersonates Sergiev Clinic - the fake character claims working there as a doctor. The domain is used only for the email address.

From the fake site details:

IP used: 37.140.192.184

Domain Name: SERGIEVCLINIC.COM
Registrar: REGISTRAR OF DOMAIN NAMES REG.RU LLC
Updated Date: 29-dec-2016
Creation Date: 29-dec-2016
Expiration Date: 29-dec-2017

The registrant is using the privacy protection given by the registrar to hide his identity.

chelbasskayapdh.com

Mon Jun 05, 2017 2:30 pm

Split from viewtopic.php?f=11&t=58590

Similar story as in the few other previous cases reported here - the domain supposedly belongs to the hospital where the fake character is working. The domain is used only for the email address.

From the fake site details:

IP: 31.148.54.105

Domain name: CHELBASSKAYAPDH.COM
Updated Date: 2017-05-28
Creation Date: 2017-05-28
Registrar Registration Expiration Date: 2018-05-28
Registrar: Registrar of domain names REG.RU LLC
Registrant Name: Protection of Private Person

The registrant is using the privacy protection given by the registrar to hide his identity.
Post a reply