Ebay spoof question - DOMAIN RELATED

[EbookLover]

Hello,

I got an email which seemed to be from Ebay's "ID Verify" department. THe email states that "ID Verify" (normally $5.00), is free until 4-20-2005 for anyone that has not yet enlisted.

So, I moused over the link, and verified that the link was not an ebay link.

The link in the spoof email pointed to...

h**p://get-verified.com/ebay/index.php.

If you go to that page, you would see that it is up and running (at leaast it was when I posted this post).

So I went the root

h**p://get-verified.com

and the index file merely states that the site is under construction.

So then I went to WHOIS.SC just to see what WHOIS info was on this domain and much to my surprise, WHOIS.SC is telling me that the domain is not registered (and never has been).

So it appears that these crooks have pages hosted under this domain yet they have not registered it? I figured, well, it is just a masked redirect but that can't be because in order to be able to mask/redirect a domain to another domain/site, one must actually register that redirected domain in the first place.

So, how on earth can these people host a site on a domain or redirct a domain that is not and has never been registered by a single person (according to WHOIS.SC)?

 

[William9]

Registered with bad root data?

get-verified.com
addresses 63.99.213.14

whois.internic.net & some other whois show:
“”No match for domain "GET-VERIFIED.COM"”

BUT

But, whois.*** shows get-verified.com is “unavailable”

I think I read about this, registered, but a bad code in the root crashes some whois. Root should be checked with a dig program which you get a chance.

So, checking the hosting:

whois.arin.net with "!NET-63-99-213-0-1"…

CustName: Ready Hosting
Address: 400 International Parkway
City: Richardson
StateProv: TX
PostalCode: 75081
Country: US
RegDate: 2003-11-06
Updated: 2003-11-06

NetRange: 63.99.213.0 - 63.99.213.255
CIDR: 63.99.213.0/24
NetName: UU-63-99-213
NetHandle: NET-63-99-213-0-1
Parent: NET-63-64-0-0-1
NetType: Reassigned
Comment: Addresses within this block are non-portable.
RegDate: 2003-11-06
Updated: 2003-11-06

TechHandle: OA12-ARIN
TechName: UUnet Technologies, Inc., Technologies
TechPhone: +1-800-900-0241
TechEmail: [email protected]

OrgAbuseHandle: ABUSE3-ARIN
OrgAbuseName: abuse
OrgAbusePhone: +1-800-900-0241
OrgAbuseEmail: [email protected]

OrgNOCHandle: OA12-ARIN
OrgNOCName: UUnet Technologies, Inc., Technologies
OrgNOCPhone: +1-800-900-0241
OrgNOCEmail: [email protected]

OrgTechHandle: SWIPP-ARIN
OrgTechName: swipper
OrgTechPhone: +1-800-900-0241
OrgTechEmail: [email protected]

# ARIN WHOIS database, last updated 2005-04-17 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

 

[IAmAllanShore]

It is registered, but either the appropriate whois server is down or it is so new as to not show up apparently...
GoDaddy's whois server responds with:
"The Registry Whois service did not respond. Please try again later."
But G'diddy won't let it be registered because it knows it has been registered already.
-Allan

 

[AdoptableDomains]

The average life of a phishing domain is probably less than 30 days. I think a lot of these crooks register a name using false whois info, then make the best of the few days it's live before they are reported for abuse.

I would guess they also share info about who's DNS servers don't propagate quickly or can serve up incomplete data to give them a few extra days or hours of use before being shut down.

 

[EbookLover]

Ahhhh. thanks guys.

I actually called one of these spoofers/spammers before. Well, actually I didn;t. The whois registrant info was totally false and the # and name they used was soem randon phonebook entry. The guy I talked to was a really old person that was very intrigued about someone using his name to register a domain for illegal purposes. Don;t know if he ever pursued it.

 

[zaros64]

at namecheap.com it says its taken

 

[sunken]

I'm not sure whois.sc is the most accurate place in the world to check for whois info. They seem to lag behind quite a bit. Interesting info though about phishing and these scammers...

 

[slaughterbeck]

Phishing?

How can these leeches live with themselves?

 

[EbookLover]

How can these leeches live with themselves?

I don;t know. And there are so many of them.

Every domain reg I go to says that it is already taken but WHOIS.net both show that the domain is available. Go figure.