Couture Replicas
From Spamwiki
Contents |
[edit] Introduction
| Another fake watch scam, prevalent in mid 2011. Couture Replicas infringes the trademarks of major watch and prestige product manufacturers.
Spammers set up fake news pages, such as http://newscoutures.info/ which they include in their unsolicited mail campaigns. When you click on any links on the page, you are redirected to the replica scam, such as http://www.salerscouture.com/ which offers fake accessories, bags and watches. The domain name registrars and site hosting ISPs are usually located in Russia, the Ukraine and Romania. |  |  |
[edit] False pretenses
[edit] Fake security
The web site gives the impression that you will be supplying your identity and credit card over a secure link, like a reputable merchant. At the checkout page, they show the address as http://secured.salerscouture.com/ and display a number of logos to defraud the customer. In fact, the protocol is the non secure http and not the secure https, as shown in this example. 
Fake security emblems:
[edit] Fake credentials
Besides the misrepresentation of security, the site displays false credentials for the Better Business Bureau - an image but no link to the real Better Business Bureau, where they are not registered.
[edit] Sponsoring Registrars
Domain Name: SALERSCOUTURE.COM Registrar: CENTER OF UKRAINIAN INTERNET NAMES Name Server: NS1.TWOTWO2.RU (Registrar: NAUNET-REG-RIPN) Name Server: NS2.TWOTWO2.RU Name Server: NS3.PATRICE-SELLINGS.RO (Registrar: Claus Web SRL, Romania) Registrant: Aleksandr Poddubnyy sasha.poddubnii@yandex.ru ul. 70 let oktyabrya, d.13 kv.20 Omsk, 644000 RUSSIAN FEDERATION +7.4956548754
Domain Name:NEWSCOUTURES.INFO Created On:23-Apr-2011 00:46:01 UTC Sponsoring Registrar:Center of Ukrainian Internet Names Registrant Name:Aleksandr Poddubnyy Registrant Street1:ul. 70 let oktyabrya, d.13 kv.20 Registrant City:Omsk Registrant State/Province:Omskaya Registrant Postal Code:644000 Registrant Country:RU Registrant Phone:+7.4956548754 Registrant Email:sasha.poddubnii@yandex.ru Name servers are the same as above
[edit] Sponsoring ISPs
newscoutures.info has address 188.26.206.240
salerscouture.com has address 188.26.210.68
Ciprian Nica IP Resources Manager Romania Data Systems Bucharest, Romania + 40 31 400 42 43 abuse@rcs-rds.ro
[edit] Sample spammed sites
Registrar: NAUNET-REG-RIPN
- cheapwatchescore.ru
- cheapwatchesclub.ru
- cheapwatchesbuzz.ru
Registrar:Center of Ukrainian Internet Names
- replicasblogs.com
- cooledwatch.com
- coutureshopp.com
- replicasswatch.com
- newscoutures.info
- salerscouture.com
- shopscouture.com
[edit] How to Report this Spam
The Complainterator is configured to report this spam to the registrars. It performs a "whois" lookup on the domain names used by the name servers that resolve access to the web site. It discovers the registrars that are sponsoring the access to the web site. It prepares a complaint to the sponsoring registrars.
Removal instructions
web site domains
- the registrar needs to set the status of the domain to
- clientHold
- clientUpdateProhibited
- clientDeleteProhibited
- clientTransferProhibited
name server domains
- the registrar needs to set the status of each of the name server domains to
- clientHold
- clientUpdateProhibited
- clientDeleteProhibited
- clientTransferProhibited
In addition, to remove them as name servers, the subdomain address records (eg for ns1 and ns2) need to be changed to a non-routable address, such as 0.0.0.0 or a blackhole address within their own address space.
