Babochka scam

Babochka Fraud

Don't Bear Internet Fraud

Babochka screenshot (05-Sep-2009)

This fraudster should not be confused with any legitimate company of the same or similar name - the above website graphics and content have been stolen from the genuine Russian Babochka company which clearly does not have "Goods Shipment Agent Registration" or "Support Line" options on its home page. The following evidence clearly identifies the fake website and these criminal fraudsters.

Babochka is just the Poland Real Estate scammers branching out into the fashion industry. They started with the San Marca fraud and this is their latest alias. Apart from the "Goods Shipment Agent" entry point on the above stolen web-page, the giveaway is the initial website domain that these criminals are using - babochka.com.cn, which was only registered with Web Commerce Communications Limited, (webnic.cc) on 02-Sep-2009 for the usual 'criminals domain' minimum period of only one year and is hosted on the usual host masterhost.ru. The crook's website has clearly been stolen from the Russian fashion company of the same name and modified to include a registration page for a purchase manager fraud fake job of "Goods Shipment Agent" which is being spamvertised in the usual way.

The whole purpose of this fraud site is to lend an air of legitimacy to a 'Purchase Manager' job that consists of buying goods on a fake credit card issued in the 'Agent's' name and sending them off to these crooks in Russia or the Ukraine or wherever. See the spam for details - the stolen website consists solely of the registration portal. Don't be fooled - the 'agent' will be responsible for settling the card debt - whatever it costs to buy the goods and send them abroad will be lost. Any money the crooks deposit on the card will be stolen funds and stands a high chance of being recovered leaving the dupe out of pocket and facing some awkward questions.
Read the Latest News

Babochka : Evidence of Criminal Fraud

i) The above Babochka fraud website content has been stolen from the Russian Babochka company and modified to include a registration page for a reshipping fraud fake job of "Goods Shipment Agent" ('Purchase Manager' role), which is being spamvertised in the usual way.

ii) The criminal's initial domain babochka.com.cn was only registered with Web Commerce Communications Limited, (webnic.cc) on 02-Sep-2009 for the usual 'criminals domain' minimum period of only one year A clear indication of a fraudulent registration.

iii) The crooks have simply stolen the website in its entirety from this Russian fashion company and not changed anything apart from adding the usual crooks website registration portal of "Goods Shipment Agent Registration" for unsuspecting dupes to hand over all of their personal details.

iv) They are advertising the job of “GOODS SHIPMENT AGENT” which has no website details at all - just a registration form for you to record your personal details - don't do it as it is simply a doorway to enrolling you in an illegal operation which will cost you a lot of money at the very least.

v) No legitimate company would advertise for private citizens to operate as "Goods Shipment Agents". To do so clearly defines the fake Babochka company as both criminal and fraudulent. There is also a 'phishing' for identity theft aspect due to the nature of identity proof usually requested upon registration. Do not be fooled.

vi) The Spam:

Hello,

We studied your curriculum vitae and we think that you are the right
person for this job. We have the following
position “GOODS SHIPMENT AGENT”

The “GOODS SHIPMENT AGENT” has the following responsibilities:

1) Our organization will issue a bank card on agent’s name.
This card will be delivered to his/her address provided during registration at our site.
The goods shipment agent should make purchases with this card. Mainly purchased goods are clothes.
Each time our organization will notify the agent what item to purchase.
Our organization will also provide an exact address where this purchase has to be made.

2) The goods shipment agent has to send a good to the address that we provide.
YOU WON’T BEAR ANY EXPENSES, OUR FIRM PAYS FOR EVERYTHING BEFOREHAND

Your salary in the amount of $2500 will be effected into your account on the 25th of each month. The payment will be
transferred to your account or through any payment system you prefer.

If this position is of interest to you, than you should do the following:
1) Access the site of our organization by following this link click here
2) Click on the button GOODS SHIPMENT AGENT registration.
(Provide your real data during registration)
3) After registration you will have to download a Contract. Please download the Contract and fill it out

We will contact you immediately upon receipt of your signed Contract. You can get started as soon as our legal department
fulfills identification.

About the organization: The main idea of SAN MARCA L.T.D trade mark is boldness of
self-expression and individual approach to every client. Everyone is willing to emphasize his/her
character nowadays. Creative team of organization designers will
be on your side to assist you to show yourself to the world in the most favorable way.

We are young, challenging professionals pushing forward to achieve recognition of our clients.
Words “fashion” and “style” mean more than just simple things to us. Our fashion sets are always the
most advanced and highly individual. You will always be the life of the party during any event!

You can find more information on our site

You'll notice that the above spam refers to the San Marca fraud, however, the 'click here' link contains the URL http://xrl.us/bfhevq which currently links to the destination URL http://www.babochka.com.cn/eng/?url=8173 which links the Babochka fraud to the San Marca fraud.

The above evidence clearly demonstrates beyond any doubt that the fake Babochka website has been stolen and has set up by criminal fraudsters purely for the purpose of spamvertising a fraud job. If you are an abuse team that has received an abuse report regarding these fraudsters, please consider immediate termination of their services in view of the absolutely undeniable evidence of criminal fraud - please don't delay - these criminals will not respond to any communication from you, (all their whois data is false), but will simply take advantage of any attempt at communication as a delaying tactic to allow them time to carry on their criminal activity and prepare their next network.

Babochka Fraudsters - hosting details

Main Domains, Registrars and Hosts

Domain

babochka.com.cn
polandest.com.cn
babochkashop.com
babochkashop.cn

Registrar

Web Commerce Communications Limited (02-Sep-2009)
IP Mirror Pte Ltd.
ANO REGIONAL NETWORK INFORMATION CENTER DBA RU-CENTER (25-Sep-2009)
广东时代互联科技有限公司 (Time Internet Technology Co., Ltd. of Guangdong) (26-Sep-2009)

Host Network

Masterhost.ru
MCHOST-NET (Mchost.ru)
INSOLVERTC2 (In-Solve/1Gb.ru)
Masterhost.ru

Host IP

83.222.23.126/83.222.23.176
95.142.35.10
81.176.226.110
90.156.153.125/90.156.153.55

Key:
Active
Suspended or Inactive
Parked

Please notify me of any other current domains used by this criminal.

Domain Whois Data:

Domain Name: babochka.com.cn
ROID: 20090902s10011s55179972-cn
Domain Status: ok
Registrant Organization: Jons Oklams
Registrant Name: Jons Oklams
Administrative Email: dokq1mail@hotmail.com
Sponsoring Registrar: Web Commerce Communications Limited
Name Server:ns.masterhost.ru
Name Server:ns1.masterhost.ru
Name Server:ns2.masterhost.ru
Registration Date: 2009-09-02 23:05
Expiration Date: 2010-09-02 23:05

Domain Name: polandest.com.cn
ROID: 20090625s10011s72264498-cn
Domain Status: clientTransferProhibited
Registrant Organization:
Registrant Name: Anton Lukashov
Administrative Email: work_estate@mail.ru
Sponsoring Registrar: IP Mirror Pte Ltd.
Name Server:ns1.mchost.ru
Name Server:ns2.mchost.ru
Registration Date: 2009-06-25 20:40
Expiration Date: 2010-06-25 20:40

Domain name: babochkashop.com
Registrar:     ANO REGIONAL NETWORK INFORMATION CENTER DBA RU-CENTER
Status:        clientTransferProhibited
Dates:         Created 25-sep-2009   Updated 25-sep-2009 Expires 25-sep-2010
DNS Servers:   NS1.1GB.RU NS2.1GB.RU

Name Server:             ns1.1gb.ru
Name Server:             ns2.1gb.ru
Creation Date:           2009.09.25
Expiration Date:         2010.09.25

Status:                  DELEGATED

Registrant ID:           IN7HGUP-RU
Registrant Name:         Nikolai A Konstantinov
Registrant Organization: Nikolai A Konstantinov
Registrant Street1:      Perov 12, 1
Registrant City:         Chuvash Republic
Registrant State:        Chuvash Republic
Registrant Postal Code: 143876
Registrant Country:      RU

Administrative, Technical Contact
Contact ID:              IN7HGUP-RU
Contact Name:            Nikolai A Konstantinov
Contact Organization:    Nikolai A Konstantinov
Contact Street1:         Perov 12, 1
Contact City:            Chuvash Republic
Contact State:           Chuvash Republic
Contact Postal Code:     143876
Contact Country:         RU
Contact Phone:           +7 495 7456211
Contact E-mail:          swe900@gmail.com

Domain Name: babochkashop.cn
ROID: 20090926s10001s65385088-cn
Domain Status: clientTransferProhibited
Registrant Organization: N/A
Registrant Name: Galina Khensel
Administrative Email: aseru@mail.ru
Sponsoring Registrar: 广东时代互联科技有限公司
Name Server:ns1.masterhost.ru
Name Server:ns2.masterhost.ru
Registration Date: 2009-09-26 17:39
Expiration Date: 2010-09-26 17:39

DNS Lookup: babochka.com.cn A record
Searching for babochka.com.cn A record at b.root-servers.net [192.228.79.201]: Got referral to C.DNS.cn. (zone: cn.)
Searching for babochka.com.cn A record at B.DNS.cn. [203.119.26.1]: Got referral to ns.masterhost.ru. (zone: babochka.com.cn.)
Searching for babochka.com.cn A record at ns.masterhost.ru. [217.16.20.30]: Reports babochka.com.cn.
Response:

Domain	Type	Class	TTL	Answer
babochka.com.cn.	A	IN	900	83.222.23.126
babochka.com.cn.	A	IN	900	83.222.23.176
babochka.com.cn.	NS	IN	900	ns1.masterhost.ru.
babochka.com.cn.	NS	IN	900	ns2.masterhost.ru.
babochka.com.cn.	NS	IN	900	ns.masterhost.ru.
ns1.masterhost.ru.	A	IN	900	217.16.16.30
ns2.masterhost.ru.	A	IN	900	217.16.22.30
ns.masterhost.ru.	A	IN	900	217.16.20.30

Looking up at the 3 babochka.com.cn. parent servers:

Server	Response
ns2.masterhost.ru [217.16.22.30]	83.222.23.126 83.222.23.176
ns1.masterhost.ru [217.16.16.30]	83.222.23.126 83.222.23.176
ns.masterhost.ru [217.16.20.30]	83.222.23.126 83.222.23.176

The host of this criminal fraudster is Masterhost.ru on IP addresses 83.222.23.126 and 83.222.23.176. Unfortunately, Masterhost.ru support criminal fraudsters by refusing all requests to suspend the hosting of their criminal clients. These are the same hosting details as for the Poland Real Estate and San Marca scammers and others.

***Latest News*** Initial entry 5th. September 2009

***Latest News*** 18th. September 2009
The doman babochka.com.cn has been disabled. New domain notified by site contact - polandest.com.cn registered with IP Mirror Pte Ltd. and hosted on the following network:

DNS Lookup: polandest.com.cn A record
Searching for polandest.com.cn A record at b.root-servers.net [192.228.79.201]: Got referral to B.DNS.cn. (zone: cn.)
Searching for polandest.com.cn A record at B.DNS.cn. [203.119.26.1]: Got referral to ns2.mchost.ru. (zone: polandest.com.cn.)
Searching for polandest.com.cn A record at ns2.mchost.ru. [94.103.88.3]: Reports polandest.com.cn.
Response:

Domain	Type	Class	TTL	Answer
polandest.com.cn.	A	IN	600	94.103.90.140
polandest.com.cn.	NS	IN	600	ns1.mchost.ru.
polandest.com.cn.	NS	IN	600	ns2.mchost.ru.
ns1.mchost.ru.	A	IN	600	94.103.93.3
ns2.mchost.ru.	A	IN	600	94.103.88.3

Looking up at the 2 polandest.com.cn. parent servers:

Server	Response
ns2.mchost.ru [94.103.88.3]	94.103.90.140
ns1.mchost.ru [94.103.93.3]	94.103.90.140

The host for this criminal fraudster is MCHOST-NET (Mchost.ru) on IP address 94.103.90.140
The domain polandest.com.cn clearly links these crooks with the Poland Real Estate fraudsters.

***Latest News*** 24th. September 2009
The criminal's domain polandest.com.cn is now hosted on the Mchost.ru IP address 95.142.35.10 as follows:
DNS Lookup: polandest.com.cn A record
Searching for polandest.com.cn A record at c.root-servers.net [192.33.4.12]: Got referral to D.DNS.cn. (zone: cn.)
Searching for polandest.com.cn A record at D.DNS.cn. [203.119.28.1]: Got referral to ns1.mchost.ru. (zone: polandest.com.cn.)
Searching for polandest.com.cn A record at ns1.mchost.ru. [94.103.93.3]: Reports polandest.com.cn.
Response:

Domain	Type	Class	TTL	Answer
polandest.com.cn.	A	IN	600	95.142.35.10
polandest.com.cn.	NS	IN	600	ns1.mchost.ru.
polandest.com.cn.	NS	IN	600	ns2.mchost.ru.
ns1.mchost.ru.	A	IN	600	94.103.93.3
ns2.mchost.ru.	A	IN	600	94.103.88.3

Looking up at the 2 polandest.com.cn. parent servers:

Server	Response
ns2.mchost.ru [94.103.88.3]	95.142.35.10
ns1.mchost.ru [94.103.93.3]	95.142.35.10

The host for this criminal fraudster is MCHOST-NET (Mchost.ru) on IP address 95.142.35.10. The domain polandest.com.cn clearly links these crooks with the Poland Real Estate fraudsters.

***Latest News*** 26th. September 2009
The domain polandest.com.cn has been blocked. New domain notified by site contact - babochkashop.com. Unfortunately this domain is registered with the 'blackhat' registrar ANO REGIONAL NETWORK INFORMATION CENTER DBA RU-CENTER who refuse to take action against criminal fraudsters and offer them a safe haven for their criminal domains. The domain is hosted on the following network:

DNS Lookup: babochkashop.com A record
Searching for babochkashop.com A record at a.root-servers.net [198.41.0.4]: Got referral to C.GTLD-SERVERS.NET. (zone: com.)
Searching for babochkashop.com A record at C.GTLD-SERVERS.NET. [192.26.92.30]: Got referral to ns2.1gb.ru. (zone: babochkashop.com.)
Searching for babochkashop.com A record at ns2.1gb.ru. [195.161.112.91]: Reports babochkashop.com.
Response:

Domain	Type	Class	TTL	Answer
babochkashop.com.	A	IN	3600	81.176.226.110

Looking up at the 2 babochkashop.com. parent servers:

Server	Response
ns2.1gb.ru [195.161.112.91]	81.176.226.110
ns1.1gb.ru [81.176.69.150]	81.176.226.110

The host of this latest criminal fraudster's domain is INSOLVERTC2 (In-Solve/1Gb.ru) on IP address 81.176.226.110

N.B. The crooks have moved the fraud website onto the following sub-domain of the fraud domain babochkashop.com: eng.babochkashop.com while the main domain babochkashop.com is just a straight stolen copy of the genuine site without the "Goods Shipment Agent registration" entry point - do not be fooled.

***Latest News*** 27th. September 2009
The criminal's domain babochkashop.com has been disabled by the host - new domain babochkashop.cn hosted on the following network:
DNS Lookup: babochkashop.cn A record
Searching for babochkashop.cn A record at a.root-servers.net [198.41.0.4]: Got referral to A.DNS.cn. (zone: cn.)
Searching for babochkashop.cn A record at A.DNS.cn. [203.119.25.1]: Got referral to ns1.masterhost.ru. (zone: babochkashop.cn.)
Searching for babochkashop.cn A record at ns1.masterhost.ru. [217.16.16.30]: Reports babochkashop.cn.
Response:

Domain	Type	Class	TTL	Answer
babochkashop.cn.	A	IN	900	90.156.153.55
babochkashop.cn.	A	IN	900	90.156.153.125
babochkashop.cn.	NS	IN	900	ns1.masterhost.ru.
babochkashop.cn.	NS	IN	900	ns2.masterhost.ru.
babochkashop.cn.	NS	IN	900	ns.masterhost.ru.
ns1.masterhost.ru.	A	IN	900	217.16.16.30
ns2.masterhost.ru.	A	IN	900	217.16.22.30
ns.masterhost.ru.	A	IN	900	217.16.20.30

Looking up at the 2 babochkashop.cn. parent servers:

Server	Response
ns2.masterhost.ru [217.16.22.30]	90.156.153.125 90.156.153.55
ns1.masterhost.ru [217.16.16.30]	90.156.153.125 90.156.153.55

The host of this criminal fraudster's latest domain is Masterhost.ru on IP addresses 90.156.153.125 and 90.156.153.55

N.B. Once again, the crooks have located the fraud website on the following sub-domain of the fraud domain babochkashop.cn: eng.babochkashop.cn while the main domain babochkashop.cn is just a straight stolen copy of the genuine site without the "Goods Shipment Agent registration" entry point - do not be fooled.