rdnets.com scam

rdnets.com Fraud

Report
Active
Domain

Don't Bear Internet Fraud

Home

Rdnets.com scam home page - 15-Feb-2010:

The website you have requested is temporarily unavailable.

We are currently working to resolve the problem.

Please try again later.

Please accept our apologies for any inconvenience caused

Web Help

This is a minimalist scam simply using the above domain with its fake 'problem' message as a maildrop domain in the following spam:

Return-Path: <phprofane@compalliance.com>
Received: from mwinf3526.me.freeserve.com (mwinf3526.me.freeserve.com)
    by mwinb3c06 (SMTP Server) with LMTP; Mon, 15 Feb 2010 10:26:18 +0100
X-Sieve: Server Sieve 2.2
X-Bcc:
Envelope-to:
Received: from me-wanadoo.net (localhost [127.0.0.1])
    by mwinf3526.me.freeserve.com (SMTP Server) with ESMTP id 61F961C0018D
    for <>; Mon, 15 Feb 2010 10:26:18 +0100 (CET)
Received: from ABTS-mum-Dynamic-143.67.169.122.airtelbroadband.in (unknown [122.169.67.143])
    by mwinf3526.me.freeserve.com (SMTP Server) with ESMTP id 9754C1C0009C
    for <>; Mon, 15 Feb 2010 10:26:17 +0100 (CET)
X-ME-UUID: 20100215092617620.9754C1C0009C@mwinf3526.me.freeserve.com
Message-ID: <001601caadbc$572b68c0$0073833c@BRENDA>
From: "Susan Wood" <phprofane@compalliance.com>
To:
Subject: Online Company Representative
Date: Sun, 14 Feb 2010 21:26:16 -1200
MIME-Version: 1.0
Content-Type: text/plain;
        format=flowed;
        charset="iso-8859-15";
        reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.2969
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.2969
X-me-spamlevel: med
X-me-spamrating: 73.985573
X-me-spamcause: OK, (400)(1000)gggruggvucftvghtrhhoucdtuddrvdeltddrfedvgdduhedtlecuteggodetufdouefnucfrrhhofhhilhgvmecuohhrrghnghgvrdhukhenuceurghilhhouhhtmecufedttdenucfprghttghhgeculddvtddtmdenpfgrthgthheiucdlvddttddm
X-Antivirus: AVG for E-mail 9.0.733 [271.1.1/2688]
----------------------------------------------------------
Dear Sir/Madam,

A unique offer on the labor market! We offer a vacancy that does
not require any special skills or many years of experience. This
job is designed in such a way that it suits an average person with
regular skills and habits. We invite you to work for us as regional
representatives. Flexible work conditions, high income and career
growth is what we offer.

The minimal requirements for candidates:
-    Resident of United Kingdom.
-    Legal age.
-    Clear credit line.
-    Ability to work for 10 hours a week.

At first you need to send us your resume to our email susanwood@rdnets.com
We promise to process each resume within three days. In any case you
will be informed about the decision made about your candidacy.

Our company holds on to the strict privacy policy, and nondisclosure
of private information to the third parties is guaranteed except cases
regulated by legislation.

You can't deduce much from the spam, although these "Susan Wood" fraud spams are very prolific, (I've received large numbers of them in my spam trap addresses under various other names too). It's apparently come out of the Indian IP address 122.169.67.143 which is listed in at least half a dozen blacklists and has the reverse DNS of ABTS-mum-Dynamic-143.67.169.122.airtelbroadband.in. It looks like a dynamic end-user IP so it is probably a zombie configured by its infection as a mail exchange server.

Domain Whois data:

   Domain Name: RDNETS.COM
   Registrar: TODAYNIC.COM, INC.
   Whois Server: whois.todaynic.com
   Referral URL: http://www.NOW.CN
   Name Server: NS1.RDNETS.COM
   Name Server: NS2.RDNETS.COM
   Status: clientTransferProhibited
   Updated Date: 10-feb-2010
   Creation Date: 10-feb-2010
   Expiration Date: 10-feb-2011

Domain name: RDNETS.COM

Status: Active

Protection Status: public
( make contact info private at http://www.now.cn/domain/domainPrivate.php )

Registrant: Name: Igor Lesov

Address: Moskow
City: Moskow
Province/state: msk
Country: RU
Postal Code: 130610

Administrative Contact:

Name: Igor Lesov
Organization: privat person

Address: Moskow
City: Moskow
Province/state: msk
Country: RU
Postal Code: 130610

Phone: +7.9957737180
Fax: +7.9957737180

Email: admin@rdnets.com

Technical Contact:
Name: Igor Lesov
Organization: privat person

Address: Moskow
City: Moskow
Province/state: msk
Country: RU
Postal Code: 130610

Nameserver Information:
    ns1.rdnets.com
    ns2.rdnets.com

Create: 2010-02-10 19:51:01

Update: 2010-02-10
Expired: 2011-02-10

It's the usual recently registered 1-year criminal's domain. Unfortunately Todaynic knowingly aid and abet these criminals by not responding to abuse reports.

Network Data:

DNS Lookup: rdnets.com A record
Searching for rdnets.com A record at d.root-servers.net [128.8.10.90]: Got referral to F.GTLD-SERVERS.NET. (zone: com.)
Searching for rdnets.com A record at F.GTLD-SERVERS.NET. [192.35.51.30]: Got referral to ns1.rdnets.com. (zone: rdnets.com.)
Searching for rdnets.com A record at ns1.rdnets.com. [188.130.250.248]: Reports rdnets.com.
Response:

Domain	Type	Class	TTL	Answer
rdnets.com.	A	IN	14400	188.130.250.248
rdnets.com.	NS	IN	14400	ns2.change.com.
rdnets.com.	NS	IN	14400	ns1.change.com.

Looking up at the 2 rdnets.com. parent servers:
Looking up at the 2 rdnets.com. parent servers:

Server	Response
ns2.rdnets.com [188.130.250.248]	188.130.250.248
ns1.rdnets.com [188.130.250.248]	188.130.250.248

The host of this criminal fraudster's domain is FASTMEDIA-NET (FASTMEDIA - Internet Service Provider), with the listed address of O.Kalpaka 68/70, Liepaja, LV3400, Latvia, (an address that I cannot reconcile with the postcode or the company - it seems to be the address of Hostel Brize), on IP address 188.130.250.248.