Pooh Bear? No, this is Redpoo and he’s out to scam you

1 minute read

Some domain names make you cringe, some make you smile…

Such was the case this morning, with redpoo.com a domain name whose registrar is the Center of Ukrainian Internet Names, and registered to:

Igor Nikenin
ul. B. Pertrovskaya, dom 12, kv 74
Rostov na Donu, 344000
RUSSIAN FEDERATION

The servers’ IP, 121.156.57.184, is located in the Republic of Korea.

poohbear1

Other than the poor joke, the site serves various exploits which you can view in this Wepawet report.

I did some research on Igor Nikenin. Obviously the registrant can be a fake, but based on his email address ([email protected]) I found that he owned more than 986 other domain names:

gambling

This is gambling galore!

gamble

The software you install connects to 66.212.246.110, located in Belize on the IP range for Domain Escrow Services Limited. Hmm…

Since gambling is restricted or banned in many countries, such companies need to operate from safe grounds.

Large amounts of money circulate on these networks, facilitated by e-wallets and other online accounts:

casino1

E-money company provider Ukash explains it well:

ukash2

ukash

Welcome to the crazy world of online poker, casino, sports betting and lottery where millions of dollars are made in all sorts of ways!

Well, I’m going to bet that this Igor guy (or whoever is hiding behind the name) is not someone who means well. Malware and gambling both have something in common for the bad guys: they generate loads of tax free cash…

Leave a comment