Some domain names make you cringe, some make you smile…
Such was the case this morning, with redpoo.com a domain name whose registrar is the Center of Ukrainian Internet Names, and registered to:
ul. B. Pertrovskaya, dom 12, kv 74
Rostov na Donu, 344000
The servers’ IP, 22.214.171.124, is located in the Republic of Korea.
Other than the poor joke, the site serves various exploits which you can view in this Wepawet report.
I did some research on Igor Nikenin. Obviously the registrant can be a fake, but based on his email address ([email protected]) I found that he owned more than 986 other domain names:
This is gambling galore!
The software you install connects to 126.96.36.199, located in Belize on the IP range for Domain Escrow Services Limited. Hmm…
Since gambling is restricted or banned in many countries, such companies need to operate from safe grounds.
Large amounts of money circulate on these networks, facilitated by e-wallets and other online accounts:
E-money company provider Ukash explains it well:
Welcome to the crazy world of online poker, casino, sports betting and lottery where millions of dollars are made in all sorts of ways!
Well, I’m going to bet that this Igor guy (or whoever is hiding behind the name) is not someone who means well. Malware and gambling both have something in common for the bad guys: they generate loads of tax free cash…