UPDATE:
The DNS registration information was changed on 2011-05-19, also noted by a reader.
Domain Name: APPLESDOWNLOAD.COM
Registrar: ELB GROUP, INC.
Whois Server: whois.retailstudio.com
Referral URL: http://www.retailstudio.com
Name Server: NS1.QUCKBO.RU
Name Server: NS2.QUCKBO.RU
Name Server: NS3.QUCKBO.RU
Name Server: NS4.QUCKBO.RU
Status: clientTransferProhibited
Updated Date: 19-may-2011
Creation Date: 14-mar-2011
Expiration Date: 14-mar-2012>>> Last update of whois database: Thu, 19 May 2011 20:15:58 UTC <<<
Whois info as of 2011-05-19
Domain Name: APPLESDOWNLOAD.COM
Registrant:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999Creation Date: 14-Mar-2011
Expiration Date: 14-Mar-2012Domain servers in listed order:
ns1.quckbo.ru
ns2.quckbo.ru
ns3.quckbo.ru
ns4.quckbo.ruAdministrative Contact:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999Technical Contact:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999Billing Contact:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999Status:LOCKED
——-
A reader sent in a screenshot of an email pretending to be from Apple.
All clicks lead to: http://tariacuri.crefal.edu.mx/dweb/images/smilies/index.php which redirects to applesdownload.com.
It is likely that tariacuri.crefal.edu.mx site has been compromised.
applesdownload.com whois info:
Domain Name: APPLESDOWNLOAD.COM
Registrant:
Lyubov Bushmakina
Lyubov Bushmakina ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822Creation Date: 14-Mar-2011
Expiration Date: 14-Mar-2012Domain servers in listed order:
ns1.thejobrano.com
ns2.thejobrano.comAdministrative Contact:
Lyubov Bushmakina
Lyubov Bushmakina ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822Technical Contact:
Lyubov Bushmakina
Lyubov Bushmakina ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822Billing Contact:
Lyubov Bushmakina
Lyubov Bushmakina ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822Status:LOCKED
The site is currently still up.
This is not the first time such email pretending to come from Apple.
I also got this email this morning. At first was shocked that Adobe had discounted the software to $329 that we had just paid over $1300 for.
Then with the sender’s email address and unfamiliar web address, I figured out it was a scam. Did this just start going out today?
Just got the same email and thought it was real! Was about to forward to a friend when I noticed a wierd code in the subject line. That’s when I had a closer look at the sender info, Apple- [elefabrujygyzdarobu@live.ru]. So then went to Adobe’s site and saw the real prices. Oh well it was nice to dream for a little.
Might be even more interesting. 10:30 EDT 19 May
Domain Name: APPLESDOWNLOAD.COM
Registrant:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999
Creation Date: 14-Mar-2011
Expiration Date: 14-Mar-2012
Domain servers in listed order:
ns1.thejobrano.com
ns2.thejobrano.com
Administrative Contact:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999
Technical Contact:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999
Billing Contact:
Vanna Berglund
Vanna Berglund (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999
Status:LOCKED
Note: This Domain Name is currently Locked. In this status the domain
name cannot be transferred, hijacked, or modified. The Owner of this
domain name can easily change this status from their control panel.
This feature is provided as a security measure against fraudulent domain name hijacking.
вот это жопа, надо будет наказать. Или на каторгу сослать.