Warning: Fraudulent InterSwitch website at broadadnigeria.com

5

August 16, 2010 by Administrator

I want to believe that a fraudulent webpage hosted online is not positive advertisement, as far as a media company and a Nigerian webhosting company are concerned.

This is the mail I got:

scam1

In text: 

Dear ATM Card User,

This is to hereby notify you of the recent Central Bank of Nigeria Directive to all banks to switch to the new and secured chip ATM cards.
With this directive,all old ATM cards shall be inactivated.

With the new Cards,there shall be no more transaction charges when you use your ATM cards and it is more secured.go to the website below to register for your new card;

http://broadadnigeria.com/online/newSecuritys.html

You are getting this mail because you have not updated.

REGARDS

Mr.Tony Ede
Assistant Director,
LAGOS OFFICE
Office Address:Tinubu Square,Lagos
Postal Address:P.M.B. 12194,Lagos.
Fax: +234(1)882 617

Heres a screenshot of the scam interswitch URL:

scam2and here is the file in the /online DIR:

http://broadadnigeria.com/online/newSecuritys.html 

The media company Name is: Broad-Ad Audio Visual Production Services.

scam3

scam4

 

Registration and hosting services are provided by hostnaija.com:

 

Address lookup

canonical name    broadadnigeria.com.
aliases   
addresses     67.222.1.219
Domain Whois record

Queried whois.internic.net with "dom broadadnigeria.com"…

   Domain Name: BROADADNIGERIA.COM
   Registrar: DIRECTI INTERNET SOLUTIONS PVT. LTD. D/B/A PUBLICDOMAINREGISTRY.COM
   Whois Server: whois.PublicDomainRegistry.com
   Referral URL: http://www.PublicDomainRegistry.com
   Name Server: NS1.PMVPS-SERVERS01.NET
   Name Server: NS2.PMVPS-SERVERS01.NET
   Status: clientTransferProhibited
   Updated Date: 15-mar-2010
   Creation Date: 15-mar-2010
   Expiration Date: 15-mar-2011

>>> Last update of whois database: Mon, 16 Aug 2010 07:18:33 UTC <<<
Queried whois.publicdomainregistry.com with "broadadnigeria.com"…

Registration Service Provided By: HOSTNAIJA.COM
Contact: +234.8035937812
Website: http://www.hostnaija.com

Domain Name: BROADADNIGERIA.COM

Registrant:
    Broad Ad Nigeria
    Kevin Ushi        (kevushi@yahoo.com)
    Surulere
    Lagos
    Lagos,23401
    NG
    Tel. +234.8020308585

Creation Date: 15-Mar-2010 
Expiration Date: 15-Mar-2011

Domain servers in listed order:
    ns2.pmvps-servers01.net
    ns1.pmvps-servers01.net

Administrative Contact:
    Broad Ad Nigeria
    Kevin Ushi        (kevushi@yahoo.com)
    Surulere
    Lagos
    Lagos,23401
    NG
    Tel. +234.8020308585

Technical Contact:
    Broad Ad Nigeria
    Kevin Ushi        (kevushi@yahoo.com)
    Surulere
    Lagos
    Lagos,23401
    NG
    Tel. +234.8020308585

Billing Contact:
    Broad Ad Nigeria
    Kevin Ushi        (kevushi@yahoo.com)
    Surulere
    Lagos
    Lagos,23401
    NG
    Tel. +234.8020308585

Status:LOCKED
    Note: This Domain Name is currently Locked. In this status the domain
    name cannot be transferred, hijacked, or modified. The Owner of this
    domain name can easily change this status from their control panel.
    This feature is provided as a security measure against fraudulent domain name hijacking.
Network Whois record

Queried whois.arin.net with "n 67.222.1.219"…

NetRange:       67.222.0.0 – 67.222.31.255
CIDR:           67.222.0.0/19
OriginAS:       AS27645, AS30496
NetName:        PRIVATE-1
NetHandle:      NET-67-222-0-0-1
Parent:         NET-67-0-0-0-0
NetType:        Direct Allocation
NameServer:     NS2.PRIVATESYSTEMS.NET
NameServer:     NS1.PRIVATESYSTEMS.NET
RegDate:        2008-01-29
Updated:        2008-09-29
Ref:            http://whois.arin.net/rest/net/NET-67-222-0-0-1

OrgName:        PrivateSystems Networks
OrgId:          KNOWN-1
Address:        1114-100 New Point Blvd. PMB 143
City:           Leland
StateProv:      NC
PostalCode:     28451
Country:        US
RegDate:        2008-01-04
Updated:        2010-01-22
Ref:            http://whois.arin.net/rest/org/KNOWN-1

OrgAbuseHandle: PNA44-ARIN
OrgAbuseName:   PrivateSystems Networks Abuse
OrgAbusePhone:  +1-866-332-9894
OrgAbuseEmail:  abuse@privatesystems.net
OrgAbuseRef:    http://whois.arin.net/rest/poc/PNA44-ARIN

OrgNOCHandle: NOC2915-ARIN
OrgNOCName:   Network Operations Center
OrgNOCPhone:  +1-866-332-9894
OrgNOCEmail:  noc@privatesystems.net
OrgNOCRef:    http://whois.arin.net/rest/poc/NOC2915-ARIN

OrgTechHandle: NOC2915-ARIN
OrgTechName:   Network Operations Center
OrgTechPhone:  +1-866-332-9894
OrgTechEmail:  noc@privatesystems.net
OrgTechRef:    http://whois.arin.net/rest/poc/NOC2915-ARIN

RTechHandle: NOC2915-ARIN
RTechName:   Network Operations Center
RTechPhone:  +1-866-332-9894
RTechEmail:  noc@privatesystems.net
RTechRef:    http://whois.arin.net/rest/poc/NOC2915-ARIN

RAbuseHandle: NOC2915-ARIN
RAbuseName:   Network Operations Center
RAbusePhone:  +1-866-332-9894
RAbuseEmail:  noc@privatesystems.net
RAbuseRef:    http://whois.arin.net/rest/poc/NOC2915-ARIN

RNOCHandle: NOC2915-ARIN
RNOCName:   Network Operations Center
RNOCPhone:  +1-866-332-9894
RNOCEmail:  noc@privatesystems.net
RNOCRef:    http://whois.arin.net/rest/poc/NOC2915-ARIN
DNS records

name    class    type    data    time to live
broadadnigeria.com    IN    MX   
preference:    0
exchange:    broadadnigeria.com
14400s    (04:00:00)
broadadnigeria.com    IN    SOA   
server:    ns1.pmvps-servers01.net
email:    princemorpheus.gmail.com
serial:    2010071202
refresh:    86400
retry:    7200
expire:    3600000
minimum ttl:    86400
86400s    (1.00:00:00)
broadadnigeria.com    IN    NS    ns1.pmvps-servers01.net    86400s    (1.00:00:00)
broadadnigeria.com    IN    NS    ns2.pmvps-servers01.net    86400s    (1.00:00:00)
broadadnigeria.com    IN    A    67.222.1.219    14400s    (04:00:00)
219.1.222.67.in-addr.arpa    IN    PTR    host.pmvps-servers01.net    86400s    (1.00:00:00)
Traceroute

Tracing route to broadadnigeria.com [67.222.1.219]…

hop    rtt    rtt    rtt         ip address    fully qualified domain name
1    1    0    0         70.84.211.97    61.d3.5446.static.theplanet.com
2    0    0    0         70.87.254.1    po101.dsr01.dllstx5.theplanet.com
3    0    0    0         70.85.127.105    po51.dsr01.dllstx3.theplanet.com
4    0    0    0         70.87.255.37    25.ff.5746.static.theplanet.com
5    0    0    0         4.59.32.29    xe-8-1-0.edge4.dallas3.level3.net
6    0    0    0         4.69.145.136    ae-3-80.edge3.dallas1.level3.net
7    4    1    2         8.9.232.74    colo4-dalla.edge3.dallas1.level3.net
8    2    2    2         206.123.64.30    ge-1-2.core2.colo4dallas.net
9    1    1    1         67.222.0.137    vz37-tx.privatesystems.net
10    1    1    1         67.222.1.219    host.pmvps-servers01.net
Trace complete

Heres a ping response from domain name: broadadnigeria.com and hostnaija.com. Both are on the same server.

scam5

THe question I have is: who is scamming who?

Is Mr. Kevin Ushi responsible for placing a newsSecurity.html page in the /online DIR of his own website, or are the servers of hostnaija.com compromised such that /online/newSecuritys.html is created by default.

Beware!

Advertisements

5 thoughts on “Warning: Fraudulent InterSwitch website at broadadnigeria.com

  1. Nigerian web hosts have really got to stop looking @ making fast money and start monitoring what sites are hosted on their servers.

  2. […] all owe a responsibility to the public, to prevent them from falling victims of scams such as the Fraudulent Interswitch website @ BroadNigeria. I’m aware it can be a tasking effort to monitor all websites on your servers BUT at least do […]

  3. This is the reason why some Nigerian Hosting Companies are now insisting that anyone that desire to buy a domain or hosting package from them must present a photo ID. If HOSTNAIJA has done that, they will be able to absolve themselves of any blame on this particular issue.

  4. DISCLAIMER FROM BROAD-AD PRODUCTIONS LIMITED
    ===============================================

    This is to inform the General Public and security agents that Broadadnigeria.com is not aware of this misleading allegation posted in this blog..

    Broad-Ad Audio-Visual Productions run legitimated businesses and NEVER engages in ANY fraudulent activity.

    We hereby state that our company is duly registered with CAC and that we do not know nor have any dealings whatsoever with any individual or company that distributes fraudulent information and we DO NOT HAVE ANY FRAUDULENT CONTENT OR MATERIAL NOR HOST ANY INTERSWITCH WEBSITE on servers.

    GENERAL PUBLIC: Kindly disregard any further missive from this source or report to the appropriate security authority.

    BLOG OWNER: PLEASE, KINDLY REMOVE THIS MISLEADING POST IMMEDIATELY.

    For further information, please visit http://www.broadadnigeria.com

    Thanks you

    Kevin Ushi
    for BROAD-AD PRODUCTIONS LIMITED

  5. Administrator says:

    @Mr. Kevin Ushi,
    it would be better if you get across to your domains administrator so that he can take necessary technical precautions against such an occurence whereby there is a URL within your hosting account that you guys didn’t put there /aren’t aware of.

    As much as I want to believe that Broad Ad productions Ltd didn’t put the page there, the account was possibly compromised and whoever did it was just having a good time using your hosting account to propagate his own malicious idea.s

    regards
    NairaKbps.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: