Home

Asprox: nesco-online.eu

September 25, 2008 - 19:16 — Rune

The last domain used for the Nesco mule scam copycat sites was nesco-online.co.uk.
Today I spotted nesco-online.eu on the Asprox botnet.
Registered on September 13, but probably only set up in the botnet during the last day.
Which probably means you can expect to see spam for nesco-online.eu soon.
Or postings on e.g. Career Builder and/or similar sites with links or email contacts going to nesco-online.eu.

From http://nesco-online.eu/memberlogin.html:

Mailing Address

NESCO Accounting & Finance
2 Summit Park Dr.
Suite 200
Independence, OH 44131

Email Address

sobenski.accounting@gmail.com

Head over to http://www.eurid.eu for the whois. Or take a look at the attached pgn-file.
Short parts of it (some parts are only graphics on the webbased whois, not included).

Name	nesco-online
Status	REGISTERED
Registered	September 13, 2008
Last update	September 13, 2008, 8:40 pm
Registrant
Name	Lini Oster
Organisation	Navilive Private Limited

Registrar technical contacts
Name	Breeze Wu
Organisation	OnlineNIC Inc.

Nameservers
	ns1.dns-diy.net
	ns2.dns-diy.net

www.nesco-online.eu does not seem to rotate between a lot of IPs on the botnet, only these one at this moment:

www.nesco-online.eu	 A 	24.34.17.210 (Comcast)
www.nesco-online.eu	 A 	71.226.201.209 (Comcast)
www.nesco-online.eu	 A 	98.26.58.210 (RoadRunner)

Here is a long list of what you might have found on 24.34.17.210 lately (thanks to bfk.de):

ns1.client4.asia	 A 	24.34.17.210
ns2.client4.asia	 A 	24.34.17.210
ns3.client4.asia	 A 	24.34.17.210
ns1.73comm.asia	 A 	24.34.17.210
ns2.73comm.asia	 A 	24.34.17.210
ns2.cid12.cc	 A 	24.34.17.210
ns3.cid12.cc	 A 	24.34.17.210
ns1.ssl92.cc	 A 	24.34.17.210
ns2.ssl92.cc	 A 	24.34.17.210
ns3.ssl92.cc	 A 	24.34.17.210
ns1.sid94.cc	 A 	24.34.17.210
ns2.sid94.cc	 A 	24.34.17.210
ns3.sid94.cc	 A 	24.34.17.210
ns1.8cfm.cc	 A 	24.34.17.210
ns2.8cfm.cc	 A 	24.34.17.210
ns3.8cfm.cc	 A 	24.34.17.210
ns10.4admin.cc	 A 	24.34.17.210
ns1.4admin.cc	 A 	24.34.17.210
ns2.4admin.cc	 A 	24.34.17.210
ns3.4admin.cc	 A 	24.34.17.210
ns1.64crypt.cc	 A 	24.34.17.210
ns2.64crypt.cc	 A 	24.34.17.210
ns1.7aspssl.be	 A 	24.34.17.210
ns2.7aspssl.be	 A 	24.34.17.210
ns3.7aspssl.be	 A 	24.34.17.210
ns2.bank84.name	 A 	24.34.17.210
ns3.bank84.name	 A 	24.34.17.210
ns1.9lang.name	 A 	24.34.17.210
ns2.9lang.name	 A 	24.34.17.210
ns3.9lang.name	 A 	24.34.17.210
ns9.9lang.name	 A 	24.34.17.210
ns1.32ddk.name	 A 	24.34.17.210
ns2.32ddk.name	 A 	24.34.17.210
ns3.32ddk.name	 A 	24.34.17.210
ns9.32ddk.name	 A 	24.34.17.210
ns20.8com.name	 A 	24.34.17.210
ns11.8com.name	 A 	24.34.17.210
ns1.8com.name	 A 	24.34.17.210
ns12.8com.name	 A 	24.34.17.210
ns2.8com.name	 A 	24.34.17.210
ns13.8com.name	 A 	24.34.17.210
ns3.8com.name	 A 	24.34.17.210
ns5.8com.name	 A 	24.34.17.210
ns16.8com.name	 A 	24.34.17.210
ns17.8com.name	 A 	24.34.17.210
ns9.8com.name	 A 	24.34.17.210
ns1.err83.mobi	 A 	24.34.17.210
ns2.err83.mobi	 A 	24.34.17.210
ns3.err83.mobi	 A 	24.34.17.210
ns1.conf68.mobi	 A 	24.34.17.210
ns3.conf68.mobi	 A 	24.34.17.210
ns1.asp69.mobi	 A 	24.34.17.210
ns2.asp69.mobi	 A 	24.34.17.210
ns3.asp69.mobi	 A 	24.34.17.210
ns9.asp69.mobi	 A 	24.34.17.210
ns1.cfm9.mobi	 A 	24.34.17.210
ns2.cfm9.mobi	 A 	24.34.17.210
ns3.cfm9.mobi	 A 	24.34.17.210
ns9.cfm9.mobi	 A 	24.34.17.210
ns1.7ntio.mobi	 A 	24.34.17.210
ns3.7ntio.mobi	 A 	24.34.17.210
ns1.9control.tk	 A 	24.34.17.210
ns2.9control.tk	 A 	24.34.17.210
ns3.9control.tk	 A 	24.34.17.210
ns1.7agent.tk	 A 	24.34.17.210
ns2.7agent.tk	 A 	24.34.17.210
ns3.7agent.tk	 A 	24.34.17.210
ns1.cert5.co.uk	 A 	24.34.17.210
ns2.cert5.co.uk	 A 	24.34.17.210
ns3.cert5.co.uk	 A 	24.34.17.210
ns8.cert5.co.uk	 A 	24.34.17.210
ns9.cert5.co.uk	 A 	24.34.17.210
ns1.aspx94.in	 A 	24.34.17.210
ns2.aspx94.in	 A 	24.34.17.210
ns3.aspx94.in	 A 	24.34.17.210
ns9.aspx94.in	 A 	24.34.17.210
ns1.3event.in	 A 	24.34.17.210
ns2.3event.in	 A 	24.34.17.210
ns3.3event.in	 A 	24.34.17.210
ns2.7confirm.gs	 A 	24.34.17.210
ns3.7confirm.gs	 A 	24.34.17.210
ns1.chk74.us	 A 	24.34.17.210
ns2.chk74.us	 A 	24.34.17.210
ns3.chk74.us	 A 	24.34.17.210
ns9.chk74.us	 A 	24.34.17.210
ns1.edit7.us	 A 	24.34.17.210
ns2.edit7.us	 A 	24.34.17.210
ns3.edit7.us	 A 	24.34.17.210
ns1.app84.ws	 A 	24.34.17.210
ns2.app84.ws	 A 	24.34.17.210
ns3.app84.ws	 A 	24.34.17.210
ns9.app84.ws	 A 	24.34.17.210
ns10.7type.ws	 A 	24.34.17.210
ns20.7type.ws	 A 	24.34.17.210
ns11.7type.ws	 A 	24.34.17.210
ns1.7type.ws	 A 	24.34.17.210
ns12.7type.ws	 A 	24.34.17.210
ns2.7type.ws	 A 	24.34.17.210
ns3.7type.ws	 A 	24.34.17.210
ns4.7type.ws	 A 	24.34.17.210
ns5.7type.ws	 A 	24.34.17.210
ns17.7type.ws	 A 	24.34.17.210
ns7.7type.ws	 A 	24.34.17.210
ns18.7type.ws	 A 	24.34.17.210
ns9.7type.ws	 A 	24.34.17.210
ns1.8path.ws	 A 	24.34.17.210
ns2.8path.ws	 A 	24.34.17.210
ns3.8path.ws	 A 	24.34.17.210
ns8.ww8.associatedbank.com.8path.ws	 A 	24.34.17.210
ns1.53cmd.net	 A 	24.34.17.210
ns2.53cmd.net	 A 	24.34.17.210
ns3.53cmd.net	 A 	24.34.17.210
ns1.19ssl.net	 A 	24.34.17.210
ns3.19ssl.net	 A 	24.34.17.210
www.nesco-online.eu	 A 	24.34.17.210
ns1.jic2.ru	 A 	24.34.17.210
ns1.asp53.tv	 A 	24.34.17.210
ns2.asp53.tv	 A 	24.34.17.210
ns3.asp53.tv	 A 	24.34.17.210
ns9.asp53.tv	 A 	24.34.17.210
ns1.id83.tv	 A 	24.34.17.210
ns2.id83.tv	 A 	24.34.17.210
ns3.id83.tv	 A 	24.34.17.210
ns9.id83.tv	 A 	24.34.17.210
ns1.appid8.tv	 A 	24.34.17.210
ns2.appid8.tv	 A 	24.34.17.210
ns3.appid8.tv	 A 	24.34.17.210
ns9.appid8.tv	 A 	24.34.17.210
ns1.8cache.tv	 A 	24.34.17.210
ns2.8cache.tv	 A 	24.34.17.210
ns3.8cache.tv	 A 	24.34.17.210
ns1.3cookie.tv	 A 	24.34.17.210
ns2.3cookie.tv	 A 	24.34.17.210
ns3.3cookie.tv	 A 	24.34.17.210
ns1.5ssl.tv	 A 	24.34.17.210
ns2.5ssl.tv	 A 	24.34.17.210
ns3.5ssl.tv	 A 	24.34.17.210
ns2.en-us9.tw	 A 	24.34.17.210
ns3.en-us9.tw	 A 	24.34.17.210
ns1.drv33.bz	 A 	24.34.17.210
ns2.drv33.bz	 A 	24.34.17.210
ns3.drv33.bz	 A 	24.34.17.210
ns1.mode4.bz	 A 	24.34.17.210
ns2.mode4.bz	 A 	24.34.17.210
ns3.mode4.bz	 A 	24.34.17.210
ns1.page6.bz	 A 	24.34.17.210
ns2.page6.bz	 A 	24.34.17.210
ns3.page6.bz	 A 	24.34.17.210
ns1.cert8.bz	 A 	24.34.17.210
ns2.cert8.bz	 A 	24.34.17.210
ns3.cert8.bz	 A 	24.34.17.210
ns1.12core.bz	 A 	24.34.17.210
ns3.12core.bz	 A 	24.34.17.210
ns1.12dll.bz	 A 	24.34.17.210
ns2.12dll.bz	 A 	24.34.17.210
ns13.12dll.bz	 A 	24.34.17.210
ns3.12dll.bz	 A 	24.34.17.210
ns16.12dll.bz	 A 	24.34.17.210
ns17.12dll.bz	 A 	24.34.17.210
ns8.12dll.bz	 A 	24.34.17.210
ns9.12dll.bz	 A 	24.34.17.210
AttachmentSize
whois_nesco-online.eu_.png58.98 KB

Comments

September 27, 2008 - 09:30 — James Miller (not verified)

Nesco

Got the nesco-online.eu scam yesterday.

September 26, 2008 - 11:17 — tonyls6 (not verified)

More Information on

I hope the following information is of help to people.

I got mail from them this morning:

Thank you for enquiring.
With reference to your resume we are happy to offer you to fill up the Payment
Processing
Clerk position in our company.

This position focuses on the management of daily, weekly and monthly tasks and
special projects
pertaining to the finance support for accounting in United Kingdom.

Hours: You can work full time or part time. Your schedule can be flexible.
For part time - you will need to spend on average 2 hours per day, Monday-Friday.

Position requires:
- Assist the Accountant and HR Departments in a support role performing special
projects, data
entry and other duties as assigned;
- Investigate and resolve all customer payment inquiries.
- Investigate and resolve all payments received without a valid customer account
number.
- Process manual direct pay applications.
- Process all the exception payments, correspondence, rejects from the lockbox
provider.
- Processing of Deferred Payment Agreements (DPA).
- Use of contemporary computer software (e.g., Windows; Microsoft Office Suite) a MUST.

Salary/Wage: 10,000.00 GBP - 15,000.00 GBP/year.

Location: This is a work at home position. All communication will be online. During
training/trial
period assistance may be provided by phone and e-mail.

Costs and Fees: There are NO costs at any time for our employees. All fees related
to this employment
are covered by the company.

Further Hiring Process:

Please click this link and fill in the registration form:
http://www.nesco-online.eu/form-uk-ssl.html

! Please be very attentive while filling the blank.
! Please fill in all your contact details (emails, fax and phone numbers), in order
to avoid
! any delays in our further correspondence and communication.
! In the comments column please mark the most suitable time for you to perform the
tasks (2 hours business
! time, when you could act for PAYMENT PROCESSING CLERK).

! Be advised that our company never uses our employees' data for marketing,
advertising,
! or other purposes. Also we do not require your sensitive information such as
pin-codes, secret questions or passwords.
! We require only basic account information which is needed to make transactions to
you.

Please reply ONLY to our personal e-mail: sobenski.finaccount@gmail.com

Thank you for your Interest and we are looking forward to hear from you soon!

I found this information:

Whois Result
Domain
Name nesco-online
Status REGISTERED (What this means)
Registered September 13, 2008
Last update September 13, 2008, 8:40 pm
Registrant
Name Lini Oster
Organisation Navilive Private Limited
Language English
Address

Phone
Fax
Email
Registrar technical contacts
Name Breeze Wu
Organisation OnlineNIC Inc.
Language English
Address

Phone
Fax
Email
Registrar
Organisation OnlineNIC Inc
Website www.onlinenic.com
Nameservers
ns1.dns-diy.net
ns2.dns-diy.net
__________________________________________
Companies House UK:

Company Details

Print Page. Open help text in a new window. The WebCHeck service is available from Monday to Saturday 7.00am to 12 Midnight UK Time

Name & Registered Office:
NAVILIVE PRIVATE LIMITED
SUITE 8525, 16-18 CIRCUS ROAD,
ST. JOHN'S WOOD,
LONDON,
NW8 6PG
Company No. 05764614

Status: Active
Date of Incorporation: 31/03/2006

Country of Origin: United Kingdom
Company Type: Private Limited Company
Nature of Business (SIC(03)):
7499 - Non-trading company
Accounting Reference Date: 31/03
Last Accounts Made Up To: 31/03/2007 (DORMANT)
Next Accounts Due: 31/01/2009
Last Return Made Up To: 21/04/2008
Next Return Due: 19/05/2009
Last Members List: 21/04/2008
Previous Names:
No previous name information has been recorded over the last 20 years.