connected dots and blue background

Guest Blogger Shawnda Potvin shares a personal experience with Iris 

I was recently on a mission to treat myself to a pair of boots. I went to a website which I thought was an authentic UGG® boots website, as both websites were identical. After I purchased the UGG boots and received a confirmation email, I realized the boots were shipped from outside of the U.S with an expected delivery of 10-15 days (which was a little disconcerting). The boots were advertised at $75 with an additional shipping cost of $15 (for a grand total of $90). Although this price seemed very low, I was not overly troubled as it seemed consistent with a Black Friday deal. My shopping experience took a negative turn when I checked the balance on my card and noticed a charge from Singapore in the amount of $103, which did not reflect the advertised price.

 

 

A month later I received the boots, which looked nothing like the ones I ordered and were cheaply made. There were now too many red flags to ignore, so I made contact with an UGG representative through the official website to see if wildoxpromotions[.]com was a distributor of theirs, which they were not. They took note of my experience and forwarded the information to their fraud department. To protect my own credit, I was also sure to cancel my credit card.

 

 

Being the curious person that I am, I went to work the next day and started researching this Wild Ox Promotions. I used a product that DomainTools offers, called Iris, which is intuitive and can access a wealth of domain and DNS information. I was able to put wildoxpromotions[.]com into the search box, which then brought up two other emails associated with this domain. I then used the Whois History tool to see where this domain was registered to see if it matched the address on my billing statement. Iris allowed me to see inaccurate information in their Whois record. As an example, the registrar identified their state as the United States (which, last time I checked, is a country). They registered their origin country as AR, which is the country code for Argentina. These two examples gave me enough information to reach out to ICANN and report this particular Whois record. Finally, I continued my investigation by expanding my search to the registrants IPs. I was able to locate 8 other domains hosted on that IP address, providing me with even more context and the ability to monitor these data points moving forward (see the domains below):

  • Wildoxpromotions.com
  • Extradinarybreathbag.com
  • Chicbagdesign.com
  • Evergreenshops.com
  • Casualluggagshop.com
  • Thickwarmsnowboots.com
  • Qualityovergold.com
  • Beautifullywumart.com
  • Carriefruitbrand.com

It’s hard to believe the lengths that people go through to replicate a company’s website and deliver counterfeit products. The bottom line is that you do not have to be a cybersecurity expert to use DomainTools’ Iris Platform. With minimal time and effort, I was able to search for a single domain and locate several other domains associated with a single IP address. I was then able to pinpoint eight other websites selling counterfeit products.

Note: Since I did this research, some of these websites have been removed. And I’m apparently not the only one who has fallen victim to this UGG boots scam. An article in the UK publication This is Money describes a similar set of circumstances.