 Pages: 1 |
 Author |
 Registrars Hall of Shame (currently 1,605 views) |
| tracker |
| Posted on: Saturday, December 9th, 2006, 3:27pm |
 |
|
Posts: 41
|
This is my subjective Registrars Hall of Shame, as of posted date.
First of all, all of the spam email that I receive passes through the barracuda network and is almost identical from one to another. They all have the poor English look, most with random text at the end, and most are probably originating from the Ukraine or Russia. Close to ninety percent of the domains and nameservers being used for soliciting websites used for scamming belong to the first two Registrars on my Hall of Shame list, both are in China.
1. BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. for a total disregard in their registered domains and server use, for zero communications, and an apparent zero demonstrative effort towards cleaning up.
2. XIN NET TECHNOLOGY CORPORATION for same as above, and they bounce back emails reporting abuse.
3. THE REGISTRY AT INFO AVENUE D/B/A IA REGISTRY for bouncing back email reporting abuse. Abuse email sent to their tech team was unanswered, or not read. They have made no effort towards stopping at least one very active phishing domain registered by them.
4. to be determined…
Some Registrars are very close to falling into the Hall of Shame. The fourth spot on the list could be filled at any moment. |
|
|
|
|
|
| Ryan |
| Posted on: Sunday, December 10th, 2006, 11:52am |
|
|
Spam Fighter 
Posts: 76
|
Can I vote?
I should like to vote for MONIKER ONLINE SERVICES, INC for fourth place
(609 listed spamming nameservers out of 661 active NS, for a percentage of 92.13%) |
A computer once beat me at chess, but it was no match for me at kick boxing.
-- Emo Philips |
|
|
|
  |
Reply: 1 - 14 |
|
|
| tracker |
| Posted on: Sunday, December 10th, 2006, 6:47pm |
|
|
Posts: 41
|
Okay, you've got it Ryan.
4. Moniker Online Services LLC
They have never answered my email, and those statistics alone should do it for them. |
|
|
|
|
Reply: 2 - 14 |
|
|
| MarkGiles |
| Posted on: Saturday, December 23rd, 2006, 6:47pm |
|
|
Posts: 363
|
I am now getting responses from moniker.com, and action on Ace of Domains complaints.
Removals to date for Polyakov name servers
ns1.onioionez.com
ns2.onioionez.com
ns1.lightwithab.com
ns2.lightwithab.com
ns1.technollogyhere.com
ns2.technollogyhere.com
ns1.sportystuuff.com
ns2.sportystuuff.com
ns1.kokonutfornut.com
ns2.kokonutfornut.com
ns1.certifiedmunkeys.com
ns2.certifiedmunkeys.com
ns1.superamolecular.com
ns2.superamolecular.com
ns1.samethan.com
ns2.samethan.com
ns1.onlythese.com
ns2.onlythese.com
ns1.mrxhockeyguru.com
ns2.mrxhockeyguru.com
ns1.laserinkjett.com
ns2.laserinkjett.com
Moniker.com has turned the corner. |
|
|
|
|
Reply: 3 - 14 |
|
|
| MarkGiles |
| Posted on: Saturday, December 23rd, 2006, 6:50pm |
|
|
Posts: 363
|
[snip]Close to ninety percent of the domains and nameservers being used for soliciting websites used for scamming belong to the first two Registrars on my Hall of Shame list, both are in China.
1. BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. for a total disregard in their registered domains and server use, for zero communications, and an apparent zero demonstrative effort towards cleaning up. [snip]
|
They may have taken the criticism to heart. Kuvayev name servers removed to date:
ns.kertuijingenfunhadesun.com
ns.badesruikinherungans.com
ns0.vckionldesunjas.com
ns0.avuihdesunhawio.com
ns0.sadewunmkedefuna.com
ns.vaserunkiontunhdetunhas.com
ns.baserunkintunhdefunhas.com
ns0.quijindeshkinmas.com
ns0.kilonherunhasedun.com
ns0.hadegandestui.com
ns3.ovdesaxinme.com
Excellent progress.
|
|
|
|
|
Reply: 4 - 14 |
|
|
| Ryan |
| Posted on: Thursday, January 11th, 2007, 4:59pm |
|
|
Spam Fighter
Posts: 76
|
Dallas from URIBL has just updated the registrar list interface. It now ranks registrars by the number of active spamming nameservers added over a 5-day period, rather than by the total listed. This is a good improvement, because it is easier to trace spammer movement in real time.
Also, it highlights the worst of the worst, so they are easily spotted!
Great work guys!!
Check it out at: http://rss.uribl.com/nic/ |
A computer once beat me at chess, but it was no match for me at kick boxing.
-- Emo Philips |
|
|
|
| |
Reply: 5 - 14 |
|
|
| tracker |
| Posted on: Tuesday, February 13th, 2007, 7:38pm |
|
|
Posts: 41
|
Going back and looking at the uribl site... I certainly like the figures for Network Solutions and Gandhi.
Others seem to be sound asleep, but which I guess in time will have a rude awakening. Another group seems to consist of those who are sound asleep and want to stay that way. |
|
|
|
|
Reply: 6 - 14 |
|
|
| MarkGiles |
| Posted on: Wednesday, February 21st, 2007, 12:46am |
|
|
Posts: 363
|
ACE OF DOMAINS (contact = support@moniker.com)
The following name servers reside on domains registered with Ace of Domains.
By entering into a contract with the Internet's most wanted criminal, Alex Polyakov (alias Paul Gregoire alias William Gregory), Ace of Domains stands guilty of abetting his crimes.
To avoid prosecution for being complicit with his crimes, Ace of Domains needs to cancel the contracts, and render these name servers incapable of providing access to Polyakov's illegal web sites.
ns1.driedoutdns.com
ns2.driedoutdns.com
(resolves recdsetherre.com, eigenfiftty.com, ooididit.com, stordboxes.com etc)
ns1.hairyolddns.com
ns2.hairyolddns.com
(resolves qquaiimes.com, onlygastuff.com, itchjktadtto.com, cardjkeakfst.com, woidjkebeedz.com etc)
ns1.surprisingdns.com
ns2.surprisingdns.com
(resolves abcofhghtwo.com, abcoftruth.com, ableklittlethreez.com, alcoveb.com, etc)
ns1.ferygoins.com
ns2.ferygoins.com
(resolves bubhabybaath.com, coererpassayutter.com, airpyahqundre.com, amaerydcamsmaa.com etc)
ns1.chambogos.com
ns2.chambogos.com
(resolves coolfrgiverz.com, cowgkatches.com, querteryuasdinnertwo.com, illtryitybeone.com etc)
Often, Polykov's name servers run on illegally hijacked name servers, and resolve access to illegal web sites, most of which also run on illegally hijacked hosts. At other times, they run on "Bullet-Proof" hosts in China.
Either Ace of Domains are acting for the criminals, or against them. There is no half-way. |
|
|
|
|
Reply: 7 - 14 |
|
|
| MarkGiles |
| Posted on: Wednesday, February 21st, 2007, 12:59am |
|
|
Posts: 363
|
Beijing Innovative Linkage Technology (contacts liwei@dns.com.cn, zhaifeng@dns.com.cn, huyan@dns.com.cn, abuse@anti-spam.cn, spam@ccert.edu.cn
This registrar is a haven for Alex Polyakov web sites and name servers. The IP addresses listed here change from day to day, and are all running on illegally hijacked machines. Each of these machines has had a trojan loaded onto it to perform a proxy name server service.
200.29.97.98 ns1.commissureer.com
200.29.97.98 ns2.morboseez.com
200.29.97.98 ns1.aftercomeer.com
200.29.97.98 ns2.remollientd.com
200.29.97.98 ns1.galleyfoisted.com
200.29.97.98 ns1.keroslep.com
200.29.97.98 ns2.vendoper.com
210.34.0.101 ns2.grisaillesag.com
210.34.0.101 ns2.charteredbol.com
210.34.0.101 ns2.excentriccod.com
210.34.0.101 ns2.asderdub.com
210.34.0.101 ns2.upgoandstay.com
210.34.0.101 ns2.peckdore.com
210.34.0.101 ns2.goodiman.com
210.34.0.101 ns2.hortonhop.com
210.34.0.101 ns2.sendsafedns.com
210.34.0.101 ns2.fastundslow.com
221.8.12.90 ns2.chekreck.com
63.223.11.14 ns1.perceivablenut.com
63.223.11.14 ns1.amylaceouswer.com
63.223.11.14 ns1.obtundert.com
63.223.11.14 ns1.mucronated.com
63.223.11.14 ns1.matronizeer.com
63.223.11.14 ns1.corpsmure.com
63.223.11.14 ns1.renedrop.com
63.223.11.14 ns1.xetopnet.com
63.223.11.14 ns1.bsophunt.com
63.223.11.14 ns1.poertodas.com
63.223.11.14 ns1.jokutnap.com
64.110.30.1 ns1.simperingnul.com
64.110.30.1 ns1.terosferro.com
64.110.30.1 ns1.devinavy.com
64.110.30.1 ns1.yergoon.com
64.110.30.1 ns1.happikun.com
Beijing Innovative Linkage Technology is knowingly allowing the Internet's most wanted criminal to run his illegal operations, which result in millions of spams per day. This registrar is making the People's Republic of China look bad in the opinion of other countries. |
|
|
|
|
Reply: 8 - 14 |
|
|
| MarkGiles |
| Posted on: Wednesday, February 21st, 2007, 1:09am |
|
|
Posts: 363
|
Moniker.com (complaints contact: support@moniker.com)
Sister company to Ace of Domains, Moniker is responsible for sponsoring Alex Polyakov's operations too. This registrar is allowing contracts with this most wanted cyber-criminal to remain in place, despite the clear evidence of his criminality. Moniker.com is guilty of knowingly abetting his crimes.
It is now up to moniker.com to cancel those contracts and render the DNS reslution service inoperative. This will dissociate their company from Alex Polyakov's crimes.
The follwing IP addresses change from day to day, and represent illegally hijacked machines. The victims whose machines have been compromised will not appreciate Moniker's role in assisting with these criminal misdeeds.
199.243.242.9 ns2.asmotell.net
200.29.97.98 ns2.proveregg.com
200.29.97.98 ns2.magicaxis.com
200.29.97.98 ns2.gertuzen.net
200.29.97.98 ns2.fizactis.net
200.29.97.98 ns2.vjflash.com
210.34.0.101 ns2.terkclass.com
210.34.0.101 ns2.tetscope.com
210.34.0.101 ns2.barasincle.com
63.223.11.14 ns1.ourboycot.com
63.223.11.14 ns1.uiltonthe.net
63.223.11.14 ns1.theblackrains.net
63.223.11.14 ns1.jotokio.info
64.110.30.1 ns1.detebed.com
85.136.20.235 ns1.nohoevents.com
|
|
|
|
|
Reply: 9 - 14 |
|
|
| MarkGiles |
| Posted on: Wednesday, February 21st, 2007, 1:15am |
|
|
Posts: 363
|
XIN Net (contacts pantao@xinnet.com, lihm@xinnet.com, abuse@anti-spam.cn, spam@ccert.edu.cn)
Another registrar bringing a bad reputation to the People's Republic of China is XIN Net. They are also assisting in Alex Polyakov's crimes by not terminating their contracts and services, despite knowing that he is the worst criminal on the Internet.
Addresses of illegally hijacked machines, which change daily, and the name servers that XIN Net provides, are listed here
199.243.242.9 ns2.ferrywend.com
199.243.242.9 ns2.loerjamm.com
199.243.242.9 ns1.rupponce.com
199.243.242.9 ns2.tyroidont.com
199.243.242.9 ns2.adonoput.com
199.243.242.9 ns2.misterboby.com
200.29.97.98 ns2.vertubadon.com
210.34.0.101 ns2.portemmis.com
210.34.0.101 ns2.grettnos.com
210.34.0.101 ns2.seveopd.com
217.64.99.162 ns1.wiordkenn.com
217.64.99.162 ns1.zuzuforse.com
64.110.30.1 ns1.deltapemmy.com
85.136.20.235 ns1.neokalvinw.com
XIN Net needs to set the Address resolution of these name servers to a null route, and place the domain on hold to prevent update, delete and transfer.
|
|
|
|
|
Reply: 10 - 14 |
|
|
| Ryan |
| Posted on: Friday, March 9th, 2007, 4:23pm |
|
|
Spam Fighter
Posts: 76
|
| The "Registrar Hall of Shame" idea is really interesting, and a lot of people have been asking for one. Any thoughts as to how to make it automated and at least somewhat objective? |
A computer once beat me at chess, but it was no match for me at kick boxing.
-- Emo Philips |
|
|
|
| |
Reply: 11 - 14 |
|
|
| MarkGiles |
| Posted on: Monday, May 14th, 2007, 11:46pm |
|
|
Posts: 363
|
I have set up a separate thread for each of the most disgraceful companies that act as safe havens for the Internet's two worst spammer groups. It is well past the time when these companies should have cleaned up their act.
All future complaints should be directed to or copied to ICANN, with the request for their accreditation to be removed.
Do these companies have any right to be allowed to continue in business, given that they are perceived to be consorting with and assisting criminals, in violation of the law and of their own terms of service? What do you think? |
|
|
|
|
Reply: 12 - 14 |
|
|
| phantazm |
| Posted on: Tuesday, August 7th, 2007, 7:06pm |
|
|
New Member 
Posts: 18
|
Ryan: "The "Registrar Hall of Shame" idea is really interesting, and a lot of people have been asking for one. Any thoughts as to how to make it automated and at least somewhat objective?"
I agree on that. Here's some comments:
1) Let's supply the 'raw numbers' and let people judge for themselves. Because: whether a site is phishing or not really isn't a question of different opinions, it's obvious to all (even to the scammer himself).
2) However, any registrar is vulnerable to fraud. But some are quick to clean up, some do it eventually, and a few couldn't care less. Furthermore, some domains are also more inviting if you're a black hat (the ST domain could be an example). Nations are different too, so China and USA shouldn't be treated exactly the same way.
3) I'll suggest a two-layered list of bad registrars. A simple top 10 displaying the worst of all (That's a list most people wil be able to remember). And, a total list of all registrars, for those who want/need to delve deeper into this matter. The top 10 could be placed on the 'frontpage', and the total list somewhere on a subpage (connected to the frontpage a la 'click here to read more...'). The simple equation is this: the fewer examples we expose, the more attention each crook will get...
4) Finally, a beginning now would be better than waiting a year for something more perfect. Let's start now with a simple top 10 list, and then let it grow and improve month by month...
In any case, let's get started...! |
|
|
|
|
Reply: 13 - 14 |
|
|
| MarkGiles |
| Posted on: Thursday, August 16th, 2007, 12:16am |
|
|
Posts: 363
|
Done.
Go to http://rss.uribl.com/nic/
Take the top 10, sort on the "Percent" column in descending sequence.
BIZCN is listed twice, at the top.
This shows the registrars who have attracted the highest percentage of spammed site registrations in the past 5 days.
## Registrar Listed Active Percent
2 ÏÃÃÅ»ªÉÌÊ¢ÊÀÍøÂçÓÐÏÞ¹«Ë¾ 838 838 100.00%
8 BIZCN.COM, INC. 128 130 98.46%
6 BEIJING INNOVATIVE LINKAGE TECHNOLOGY 255 259 98.46%
5 DYNAMIC DOLPHIN, INC. 377 385 97.92%
3 MONIKER ONLINE SERVICES, INC. 590 639 92.33%
9 COMPUTER SERVICES LANGENBACH - JOKER.COM 122 147 82.99%
1 ENOM, INC. 1881 2331 80.69%
7 INTERCOSMOS MEDIA GROUP - DIRECTNIC.COM 244 399 61.15%
4 GO DADDY SOFTWARE, INC. 586 1401 41.83%
10 TUCOWS INC. 121 521 23.22% |
|
|
|
|
Reply: 14 - 14 |
|
Pages: 1 |
Logged
Locked Board