Posts: 11
|
I started reporting on 04-03-2007 to get some of the casino sites down, all using the name servers :
ns1..softhosting-dnsb.info
ns2..softhosting-dnsb.info
ns3.softhosting-dnsb.info
Registrar: DIRECT INFORMATION PVT LTD
Registrant:
Name:Russell D. Mason
Organization:mcr0soft
Street1:82 Benson Rd.
City:Freeville
State/Province:New York
Postal Code:13068
Country:US
Phone:+800.2312123
Email:vladhoho@mail.com
The reply:
| Code | We are in receipt of spam complaint sent by you. We would like to inform you that we would require sufficient evidence for the domain name you complaint for taking any abuse actions. You need to send us the message headers of the spam message you receive, along with the content of the messages. We won't be in a position to process any spam complaint without sufficient evidence about the spamming domain name.
Please provide us with the necessary details for us to take a prompt action towards your complaints.
Feel free to contact us, if you need any further assistance.
Regards,
Karna Kumar Jain |
So I forwarded the samples and got this:
We have received your complaint for SPAM from softhosting-dnsc.info.
 We are extremely strict and proactive with regards to our terms of usage.
Pursuant to our terms of service we have suspended softhosting-dnsc.info.
We have also sent warnings to the customer, all the contacts and any associated reseller about this domain.
Thank you for contacting our abuse department.
Regards,
ResellerClub Abuse Team
abuse@resellerclub.com
When I checked I saw:
NS1.SUSPENDED-DOMAIN.COM
NS2.SUSPENDED-DOMAIN.COM
for a few hours but later changed to the old softhosting-dnsb.info and the sites were still up
So I contacted them again:
| Code | Dear Registrar
In your reply you stated: "we have suspended softhosting-dnsc.info". I have noticed the nameservers change to
NS1.SUSPENDED-DOMAIN.COM and
NS2.SUSPENDED-DOMAIN.COM
but unfortunately only for a very short period and I keep receiving messages from:
http://royalonline.info/ and http://vegasvipcasinos.org/ and both sites
are still online. In the attachment you will find the most recent message I received.
|
They answered:
| Code | Hello,
We are in a receipt of a complaint sent by you. However, the domain names "vegasvipcasinos.org" and "royalonline.info" are neither registered nor hosted with us. [b]There is a possibility that such an activity may stand as a breach of Contract of the Accepted Usage Policy [AUP] of the Web Hosting Service Provider, for these domain names. You need to get in touch with them to seek action on this issue. [/b]
You may use any of the several web-based tools, to locate the E-Mail Address of the Abuse Desk of the Web Hosting Service Provider. One such tool is http://domainwhitepages.com.
Regards,
PublicDomainRegistry Abuse Desk
|
Polite as I am I fired of:
| Code | Dear Registrar,
Thank you for your reply on my request.
I am very well aware that the domain names "vegasvipcasinos.org" and "royalonline.info" are neither registered nor hosted with you.
That's why I requested to remove the address records from the nameservers on your domain.
On my previous requests a have received the reply that they were suspended.
So I don't really understand you now.
There is no use in closing down the actual websites.
From the link: http://rss.uribl.com/ns/softhosting_dnsc_info.html you can
clearly see they register new sites every hour all using your name servers
softhosting-dnsc.info to continue their activities:
super2cazino.info Fri, 09 Mar 2007 22:30:54 +0000
soft-wou.com Fri, 09 Mar 2007 20:51:09 +0000
vipvegascasinos.org Fri, 09 Mar 2007 20:46:13 +0000
new-excurs.info Fri, 09 Mar 2007 13:15:51 +0000
virtual2cazino.info Fri, 09 Mar 2007 08:29:18 +0000
royalcazino.info Fri, 09 Mar 2007 03:46:29 +0000
vipvegascasinos.net Thu, 08 Mar 2007 03:27:05 +0000
planetcazino4.info Thu, 08 Mar 2007 02:51:40 +0000
And in the mean time I get new messages from them everyday as you can see in the attachment and the site is still online.
http://royalonline.info/,
http://vipeurocasino.info/ and
http://vegasvipcasinos.org/
I experience very positive responses from other registrars and I know it is possible to lock them out, I have noticed that the nameservers were changed to:
NS1.SUSPENDED-DOMAIN.COM and NS2.SUSPENDED-DOMAIN.COM
by the Resellers Abuse Team, as they stated in their reply to me but unfortunately only for a very short period.
Feel free to contact me if you need any assistance or more proof of the
activities of these criminals because I get a lot of messages in our inbox from them
and I doubt that I’ll be the only one.
If you are not in the position to take action, maybe you can advise me, as
an expert, on how to proceed to get things done.
I realise this costs you time and money but your cooperation and support
will be appreciated very much by a lot of people.
With regards,
|
From Direct Information:
| Code | Hello,
We understand your concern.
Kindly note that the domain name "SOFTHOSTING-DNSC.INFO" is registered with Registrar : Direct Information Pvt. Ltd. d/b/a PublicDomainRegistry.com. The domain is being used as a nmaeserver for many domain names and its not necessary that all the domain names would be involved in any illegal internet activities. Currently there would be a number of genuine domain names which could be having the same nameserver. So its not possible to take action on the domain name without any sufficient evidence. So please forward us the domain names which are involved in any illegal internet activities so that we can take an immediate action as per our policies.
Regards,
PublicDomainRegistry Abuse Desk
|
I kept sending them reports of the casinos in my inbox:
| Code | Hello,
In the attachment you will find the most recent mails I have received all using your nameservers softhosting-dnsc.info.
The domains are:
http://royalonline.info/
http://vipeurocasino.info/
http://vegasvipcasinos.org/
http://royaleurocazino.org/
http://mjcazino.net/
http://royalkaz.info/
http://cazinovegas.com/
From http://rss.uribl.com/ns/softhosting_dnsc_info.html you can see the new
registrations using softhosting-dnsc.info:
1.. kazeuro.info Mon, 12 Mar 2007 06:03:57 +0000
2.. kuhnityt.com Sun, 11 Mar 2007 21:26:54 +0000
3.. vegascazino.net Sun, 11 Mar 2007 20:05:58 +0000
4.. mjcazino.org Sun, 11 Mar 2007 18:43:15 +0000
5.. royaleurocazino.org Sun, 11 Mar 2007 18:09:35 +0000
6.. planetcazino4.info Sun, 11 Mar 2007 14:02:12 +0000
7.. super2cazino.info Sun, 11 Mar 2007 12:13:24 +0000
8.. royalcazino.info Sun, 11 Mar 2007 08:55:35 +0000
9.. royalkaz.info Sun, 11 Mar 2007 06:32:57 +0000
10.. cazino4.info Sun, 11 Mar 2007 04:34:38 +0000
11.. mjcazino.net Sat, 10 Mar 2007 19:48:14 +0000
12.. royaleurocazino.com Sat, 10 Mar 2007 19:14:41 +0000
13.. vegascazino.com Sat, 10 Mar 2007 18:25:46 +0000
14.. virtual2cazino.info Sat, 10 Mar 2007 18:05:01 +0000
15.. mjcazino.com Sat, 10 Mar 2007 15:45:00 +0000
16.. royaleurocazino.net Sat, 10 Mar 2007 10:53:49 +0000
17.. super2cazino.info Fri, 09 Mar 2007 22:30:54 +0000
18.. soft-wou.com Fri, 09 Mar 2007 20:51:09 +0000
19.. vipvegascasinos.org Fri, 09 Mar 2007 20:46:13 +0000
20.. new-excurs.info Fri, 09 Mar 2007 13:15:51 +0000
21.. virtual2cazino.info Fri, 09 Mar 2007 08:29:18 +0000
22.. royalcazino.info Fri, 09 Mar 2007 03:46:29 +0000
23.. vipvegascasinos.net Thu, 08 Mar 2007 03:27:05 +0000
24.. planetcazino4.info Thu, 08 Mar 2007 02:51:40 +0000
So please remove these domains from your name servers.
|
And so this conversation ends on 13-03-2007 with a big silence from the DIRECT INFORMATION PVT LTD side and no more responses on my complaints for 5 days. Actually it has been a lot of words but no action was taken.
Me not happy !!!!!.
Yesterday I fired off a new report with the mails attached for:
http://royalsvip.net/
http://theroyalvip.org/
http://thevipvegas.net/
All the same ns:
http://dnsstuff.com/tools/traversal.ch?domain=thevipvegas.net&type=A
ns1.softhosting-dnsc.info [221.203.189.107] 221.203.189.107 310ms
ns2.softhosting-dnsc.info [121.36.124.110] Timeout.
with a Russian image server:
http://eurosetup.info/images/
I used parts of the request from Mark I found in the DSTR thread:
| Code | Dear rigistrar,
From 2007-03-04 till today I have been reporting this domain and I have received several replies but till now no action has been taken.
First you have asked me to provide you with the evidence of the activities, so I did.
Then I was informed: We are extremely strict and proactive with regards to our terms of usage. and
we have suspended softhosting-dnsc.info. But nothing had changed, all the sites are up.
After my next report you stated that its not possible to take action on the domain name without any sufficient evidence and asked me to forward you the domain names which are involved in any illegal internet activities so that you can take an immediate action as per your policies. So I provided you those with all new registrations using this domain as name servers.
If you would take a few moments to have a look at those sites: http://rss.uribl.com/ns/softhosting_dnsc_info.html
you could see that those are the ones that will end up in my inbox the coming weeks if your company is not willing to take action.
I do not understand why DIRECT INFORMATION PVT LTD is not in the position to act while and other registrars are acting, sometimes within a few hours.
Please look at the following link - I have imported its contents for your convenience.
CONTENTS
ROKSO listed #1 most wanted Cyber criminal Alex Polyakov's site, used for identity theft
and CREDIT CARD THEFT. See his criminal record at
http://spamhaus.org/statistics/spammers.lasso
Your company has entered into a registration contract with the Internet's most widely known criminal, Alex Polyakov. (Paul Gregoir)
That contract entitles Polyakov to place a domain name, softhosting-dnsc.info into your registrry, a domain which is then used to resolve access to the name servers:
ns1.softhosting-dnsc.info [221.203.189.107] and ns2.softhosting-dnsc.info [121.36.124.110].
These name servers runs on hijacked machines, to resolve access to his illegal web sites I have reported.
There are many others: http://groups.google.com.tw/group/news.admin.net-abuse.email/browse_thread/thread/4b4916408e17ed0d
As you can see is softhosting-dnsc.info also listed.
Please join with the other ISPs in shutting out his abuse of your company's services.
There is no reason to uphold a contract with known criminals. Should you need legal
advice, please contact Jon Praed who specialises in this area. JPraed@i-lawgroup.com
|
And I get a response again:
| Code | Hello,
We understand your concern.
Kindly note that the domain name "SOFTHOSTING-DNSC.INFO" is registered with Registrar : Direct Information Pvt. Ltd. d/b/a PublicDomainRegistry.com. The domain is being used as a nameserver for many domain names and its not necessary that all the domains would be involved in any illegal internet activities. Currently there would be a number of genuine domain names which could be having the same nameserver. So its not possible to take action on the domain name without any sufficient evidence.
For your kind information, the domain name "SOFTHOSTING-DNSC.INFO" is already SUSPENDED on Mar 7, 2007. & also note that the nameservers of the domain name "SOFTHOSTING-DNSC.INFO" are "NS1.SUSPENDED-DOMAIN.COM" and "NS2.SUSPENDED-DOMAIN.COM".
Regards,
PublicDomainRegistry Abuse Desk
|
All the casino sites were still up.
So I prepared to report to the registrars of the casino sites.
I first sent the requests to MIT and Onlinenic.
I had a list of all new registrations using SOFTHOSTING-DNSC.INFO from 04-03-2007 till today. I shifted them between MIT, Onlinenic and Estdomains. They never showed up in my inbox but reported those as well.
No reponse from MIT.
From Onlinenic, first I get bounced:
| Code | This is the Postfix program at host www.OnlineNIC.com.
I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.
For further assistance, please send mail to <postmaster>.
If you do so, please include this problem report. You can
delete your own text from the attached returned message.
The Postfix program
<rex@china-channel.com> (expanded from <icann@onlinenic.com>):
Host mx.35.cn[159.226.xxxxxxx] said: 553 Email was rejected by 35 AntiSpam System,
id=mx.35.cn.19328.1174412710 (in reply to end of DATA command)
|
Despite the bounce I just got a reply from Onlinenic:
| Code | Dear customer,
Thanks for contacting OnlineNIC Customer Care!
We are very sorry for the issue happened on you, which was caused by those domains. Please note that we have suspended these domains, and we will not activate them again until the domain admin offer us the sound explanations & new pairs of domain DNS. We would like to try our utmost to avoid the matter come out again.
Yours Sincerely,
Cecilia
Customer Service Division,
OnlineNIC, Inc.
|
Wow, that sounded better and…………………..
Surprise, surprise:
At the moment all the casino sites I tracked down the last couple of weeks are dead.
Even the ones at MIT and Estdomains that were not reported by me, and the websites
http://rss.uribl.com/ns/softhosting_dnsc_info.html that registered yesterday.
They still use softhosting-dnsc.info as nameservers.
http://www.dnsstuff.com/tools/traversal.ch?domain=euroroyalcasino.org&type=A
ns1.softhosting-dnsc.info [221.203.189.107] Timeout
ns2.softhosting-dnsc.info [121.36.124.110] Timeout
I’m not sure who is responsible for this but I’m happy now. 
And a big up for Onlinenic for their support.
Nl.
|
|
Pages: 1
Author
DIRECT INFORMATION & the Casinos (currently 1,841 views)
Logged
Assume it's a brand new person each time who doesn't know what you sent the last time. It cuts down on the confusion. It *is* more time consuming, I'll admit. But it gets the job done.
Locked Board