NameSilo

Major Fraud Operation - Need a report from DomainTools.com if someone has membership.

Labeled as analysis in General Domain Discussion, started by Super-Annuation, Apr 13, 2021

Replies:
19
Views:
719

  1. Super-Annuation

    Super-Annuation Restricted (Market)

    Posts:
    1,291
    Likes Received:
    1,045
    upload_2021-4-14_3-14-22.png

    Above is the ARIN fraud report submission

    This is the email from auDA for the first site in below text


    upload_2021-4-14_3-15-27.png

    Domain: LogoInfinix.com.au
    ABN: 42115829257
    Email: [email protected]
    Name: Kristy Tate
    Registrant: Chen Hao - CHEN HAO CONSULTING PTY LTD (possible) 55 638 442 029
    (auDA are bringing these guys down for me within 14 days (just received email,) site being taken away, can show email)



    LogoInfinix.com - Same site



    LogoInfynix.com - Same site



    nexusghostwriting.com - Site Down - on same server (Run by Digital Blue Ocean LLC)



    NexusIllustration.com - Scam Site - I Reported to Tawk.to legal action team as advised by person speaking to me
    [email protected]
    +1 469-555-2292



    AceIllustrationz.com - Scam Site - On Same Server
    Email Us:[email protected]
    Call Us:+1-888-297-2482



    ASPIRE GHOSTWRITING - Scam Site - Same Server
    aspyreghostwriting.com/
    https://www.facebook.com/Aspire-Ghostwriting-102727125017211/
    1151 S Hill St H300,
    Los Angeles, CA 90015
    [email protected]
    +1-877-313-2877(Sales)
    +1-213-769-1019 (Support)



    Applisticx.com - Site Down



    amgtpbblh.pw - Site Down



    Now I Googled Digital Ocean LLC and I cam across the next site.



    ipqualityscore.com
    This site gave me the details for Digital Ocean LLC which is hosting the 72 domain names (some mentioned above) and the name Digital Ocean LLC came from DomainTools.com. Same server run by Digital Ocean LLC!
    Phone: Call Us Call us at +1 (800) 713-2618
    Email: Call Us [email protected]
    Live Chat: Call Us Chat with a specialist now!



    The site below is on the same server as the rest above.


    fxforyouandme.com - Phony Investment Site - Same amount of domain names hosted on as ipqualityscore.com (which is hosted on the server all the above are on,) which gave me the details for Digital Ocean LLC plus shares same number of websites on server as Digital Ocean LLC, Who are hosting the above domain names / fraud services



    Now all of these share Digital Ocean LLC nameserver with 72 domain names, and all of which are phony services.
    I'm contacting ARIN and getting them to bring this shit down, and ICANN to strip the domain names away because mostly USA jurisdiction. auDA have already done this for the first domain name (logoinfinix.com.au)

    I hate scammers!

    Can anyone who has membership to DomainTools.com get the full report of Domain Names on server as the above domains? It cost $50 and I cannot be F##KED to pay money for this exercise.
     
    Last edited: Apr 13, 2021
    The views expressed on this page by users and staff are their own, not those of NamePros.
  2. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    1,054
    Likes Received:
    3,475
    I'm confused, why (and what) did you report to ARIN?

    My confusion is probably because I'm missing some context. Could you provide some?
     
  3. Super-Annuation

    Super-Annuation Restricted (Market)

    Posts:
    1,291
    Likes Received:
    1,045
    1) LogoInfinix.com.au have been taken down (evidence above) because I reported them to auDA as they were a scam service

    2) LogoInfinix.com, LogoInfinyx.com are still up and running. They're a scam service that just take money.

    3) The server the above 3 domain names are on host 72 other domains, all of which are scam services.

    4) The company behind the server is DigitalOcean, and they have many comments on their website stating scam, no refund, business failing etc, yet they're trading at $43.00. Now I'm not certain, but I imagine they have compliance obligations here, and it can't be a coincidence that all 72 websites are scam services on the RapidServer360.com server.

    5) ARIN should be involved here regarding the designation of numbers and I'm curious as I can't find the server block for all domains using IPv4Info.com. I'm not sure if anything suspicious is happening regarding IP designation, but I thought they should know.

    6) I'm going to email ICANN and Afternic regarding the use of the domain names being fraudulent and scam services given the obligations of both, predominantly registrars monitoring use and responding to fraud claims

    7) Here is some information regarding the first service which led me to the corrupt server: https://whois.domaintools.com/logoinfinix.com

    8) and here is the reverse lookup for all domains that I want a report of: https://reversens.domaintools.com/search/?q=rapidserver360.com

    If someone could get that report and send me a list of all the domains on the server, I would appreciate it very much.
     
  4. Samer

    Samer Top Contributor VIP

    Posts:
    10,076
    Likes Received:
    19,234
    Who uses .com.au? What a mouthful.

    At least “De” for “De” Germans is short, if at all.

    .Com or go home. Cant say, i’m surprised.
     
    Last edited: Apr 14, 2021
  5. Super-Annuation

    Super-Annuation Restricted (Market)

    Posts:
    1,291
    Likes Received:
    1,045

    It's a sub-service of their 2x .com domains. They're targeting Australian people. I couldn't have that.
     
  6. Super-Annuation

    Super-Annuation Restricted (Market)

    Posts:
    1,291
    Likes Received:
    1,045
    Just filled out complaint form in Word, and emailed UDRP; [email protected]

    These are the domains (out of the 72 I have access to) I am requesting action so far (LogoInfinix.com.au already taken down, perfect):

    Disputed Domain Name(s):

    LogoInfinix.com


    LogoInfynix.com

    VideoInfinix.com

    WebdesignInfinix.com

    AspyreGhostwriting.com

    NexusGhostwriting.com

    Applisticx.com

    FXForYouAndMe.com (This one is simply horrible)
     
  7. bmugford

    bmugford www.DataCube.com PRO VIP ICA Member ★★★★★★★★★★

    Posts:
    12,926
    Likes Received:
    22,399
    I am confused. UDRP is for trademark and simular disputes.

    You need standing, aka your brand is being infringed on. Someone with no tie to the domain or brand doesn't have standing, as far as UDRP is concerned.

    Brad
     
  8. capybara

    capybara Established Member

    Posts:
    694
    Likes Received:
    1,082
    DigitalOcean is a cloud hosting service provider. You might as well get mad at Intel since whatever scammers do is being possible thanks to Intel processors.
     
  9. Super-Annuation

    Super-Annuation Restricted (Market)

    Posts:
    1,291
    Likes Received:
    1,045

    "A copy of this Complaint has also been sent to the Registrar(s) with which the domain name(s) that is/are the subject of the Complaint is/are registered."

    This is at the bottom of the second page for disputes. I want to make the registrar aware of the complaint. The document allows for disputes for misuse of a domain in regards to fraud. Grey, but it should start things. I want every service provided by each of the domains on the server looked at.

    Thanks though. auDA worked with me on this, hopefully it'll support a bigger case. Can't hurt.

    I'm familiar with their relationship with WIPO.
     
  10. Super-Annuation

    Super-Annuation Restricted (Market)

    Posts:
    1,291
    Likes Received:
    1,045

    Yet they don't even have a phone number. Long short I think.
     
  11. CraigD

    CraigD Top Contributor VIP

    Posts:
    4,255
    Likes Received:
    9,554
    So @Super-Annuation, if I understand this correctly, auDA have acted very quickly to shut down a .com.au site that was in breach of auDA policy?

    @Samer, yes it's a mouthful, but most Australian businesses use .com.au because it is tightly regulated and controlled.

    This is a good example of why it is so trusted in Australia - .com.au can only be registered by citizens with registered businesses, tax-file numbers or similar, so owners are easy to track down and be prosecuted if they have broken the law. I'm not sure exactly what has allegedly transpired in this case, so won't get involved in that.
     
    Last edited: Apr 14, 2021
  12. lock

    lock DomainUsed.com VIP

    Posts:
    5,614
    Likes Received:
    5,860
    I looked up digital ocean a few weeks ago can't even remember why but ignored it.
     
  13. johnn

    johnn WeSellName.com PRO VIP ★★★★★★★★★★

    Posts:
    17,038
    Likes Received:
    6,779
    But why do we want to be an Internet Cop?
     
  14. Future Sensors

    Future Sensors 78% of human domainers will be replaced by robots Gold Account

    Posts:
    1,054
    Likes Received:
    3,475
    Hi @Super-Annuation

    I was triggered because you started your posting with a report to ARIN. So, let me focus on the Internet Number Resource Fraud Reporting service at ARIN. This service is not intended for reporting things like you're experiencing.

    From the ARIN site:

    Please note that this reporting process is NOT for reporting illegal or fraudulent Internet activity like network abuse, phishing, spam, identity theft, hacking, scams, or any other activity unrelated to the scope of ARIN’s mission.

    https://www.arin.net/reference/tools/fraud_report/

    All RIRs (RIPE NCC, ARIN, APNIC, AFRINIC, LACNIC) get tons of emails from concerned users, because they do a whois on an IP address and find out that the RIR is the source of the problem. Most of the time, this is not the case.


    If you're seeing irregularities with organizations that operate under their own BGP ASN, and the abuse is clearly related to Internet number resources (e.g. BGP hijacking cases) or incorrect/fraudulent RIR whois information, you have a good chance of successfully reporting such a matter to the RIR.
     
  15. Lox

    Lox _____ VIP Gold Account

    Posts:
    3,226
    Likes Received:
    5,328
    Further, keep the websites/domains out of public eyes cos scammers can read too and disappear quickly.

    Next. In cybersecurity world there are specific steps / rulers defined upfront and the registrar/ registry is not a very fast link to combat the problem.

    Submit your complaint to the US IC3 department (read more).

    If you are going to become Cyber sleuth, consider joining the IBM X-Force Threat Intelligence

    Regards
     
  16. DirkS

    DirkS DutchPirates.com VIP

    Posts:
    6,934
    Likes Received:
    5,783
    You can simply report them to DO, provide evidence and they'll take them down.

    It's a rather straightforward process to be honest.

    Not having a telephone number for support doesn't change much where it concerns your issue. No provider in their right mind will take down a client based on the odd phonecall they get.

    Edit:
    https://www.digitalocean.com/company/contact/

    Report abuse, all the way at the bottom.
     
    Last edited: Apr 14, 2021
  17. Super-Annuation

    Super-Annuation Restricted (Market)

    Posts:
    1,291
    Likes Received:
    1,045

    Yes, they've been brilliant.
     
  18. Super-Annuation

    Super-Annuation Restricted (Market)

    Posts:
    1,291
    Likes Received:
    1,045
    I just don't want any Australian being scammed. It didn't take much time out of my day. "Internet Cop" lol love this.
     
  19. Super-Annuation

    Super-Annuation Restricted (Market)

    Posts:
    1,291
    Likes Received:
    1,045
    I appreciate your help here, LOX! I had no idea of this process, so thank you very much. Hopefully other people read this thread in an event like this, because your comment offers great help!

    Don't think I have the brains for IBM lol.
     
  20. Super-Annuation

    Super-Annuation Restricted (Market)

    Posts:
    1,291
    Likes Received:
    1,045
    Found another one.

    This time UK

    -> eshconsultancy.co.uk (A guest speaker)

    1) Just received an email saying account may be suspended at a particular registry.
    2) Subject line was TheRegistryName: Account Suspended
    3) A hyperlink that read "CLICK Here"
    4) The body of the email read:

    "thiѕ؜؜؜ р؜؜؜rо؜؜؜с؜؜؜е؜؜؜durе؜؜؜ iѕ؜؜؜ а؜؜؜utо؜؜؜mа؜؜؜tiс؜؜؜ а؜؜؜nd а؜؜؜imѕ؜؜؜ tо؜؜؜ ѕ؜؜؜trе؜؜؜nɡ؜؜؜thе؜؜؜n thе؜؜؜ ѕ؜؜؜е؜؜؜с؜؜؜uritу؜؜؜ о؜؜؜f о؜؜؜ur infrа؜؜؜ѕ؜؜؜truс؜؜؜turе؜؜؜.

    Wе؜؜؜ thа؜؜؜nk у؜؜؜о؜؜؜u fо؜؜؜r у؜؜؜о؜؜؜ur truѕ؜؜؜t а؜؜؜nd о؜؜؜ur ѕ؜؜؜uр؜؜؜р؜؜؜о؜؜؜rt rе؜؜؜mа؜؜؜inѕ؜؜؜ а؜؜؜t у؜؜؜о؜؜؜ur diѕ؜؜؜р؜؜؜о؜؜؜ѕ؜؜؜а؜؜؜l if nе؜؜؜с؜؜؜е؜؜؜ѕ؜؜؜ѕ؜؜؜а؜؜؜rу؜؜؜.

    Gо؜؜؜t quе؜؜؜ѕ؜؜؜tiо؜؜؜n? Simр؜؜؜lе؜؜؜ ɡ؜؜؜е؜؜؜t in tо؜؜؜uс؜؜؜h viа؜؜؜ livе؜؜؜ с؜؜؜hа؜؜؜t, р؜؜؜hо؜؜؜nе؜؜؜ о؜؜؜r е؜؜؜mа؜؜؜il. Wе؜؜؜'ll bе؜؜؜ hа؜؜؜р؜؜؜р؜؜؜у؜؜؜ tо؜؜؜ hе؜؜؜lр؜؜؜.

    Wа؜؜؜rm rе؜؜؜ɡ؜؜؜а؜؜؜rdѕ؜؜؜

    Н؜؜؜а؜؜؜rrу؜؜؜ В؜؜؜а؜؜؜kе؜؜؜r
    В؜؜؜illinɡ؜؜؜ mа؜؜؜nа؜؜؜ɡ؜؜؜е؜؜؜r

    Ϲ؜؜؜о؜؜؜р؜؜؜у؜؜؜riɡ؜؜؜ht : Р؜؜؜ti Ltd 13 080 859 721. а؜؜؜ll riɡ؜؜؜htѕ؜؜؜ rе؜؜؜ѕ؜؜؜е؜؜؜rvе؜؜؜d."

    5) The email used is [email protected]
    6) Here is the link. I haven't clicked Ϲ؜؜؜LIϹ؜؜؜К؜؜؜ Н؜؜؜Е؜؜؜RЕ
    7) Microsoft says do not open the link



    So another damn scammer...؜؜؜ Obvious one too which is pretty funny, but I think I should report them too.

    This one has nothing to do with the above "consortium" if you will.
     

Want to reply or ask your own question?

It only takes a minute to sign up – and it's free!
Topics / Tags:
NameWorth
  1. NamePros uses cookies and similar technologies. By using this site, you are agreeing to our privacy policy, terms, and use of cookies.
    Dismiss Notice
Loading...