opus2k
join:2005-07-16
| YesNIC.com
Hi All
Just joined here and want to spread the word about these Korean domain registrars. Just about every mortgage spam out there is based from them and they need to be stopped. If you get an email with a mortgage application link do a whois on the domain.
For example, »gwz7.p01nt.net/p2.asp
Do a whois on p01nt.net and you'll see they are registered under Yesnic.com
No contact, abuse or any emails of any nature are on their main page and info@yesnic.com is only returned due to user over quota. which means it's a false email that does not get checked.
If anyone is receiving these type of emails please check the whois on the link and see if it is from yesnic.com
If there are more people yelling at them and complaining to »www.internic.net/ the better!!!!
Cheers and let's kill spam alltogether!!!!! |
|
MGD
Premium,MVM
join:2002-07-31
Fort Lauderdale, FL
| I agree, and have stated previously that they are a cesspool.
Below is a random sampling of the phishing scams that I have traced in the past few months. Some of these domains are still active, and have yet to be put on hold. Most of them were stopped from the outside by pulling the A record at the root servers.
Domain Name: SIGNIN-PAYPAL-SECURE.COM
Registrar: YESNIC CO. LTD.
Domain Name: PAYPAL-JOIN.COM
Registrar: YESNIC CO. LTD.
Domain Name: CITIFINANCUPDATE.COM
Registrar: YESNIC CO. LTD.
Domain Name: WAMU4U.COM
Registrar: YESNIC CO. LTD.
Domain Name: WAMUCORP.COM
Registrar: YESNIC CO. LTD.
Domain Name: COOMAND.COM
Registrar: YESNIC CO. LTD.
Domain Name: SMODE11.COM
Registrar: YESNIC CO. LTD.
Domain Name: PAYPALLK.COM
Registrar: YESNIC CO. LTD.
Domain Name: USERPAGE-SOUTHTRUST.COM
Registrar: YESNIC CO. LTD.
Domain Name: CUSTCONF.COM
Registrar: YESNIC CO. LTD
Also, you are correct, they have no contact addresses, except for a sales one, which I have used with only minor success.
They should have pulled the plug on Yesnic a long time ago. I first noticed bulk scam domains over 8 months ago.
How many hundreds of domains do you need to see being registered with PayPal or bank names in them before you get a clue.
The word co-conspirator is fast becoming more appropriate.
|
|
Dark Fiber
Premium
join:2005-01-23
Boise, ID | reply to opus2k
You can report invalid domain whois records to InterNIC
»wdprs.internic.net |
|
opus2k
join:2005-07-16
| reply to opus2k
So after sending many complaint forms from the Internic website YesNIC.com has sent me some emails:
Here they are:
Thank you for contacting YesNIC.
We have deactivated and locked the domain name "reqestingafre.com" following our registration policy.
It will be kept locked until the registrant provides us with the proper explanation on this matter.
The domain name is currently inactive but it can seem active for a moment as it takes some time for all the name servers to be updated worldwide.
Should you have any further questions, please feel free to contact us.
Thank you.
Best Regards,
YesNIC support.
AND
Thank you for the reporting.
We have sent a warnig to the registrant requesting fix the whois data within 48 hours. If we do not receive the proper reply from the registrant, we will deactivate the domain name.
Please be informed that we are doing our best to comply with the whois accuracy policy of ICANN.
Should you have any further questions, please feel free to contact us.
Thank you.
Best Regards,
YesNIC support
WOOOHOO!! |
|
vaisg
join:2005-09-11
1 edit | reply to opus2k
Hi All
I think yesnic do respond to spam report. Just send it to them via »www.yesnic.com/ENG/misc/notice_0809.php3.
I already manage to get 2 out 2 spam domains removed from yesnic. The two spamvertise sites are sotrepedly.com, oplegazin.com.
Some like th1s2dn0w.com who send me spam on 9/6 was gone by today (not reported by me though).
Can't say them same about joker.com who is presently still allowing propills.biz and chemistry-of-love.biz to run their sites even till today. The hosting company of this spammer probably remove his sites so this chap is now hosting on his korea net dsl line.
Even the oldest one, networksolution doesn't even have a abuse report page. |
|
opus2k
join:2005-07-16
| Yeah...I reported sotrepedly.com as well...
Here's a list of sites I have sent to them several times over the last two weeks and they haven't done a single them about it too.
mad3-in.com-Active as of Sept 14
hero3s.com-Active as of Sept 14
cru1s3.net-Active as of Sept 14
dpmort.net-Active as of Sept 14
her0es.net-Active as of Sept 14
localcomic.com-Active as of Sept 14
l8mort.net-Active as of Sept 14
patientoundeir.com-Active as of Sept 14
shr1ne.net-Active as of Sept 14
hrmmmm.com-Active as of Sept 14
spaliziseg.com-Active as of Sept 14
gograpicarif.com-Active as of Sept 14
simpl1city.net-Active as of Sept 14
Personally I don't think they truly care...I've sent so many Who Is Data reports to InterNic that they stopped allowing my email address to go through! Amazing, I bet they want spam to exist and they don't care anymore as well...shame shame shame...
It's amazing how the link to report abuse is so hidden on Yesnic's site! It should be easy to find!!
I'm continuing my effort to have them truly clean up their act as they truly are a cess pool of spam!!
Opus |
|
vaisg
join:2005-09-11
| Presently, I am monitoring all the spam reports I've sent out to these registrars, namely Yesnic and Joker.com. If no action is taken, I will probably follow your route and send copies of all spams and spam reports to Internic.
I think you're right that YESNIC is spam haven. Almost all of the spamvertized sites are either with them or with Joker.com.
I am keeping this URL handy and once no response, next course of action will be taken.
»reports.internic.net/cgi/registr···port.cgi |
|
opus2k
join:2005-07-16
| They won't respond to you as I'm sure they are flooded with abuse reports....albeit they sit there and do nothing about it. I think it's more of if they receive a certain amount of abuse reports about one site that they then do something about it. Personally forwarding an email to them should be good enough.
Melbourneit.com is another one that I've noticed. They keep replying back saying they have no affiliation with the links which is hogwash since the Whois database says they host them!
I think the more people that send problems to Internic the more they will realize that indeed Yesnic is a problem site. So start sending to them and put SHUT THEM DOWN in your report!
Opus |
|
vaisg
join:2005-09-11
| reply to opus2k
I put these two spamvertized sites out of their misery;
chemistry-of-love.biz
propills.biz
after forwarding the original spam to both abuse@joker.com and webmaster@internic.net.  I asked joker.com in the spam report whether they are spam friendly since I have sent them reports via the form on their site but no actions were taken. It was then promptly removed. Amazing how fast they work this time.
With this comes a conclusion that the spam report form on joker's site is just a false front to show they act on spam.
Will add melbourneit.com to the list too.
From your list, seems like we are dealing with the same spammer and this particular spammer collects email addresses from compromised machines.
I am the mail admin for a number of clients, thus collecting these spam to report is not a problem at all. Only thing is I block almost all of Korea and China thus the spam I am receiving are significantly lesser. |
|
opus2k
join:2005-07-16 | Add enom.com to your list as well...I've had at least 10 or more from them lately...
Slowly these sites are being put on hold..not that it does anything in the long run.
Opus |
|
nomortgage
@rr.com
| reply to opus2k
I have been tracking and yes, harassing, mortgage loan spammers for many months. I believe that Yesnic is a becoming a registrar of choice. It appears that their registration will accept almost anything and that many data fields are optiona including City and State.
I also believe that their are only a very small number of participants in this small part of the spam racket.
I have a data base which has allowed me to relate domains by name, e-mail, address, postal code, IP address, name server name, NS IP and yes the fill in the blanks page where they gather their sales data.
Yesnic needs badly to be put out of business. Maybe followed by ICANN for ineptness. |
|
alanrt
join:2003-10-15
Santa Maria, CA
| reply to opus2k
I have had some success with Yesnic removing spammers since I started c.c.ing the ICANN Registrar Complaint address at registrar-info@icann.org. This more or less goads Yesnic into at least investigating the Registrant info. (note that ICANN sends you an e mail that you must reply to or click on the web link to confirm).
Also, if the registrant uses a yahoo.com address to register, you can complain to Yahoo and get the address disabled because of violation of their policy prohibiting commercial use of a yahoo.com address. You'll get a reply from Yahoo if they took action against the account. Then you can go back to the Registrar and complain that the registration email info is bogus 
You can use these two tactics with any Registrar.
BTW, I have always found eNom to be very spam unfriendly and they quickly terminate domain names when they are reported. On the other hand, tucows/opensrs gets a big thumbs down for their blind eye policy. I always copy ICANN when complaining to tucows. |
|
opus2k
join:2005-07-16
| reply to opus2k
This is good...great information. I've started copying the ICANN email address as well as the Korean spam email address.
Just sent another abuse report about the sites in which have not been shut down.
The list was growing smaller but a few more sites have been added..
Here's the updated list..
t0ngs.com-Active as of Sept 30
gr0und3d.com-Active as Of Sept 30
mad3-in.com-Active as of Sept 30
hero3s.com-Active as of Sept 30
l8mort.net-Active as of Sept 30
patientoundeir.com-Active as of Sept 30
shr1ne.net-Active as of Sept 30
hrmmmm.com-Active as of Sept 30
gograpicarif.com-Active as of Sept 30
simpl1city.net-Active as of Sept 30
Opus |
|
