- 1 Description
- 2 False Pretenses
- 3 Recent registrations
- 4 Sponsoring Registrars
- 5 How to report this spam
- 6 Related spams
Description[edit | edit source]
This piracy operation offers to sell software at prices that indicate an obvious theft. Brand names are
- Online Store
- Online Shop
- Software Sale2
- Cheap OEM Software
- Authorized Software Resellers (which they are not.)
Vendors affected by the software piracy include
- IBM - Lotus
At the time this article was originally written, (July 2009) a whois lookup for a sample domain PROPRIETARYSOFTWAREDOWNLOAD.COM yielded the following
Domain Name: PROPRIETARYSOFTWAREDOWNLOAD.COM Registrar: ONLINENIC, INC. Name Server: NS1.GREENZMIY.COM Name Server: NS2.GREENZMIY.COM Status: clientTransferProhibited Updated Date: 13-jul-2009 Creation Date: 13-jul-2009
The registrant shows up as
name: Alex Notkins mail: email@example.com tel: +1.9120192873 org: N/A address: 3617 Santana Beach city: Miami ,province: Florida ,country: US postcode: 10938
(That postal code is not a valid zip code for any location in the US, the phone number (912) 019-2873 could not exist because 019- is not a valid US local prefix, and the US Postal Service report that there is no 3617 Santana Beach in Miami, FL.)
The registrar Onlinenic has a good reputation for suspending domains that are used for illegal purposes. This was one of many sites that they placed on status Client Hols upon request.
Name servers[edit | edit source]
One name server domain is evaluated at McAfee SiteAdvisor reviews
http://www.siteadvisor.com/sites/greenzmiy.com/msgpage (domain suspended by the registrar)
- NS1.GREENZMIY.COM has address 188.8.131.52 (China Telecom, CHINANET Chongqing province network)
- NS2.GREENZMIY.COM has address 184.108.40.206 (HANANET, KOREA) also listed in Spamhaus at http://www.spamhaus.org/sbl/sbl.lasso?query=SBL71815
Another name server domain is encatgpc.com.
It also appears in McAfee Site Advisor reviews
http://www.siteadvisor.com/sites/encatgpc.com/msgpage (domain suspended by the registrar)
Some examples that were found on the spam trap report at http://rss.uribl.com/ns/encatgpc_com.html (domains suspended by the registrar)
#1 duperpurchase.com Mon, 20 Jul 2009 20:55:09 +0000 (domain suspended by the registrar) #2 aboutsuperbuy.com Mon, 20 Jul 2009 20:10:28 +0000 (domain suspended by the registrar) #3 aboutsafebuy.com Mon, 20 Jul 2009 11:27:37 +0000 (domain suspended by the registrar) #4 abouthelpnet.com Mon, 20 Jul 2009 11:15:05 +0000 (domain suspended by the registrar)
The registrant for this encatgpc.com domain is shown with the same bogus address
Administrator: Name-- Alex Notkins EMail-: (firstname.lastname@example.org) tel --: +1.9120192873 org: N/A 3617 Santana Beach Miami,Florida,US 10938
As above, the dirty IP addresses were the same -
- NS1.ENCATGPC.COM has address 220.127.116.11
- NS2.ENCATGPC.COM has address 18.104.22.168
In October 2010, the name servers were on the same domain as the illegal web sites, such as these registered in Taiwan with Net-Chinese
- homeshopinc.com (dns1.homeshopinc.com dns2.homeshopinc.com)
- theheathenscult.com (dns1.theheathenscult.com dns2.theheathenscult.com)
Sample spammed pirate sites[edit | edit source]
From October 2010, all registered with NET-CHINESE in Taiwan
From November 2010, all registered with NET-CHINESE in Taiwan
From December 2010, all registered with NET-CHINESE in Taiwan
Sample of website features[edit | edit source]
The footer of the website had a Copyright notice for "Online Store"
At Check-out in 2009, the site uses a security certificate issued by Equifax to orders.gsecuresystem.com where -
Domain Name: GSECURESYSTEM.COM Registrar: ONLINENIC, INC. Name Server: NS1.DNS-DIY.NET Name Server: NS2.DNS-DIY.NET Status: ok Updated Date: 26-feb-2009 Creation Date: 26-feb-2009 Administrator: Name-- Alex Notkins EMail-: (email@example.com) tel --: +1.9120192873 org: N/A 3617 Santana Beach Miami,Florida,US 10938
As mentioned above, this is a totally bogus address. Apparently this resident of Santana Beach, Miami, Florida has an email provider in Russia!
As a law abiding registrar, Onlinenic suspended this domain name to prevent abuse of its registration service.
In October 2010, the checkout was at https://order.safeinternetsolutions.com/join/index.php with a certificate from Equifax
The provider of this service is the registrar in Taiwan
Domain Name: SAFEINTERNETSOLUTIONS.COM Registrar: NET-CHINESE CO., LTD. Whois Server: whois.net-chinese.com.tw Referral URL: http://www.net-chinese.com.tw Name Server: DNS1.SAFEINTERNETSOLUTIONS.COM Name Server: DNS2.SAFEINTERNETSOLUTIONS.COM Status: ok Updated Date: 07-may-2010 Creation Date: 19-apr-2010 Expiration Date: 19-apr-2011
It is clear that the registrar is not only providing registration for the illegal web site domains, but also the secure SSL service for the check-out operation.
On November 18 this changed to
Domain Name: SAFEINTERNETSOLUTIONS.COM Registrar: NET-CHINESE CO., LTD. Whois Server: whois.net-chinese.com.tw Referral URL: http://www.net-chinese.com.tw Name Server: DNS1.SAFEINTERNETSOLUTIONS.COM Name Server: DNS2.SAFEINTERNETSOLUTIONS.COM Status: clientHold Updated Date: 18-nov-2010 Creation Date: 19-apr-2010 Expiration Date: 19-apr-2011
When the safeinternetsolutions.com domain was suspended on November 18 the checkout was replaced with https://cart.orderboxonline.com, and if we look up its registration details -
Domain Name: ORDERBOXONLINE.COM Registrar: NET-CHINESE CO., LTD. Whois Server: whois.net-chinese.com.tw Referral URL: http://www.net-chinese.com.tw Name Server: DNS1.ORDERBOXONLINE.COM Name Server: DNS2.ORDERBOXONLINE.COM Status: ok Updated Date: 18-nov-2010 Creation Date: 18-nov-2010
Note the creation date. Net-Chinese has accepted this registration. However, the registrant details contain no company name, no contact name or phone number.
Registrant : 91827 P.O. Box New YORK US
False Pretenses[edit | edit source]
Fake shop.com approval[edit | edit source]
There is no reference to "Online Store" or "Cheap OEM Software" at shop.com
Fake pricegrabber.com approval[edit | edit source]
A search of the pricegrabber.com site shows no references to "Online Store" or "Cheap OEM Software"
Fake CNET certification[edit | edit source]
The CNET Certified Store logo has no link attached to it. There is no sign of any endorsement at CNET. When contacted, the reply confirmed that it is another case of false pretenses:
We verified that Cheap OEM Software is not a CNET Certified Merchant. They are fraudulently posting our logo on their site, and our Legal Team will be contacting them in the near future. The CNET Certified Store logo is authorized for use only by stores who are listed on our site, are in good standing with us, and meet all of the requirements of our Certified Store Program. The best way to ensure that you're really shopping with a CNET Certified store is to always start your shopping from our site. Please let us know if we may be of further assistance. Sincerely, Pauline CNET Customer Support
Fake Better Business Bureau certification[edit | edit source]
A search at the BBB web site shows that they have no presence on the Better Business Bureau.
All of these copied logos and endorsements are a fraud.
There are several major software vendors whose products are being pirated and sold at an "80% discount".
Recent registrations[edit | edit source]
Software piracy sites registered with NET-CHINESE, spammed in October 2010
aventuresmovement.com bestmovementmusic.com bestprintworks.com bytequadrodiretto.com bytequadromondo.com cuisinartgrindmuch.com denplandirect.com denstatonline.com denstatworld.com dinoflight.com dinomyaviationsite.com dinomyflightsite.com dinomyflightworld.com dinomyglide.com dinomytravelguide.com dinomytripworld.com dinotraveldirect.com emusicregister.com endingmouseguide.com endingmouseworld.com excursionmovement.com glitchschooltrack.com glitchtracksite.com glitchtrackworld.com greatparamprint.com hibearsdeninfo.com hidenstatguide.com hilyndeninfo.com idenworld.com jazzenroll.com jazzenter.com jazzregisterguide.com journeymovement.com musiclinkregister.com musicrowrecord.com myflightdirect.com mytyreworld.com northernlightstar.com papastathi.com paramanimalprint.com paramoutput.com paramprintguide.com paramprintservices.com paramprintsite.com paramprintsolutions.com paramprintworld.com paramproduce.com pieterstathi.com standarduntouch.com starlight1000.com super1000lightstar.com thaityreonline.com the1000light.com thebasicbirder.com thebasicclub.com thebasiclaw.com thebestbasic.com thedinomyflight.com theuntouch.com theuntouchability.com thevisualbasic.com trasuredsite.com trasuredtapestries.com trasuredworld.com trayourguide.com trayourhealth.com trayouronline.com tresuredonline.com trucktyresell.com tyrechainsale.com tyreonlineservice.com tyrepowerdirect.com tyrepricesonline.com tyresell.com tyresellonline.com tyresellsite.com tyresellworld.com tyreworldexpo.com valuecitytraworld.com valueguidetraonline.com valueplustradirect.com valuetra.com valuetrasuredguide.com valuetrasuredonline.com valuetrasuredsite.com worldcapis.com worldcapltd.com worldcaponline.com worldtrafree.com yournahrep.com yourprintdesign.com yourrefillink.com yourtouchtone.com yourtraan.com
The list of sites using the same name server, many for the same piracy operation, is found at http://rss.uribl.com/ns/greenzmiy_com.html A snapshot:
# Domain Date/Time Added #1 softwaredownloadcharts.com Sat, 18 Jul 2009 14:08:54 +0000 #2 softwaredownloadaudio.com Sat, 18 Jul 2009 13:50:11 +0000 #3 softwaredownloadintel.com Sat, 18 Jul 2009 05:43:10 +0000 #4 biblesoftwaredownload.com Fri, 17 Jul 2009 23:37:23 +0000 #5 playersoftwaredownload.com Fri, 17 Jul 2009 14:43:29 +0000 #6 architecturesoftwaredownload.com Thu, 16 Jul 2009 19:37:03 +0000 #7 notablesoftwaredownload.com Thu, 16 Jul 2009 17:48:35 +0000
100.00% - 47 of 47 active domains appearing in email which are registered at NET-CHINESE CO., LTD. are Listed by URIBL in the last 5 days.
#1 instantweblow.com Tue, 27 Apr 2010 01:15:23 +0000 #2 greatspicygetnow.com Tue, 27 Apr 2010 00:55:23 +0000 #3 accelerationwebminimum.com Mon, 26 Apr 2010 11:09:49 +0000 #4 besttradetopsoft.com Mon, 26 Apr 2010 11:03:20 +0000 #5 lowspeedgenerator.com Mon, 26 Apr 2010 10:25:58 +0000 #6 lowspeedcollisions.com Mon, 26 Apr 2010 10:22:55 +0000 #7 lowspeedalternator.com Mon, 26 Apr 2010 08:56:18 +0000 #8 getnowsite.com Mon, 26 Apr 2010 08:54:33 +0000 #9 lowspeedfinishes.com Mon, 26 Apr 2010 08:24:55 +0000 #10 lowspeedfinish.com Mon, 26 Apr 2010 07:59:25 +0000
The abuse has continued into October
#1 homeshopinc.com Sun, 24 Oct 2010 17:23:49 +0000 #2 theheathenscult.com Sun, 24 Oct 2010 03:43:49 +0000 #3 truedatacollection.com Sun, 24 Oct 2010 02:59:06 +0000 #4 yourmeanezstorage.com Sun, 24 Oct 2010 02:49:32 +0000 #5 thecultdvd.com Sun, 24 Oct 2010 01:43:25 +0000 #6 thejeansoutlet.com Sat, 23 Oct 2010 20:43:38 +0000 #7 thetouchless.com Sat, 23 Oct 2010 06:50:42 +0000 #8 laphirehouses.com Sat, 23 Oct 2010 02:27:23 +0000 #9 laplayarentworld.com Fri, 22 Oct 2010 03:21:12 +0000 #10 influenceinwin.com Thu, 21 Oct 2010 19:29:03 +0000
Sponsoring Registrars[edit | edit source]
Registrars who sponsor these crimes by providing registration services under contract to these criminals include
Onlinenic has been successful in suspending abuses of their service by placing domains on status Client Hold.
Vicky Tu Tel: +886 2 2531 9196 Email: firstname.lastname@example.org
or email@example.com (from the web site)
This registrar has signed the Registrar Accreditation Agreement with ICANN - The 2009 RAA provides enhanced protections for registrants and an increased level of accountability for registrars. Prospective registrants may want to take this fact into account when selecting a registrar for their gTLD name(s).
Before selecting a registrar, customers should consider the company's reputation for honesty and integrity. As of May/June 2010, NET-CHINESE of Taiwan has been a consistent sponsor of illegal software piracy domain names. Despite being notified of this continual abuse of their service by criminals, they have refused to cancel their service contracts for domain registrations.
They have even referred complainants to the web site hoster, even though it is clear that the hoster is the criminal, and will pay no attention to complaints.
ICANN accredited registrars sign an agreement with ICANN, known us the Uniform Domain Name Dispute Resolution Policy (UDRP) which states:
2. Your Representations. By applying to register a domain name, or by asking us to maintain or renew a domain name registration, you hereby represent and warrant to us that (a) the statements that you made in your Registration Agreement are complete and accurate; (b) to your knowledge, the registration of the domain name will not infringe upon or otherwise violate the rights of any third party; (c) you are not registering the domain name for an unlawful purpose; and (d) you will not knowingly use the domain name in violation of any applicable laws or regulations. It is your responsibility to determine whether your domain name registration infringes or violates someone else's rights.
Registrars who allow domain names to be registered but used to infringe patents and copyrights are breaking the terms of this agreement with ICANN, sections (b) (c) and (d). They risk losing their accreditation.
Taiwan does not condone the theft of Intellectual Property. Taiwan's registrar Net-Chinese however is making no efforts to prevent criminals from taking out service contracts for domain names that are clearly used for selling stolen property. Net-Chinese is taking payment for these services, and in doing so is aiding and abetting the crime, while profiting by it.
Sample sites registered with Net-Chinese, February 2011
blacklungbus.com bonteckup.com busrideon.com busridevideo.com cancerlungbus.com chaudteckup.com consumerrepinight.com diskwipeutility.com dosecontacts.com dosepasses.com dosewipeguide.com dosewipeworld.com eccellenterepinight.com enjoybusride.com eurohund.com eurotanwipe.com facileteckup.com freebusride.com freediskwipe.com greatwipe.com hotbusride.com hundasponline.com hundbus.com hundcon.com hundella.com hundinfo.com hundweb.com konservewipe.com lundehundasp.com lungbussite.com lungbusworld.com lungride.com lungtransport.com lungvehicle.com mionightlive.com nightdarkprincess.com nightevening.com nightisdark.com nuovonightowl.com onbusride.com payhund.com pianetarepinight.com premierteckup.com primorepinight.com redbusride.com repidark.com repieve.com repievening.com repinightdiretto.com repinightinlinea.com repinightmondo.com repinightpianeta.com repinightterra.com repisaturdaynight.com resoutecknouveau.com resouup.com reteckenligne.com reteckmonde.com retecknouveau.com reteckplanete.com reteckprojet.com retecksuperbe.com reteckupdos.com reteckupnow.com reteckupplanete.com reteckvirtuel.com schaeferhundasp.com schlafenwipe.com smartbusride.com superiorerepinight.com tanwipe.com teckupnouveau.com teckupskirt.com theafterwipe.com thebestwipe.com thelungbus.com thewipeoff.com thundaspguide.com thundaspworld.com thundcobras.com thundvipers.com todhund.com virtualerepinight.com votreteckup.com warhund.com wetdrywipe.com wipeoutsonline.com wipesite.com yourthundasp.com yrdirecto.com yrguia.com zonedmarkup.com
greatnalejan.com housechildak.com hyundaigrace.com officialsraptok.com onlinesraptok.com pegracebaptist.com
How to report this spam[edit | edit source]
Option 1 - Complainterator[edit | edit source]
Report the name servers to the registrar using Complainterator. No reputable company in the People's Republic of China or Taiwan should support software piracy.
Option 2 - BSA[edit | edit source]
But more importantly, remember that this is a flagrant software piracy operation. You can
- shut down the whole operation
- provide evidence leading to the arrest of the criminals
Follow these steps
- Open the pirate site, and note down a selection of software vendor names and software titles being pirated
- Visit the Business Software Alliance web site
- Select "Report Software Piracy"
- Fill in your contact details
- Fill in the matching software vendors and software titles in the reporting form
- Send it off and feel better
Option 3 - list of report sites[edit | edit source]
JavaWoman's list of email reporting addresses, by vendor, for software piracy is an excellent resource. Some examples are shown here ready to be copied into an email cc list:
firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org, email@example.com, firstname.lastname@example.org