Description of the Registrar[edit | edit source]
TRUNKOZ TECHNOLOGIES PVT LTD. doing business as OWNREGISTRAR.COM is a registrar in Mumbai, India.
OwnRegistrar is a complete Domain Solutions Provider which deals in registration of all the major TLDs and ccTLDs through its Channel Partners worldwide. OwnRegistrar is one of the few white-labeled domain registrars in the world. Since the inception of its domains and hosting provider company, OwnRegistrar boasts of being a complete Domain Solutions Provider. OwnRegistrar’s experience of the Domain Names market makes it an ideal choice for Domain Solutions. Unlike other Registrars, OwnRegistrar does not directly deal in domain names, but provides domain name solutions through its channel partners worldwide.
Trunkoz (formerly known as QuantumPages) is one of the leading IT Products & Services providers. The company has an experience of over 12 years in providing various services including Internet Data Center, Disaster Recovery, Mails & Messaging, Remote infrastructure management and monitoring, Domain Registration, Hosting Services and Web Services automation products etc. Trunkoz offers multiple IT brands each targeting the needs and preferences of different customers.
- 1 Description of the Registrar
- 2 Anti-Spam Position
- 3 Registrar responsiveness
- 4 Examples of domains used for fraud
- 5 Common IP addresses
- 6 Where to send abuse complaints
- 7 Additional Contact Information
- 8 Related information
- 9 Sources for this article
Anti-Spam Position[edit | edit source]
Official Position[edit | edit source]
2. Terms of USAGE OF Domain Registration System
(1) Registrant, or its contractors, employees, directors, officers, representatives, agents and affiliates and Domain Registration System Users, either directly or indirectly, shall not use or permit use of the Domain Registration System, directly or indirectly, in violation of any federal, state or local rule, regulation or law, or for any unlawful purpose, or to promote adultoriented or "offensive" material, . . .
In the event that Registrar suspects breach of any of the terms and conditions of this Agreement:
(1) Registrar can immediately, without any notification and without assigning any reasons, suspend / terminate the Registrants access to the Domain Registration System Server.
(2) The Registrant will be immediately liable for any damages caused by any breach of any of the terms and conditions of this Agreement.
(3) Registrar can immediately, without any notification and without assigning any reasons, delete / suspend / terminate / freeze the Order.
Actual Behavior[edit | edit source]
Trunkoz Technologies has been widely abused by the Russian EvaPharmacy fraud operation.
In the past, Trunkoz or Qualispace has acted to remove illegal sites. Trunkoz uses content filtering on email that often rejects complaints that contain illegal domain names. Qualispace is fast to act on complaints entered on their web page.
Registrar responsiveness[edit source]
Piechart showing the crime sponsoring contribution by each registrar.
The comparison between this registrar and others can be seen on the graphs.
It shows how many domains have not been suspended by various registrars over the past year. The higher the column, the more domains are sponsored by the registrar.
Currently the most abused registrar is Russia's R01.ru. This registrar sponsors the vast majority (often over 60%) of the fraud domains used within the Eva Pharmacy group.
The second most abused registrar is Russia's REG.RU REG.RU at over 25%
The next most abused registrar is GKG GKG at 4%.
The next most abused registrar is The Netherlands' Hosting Concepts aka OpenProvider at 3%.
Outside of Russia, most registrars have been quick to terminate the service contracts with these cyber-criminals upon seeing the obvious evidence of fraud.
Examples of domains used for fraud[edit | edit source]
By loading any of these, the registrar can verify the brand, then establish the fraudulent use of the domain name by viewing the evidence that has been prepared for registrars and law enforcement. Note that some of these will be switched from one fraud brand to another.
Common IP addresses[edit source]
A quick way to verify these sites is to examine the hosting addresses. Note that * items have been removed. Many compromised hosts used for this operation during September 2020 - May 2021 were located at these IPs.
|- - - - - - - - - - -||- - - - - - - - - - -||- - - - - - - - - - -||- - - - - - - - - - -||- - - - - - - - - -|
Where to contact the compromised hosting ISP:
Abuse contact for '220.127.116.11 - 18.104.22.168' is 'email@example.com' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'firstname.lastname@example.org' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'email@example.com' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'firstname.lastname@example.org' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'email@example.com' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'firstname.lastname@example.org' (Removed) Abuse contact for '220.127.116.11 - 18.104.22.168' is 'email@example.com' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'firstname.lastname@example.org' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'email@example.com' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'firstname.lastname@example.org' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'email@example.com' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'firstname.lastname@example.org' (Removed) Abuse contact for '220.127.116.11 - 18.104.22.168' is 'email@example.com' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'firstname.lastname@example.org' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'email@example.com' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'firstname.lastname@example.org' (Removed) Abuse contact for '22.214.171.124 - 126.96.36.199' is 'email@example.com' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'firstname.lastname@example.org' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'email@example.com' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'firstname.lastname@example.org' 'email@example.com' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'firstname.lastname@example.org' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'email@example.com' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'firstname.lastname@example.org' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'email@example.com' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'firstname.lastname@example.org' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'email@example.com' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'firstname.lastname@example.org' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'email@example.com' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'firstname.lastname@example.org' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'email@example.com' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'firstname.lastname@example.org' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'email@example.com' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'firstname.lastname@example.org' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'email@example.com' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'firstname.lastname@example.org' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'email@example.com' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'firstname.lastname@example.org' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'email@example.com' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'firstname.lastname@example.org' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'email@example.com' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'firstname.lastname@example.org' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'email@example.com' Abuse contact for '220.127.116.11 - 18.104.22.168' is 'firstname.lastname@example.org' Abuse contact for '22.214.171.124 - 126.96.36.199' is 'email@example.com' Abuse contact for '188.8.131.52 - 184.108.40.206' is 'firstname.lastname@example.org' Abuse contact for '220.127.116.11/26' is 'email@example.com' Abuse contact for '18.104.22.168 - 22.214.171.124' is 'firstname.lastname@example.org' Abuse contact for '126.96.36.199 - 188.8.131.52' is 'email@example.com' Abuse contact for '184.108.40.206 - 220.127.116.11' is 'firstname.lastname@example.org' Abuse contact for '18.104.22.168 - 22.214.171.124' is 'email@example.com' Abuse contact for '126.96.36.199 - 188.8.131.52' is 'firstname.lastname@example.org' Abuse contact for '184.108.40.206 - 220.127.116.11' is 'email@example.com'
Where to send abuse complaints[edit | edit source]
firstname.lastname@example.org email@example.com (known to use content filtering for unlawful domain names)
- Trunkoz web site contact page for reporting abuse http://trunkoz.com/contact-us/report-abuse.php (no domain name filtering)
- QualiSpace web site contact page for reporting abuse hhttps://www.qualispace.com/about-us/contact-us/ (no domain name filtering)
- Submit a ticket to Qualispace about Trunkoz domains: https://www.qualispace.com/shop/submitticket.php?step=2&deptid=5
Additional Contact Information[edit | edit source]
Postal address[edit | edit source]
Trunkoz Technologies Pvt. Ltd. B 9 Jyoti Bldg, Gokhale Road, Thane (West) Mumbai, MH 400602 India
Registration Information[edit | edit source]
Telephone and FAX[edit | edit source]
Telephone: +91 (22) 6781 6875 / +91 (22) 6142 6060
Fax: +91 (22) 6781 6610 / Fax: +91 (22) 6142 6061
Related information[edit | edit source]
Pharmacy fraud operations
- Men Health
- OEM Software
Affiliate program coordinator employing spammers
Sources for this article[edit | edit source]
Independent[edit | edit source]
Interview[edit | edit source]
Corporate[edit | edit source]
Company Homepages http://www.ownregistrar.com/aboutus/