Tucows[edit | edit source]

Tucows is a registrar in Canada. The President and Chief Executive Officer is Elliot Noss.(Picture)

Tucows.logo.jpg

Description of the Registrar[edit | edit source]

We offer Internet services to thousands of business partners and millions of end users around the world, including:

  • The first and best wholesale platform for selling and integrating domain names. (OpenSRS)
  • The simplest way for businesses and individuals to manage their domain names. (Hover)
  • A mobile phone service that makes shockingly good sense for US families and businesses (Ting)

Anti-Fraud Position[edit | edit source]

To submit a report of illegal activity related to a domain name or abuse, please contact legal@tucows.com. You can also reach us by telephone at +1.416.535.0123. Tucows reviews and responds to all reports received. Reports are tracked and logged through a hosted ticketing system managed by Tucows. We will subsequently take action if deemed appropriate.

Our Compliance Team will respond to all requests, but please note that we have no control over website content on Tucows domains. This would fall to the hosting provider. Often the Domain Provider is also the hosting provider, so they are a good first point of contact for content-related issues. You can also attempt to contact the domain owner directly. You can try to find this information through a Whois lookup.


Actual Behavior[edit | edit source]

Tucows is slow to respond to requests for suspension of domains used for illegal activity. This is in contrast to other domain name service providers, many of whom have a one-three day response to reports.

Registrar responsiveness[edit source]

Showing all registrars including R01.RU LiveSite2014.jpg

Showing all registrars excluding R01.RU LiveMinors.jpg

Piechart showing the crime sponsoring contribution by each registrar.

RegPie.jpg

The comparison between this registrar and others can be seen on the graphs.

It shows how many domains have not been suspended by various registrars over the past year. The higher the column, the more domains are sponsored by the registrar.

Currently the most abused registrar is Russia's R01.ru. This registrar sponsors the vast majority (often over 60%) of the fraud domains used within the Eva Pharmacy group.

The second most abused registrar is Russia's REG.RU REG.RU at over 25%

The next most abused registrar is GKG GKG at 4%.

The next most abused registrar is The Netherlands' Hosting Concepts aka OpenProvider at 3%.

These are followed by Russia's ARDIS, India's PublicDomainRegistry PDR, China's CNOBIN, Canada's Tucows, and Pakistan's PakNIC.


Outside of Russia, most registrars have been quick to terminate the service contracts with these cyber-criminals upon seeing the obvious evidence of fraud.



Examples of domains used for fraud[edit | edit source]

See the list at Tucows_list


Common IP addresses[edit source]

A quick way to verify these sites is to examine the hosting addresses. Note that * items have been removed. Many compromised hosts used for this operation during September 2020 - May 2021 were located at these IPs.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Live
----
5.101.140.77 5.181.158.181 * 5.188.211.29 37.46.135.24 45.119.41.11
45.119.41.12 45.119.41.14 45.131.83.10 45.137.21.166 * 51.89.151.227
95.165.145.236 95.165.149.124 95.31.40.41 103.117.141.163 103.117.141.184
103.121.91.117 103.126.6.161 103.146.23.100 103.147.153.123 103.228.114.93
103.236.150.106 103.236.201.228 103.28.149.174 103.83.192.109 103.9.158.67
103.92.25.124 171.244.143.163 176.123.9.67 178.239.177.183 185.130.206.6
185.24.232.118 194.5.179.140 202.145.2.67 209.127.28.5



Removed
----------
5.187.52.10* 5.187.52.9* 5.253.62.111* 31.200.247.37* 45.125.65.102*
45.125.65.59* 45.86.163.7* 79.172.193.55* 79.172.193.56* 79.172.193.57*
79.172.193.58* 80.233.134.249* 82.199.101.248* 82.199.104.3* 84.15.139.143*
84.200.77.180* 85.254.72.7* 85.254.72.8* 85.254.72.9* 87.120.253.207*
87.120.253.209* 87.120.253.209* 89.105.221.81* 89.105.221.82* 89.105.221.83*
94.152.214.31* 95.84.156.191* 95.165.27.205* 103.86.48.69* 112.78.10.214*
119.59.123.55* 130.185.72.89* 141.98.10.137* 141.98.10.142* 146.247.49.105*
159.148.186.165* 159.148.186.238* 178.255.40.234* 179.43.149.28* 185.128.43.18*
185.128.43.20* 185.128.43.21* 185.128.43.22* 185.128.43.54* 185.140.249.133*
185.24.232.74* 185.24.232.76* 212.34.158.133* 212.34.158.134*

Where to contact the compromised hosting ISP:

Abuse contact for '5.2.88.0 - 5.2.89.255' is 'alvaro.montero@ipcore.com'
Abuse contact for '5.45.80.0 - 5.45.83.255' is 'abuse@ispiria.net'
Abuse contact for '5.181.158.0 - 5.181.158.255' is 'abuse@mivocloud.com'
Abuse contact for '5.133.12.16 - 5.133.12.16' is 'abuse@artnet.pl'
Abuse contact for '5.187.48.0 - 5.187.55.255' is 'abuse@artnet.pl'
Abuse contact for '5.253.60.0 - 5.253.63.255' is 'abuseto@adminvps.ru' (Removed)
Abuse contact for '27.124.80.0 - 27.124.95.255' is 'abuse@medialink.net.id'
Abuse contact for '31.200.247.0 - 31.200.247.255' is 'ripe@unelink.com'
Abuse contact for '45.86.163.0 - 45.86.163.255' is 'support@crowncloud.net'
Abuse contact for '45.125.65.0 - 45.125.65.255' is 'abuse@tele-asia.net'
Abuse contact for '51.89.148.0 - 51.89.151.255' is 'abuse@ovh.net'
Abuse contact for '79.172.193.0 - 79.172.193.255' is 'abuse@deninet.hu' (Removed)
Abuse contact for '80.233.134.0 - 80.233.134.255' is 'abuse@telia.lv'
Abuse contact for '82.199.104.0 - 82.199.107.254' is 'abuse@seven-sky.net'
Abuse contact for '84.15.136.0 - 84.15.143.255' is 'abuse@bi.lt'
Abuse contact for '84.200.77.0 - 84.200.77.255' is 'abuse@accelerated.de' (Removed)
Abuse contact for '85.254.72.0 - 85.254.72.255' is 'support@serveria.com'
Abuse contact for '87.120.253.0 - 87.120.253.255' is 'abuse@neterra.net'
Abuse contact for '89.105.192.0 - 89.105.223.255' is 'abusedesk@novoserve.com'
Abuse contact for '89.222.128.0 - 89.222.131.255' is 'abuse@netorn.net' 'abuse@netorn.ru'
Abuse contact for '93.119.104.0 - 93.119.105.255' is 'abuse@virtono.com'
Abuse contact for '94.152.0.0 - 94.152.255.255' is 'abuse@kei.pl'
Abuse contact for '94.156.175.0 - 94.156.175.255' is 'abuse@iws.co'
Abuse contact for '95.84.128.0 - 95.84.159.255' is 'abuse@rt.ru'
Abuse contact for '95.165.128.0 - 95.165.255.255' is 'abuse@spd-mgts.ru'
Abuse contact for '103.6.204.0 - 103.6.207.255' is 'yogie@redwhite.co.id'
Abuse contact for '103.9.156.0 - 103.9.159.255' is 'cuong.trinh@vnso.vn'
Abuse contact for '103.86.48.0 - 103.86.48.255' is 'abuse@bangmodhosting.com'
Abuse contact for '103.117.141.0 - 103.117.141.255' is 'abuse@casbay.com'
Abuse contact for '103.121.88.0 - 103.121.91.255' is 'tampd@bkns.vn'
Abuse contact for '103.126.6.0 - 103.126.7.255' is 'shazim@serverstack.in'
Abuse contact for '103.138.96.0 - 103.138.96.255' is 'hello@hostitsmart.in'
Abuse contact for '103.146.22.0 - 103.146.23.255' is 'duc@lanit.com.vn'
Abuse contact for '103.221.220.0 - 103.221.223.255' is 'hoanglong@azdigi.com'
Abuse contact for '103.236.201.0 - 103.236.201.255' is 'admin@idcloudhost.com'
Abuse contact for '111.90.128.0 - 111.90.159.255' is 'abuse@shinjiru.com.my'
Abuse contact for '112.78.0.0 - 112.78.15.255' is 'vanht@ods.vn'
Abuse contact for '130.185.72.0 - 130.185.72.255' is 'report@parspack.com'
Abuse contact for '119.59.96.0 - 119.59.127.255' is 'abuse@metrabyte.cloud'
Abuse contact for '141.98.10.0 - 141.98.10.255' is 'admin@serveroffer.lt'
Abuse contact for '146.247.49.0 - 146.247.49.255' is 'abuse@netcetera.co.uk'
Abuse contact for '159.148.186.0 - 159.148.186.255' is 'support@serveria.com'
Abuse contact for '171.224.0.0 - 171.255.255.255' is 'hm-changed@vnnic.vn'
Abuse contact for '176.123.0.0 - 176.123.11.255' is 'abuse@alexhost.com'
Abuse contact for '178.255.40.232 - 178.255.40.235' is 'abuse@artnet.pl'
Abuse contact for '179.43.149.0/26' is 'support@privatelayer.com'
Abuse contact for '180.131.144.0 - 180.131.147.255' is 'abuse@nawala.org'
Abuse contact for '185.24.232.0 - 185.24.232.255' is 'abuse@servebyte.com'
Abuse contact for '185.128.40.0 - 185.128.43.255' is 'abuse@rackend.net'
Abuse contact for '185.140.248.0 - 185.140.249.255' is 'contact@buzinessware.com'
Abuse contact for '185.183.104.0 - 185.183.104.255' is 'abuse@m247.ro'
Abuse contact for '202.145.0.0 - 202.145.3.255' is 'abuse@uninet.net.id'


Highest used IP addresses from November 2020 IPabuses.jpg

Where to send abuse complaints[edit | edit source]

"To submit a report of illegal activity related to a domain name or abuse, please contact legal@tucows.com. You can also reach us by telephone at +1.416.535.0123."


Web site http://tucows.com

http://www.tucowsdomains.com

Additional Contact Information[edit | edit source]

General email: (nowiki>info@tucows.com</nowiki>

help@opensrs.com

Postal address[edit | edit source]

Tucows Inc.
Toronto Headquarters
96 Mowat Avenue
Toronto, ON M6K 3M1
Canada

Telephone and FAX[edit | edit source]

Main telephone: 416-535-0123
Main fax: 416-531-5584
Toll-free North America: 1-800-371-6992
Toll-free international: +800-371-69922

Related information[edit | edit source]

Pharmacy fraud operations

Advance Fee fraud operations

Affiliate program coordinator employing spammers

Sources for this article[edit | edit source]

Independent[edit | edit source]

Interview[edit | edit source]

Corporate[edit | edit source]

http://www.tucows.com/

http://www.tucowsdomains.com/

https://www.internic.net/registrars/registrar-69.html

Community content is available under CC-BY-SA unless otherwise noted.