Next scheduled rescrape ... never
Version 1
Last scraped
Edited on 08/04/2025, 14:38:05 UTC
Got a response to my report from Identity Digital about Monero.forex. Just like Namecheap, they stated that the evidence provided is not sufficient. I literally showed them the link between exch.best and exch.net. Incompetent morons!
For the first one, 'dnsadmin@nic.cd,' since no action has yet been taken on the '.cd' domain by the registrar, I think it'd be better if the dnsadmin is contacted, and informed about it.
Just emailed dnsadmin though I am not expecting anything since these .cd contacts seem totally useless including the scpt one.If you search for the main email for the support of the '.cd' domain's registrar, you'll find people with the same queries we do; they didn't reply to them as well.
Yes good possibility that 'dnsadmin@nic.cd' is less likely to reply, if you look at the results of we're getting for 'support' mail. But who knows, different reps have access to those mails, we might see a reply, another mail 'maaurice.mufusi@scpt.cd' has a good possibility of reply to the mail, let's see what happens. I am going to call them in a few days, got migraine headache right now...
Got a response to my report from Identity Digital about Monero.forex. Just like Namecheap, they stated that the evidence provided is not sufficient. I literally showed them the link between exch.best and exch.net. Incompetent morons!
I got one to. It's probably the same response. I pointed out exactly where the phishing site is advertised on Monero.forex, gave them an archived version showing that the website was pointing to a different phishing site in the past, and included a link to VirusTotal tagging the website as malicious and this is what they replied:Quote
Many thanks for your notification regarding the domain monero[.]forex. As a registry operator, we take all reports of abuse in our top-level domains very seriously. In this instance, however, having reviewed your email, we must conclude that, at this point, we are not the appropriate party to intervene.
Primarily, as a registry operator for the .forex top level domain, we are not a competent party to assess legality of content associated with any website that may be reached via the domain in question. On a more practical and technical level, we can confirm that we are not the webhost for the website in question and the content noted neither resides, nor passes through our servers. As registry operator, we simply do not have the technical ability to remove or disable specific items of objectionable content, such as those instances which form the basis of your report.
If you believe a criminal act has occurred, we must direct you to raise this with the relevant authorities. We will always work with appropriate law enforcement agencies and will be happy to assist them in this matter, should they see fit to raise it with us. Similarly, should we be in receipt of a court order of suitable jurisdiction that requires us to suspend the domain name, we shall take action and comply as is appropriate.
Due therefore to the limited technical sphere in which we operate, we are not the correct party to contact in relation to this matter. For more information relating to the role of a registry operator in such matters we would urge you to consider the Framework to Address Abuse. We are sorry that we cannot be of more direct aid at this juncture.
Warm regards,
The Identity Digital Safety Team
Primarily, as a registry operator for the .forex top level domain, we are not a competent party to assess legality of content associated with any website that may be reached via the domain in question. On a more practical and technical level, we can confirm that we are not the webhost for the website in question and the content noted neither resides, nor passes through our servers. As registry operator, we simply do not have the technical ability to remove or disable specific items of objectionable content, such as those instances which form the basis of your report.
If you believe a criminal act has occurred, we must direct you to raise this with the relevant authorities. We will always work with appropriate law enforcement agencies and will be happy to assist them in this matter, should they see fit to raise it with us. Similarly, should we be in receipt of a court order of suitable jurisdiction that requires us to suspend the domain name, we shall take action and comply as is appropriate.
Due therefore to the limited technical sphere in which we operate, we are not the correct party to contact in relation to this matter. For more information relating to the role of a registry operator in such matters we would urge you to consider the Framework to Address Abuse. We are sorry that we cannot be of more direct aid at this juncture.
Warm regards,
The Identity Digital Safety Team
In other words, they can but don't want to suspend the domain because they don't believe it's malicious enough. They want a legal entity (law enforcement, court,...) to get involved for them to act.
@eXch Support any suggestions?
Yep, Saw that one coming...
[When I sent a recent email to the Namecheap '.forex' domain, I included this key point, along with an archive for them to look at. I don't know the exact procedures registrars follow when suspending a domain, but this '.forex' domain is in the grey zone as far as I can tell. (They're not directly hosting the phishing website, which is what keeps them alive for this long, I can tell.)[/b]
Pun: I am not suggesting it, but I think someone should donate a DDoS attack on this '.forex' domain, I think they've earned it at this point
Original archived Re: [OPEN] eXch Anti-Phishing Campaign
Scraped on 08/04/2025, 14:08:09 UTC
Got a response to my report from Identity Digital about Monero.forex. Just like Namecheap, they stated that the evidence provided is not sufficient. I literally showed them the link between exch.best and exch.net. Incompetent morons!
For the first one, 'dnsadmin@nic.cd,' since no action has yet been taken on the '.cd' domain by the registrar, I think it'd be better if the dnsadmin is contacted, and informed about it.
Just emailed dnsadmin though I am not expecting anything since these .cd contacts seem totally useless including the scpt one.If you search for the main email for the support of the '.cd' domain's registrar, you'll find people with the same queries we do; they didn't reply to them as well.
Yes good possibility that 'dnsadmin@nic.cd' is less likely to reply, if you look at the results of we're getting for 'support' mail. But who knows, different reps have access to those mails, we might see a reply, another mail 'maaurice.mufusi@scpt.cd' has a good possibility of reply to the mail, let's see what happens. I am going to call them in a few days, got migraine headache right now...
Got a response to my report from Identity Digital about Monero.forex. Just like Namecheap, they stated that the evidence provided is not sufficient. I literally showed them the link between exch.best and exch.net. Incompetent morons!
I got one to. It's probably the same response. I pointed out exactly where the phishing site is advertised on Monero.forex, gave them an archived version showing that the website was pointing to a different phishing site in the past, and included a link to VirusTotal tagging the website as malicious and this is what they replied:Quote
Many thanks for your notification regarding the domain monero[.]forex. As a registry operator, we take all reports of abuse in our top-level domains very seriously. In this instance, however, having reviewed your email, we must conclude that, at this point, we are not the appropriate party to intervene.
Primarily, as a registry operator for the .forex top level domain, we are not a competent party to assess legality of content associated with any website that may be reached via the domain in question. On a more practical and technical level, we can confirm that we are not the webhost for the website in question and the content noted neither resides, nor passes through our servers. As registry operator, we simply do not have the technical ability to remove or disable specific items of objectionable content, such as those instances which form the basis of your report.
If you believe a criminal act has occurred, we must direct you to raise this with the relevant authorities. We will always work with appropriate law enforcement agencies and will be happy to assist them in this matter, should they see fit to raise it with us. Similarly, should we be in receipt of a court order of suitable jurisdiction that requires us to suspend the domain name, we shall take action and comply as is appropriate.
Due therefore to the limited technical sphere in which we operate, we are not the correct party to contact in relation to this matter. For more information relating to the role of a registry operator in such matters we would urge you to consider the Framework to Address Abuse. We are sorry that we cannot be of more direct aid at this juncture.
Warm regards,
The Identity Digital Safety Team
Primarily, as a registry operator for the .forex top level domain, we are not a competent party to assess legality of content associated with any website that may be reached via the domain in question. On a more practical and technical level, we can confirm that we are not the webhost for the website in question and the content noted neither resides, nor passes through our servers. As registry operator, we simply do not have the technical ability to remove or disable specific items of objectionable content, such as those instances which form the basis of your report.
If you believe a criminal act has occurred, we must direct you to raise this with the relevant authorities. We will always work with appropriate law enforcement agencies and will be happy to assist them in this matter, should they see fit to raise it with us. Similarly, should we be in receipt of a court order of suitable jurisdiction that requires us to suspend the domain name, we shall take action and comply as is appropriate.
Due therefore to the limited technical sphere in which we operate, we are not the correct party to contact in relation to this matter. For more information relating to the role of a registry operator in such matters we would urge you to consider the Framework to Address Abuse. We are sorry that we cannot be of more direct aid at this juncture.
Warm regards,
The Identity Digital Safety Team
In other words, they can but don't want to suspend the domain because they don't believe it's malicious enough. They want a legal entity (law enforcement, court,...) to get involved for them to act.
@eXch Support any suggestions?
Yep, Saw that one coming...
[When I sent a recent email to the Namecheap '.forex' domain, I included this key point, along with an archive for them to look at. I don't know the exact procedures registrars follow when suspending a domain, but this '.forex' domain is in the grey zone as far as I can tell. (They're not directly hosting the phishing website, which is what keeps them alive for this long, I can tell.)[/b]