DNSsvc.com scam

[Scam.Hater]

Hi,
I want to introduce you the post scam by: DNSsvc.com

Today our company received by a regular post mail an invoice/offer that is perfectly looks like a regular invoice/bill from an established service provider.

Since it is looks like a perfect bill and supposed to be bypassed to an accounting department where a few people barely understand technical terms there is a huge probability that a bill/offer will be paid for a service in question.

Here is a scanned copy of received scam:
http://s9.postimage.org/k4abdotqn/DNSsvc_com_fake_invoice.jpg

<!--break-->

Technical analyze of DNSsvc.com:

Whois:

Code: Select all

Domain Name: DNSSVC.COM
      Created on: 28-Jun-2012

----------------------------------------------

Code: Select all

# dig DNSsvc.com any
dnssvc.com.             3600    IN      SOA     ns09.domaincontrol.com. dns.jomax.net. 2012111300 28800 7200 604800 3600
dnssvc.com.             3600    IN      MX      10 ASPMX2.GOOGLEMAIL.com.
dnssvc.com.             3600    IN      MX      10 ASPMX3.GOOGLEMAIL.com.
dnssvc.com.             3600    IN      MX      1 ASPMX.L.GOOGLE.com.
dnssvc.com.             3600    IN      MX      5 ALT1.ASPMX.L.GOOGLE.com.
dnssvc.com.             3600    IN      MX      5 ALT2.ASPMX.L.GOOGLE.com.
dnssvc.com.             3600    IN      A       198.61.151.101
dnssvc.com.             3600    IN      NS      ns4.dnssvc.com.
dnssvc.com.             3600    IN      NS      ns10.domaincontrol.com.
dnssvc.com.             3600    IN      NS      ns3.dnssvc.com.
dnssvc.com.             3600    IN      NS      ns09.domaincontrol.com.

;; AUTHORITY SECTION:
dnssvc.com.             3600    IN      NS      ns09.domaincontrol.com.
dnssvc.com.             3600    IN      NS      ns10.domaincontrol.com.
dnssvc.com.             3600    IN      NS      ns4.dnssvc.com.
dnssvc.com.             3600    IN      NS      ns3.dnssvc.com.

;; ADDITIONAL SECTION:
ASPMX.L.GOOGLE.com.     282     IN      A       74.125.25.26
ASPMX.L.GOOGLE.com.     278     IN      AAAA    2607:f8b0:400e:c01::1b
ALT1.ASPMX.L.GOOGLE.com. 115    IN      A       74.125.133.27
ALT1.ASPMX.L.GOOGLE.com. 105    IN      AAAA    2607:f8b0:4001:c02::1b
ALT2.ASPMX.L.GOOGLE.com. 188    IN      A       74.125.130.26
ALT2.ASPMX.L.GOOGLE.com. 205    IN      AAAA    2607:f8b0:4002:c04::1a
----------------------------------------------

DNSsvc.com that supposed to provide DNS service is in SOA of domaincontrol.com?

No own email server? googlemail used instead...
Single A record for the primary domain of "The leader in DNS services"?



Their "backup" DNS server that supposed to do a primary business :
-----------------------------------------------

Code: Select all

;; QUESTION SECTION:
;ns3.dnssvc.com.                        IN      ANY

;; ANSWER SECTION:
ns3.dnssvc.com.         1800    IN      A       198.61.171.145

;; AUTHORITY SECTION:
dnssvc.com.             3600    IN      NS      ns3.dnssvc.com.
dnssvc.com.             3600    IN      NS      ns09.domaincontrol.com.
dnssvc.com.             3600    IN      NS      ns4.dnssvc.com.
dnssvc.com.             3600    IN      NS      ns10.domaincontrol.com.

;; ADDITIONAL SECTION:
ns09.domaincontrol.com. 20918   IN      A       216.69.185.5
ns10.domaincontrol.com. 22703   IN      A       208.109.255.5

-----------------------------------------------
Single "A" record for the nameserver that claim to be a backup ?
How they supposed to protect DNS service in case of DDoS with a single IP ?

And reverse DNS record of "The Leading DNS provider"
even doesn't match forward record:
-----------------------------------------------------------------------------

Code: Select all

# nslookup 198.61.171.145
<red>145.171.61.198.in-addr.arpa     name = iserver7.ihost.com.mx.</red>

Authoritative answers can be found from:
171.61.198.in-addr.arpa nameserver = ns2.rackspace.com.
171.61.198.in-addr.arpa nameserver = ns.rackspace.com.
ns.rackspace.com        internet address = 69.20.95.4
ns2.rackspace.com       internet address = 65.61.188.4

----------------------------------------------------------------------------------
that disclose their "leadership" in a DNS business - they even haven't own facility and emulate their DNS business on the rackspace.com while reverse DNS record of their DNS server point to the Mexico.

Conclusion: 100% scam!

Here is other complains about them:
http://community.hostcheetah.com/topic/337/dns-services-dnssvc-fake-bill-sent/
http://www.ripoffreport.com/dns-services-vancouv/miscellaneous-companies/vancouver-washington-3a714.htm

[A440]

Occasionally I get the email equivalent claiming that my registration is about to run out on one of my domains - which is a lie - and they want me to pay them to renew it. This is the snail mail version of that scam.

Rated.

[Scam.Hater]

By the way, take a look on their post address from google's satellite
http://maps.google.com/maps?q=400+Northeast+77th+Avenue,+Vancouver,+WA+98662&hl=en&sll=45.716744,-122.594161&sspn=0.001978,0.003358&oq=400+no+77th+Ave.,++Vancouver,+WA+98662&t=h&hnear=NE+77th+Ave,+Vancouver,+Clark,+Washington+98662&z=16&iwloc=A

Looks like a farm is a perfect facility for "the leading DNS service provider"

[c۞g]

The address listed in your image as well as the domain's [url=http://bgp.he.net/dns/dnssvc.com#_whois t=_self]whois[/url]
4400 NE 77th Avenue, Suite 275
Vancouver, Washington 98662
is a virtual office space:

Code: Select all

http://www.davincivirtual.com/loc/us/washington/vancouver-virtual-offices/facility-1005

The whois references: pacificwest.com
aka: world.com

[tpsnyder]

Received the same invoice. Total scam.