|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
Krivoi
Sergeant
Joined: Mar 03, 2008
Posts: 90
|
 Posted: Sat Mar 22, 2008 12:00 am Post subject: Technical query: Domains with dots in? |
|
|
Hi everyone.
I've just started getting spams for domains with dots in, such as:
[munged]http :// cassandra.gelifan.info
What should I enter into Complainterator? Entering the entire "dotted" url understandably doesn't work.
By the way, while writing:
1. I've received a point by point reply from khalil.rasheed @ icann.org (ICANN Compliance Manager) about Xinnet. We've moved to Confidential mode, but I'll post any printable news. As someone else said, we shouldn't overwhelm him, but Khalil Rasheed does appear to be the main man for this so do please keep sending him precise complaints about Xinnet. Hint - avoid adverbs, these people are enforcement lawyers!
2. I've experienced a slump in Xinnet emails. Anyone else, or is Mr Tosser just on holiday  ? I'm getting and trashing plenty of blogspots instead, though.
|
|
| Back to top |
|
 |
pwillener
SRT Trainee
Premium Member
Joined: Apr 17, 2006
Posts: 1839
Location: Japan
|
| Posted: Sat Mar 22, 2008 2:27 am Post subject: |
|
|
The domain name in your case is gelifan.info
Usually the domain name consists of one word, a dot, then the TLD name, such as COM, NET, ORG, etc.
When the TLD is a country code such as US, UK, JP, etc, then there are two possibilities: domain.co.jp or simply domain.jp
See also http://en.wikipedia.org/wiki/TLD and http://en.wikipedia.org/wiki/Domain_name
For Complainterator, if the URL prefix is www, then it will cut it off automatically. Others I don't think it can handle automatically.
|
|
| Back to top |
|
|
Krivoi
Sergeant
Joined: Mar 03, 2008
Posts: 90
|
| Posted: Sat Mar 22, 2008 9:34 am Post subject: |
|
|
Many thanks, pwillener. I'll get Complainterating right away! 
|
|
| Back to top |
|
|
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2895
|
| Posted: Sat Mar 22, 2008 3:41 pm Post subject: |
|
|
Make sure that "gelifan.info" isn't a blank page. Sometimes that will be the case, and you'll need to tell the registrar the whole URL with subdomain (cassandra.gelifan.info) or they won't be able to confirm what the site is from the complainterator report. In other cases, the subdomain might be one spam brand, like anatrim, but the domain alone will be a different one, like PEP.
|
|
| Back to top |
|
|
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1118
Location: USA
|
| Posted: Sat Mar 22, 2008 4:33 pm Post subject: Re: Technical query: Domains with dots in? |
|
|
| Krivoi wrote: | Hi everyone.
I've just started getting spams for domains with dots in, such as:
[munged]http :// cassandra.gelifan.info
What should I enter into Complainterator? Entering the entire "dotted" url understandably doesn't work. |
As pointed out, gelifan.info would be your target.
BUT, within the report/request, it would not hurt to DIRECTLY reference the COMPLETE spammed URL, un-munged:
| Code: | | http://cassandra.gelifan.info |
So that the Registrar can see directly the area of complaint, since in some situations
| Code: | | http://cassandra.gelifan.info/ |
may differ from that of
| Code: | | http://gelifan.info/ |
| Quote: | By the way, while writing:
1. I've received a point by point reply from khalil.rasheed @ icann.org (ICANN Compliance Manager) about Xinnet. We've moved to Confidential mode, but I'll post any printable news. As someone else said, we shouldn't overwhelm him, but Khalil Rasheed does appear to be the main man for this so do please keep sending him precise complaints about Xinnet. Hint - avoid adverbs, these people are enforcement lawyers! |
that's great to hear, others have reported other contacts with ICANN in various other threads. Hopefully the ball will start rolling.
| Quote: | | 2. I've experienced a slump in Xinnet emails. Anyone else, or is Mr Tosser just on holiday ? I'm getting and trashing plenty of blogspots instead, though. |
Are you sure the "blogspot spam" doesn't redirect to XIN Net registered domains....? 
Perhaps the ICANN is packing some heat towards XIN Net and they are taking a break....? Who knows. But any news is good news 
|
|
| Back to top |
|
|
Krivoi
Sergeant
Joined: Mar 03, 2008
Posts: 90
|
| Posted: Sat Mar 22, 2008 10:13 pm Post subject: |
|
|
Thanks, everyone - very helpful explanations. Well, I never go to the pages themselves, so I'll just report all such unpleasantness.
ahoier, the ball has started rolling! I reckon effective complaint means picking them off one by one, rather than a scatter-gun approach. May I therefore recommend punchy, specific complaints about Xin Net, and only Xin Net, to khalil.rasheed @ icann.org.
Xin Net are currently under "final review" by ICANN, with a parallel investigation by the Hong Kong police. 
Hehe, not sure about the blogs, but I report each one and they never reappear!
|
|
| Back to top |
|
|
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1118
Location: USA
|
| Posted: Mon Mar 24, 2008 5:36 pm Post subject: |
|
|
| AlphaCentauri wrote: | | Make sure that "gelifan.info" isn't a blank page. |
Yea, that's kinda what I was getting at, Though you posted before me hehehe.
It doesn't help too much, if you reference a "spammed domain" - but the evidence within the e-mail, doesn't match that of the "target" I.E.: give Canadian Pharmacy evidence, but when they test the domain, it lands on a Exquisite Replica or other brand-site.
I've seen some pages that wouldn't work unless I kept the "full address" - including cryptic tracking characters "in tact"....sure, it tells them I read their message, clicked their link, and didn't buy a thing, but if the registrar shares their data with the subscriber, they can also see how much I care 
|
|
| Back to top |
|
|
Krivoi
Sergeant
Joined: Mar 03, 2008
Posts: 90
|
| Posted: Wed Apr 02, 2008 10:30 pm Post subject: |
|
|
Some "dotty" ones :
1. http://99.174.170.111/
I got this one in a message titled "Gotcha! All Fool!" with message "Happy All Fools Day!" and the url. I never follow the links, but the Complainterator results looked odd & I thought it was an attempt to get me to report a legitimate IP address - is it just a virus etc, or has Mr Tosser (my main spammer) got a sense of humour?
2. http://eigkrodds.drugstrategyonline.com/?dapril
As mentioned, I never click on the links, mainly cos I have search engine optimisation knowledge and I don't want to increase his hits! Is it safe to follow the link? Again, without checking, exactly what url should I report?
3. For anyone receiving .tripod spams, I got an admirable response using the standard Complainterator email. Kudos to Lycos! Just let me know if you can't find their Report Abuse - definitely worth it! :
"The account you have brought to the attention of the Lycos Network
Abuse Department was found to be in violation of our Terms and Conditions.
As a result, it has been removed from our servers. Thank you for
reporting it to us.
[snip]
I hope you find that our prompt response to this situation addresses
your concerns. If you have any questions or find more accounts that
require our attention please feel free to contact us again.
Bill
Customer Service
Lycos Services."
Nice one, Bill.
|
|
| Back to top |
|
|
AlphaCentauri
SIRT Handler
Premium Member
Joined: Nov 20, 2003
Posts: 2895
|
| Posted: Wed Apr 02, 2008 11:17 pm Post subject: |
|
|
| Krivoi wrote: | http://99.174.170.111/
I got this one in a message titled "Gotcha! All Fool!" with message "Happy All Fools Day!" and the url. |
That is a link to a site infected with the Storm Worm. You'll come to recognize them after seeing a few. If you visit it, it will attempt to load a copy of the Storm Worm onto your computer.
It doesn't work to use Complainterator on an IP address, since it doesn't need a registrar or nameserver for web traffic to find it. You can report it to MIRT here (the "Hunting Malware" link at the top of the page). You can also go to http://www.arin.net/whois/ to look up who controls that IP range to send them a report. (Just enter the IP address itself, "99.174.170.111") In this case, it's AT&T. In some cases, it will be an ISP that isn't in North America, but ARIN will provide a link to the other whois server.
| Krivoi wrote: | http://eigkrodds.drugstrategyonline.com/?dapril
As mentioned, I never click on the links, mainly cos I have search engine optimisation knowledge and I don't want to increase his hits! Is it safe to follow the link? Again, without checking, exactly what url should I report? |
It's never entirely safe to visit a spammed site. I would never use Internet Explorer to do it. I visit with a Mozilla browser and the NoScript extension so Java is off by default on any site where I don't specifically allow it. Make sure your preferences are set to always ask which directory to download any new file into, so you get clued in when a site tries to do it.
Downloads here:
Firefox: http://www.mozilla.com/en-US/
Seamonkey (includes a mail program): http://www.seamonkey-project.org/
NoScript:
https://addons.mozilla.org/en-US/firefox/addon/722
https://addons.mozilla.org/en-US/seamonkey/addon/722
I try to visit the most basic domain name possible to avoid allowing the spammer to identify which email address the URL was sent to, so I would try "drugstrategyonline.com" alone first. That may get me a blank page, or in the case of Anatrim spam, will get me a page for Penis Enlarge Patch instead. In that case, I would use the subdomain, "eigkrodds.drugstrategyonline.com"
Generally, though, the more letters and digits in a subdomain or file name, the more likely it is to be either tracking you or giving credit to an affiliate. For complainterator, you just report the main domain name, "drugstrategyonline.com," and if you can't see the problem site without the subdomain or file name, be sure to mention the full URL in the basic report.
As far as SEO, by posting that link on this forum, you are helping boost his search engine ranking. It's better to post links to bad sites in such a way that they won't be recognized as links. For instance, you can leave off the http and any www, or you can insert formatting tags in the middle of the URL so a robot sees the tags but a human doesn't. For instance, when I quoted you, I inserted tags for italics around the slashes, so it looks the same, can be copied and pasted, but is not recognizable as a URL in plain text view:
http:[ i ]//[/i]
(extra spaces added to prevent it from formatting the italics in the example)
To fix a boo-boo in a post after the 15 minute grace period expires, click the blue card at the top right and report yourself, then leave a message for the moderator regarding what change you need to have made. They don't mind, or at least claim not to. But do make liberal use of the "preview" button before posting to see what links are being picked up.
| Krivoi wrote: | | For anyone receiving .tripod spams, I got an admirable response using the standard Complainterator email. |
Congratulations on your success! We post a lot of things like that here to give each other encouragement.
|
|
| Back to top |
|
|
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1118
Location: USA
|
|
| Back to top |
|
|
Krivoi
Sergeant
Joined: Mar 03, 2008
Posts: 90
|
|
| Back to top |
|
|
|
|
|
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
Still, it was a good story & I trashed a spammer or two along the way!