Forum
Comments:
-
- on Sat 04 Feb 2012
- 01:34:50 AM UTC
RE: urlregisdomai.com – Domain registration fraud site
Please edit your post to disable your links.
Regards Steven Burn I.T. Mate / hpHosts it-mate.co.uk / hosts-file.net
-
- on Sat 04 Feb 2012
- 04:18:33 AM UTC
RE: urlregisdomai.com – Domain registration fraud site
At the end of the original post is an invisible web beacon reporting to the suspicious site urlregisdomai.com. The code is recopied below. Please remove the web beacon.
Please do not reply to this email, as we are not able to respond to
messages sent to this address. <img src=
"http://urlregisdomai.com/images/eo.gif?r=/email/new_template.vm&d=18011380"
alt="" /> -
- on Sat 04 Feb 2012
- 06:24:12 AM UTC
RE: urlregisdomai.com – Domain registration fraud site
Please edit your post to disable your links.I scrambled all the bug links; the bugs are bogus. I just set the last one to zeros just now too. Would you rather I just take it out anyway?
-
- on Sat 04 Feb 2012
- 05:24:46 PM UTC
RE: urlregisdomai.com – Domain registration fraud site
@A440, I cannot speak for MysteryFCM or the other moderators or the WOT staff; however, altering the URI protocol from http to hXXp appears to be the customary way to disable live links in the WOT forums. I used a more time-consuming approach when I recopied part of your original post.
-
- on Sun 05 Feb 2012
- 01:08:19 AM UTC
RE: urlregisdomai.com – Domain registration fraud site
@A440, I cannot speak for MysteryFCM or the other moderators or the WOT staff; however, altering the URI protocol from http to hXXp appears to be the customary way to disable live links in the WOT forums. I used a more time-consuming approach when I recopied part of your original post.
I did just that: "hxxp:/ /" and I take out any "www" too. I went on and changed the "a href" to "x href" too. -
- on Sun 05 Feb 2012
- 07:29:19 AM UTC
RE: urlregisdomai.com – Domain registration fraud site
There is still an invisible web beacon at the end of the original post (OP) as I mentioned earlier. Although its data has been edited to read "d=000000", it still is coded with the http protocol and most probably transmits the IP address of nearly every reader of this thread to the site urlregisdomai.com where the data gets logged.
In the beacon's image tag code in the OP, replacing the bracket <img with its HTML entity <img would let readers see that the beacon is there.
-
- on Sun 05 Feb 2012
- 12:24:25 PM UTC
RE: urlregisdomai.com – Domain registration fraud site
There is still an invisible web beacon at the end of the original post (OP) as I mentioned earlier. Although its data has been edited to read "d=000000", it still is coded with the http protocol and most probably transmits the IP address of nearly every reader of this thread to the site urlregisdomai.com where the data gets logged.In the beacon's image tag code in the OP, replacing the bracket <img with its HTML entity <img would let readers see that the beacon is there.
Thanks for the advice. Done.
-
- on Thu 19 Apr 2012
- 02:36:05 PM UTC
RE: urlregisdomai.com – Domain registration fraud site
Today I've had one of these emails for a client with a .com domain which is not due to expire until Aug 2013, yet this scurrilous email wants payment to register from April 2012 - April 2013.
urlregisdomai.com – Domain registration fraud site
I received a phish that links back to this domain uriregisdomai.com. The domain (munged) was good up until 2017 but these guys wanted me to pay them any way AND use a link for unsubcribing from their spam as well:
Received: from 211.48.62.163 (211.48.62.163)
at KTMAIL with ESMTP Hanmir
by ktmail2;Sat, 04 Feb 2012 00:34:30 +0900
X-MsgID: 1328283270717906.0.ktmail2
Message-ID: <1328283270717906.0.ktmail2@ktmail2>
Received: from [74.117.58.160] ([74.117.58.160])
by relay3.kornet.net ([211.48.62.163])
with ESMTP id 2012020400:34:30:234841.313.1533
for ;
Sat, 04 Feb 2012 00:34:29 +0900 (KST)
Received: from unknown ([127.0.0.1]) by test.com with MailEnable ESMTP; Fri, 3 Feb 2012 15:34:27 -0800
X-RECEIVED-IP: 211.48.62.163
From: Domain Registration
To: xxx[at]kornet.net
Y-Message-ID: <10519442.6056801328283241866>
Subject: Re: Attention: XXX.COM Search Registration
MIME-Version: 1.0
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Dom-ID: 18011380
Date: Fri, 3 Feb 2012 15:34:27 -0800
X-TERRACE-SPAMMARK: NO (SR:8.74)
(by Terrace)
Re: Attention: XXX.COM Search Registration
Registration Expiration
Order #: 18011380
Order Date: Feb 3, 2012
Bill To: Domain Owner
,
02-123-4567
PROCESS SECURE PAYMENT
Domain NameXXX.COM
RegistrationFeb 3, 2012 - Feb 3, 2013
Price$75.00
Term1 Year
Domain Name: XXX.COM
To: Domain Owner
Your order #18011380 has been received and is currently processing. Registration includes SE submission for XXX.COM for 12 months. There is no obligation to pay for this order unless you complete your payment by Feb 18, 2012. SE Services provides submission services and search engine ranking organization for domain owners.
Failure to complete your search engine registration by Feb 18, 2012 may result in the cancellation of this order (making it difficult for your customers to locate you using search engines on the web).
For Domain Name:
XXX.COM
PROCESS SECURE PAYMENT
UNSUBSCRIBE INSTRUCTIONS
You have received this message because you elected to receive special notifications and offers for XXX.COM. If you no longer wish to receive our special notices, please unsubscribe here, or mail us a written request to the attention of: Customer Contact Manager, Po Box 5111 Astra, Ontario K0K 3W0. Please allow up to four weeks for the complete unsubscribe process to take place. NOTE: If you have multiple accounts with us, you must opt out for each one individually in order to fully stop receiving these notifications.
Please do not reply to this email, as we are not able to respond to messages sent to this address.
<img src="hxxp:/ /urlregisdomai.com/images/eo.gif?r=/email/new_template.vm&d=0000000" alt=""/<