domainwatch.org

Thursday January 22 2004

iRegistrations (Bradley Norrish) in breach of Spam Act?

Filed under: Bradley Norrish, iRegistrations — Josh @ 5:47 pm

iRegistrations, which is probably operated by Bradley Norrish and friends, is spamming Australians.

Australian spam is now banned under the Spam Act 2003 , however there is a 120 day grace period designed to give businesses a chance to adjust their procedures to ensure that they comply with the new law.

Given penalties of up to $1.1 million will apply to the sending of illegal commercial spam, I wonder if iRegistrations will keep spamming Aussies after April 11, 2004 (http://www.aca.gov.au/consumer_info/spam/)?

Return-Path: <4t8atmdsypiz@hush.com>
Received: from 203.28.90.4 (1Cust50.tnt1.per1.da.uu.net [203.61.189.50])
by [snip-snip].com.au (8.11.6/8.11.6) with SMTP id i0M0LjE09926
for <[snip-snip]@[snip-snip].org.au>; Thu, 22 Jan 2004 11:21:46
+1100
Received: from [51.231.2.95] by 203.28.90.4 with SMTP; Wed, 21 Jan 2004
23:22:48 +0400
Message-ID: <8$j$l$d–rr7fi2-w92-$5z8q1-8o9k@h4t4u0.ohd2>
From: “Flora Jernigan” <4t8atmdsypiz@hush.com>
To: [snip-snip]@[snip-snip].org.au
Subject: Domains only $5.95/year rk uueb
Date: Wed, 21 Jan 04 23:22:48 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: The Bat! (v1.52f) Business
Status: RO
X-Status:
X-Keywords:

Register your .com .net .org .biz .info and .us domain names at only $5.95 per year!

Full DNS management including free URL and email forwarding at no extra cost.

Register your domain name(s) by clicking here (www.iregistrations.net) before anybody else does.

Customer Support
iRegistrations

————————————————
You have received this notice because you have ordered a product from iRegistrations or an affiliate of iRegistrations or signed up to receive offers from an affiliate of iRegistrations. If you do not wish to receive any further correspondance please reply to affiliateremove@address.com

Friday January 2 2004

SearchEx + Valentines-ecard spyware (Bradley Norrish + Craig Oehlers)

Here is some general information on SearchEx:

Searchex is a homepage- and search-hijacker pointing at searchex.com refers to: http://www.doxdesk.com/parasite/Searchex.html

See also http://www.spywareinfo.com/articles/cws/

from: whois.enom.com

Registration Service Provided By: IMCO
Contact: info@imco.com
Visit: http://www.imco.com

Domain name: cantfind.com

Registrant Contact:
cantfind.com
cant find (mail@cantfind.com)
+967.-
Fax: -
cantfind.com
-, -
YE

Administrative Contact:

- – (mail@cantfind.com)
+967.-
Fax: -
-
-, -
YE

Technical Contact:
-
- – (mail@cantfind.com)
+1.-
Fax: none
-
-, -
YE

Billing Contact:
cantfind.com
cant find (mail@cantfind.com)
+967.-
Fax: -
cantfind.com
-, -
YE

Status: registrar-lock

Name Servers:
ns1.cantfind.com
ns2.cantfind.com

Creation date: 07 Jun 2002 01:59:55
Expiration date: 07 Jun 2004 01:59:55

The domain name “dig’s” below show that Craig Oehlers and his company, ProWeb Solutions, are the domain name contact for cantfind.com, imco.com, di.com.au and searchex.com. Bradley Norrish’s ns1.registrations.com.au is the authoritative domain name server for cantfind.com.

josh @ whim [~] > dig SOA cantfind.com

; < <>> DiG 8.2 < <>> SOA cantfind.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; cantfind.com, type = SOA, class = IN

;; ANSWER SECTION:
cantfind.com. 4H IN SOA ns1.registrations.com.au. srv874.proweb.net.au. (
1043061938 ; serial
8H ; refresh
2H ; retry
5w6d16h ; expiry
1D ) ; minimum

;; AUTHORITY SECTION:
cantfind.com. 4H IN NS ns1.registrations.com.au.
cantfind.com. 4H IN NS ns2.registrations.com.au.

;; ADDITIONAL SECTION:
ns1.registrations.com.au. 4H IN A 66.78.1.51
ns2.registrations.com.au. 4H IN A 66.78.1.52

;; Total query time: 3447 msec
;; FROM: whim to SERVER: default -- 127.0.0.1
;; WHEN: Sat Jan 3 00:39:53 2004
;; MSG SIZE sent: 30 rcvd: 172

josh @ whim [~] > dig SOA imco.com

; < <>> DiG 8.2 < <>> SOA imco.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; imco.com, type = SOA, class = IN

;; ANSWER SECTION:
imco.com. 3h56m51s IN SOA ns1.imco.com. craig.di.com.au. (
2003103004 ; serial
8H ; refresh
2H ; retry
5w6d16h ; expiry
1D ) ; minimum

;; AUTHORITY SECTION:
imco.com. 1d23h56m43s IN NS ns1.imco.com.
imco.com. 1d23h56m43s IN NS ns2.imco.com.

;; ADDITIONAL SECTION:
ns1.imco.com. 1d23h56m43s IN A 216.74.96.61
ns2.imco.com. 1d23h56m43s IN A 216.74.96.62

;; Total query time: 1 msec
;; FROM: whim to SERVER: default -- 127.0.0.1
;; WHEN: Sat Jan 3 00:44:56 2004
;; MSG SIZE sent: 26 rcvd: 145

josh @ whim [~] > dig SOA di.com.au

; < <>> DiG 8.2 < <>> SOA di.com.au
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; di.com.au, type = SOA, class = IN

;; ANSWER SECTION:
di.com.au. 3h56m54s IN SOA ns1.imcoserv.com. craig.di.com.au. (
2003111000 ; serial
8H ; refresh
2H ; retry
5w6d16h ; expiry
1D ) ; minimum

;; AUTHORITY SECTION:
di.com.au. 56m50s IN NS ns1.imcoserv.com.
di.com.au. 56m50s IN NS ns2.imcoserv.com.

;; ADDITIONAL SECTION:
ns1.imcoserv.com. 1d19h15m34s IN A 216.74.96.2
ns2.imcoserv.com. 1d19h15m34s IN A 216.74.96.3

;; Total query time: 1 msec
;; FROM: whim to SERVER: default -- 127.0.0.1
;; WHEN: Sat Jan 3 00:45:22 2004
;; MSG SIZE sent: 27 rcvd: 149

josh @ whim [~] > dig SOA searchex.com

; < <>> DiG 8.2 < <>> SOA searchex.com
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER< <- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2
;; QUERY SECTION:
;; searchex.com, type = SOA, class = IN

;; ANSWER SECTION:
searchex.com. 3h57m58s IN SOA ns1.dnsworldwide.com. srv874.proweb.net.au. (
1045740142 ; serial
8H ; refresh
2H ; retry
5w6d16h ; expiry
1D ) ; minimum

;; AUTHORITY SECTION:
searchex.com. 1d21h33m54s IN NS ns1.dnsworldwide.com.
searchex.com. 1d21h33m54s IN NS ns2.dnsworldwide.com.

;; ADDITIONAL SECTION:
ns1.dnsworldwide.com. 1d23h57m54s IN A 66.78.1.81
ns2.dnsworldwide.com. 1d23h57m54s IN A 66.78.1.82

;; Total query time: 1 msec
;; FROM: whim to SERVER: default -- 127.0.0.1
;; WHEN: Sat Jan 3 00:45:42 2004
;; MSG SIZE sent: 30 rcvd: 170

from: whois.enom.com

Registration Service Provided By: Internet Registrations Worldwide
Contact: info@irww.com
Visit: http://www.irww.com

Domain name: system-update.net

Administrative Contact:
Internet Registrations Worldwide
Peter Jacobs (info@irww.com)
+61.892257278
Fax: +61.892257276
Level 2
East Perth, WA 6004
AU

Billing Contact:
Internet Registrations Worldwide
Peter Jacobs (info@irww.com)
+61.892257278
Fax: +61.892257276
Level 2
East Perth, WA 6004
AU

Technical Contact:
Internet Registrations Worldwide
Peter Jacobs (info@irww.com)
+61.892257278
Fax: +61.892257276
Level 2
East Perth, WA 6004
AU

Registrant Contact:
Internet Registrations Worldwide
Peter Jacobs (info@irww.com)
+61.892257278
Fax: +61.892257276
Level 2
East Perth, WA 6004
AU

Status: registrar-lock

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 12 Mar 2003 20:36:05
Expiration date: 12 Mar 2004 20:36:05

from: http://www.cantfind.com/

lists the next URL:

from: http://www.cantfind.com/clubdicecasino_popup.htm

” …

<a xhref=”http://banner.clubdicecasino.com/cgi-bin/redir.cgi?norrish” target=”_blank”>

… “

http://groups.google.com.au/groups?selm=034344033200a23FE5%40mail5.sc.rr.com&oe=UTF-8

from: whois.enom.com

Registration Service Provided By: Internet Registrations Worldwide
Contact: info@irww.com
Visit: http://www.irww.com

Domain name: valentines-ecard.com

Administrative Contact:
Internet Registrations Worldwide
Peter Jacobs (info@irww.com)
+61.892257278
Fax: +61.892257276
Level 2
East Perth, WA 6004
AU

Billing Contact:
Internet Registrations Worldwide
Peter Jacobs (info@irww.com)
+61.892257278
Fax: +61.892257276
Level 2
East Perth, WA 6004
AU

Technical Contact:
Internet Registrations Worldwide
Peter Jacobs (info@irww.com)
+61.892257278
Fax: +61.892257276
Level 2
East Perth, WA 6004
AU

Registrant Contact:
Internet Registrations Worldwide
Peter Jacobs (info@irww.com)
+61.892257278
Fax: +61.892257276
Level 2
East Perth, WA 6004
AU

Status: registrar-lock

Name Servers:
ns1.dnsworldwide.com
ns2.dnsworldwide.com

Creation date: 06 Feb 2003 01:29:46
Expiration date: 06 Feb 2004 01:29:46

Note below that “PO Box 360 Osborne Park WA 6917″ appears in the AUNIC contact details for Jason Namour, Wilson Young and now this searchex.com whois information:

from: http://groups.google.com.au/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&selm=v3br4voom89879d844eat5nl33k5s1pp5a%404ax.com

” …

Registration Service Provided By: Internet Registrations Worldwide
Contact: info@irww.com
Visit: http://www.irww.com

Domain name- searchex.com

Nameservers-
NS1.REGISTRATIONS.COM.AU
NS2.REGISTRATIONS.COM.AU

Start of registration- 11/08/01 14:21:14
Registered through- 11/08/05 14:21:14

Registrant Contact-
Searchex.com
Domain Admin (mail@searchex.com)
+61.892252115
FAX- -
PO BOX 360
OSBORNE PARK, 6917
AU

Administrative Contact-
Searchex.com
Domain Admin (mail@searchex.com)
+61.892252115
FAX- -
PO BOX 360
OSBORNE PARK, 6917
AU

Billing Contact-
Searchex.com
Domain Admin (mail@searchex.com)
+61.892252115
FAX- -
PO BOX 360
OSBORNE PARK, 6917
AU

Technical Contact-
Searchex.com
Domain Admin (mail@searchex.com)
+61.892252115
FAX- -
PO BOX 360
OSBORNE PARK, 6917
AU

… “

http://www.sophos.com/virusinfo/articles/cupid.html

http://vil.nai.com/vil/content/v_100052.htm

alt.comp.virus – Valentines-ecard.com (127 articles)

Disclaimer: The domainwatch.org page has been developed using publicly available information. While due care has been exercised to ensure the accuracy and currency of the material contained on this web page, the editor strongly recommends that users exercise their own skill and care with respect to its use and seek professional advice where appropriate. While the information provided is considered to be true and correct at the date of publication, changes in circumstances after the time of publication may impact on the accuracy of the information. The editor will consider requests to correct factual errors if accompanied by reasonable proof of the error(s). © Copyright 2001-2005 - Josh Rowe - josh@email.nu - Powered by WordPress