DIRECTI responds to my complaint about the impersonation of domains/businesses

image

 

As you can see from their email, DIRECTI advise that they suspended prolinar.com on 19 January for “Inaccurate whois details”.  It should be noted that I reported on 16 January that prolinar.com had already disappeared from its previous IP address, and not reappeared with a new IP.  So, no kudos for DIRECTI - they suspended a domain that was already dead in the water.

Not only that – they state that “quigley-simpson.net” is “the legitimate website”.  No, it is not – it is the fake site – it is quigleysimpson.com that is the legitimate site!!

The impersonating domains that I complained about in article 1661206 and to which DIRECTI refer have been registered using doubtful WHOIS details (and some have been caught trying to sell malvertizing by impersonating a legitimate business) therefore DIRECTI’s refusal to take action against the impersonating domains, unless the impersonated domains “file UDRP case at WIPO”, makes no sense. 

My opinion is that DIRECTI should not refuse to act on complaints of impersonation until they receive notification of a “UDRP case at WIPO”.

I refer to these URLs:

http://www.icann.org/en/announcements/advisory-10may02.htm
http://www.icann.org/en/announcements/advisory-03apr03.htm

Note ICANN writes that:

where a registrar encounters a severe Whois inaccuracy being exploited by a registrant to evade responsibility for fraudulent activity being carried out through use of the domain name, prompt action by the registrar is appropriate

and…

"Once a registrar receives notification of an inaccuracy, Subsection 3.7.8 requires the registrar to take "reasonable steps" to investigate and correct the reported inaccuracy. The term "reasonable steps" is not defined within the agreement; precisely what constitutes reasonable steps to investigate and correct a reported inaccuracy will vary depending on the circumstances (e.g., accepting unverified "corrected" data from a registrant that has already deliberately provided incorrect data may not be appropriate). At a minimum, "reasonable steps" to investigate a reported inaccuracy should include promptly transmitting to the registrant the "inquiries" concerning the accuracy of the data that are suggested by RAA Subsection 3.7.7.2. The inquiries should be conducted by all commercially practicable means available to the registrar: by telephone, e-mail, and postal mail.”

and…

In summary, registrars have the right to cancel a registration if a customer fails to respond within 15 days to an inquiry concerning Whois data accuracy, but registrars also have flexibility to decide when to use that right depending on factors including whether the inaccuracy appears intentional and whether third parties are being harmed by maintaining the registration with inaccurate data. Registrars are obligated to take reasonable action to correct reported Whois inaccuracies, but are not bound to a fixed timetable."

RAA Subsection 3.7.7.2 states that:

A Registered Name Holder's willful provision of inaccurate or unreliable information, its willful failure promptly to update information provided to Registrar, or its failure to respond for over fifteen calendar days to inquiries by Registrar concerning the accuracy of contact details associated with the Registered Name Holder's registration shall constitute a material breach of the Registered Name Holder-registrar contract and be a basis for cancellation of the Registered Name registration.

RAA Subsection 3.7.8 states that:

Registrar shall abide by any specifications or policies established according to Section 4 requiring reasonable and commercially practicable (a) verification, at the time of registration, of contact information associated with a Registered Name sponsored by Registrar or (b) periodic re-verification of such information. Registrar shall, upon notification by any person of an inaccuracy in the contact information associated with a Registered Name sponsored by Registrar, take reasonable steps to investigate that claimed inaccuracy. In the event Registrar learns of inaccurate contact information associated with a Registered Name it sponsors, it shall take reasonable steps to correct that inaccuracy.

If a legitimate business/domain is being impersonated, and the impersonating domain is using WHOIS details identical to the victim business/domains, that, in my opinion, is a “severe Whois inaccuracy”;  I believe that DIRECTI is wrong to refuse to act on complaints of impersonation unless an impersonated business/website “file UDRP case at WIPO".

At the very least, when somebody complains about domain impersonation to DIRECTI, DIRECTI should contact the legitimate domain to ascertain whether the fake domain was authorized to duplicate the legitimate domain's WHOIS information.  If not, the complained of domain should be suspended for "Inaccurate whois details".  AND, if a fake domain has been used to sell malvertizing by impersonating another business, the domain should immediately be suspended for abuse.  AND, if other domains are reported or discovered that exhibit similar features, especially if they are hosted at the same IP address as other known bad sites, then those domains should also be suspended pending further investigation, even if there is no direct evidence of fraudulent activity.

 

Note that DIRECTI claim to have “already investigated” the following domains:

FAKE DOMAIN:
quigley-simpson.net (STATUS: LOCKED)

IP: 94.247.3.17
Registrant: Gerald Bagg Quigley (gbagg@earthlink.net)
Los Angeles, CA 90049
310 470 4753

 

LEGITIMATE DOMAIN:
quigleysimpson.com

IP: 64.202.123.183
Registrant: Gerald Bagg (gbagg@earthlink.net)
PO Box 49935
Los Angeles, CA 90049-0935
310 470 4753

quigleysimpson.com is displaying an alert about quigley-simpson.net
quigley-simpson.net was being used to sell malvertizing by impersonating the real Quigley Simpson business

*****

FAKE DOMAIN
hyundai-inc.com (STATUS: ACTIVE)

IP: 94.247.3.17
Registrant: Hyundai Motor Company (domain@hyundai-motor.com)
231, Yangjae-dong, Seocho-gu, Seoul
Yanggang-do, 137130
Tel: 02 3464 1924

 

LEGITIMATE DOMAIN:
hyundai-motor.com

IP: 58.87.36.11
Registrant: Hyundai Motor Company (domain@hyundai-motor.com)
231, Yangjae-dong, Seocho-gu, Seoul
Tel: 02 3464 1924

*****

FAKE DOMAIN:
mediavest-corp.com (STATUS: ACTIVE)

IP: 94.247.3.17
Registrant: Publicis Group S.A. (support@us-resources.com)
3310 West Big Beaver Rd
Troy, Michigan 48084
Tel: 248 458 8214 (note that they have used the legitimate domain’s fax number as their telephone number)

 

LEGITIMATE DOMAIN:
mediavest.net

IP: 63.115.250.19
Publicis Group S.A. (network.support@us-resources.com)
3310 West Big Beaver Rd
Suite 107
Troy, MI 48084
248 458 8100 (fax: 248 458 8214)

*****

FAKE DOMAIN:
posnerpromotion.com (STATUS: ACTIVE – why, when the other site the subject of an impersonation alert (quigley-simpson.net) has been locked?)

IP: 94.247.3.17
Registrant: Posner Advertising (wm@posneradv.com)
30 Broad Street, New York
Tel: 212 480 3440 (note that they have used the legitimate domain’s fax number as their telephone number)

 

LEGITIMATE DOMAIN:
posneradv.com

IP: 64.13.251.53
Registrant: Posner Advertising (wm@posneradv.com)
30 Broad Street, New York
Tel: 212 867 3900 (Fax: 212 480 3440)

posneradv.com is displaying an alert about posnerpromotion.com
posnerpromotion.com was (is?) being used to sell malvertizing by impersonating the real Posner Advertising

*****

FAKE DOMAIN
singlesnet-inc.com (STATUS: ACTIVE)

IP: 94.247.3.17
Registrant: Quinn Lipin (cc2xq6yb3fm@networksolutionsprivateregistration.com)
PO Box 447, Herndon 20172-0447
Tel: 570 708 8780

 

LEGITIMATE DOMAIN:
singlesnet.com

IP: 67.108.223.22
Registrant: Quinn Lipin
PO Box 477, Herndon 20172-0447
Tel: 570 708 8780 (ze6gz9cg8zs@networksolutionsprivateregistration.com)

 

*****

Also, note that some new domains have appeared at the same IP address (94.247.3.17 - Latvia - Zlkon) being feelyouinside.com and J1j2j34.cn.  A fraudware domain previously registered at that IP, Av10antivir.com, is gone (STATUS: suspended).

J1j2j34.cn
ICANN Registrar: Chinese Registrar, 厦门华融盛世网络有限公司
Registrant: TokioElectro (grishanizov@gmail.com)

The domain has already been reported as hosting malicious content:
https://safeweb.norton.com/report/show?name=j1j2j34.cn

Registrant address seen in association with several incidents:

t1ssot.cn
http://www.bluetack.co.uk/forums/lofiversion/index.php/t18052.html

stoneholl.cn
http://www.bluetack.co.uk/forums/index.php?showtopic=18064&st=150#

 

*****

feelyouinside.com (STATUS: ACTIVE)
ICANN Registrar: DIRECTI
Registrant: Mali (maliasiat@gmail.com)
London paker str 23b, London
Tel: 004 072687799

I cannot find a Paker Street in London.

Comments

# re: DIRECTI responds to my complaint about the impersonation of domains/businesses

Tuesday, January 27, 2009 8:09 PM by Kristina Rosette

Have you submitted Whois Data Problem Reports to ICANN? If not, you should.  URL is http://wdprs.internic.net/

# re: DIRECTI responds to my complaint about the impersonation of domains/businesses

Tuesday, January 27, 2009 8:17 PM by sandi

Hi Kristina,

I certainly do :)  I think I mentioned that in a comment to one of my other DIRECTI related posts.

Sandi

# re: DIRECTI responds to my complaint about the impersonation of domains/businesses

Tuesday, January 27, 2009 9:26 PM by Bob from Canada

Does the name Sherlock Holmes ring a bell?

Address... Anyone..?

# re: DIRECTI responds to my complaint about the impersonation of domains/businesses

Wednesday, January 28, 2009 5:40 PM by sandi

Sherlock Holmes's address was 221b Baker Street, but I see your point :-D