"DOMAIN LISTINGS CENTER" spam

For some reason, I am seeing a big upswing in Canadian spam at the moment. This one is a very misleading offer entitled "ANNUAL WEBSITE SEARCH ENGINE SUBMISSION" for a domain that I have parked and have never used. It is only when you get near the bottom that the message carries a disclaimer "Note that THIS IS NOT A BILL. This is a solicitation. You are under no obligation to pay the amounts stated unless you accept this offer".

---

DOMAIN LISTINGS CENTER
8171 Yonge St. Suite# 149
Thornhill, ON L3T 2C6
Canada

--------------------------------------------------------------------------------
NOTICE
--------------------------------------------------------------------------------

(Please make necessary changes)
ATT: name
address
,
WWW.domain.com

DESCRIPTION OF SERVICES:
Premium Package




ANNUAL WEBSITE SEARCH ENGINE SUBMISSION
FROM DECEMBER 1,2008 THRU DECEMBER 1,2018
OR
FROM DECEMBER 1,2008 THRU DECEMBER 1,2013

TOTAL
$295.00

$185.00


SUBSCRIPTION INCLUDES:




Custom keyword research
Optimized title and meta tags
Submission to 900 search engines and directories
safe follow-up re-submissions every 3 months
Helpful professional support


THIS IS NOT A BILL. This is a solicitation. You are under no obligation to pay the amount(s) stated unless you accept this offer.


--------------------------------------------------------------------------------

Domain Name

WWW.domain.com Amount

Requested Reply

November 10th,2008

THIS NOTICE IS A SOLICITATION AND A RECEIPT OF PAYMENT WILL CONFIRM YOUR ANNUAL SUBMISSION
*100% SATISFACTION IS GUARANTEED OR YOUR MONEY BACK

Please select the number of years you would like to signup for
[ ] 10 Years .......... $295 (Best Value, Most Recommended!)
[ ] 5 Years .......... $185
[ ] 2 Years .......... $99
[ ] 1 Years .......... $75
If you have other domains you may list them below (please send a separate check for each domain and write your domain name on the memo section of the check)
Other domain(s) __________________ , __________________ , __________________


Total $ _______

________________________________
Signature

________________________________
Date


Payment by Check or Money Order
Print and mail a copy of this order form along with a check or money order to the address listed below:
Domain Listings Center
8171 Yonge St. Suite# 149
Thornhill, ON L3T 2C6
Canada

Please do not forget to include a copy of this order form along with your payment!


www.domain.com


--------------------------------------------------------------------------------

By accepting this offer, you agree not to hold DLC liable for any part. Note that THIS IS NOT A BILL. This is a solicitation.
You are under no obligation to pay the amounts stated unless you accept this offer. The information in this letter contains confidential and/or legally privileged information from the notification processing department of the Domain Listing Services Inc.
This information is intended only for the use of the individual(s) named above. If you do not wish to receive further updates from DLC send an email to dolistscent3272@operamail.com to unsubscribe.
If you are not the intended recipient, you are hereby notified that disclosure, copying, distribution or the taking of any action in reliance on the contents for this letter is strictly prohibited.

* 100% satisfaction guaranteed, you may request a refund within 30 days if your are not satisfied with our services.

---

Originating IP is 72.51.46.77. File it in the trash where it belongs.

Asprox: "aspx" domains

Keep an eye out for these following Asprox domains, all recently registered to the email address druid00091@aol.com. Block them or scan your logs for them.

• 24aspx.com
• 2aspx.net
• 6aspx.com
• 9aspx.net
• aspx46.com

These domains follow the same pattern as this one and this one.

Who are Vivids Media GmbH?

If you have been tracking the latest round of SQL Injection domains, then you might be familiar with the name Vivids Media GMBH as being the current registrar of choice.

The odd thing is that Vivids Media GmbH doesn't appear to have a web site or any traceable contact details. However, most of the domain registrations have a contact telephone number in Berlin of +49.3094413291 and some searching around gives this page with what looks like the correct contact details of:

Name: Vivids Media GmbH
Email Address: support@klikdomains.com
Address: Leege-Gr str. 41
City: Berlin
Zip: 13055
Country : Germany
Tel No.: +49.3094413291

That indicates that Vivid Media GmbH is related to klikdomains.com and therefore klikvip.com which are part of another company that claims to be in Berlin, Klik Media GmbH (some of the alleged goings on of this company are mentioned here). A short step away from Klik are a whole set of domains registered via Estdomains (a familiar name to many) and things start to get seedy from there.

There's no evidence that Vivid Media GmbH is directly invovled in anything bad - in fact there is barely any evidence that Vivid Media GmbH actually exists at all. Spammers and other bad guys do have a knack of finding registrars who are slow at terminating their accounts, so let's be charitable and say that Vivids Media are just understaffed in their abuse department.

The problem is that if you want to contact Vivids Media, then it seems to be very difficult. Their website is 56823.myorderbox.com which is a sort of white label domain registrar site. Myorderbox.com seems to be based in India, and looks to be a reseller of ResellerClub which in turns registers names through PublicDomainRegistry.com.

Complicated? Well, yes.. but ultimately PublicDomainRegistry.com are the registrar and it turns out that there is some light at the end of the tunnel. You will find that most of the domains used in these SQL Injection attacks have false WHOIS data, and you can report false WHOIS data here. Hopefully then the domain will be suspended.. not that it really matters too much because the bad guys will just register some more.

So the answer to the question "who are Vivids Media GmbH?" is "I don't know" but for most practical puporses you wouldn't need to deal with them if complaining about one of these domains, go to the registrar and report it there.

Chinese "selling-domain" mails

Probably not a scam, and really only a moderate hit on the Spam-O-Meter, but there do seem to be a number of emails from a person called Liu offering to sell a .cn version of your .com domain.

Subject: selling-domain: ------.cn
From: ljp013@vip.163.com
Date: Thu, June 5, 2008 1:13 am


Hello
We have ------.cn and think it is useful for you to made a China Website and
to explore China market.

We are pleased to inform you that we are now engage an activity by which you
can purchase this domain only with $1000 USD. If you are interested in it
,please reply to us and discuss the domain tranfer matters.
We could finish the transaction through www.sedo.com which is a international
Domain trade agency.Then,sedo.com will help you transferred the domain.
China is the biggest market in the world £¡Dot.cn domains is a symbol of
enterprises in China£¡10,000,000 .cn domains are been registered£¡

At last,Sorry for the disturb if any.

Wish you a happy new year 2008, and welcome to our China to visit Olympic Games.

Best Regards.

Liu


=================

Appendix:
Some large international companies use .cn domain in China.
http://www.google.cn/ The world's largest search company google.com China Station
http://www.Amazon.cn The world's largest online bookstore amazon.com company
China Station
http://www.Yahoo.cn Yahoo.com he is the sub-stations in China

It used to be the case that anyone wanting to register a .CN name had to either live in China or have a business that operated in China, although this is no longer the case and it seems everyone can register a .CN name (some restrictions apply on names and content). Neulevel's FAQs on the .CN TLD are enlightening. There is a dispute policy if you feel that your domain name has been registered unfairly.

To be honest, I'm not at all bothered about .CN names and I certainly won't be shelling out $1000 for something I won't use. But as ever, if you want to protect your brand abroad then perhaps securing the .cn version of your domain might be a good idea, there's a list of registrars at CNNIC.