Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

DIRECTI finally agree to act

January 22nd 2009 in Uncategorized


I sent an email to DIRECTI on the same day that I wrote this blog post:

The email said, essentially, the same thing that I said in that blog post.

As you can see, they have initiated a “whois inaccuracy complaint” against the domains quigley-simpson.net, hyundai-inc.com, mediavest-corp.com, posnerpromotion.com & singlesnet-inc.com.

Frankly, they should have taken such steps immediately upon receiving the impersonation complaint but at least they say they have taken action now.

It will be interesting to see what happens next, and how long it takes for something to happen.

By the way, there is something screwy about the date and time of the email. See the screenshot which shows that the displayed sent date and time of the email above is in the future!

9 comments to...
“DIRECTI finally agree to act”


Maybe just a timezone difference?


I am going with no. since it appears that DirectI is based in india. that is GMT +8 if I remember correctly.

It see it all the time from my inlaws they are GMT +2, and the time sent will be in the future as I am gmt -6.

when when we send email to them it appears that we sent it 10 hours earlier to them



Having dealt with Directi myself in the past, I can say categorically that yes, they’ll deal with these specific domains as they don’t like bad press.

However, I can also say categorically that they will ONLY deal with these specific domains. This will NOT push them into checking the other domains they’ve got going through them, nor will they change their methods to prevent such problems in the future.

Infact, I am 99% sure that the ONLY reason they’re willing to deal with these is because of this blog, and the fact they know it is well read.

Conrad Longmore

Good news.. but a half-hearted response from Directi. They need to nuke the customer account from orbit.


Check the headers, they will show the timezones of any servers the e-mail passed through, etc. etc.


Hello all,

For what its worth, I have also started reporting false WHOIS discoveries to ICANN via ICANN’s reporting tool – that way ICANN cannot deny that they had an ongoing awareness of DIRECTI’s deficiencies when it comes to WHOIS accuracy and problem domains.

ICANN’s standard accreditation agreement imposes specific obligations upon DIRECTI regarding the accuracy of WHOIS information for domains they register, and I want ICANN to know about each and every potential breach of that accreditation agreement.


Sounds intresting. Does this mean that Directi will act in the same way for the rest of the domains that goes through them who has false whois details???

@DouglasH India is GTM+5:30



Here is a question. Why has DIRECTI allowed these domains to remain live after they were reported, not only for false WHOIS but also for fraud? This especially applies to the domain posnerpromotion.com, which is redirecting to posneradv.com – posneradv.com even has an alert on display warning that posnerpromotion.com is being used to impersonate posneradv.com, yet DIRECTI fail to take action.

I wrote to DIRECTI asking them to advise what the “stipulated” and “alloted” time was for the criminals to respond to the inaccurate WHOIS report – DIRECTI have failed to respond to that email.

Sandi &c.


@Sandi, Yes you made a very good point.

First things first DIRECTI should have suspended these domains when you had reported about the fraud/scam, but what they are doing is allotting a time frame for the criminals to correct their whois details.

More irritating thing is that in the email to Sandi DIRECTI has mentioned that the domain will be suspended if they don’t modify the whois details in the stipulated time and they have totally forgot about the fraud that Sandi has mentioned?

  As you can see from their email, DIRECTI advise that they suspended prolinar.com on 19 January for “Inaccurate whois details”.  It should be noted that I reported on 16 January that prolinar.com had already disappeared from its previous IP address, and not reappeared with a new IP.  So, no kudos […]

Previous Entry

Its amazing what we find sometimes… WARNING: I am assuming that my readers are smart enough to *NOT* visit the victim site, or the malicious URLs, without hefty protection in place, yes?  In fact, don’t go there at all unless you are willing to reformat your computer, potentially without being able to back up […]

Next Entry