Please use the email addresses for GX Networks from my last posting if applicable. There are also phone and fax numbers. Or you could ask a UK resident viewer to call "by proxy" - and ensure the email is OK.

All add/change requests have been incorporated into the Version 21.4, dated May15

A reported problem with the .kg domains whois server (which does not return requests) has also been circumvented in 21.4. There is no point in leaving any loop-holes open for spammers.

Of the domains related to that phish above:
- nameservers reported to SpiritDomains via email and via their web form, still operational
- domains reported to GX Networks via all the the email addresses above at least once, still operational
- domains reported once by email and only in English to AsiaInfo in Kyrgyzstan: all suspended

Something is wrong here.

Domain : "scramignon.com"
Registrar : "IN2NET NETWORK"
Contact : registrar@in2net.com

Domain : "com.tw"
Registrar : "TWNIC"
Contact: ???

not ICANN accredited

Ooops! There's no domain called "com.tw" Those two together are a TLD for a country code domain name, like ".co.uk." Complainterator lost the domain name along the way, something that would have looked like "example.com.tw."

If you see that happen and it starts to do a whois on a double TLD like that, hit the "Pause/Break" key on your keyboard, retype the correct domain into the browser address window, and do the lookup manually. Once the correct whois results are displayed, hit "Pause/Break" again and Complainterator will resume as usual. Then look at your letters carefully and fix any "com.tw's" that made it through.

You should be getting a pop up warning that it isn't a typical TLD like ".com" or ".net" before these happen, so you can watch for it.


Also, scramignon.com is an innocent hacked website, so normally I would complain to the ISP, domain owner, and webmaster to get someone to clean up their site. I reported that one April 29 and it's still active, though it may be that they did an incompetent job of cleaning it up during that time and got reinfected. (I downloaded a copy of the trojan from there yesterday and it was very poorly detected, so it may be a new reinfection. They don't seem to update copies of the trojan that are on sites that have been continuously infected.) If I really think there has been no response at all and the website is abandoned, I will go ahead and ask the registrar to delete the name instead.

ok, the domain was:

Domain : "ultranano.com.tw"
Registrar : "NET-CHINESE"
Contact: ???

How to recognise when, to convert URL to domain for whois query, I must keep the 3th level domain like ultranano, and when not like hxxp://bpi.agtimesx.com/ ?

Some top level domains, like .com, .net, .edu, .gov, .info, .org, are used by all countries. They may indicate the type of site (commercial, university, government, nonprofit organization), but not the country.

Other TLD's are country codes, like .ca for Canada, .cn for People's Republic of China, .tw for Taiwan, etc. Those countries may further subdivide their TLD's to indicate the type of site, so you can get .co.uk for commercial UK sites, .org.uk for nonprofit UK sites, etc. Other countries don't. You just have to be aware that a .co.cc or .com.cc might be a two-part TLD. Those domains may be registered by registrars that don't have ICANN accreditation, and they may not have the same requirements as far as publicly listing the registrant's info.

And some countries, like Japan, use both ways, which may confuse users even more.
- huge.co.jp (3 parts)
- rigoletto.jp (2 parts)
are both valid domain names.

At http://www.icann.org/registrars/accreditation-qualified-list.html
Search on NET-CHINESE

Domain : "ultranano.com.tw"
Registrar : "NET-CHINESE"

NET-CHINESE ~ foreign@net-chinese.com.tw

Some spamvertized URL example for references:
------------------------------------------------------------------------
hxxp://prettydesert.com/
hxxp://xx-qk.cn:8080/
hxxp://www.prettydesert.com/
hxxp://dqk.alfive.com/

hxxp://huge.co.jp/
hxxp://www.huge.co.jp/
hxxp://dizloing.com.cn/lang-it/index.html
hxxp://business-loandm.com.cn/
hxxp://grtrrh.co.uk/vacancy.php
hxxp://grnew.me.uk/vacancy.php
hxxp://grnew.org.uk/vacancy.php
hxxp://imena.com.ua/
hxxp://cigarettes.xx-qk.cn:88/x1.htm

Please help me to find a general algoritm to convert a URL in a domain
for a whois query:

- remove heading http://
- keep the part until the first / or :

- when a URL contain one dot like 'prettydesert.com' or
'xx-qk.cn', surely the domain is all the remaining part.

- when a URL contain two or more dot, the domain is recovered with those steps:
- if TLD is a gTLDs like .org, .com, .gov, .net, .mil, .edu, .info
remove the first part to first dot (www. or dqk.) for whois query
(but to find and follow the redirect, dqk. is needed here)

- if TLD is a country code ccTLDs like .uk, .tw, .ua, .cn, .jp,
how to understand when to remove the first part to first dot
(like www.), and when we need to keep it
(like grnew., business-loandm., dizloing. or huge.)
?

The name can't be ambiguous. If you allow ".co.uk" as a TLD, then there can't be a "www.co.uk." So try the traversal on the two-part, and if it doesn't have an A record, then try the three-part.