Tag: CAN-SPAM Act

Posted on

Spammer Alert: strongcloudhosting.com

Another domain name related to milkcheesedns.com and grandfatherdns.com just popped up.

Whois information for hallcow.com:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: hallcow.com

Registrant Contact:
Strong Cloud Hosting
System Administrator ()

Fax:
PO Box 660675
Dallas, TX 75266-0675
US

Administrative Contact:
Strong Cloud Hosting
System Administrator (domains@strongcloudhosting.com)
+1.7026660363
Fax: +1.7026660363
PO Box 660675
Dallas, TX 75266-0675
US

Technical Contact:
Strong Cloud Hosting
System Administrator (domains@strongcloudhosting.com)
+1.7026660363
Fax: +1.7026660363
PO Box 660675
Dallas, TX 75266-0675
US

Status: Active

Name Servers:
ns1.grandfatherdns.com
ns2.grandfatherdns.com

Creation date: 28 Feb 2012 20:48:00
Expiration date: 28 Feb 2013 12:48:00

Note the System Administrator email: domains@strongcloudhosting.com

Whois information on strongcloudhosting.com:

Registration Service Provided By: PLANET ONLINE
Contact: +1.8887654932
Website: http://www.planetonline.net

Domain Name: STRONGCLOUDHOSTING.COM

Registrant:
Strong Cloud Hosting
Domain Admin        (contact@strongcloudhosting.com)
PO Box 10188
#88657
Newark
New Jersey,71014
US
Tel. +973.7184005

Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012

Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.net

Administrative Contact:
Strong Cloud Hosting
Domain Admin        (contact@strongcloudhosting.com)
PO Box 10188
#88657
Newark
New Jersey,71014
US
Tel. +973.7184005

Technical Contact:
Strong Cloud Hosting
Domain Admin        (contact@strongcloudhosting.com)
PO Box 10188
#88657
Newark
New Jersey,71014
US
Tel. +973.7184005

Billing Contact:
Strong Cloud Hosting
Domain Admin        (contact@strongcloudhosting.com)
PO Box 10188
#88657
Newark
New Jersey,71014
US
Tel. +973.7184005

According to contact information on strongcloudhosting.com:

(702) 666-0363

admin@strongcloudhosting.com
PO Box 29502 Las Vegas, NV 89126-9502

The same numbers from newbrandhosting.net and questionableoverthrow.com.

Posted on

Spammer Alert: newbrandhosting.net

This is another follow up to the post “Spammer Alert: milkcheesedns.com

We’ve received a report that NameCheap finally took notice of spam issue with milkcheesedns.com and suspended the domain. An anonymous tipster fowarded us the message from NameCheap:

Hello,

This is to inform you that milkcheesedns.com domain was suspended. It is now pointed to non-resolving nameservers and will be nullrouted once the propagation is over. The domain is locked for modifications in our system.

Thank you for letting us know about the issue.

We checked the whois information on the domain name and it showed the following:

Domain Name: MILKCHEESEDNS.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: BLOCKEDDUETOSPAM.PLEASECONTACTSUPPORT.COM
Name Server: DUMMYSECONDARY.PLEASECONTACTSUPPORT.COM
Status: clientTransferProhibited
Updated Date: 18-may-2012
Creation Date: 27-feb-2012
Expiration Date: 27-feb-2013

Just today, we’ve uncovered another domain name registered by the same spammer; newbrandhosting.net.

We were tipped off regarding the continuing email spam from nimbleloaf.com. In the body of the email, links to questionableoverthrow.com.

Whois information on questionableoverthrow.com:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: questionableoverthrow.com

Registrant Contact:

Technical Support ()

Fax:
PO Box 29502
Las Vegas, NV 89126
US

Administrative Contact:

Technical Support (domains@newbrandhosting.net)
+1.7026660363
Fax: +1.5555555555
PO Box 29502
Las Vegas, NV 89126
US

Technical Contact:

Technical Support (domains@newbrandhosting.net)
+1.7026660363
Fax: +1.5555555555
PO Box 29502
Las Vegas, NV 89126
US

Status: Locked

Name Servers:
ns1.grandfatherdns.com
ns2.grandfatherdns.com

Creation date: 10 May 2012 21:55:00
Expiration date: 10 May 2013 13:55:00

Note newbrandhosting.net email address and grandfatherdns.com name servers.

Whois information on grandfatherdns.com:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: grandfatherdns.com

Registrant Contact:
Rails On Hosting
Sys Admin ()

Fax:
PO Box 660675
Dallas, TX 75266-0675
US

Administrative Contact:
Rails On Hosting
Sys Admin (domains@railsonhosting.com)
+1.7026660363
Fax: +1.7026660363
PO Box 660675
Dallas, TX 75266-0675
US

Technical Contact:
Rails On Hosting
Sys Admin (domains@railsonhosting.com)
+1.7026660363
Fax: +1.7026660363
PO Box 660675
Dallas, TX 75266-0675
US

Status: Locked

Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
dns4.registrar-servers.com
dns5.registrar-servers.com

Creation date: 28 Feb 2012 00:17:00
Expiration date: 27 Feb 2013 16:17:00

Whois information on railsonhosting.com:

Domain Name: RAILSONHOSTING.COM

Registrant:
Rails On Hosting
Web Admin        (contact@railsonhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366

Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012

Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.net

Administrative Contact:
Rails On Hosting
Web Admin        (contact@railsonhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366

Technical Contact:
Rails On Hosting
Web Admin        (contact@railsonhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366

Billing Contact:
Rails On Hosting
Web Admin        (contact@railsonhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366

The phone number provided for railsonhosting.com is 404-671-9366. It is actually the phone number for DEEP GREEN Waste & Recycling, LLC.

On railsonhosting.com contact page, the contact information is provided as follow:

214-666-6081
PO Box 660675 Dallas, TX 75266-0675

The number 214-666-6081 can also be found at greyscalehost.com contact page.

The number 214-666-6081 actually goes to a voicemail to someone’s office.

Whois information on greyscalehost.com:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: greyscalehost.com

Registrant Contact:
Firstinline
System Administrator ()

Fax:
1608 S. Ashland Ave
Chicago, IL 60608
US

Administrative Contact:
Firstinline
System Administrator (domains@1stinlinehosting.com)
+1.3128782798
Fax: +1.3128782798
1608 S. Ashland Ave
Chicago, IL 60608
US

Technical Contact:
Firstinline
System Administrator (domains@1stinlinehosting.com)
+1.3128782798
Fax: +1.3128782798
1608 S. Ashland Ave
Chicago, IL 60608
US

Status: Locked

Name Servers:
ns2713.hostgator.com
ns2714.hostgator.com

Creation date: 06 Sep 2011 23:16:00
Expiration date: 06 Sep 2012 15:16:00

That’s not a surprise, it links back to 1stinlinehosting.com.

Whois information on newbrandhosting.net:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: newbrandhosting.net

Registrant Contact:
NewBrandHosting
George Mason ()

Fax:
PO Box 10188
#88657
Newark, NJ 71014
US

Administrative Contact:
NewBrandHosting
George Mason (domains@newbrandhosting.net)
+1.9737184005
Fax: +1.5555555555
PO Box 10188
#88657
Newark, NJ 71014
US

Technical Contact:
NewBrandHosting
George Mason (domains@newbrandhosting.net)
+1.9737184005
Fax: +1.5555555555
PO Box 10188
#88657
Newark, NJ 71014
US

Status: Locked

Name Servers:
NS1.JUSTHOST.COM
NS2.JUSTHOST.COM

Creation date: 17 Apr 2012 18:35:00
Expiration date: 17 Apr 2013 10:35:00

newbrandhosting.net is using justhost.com name servers.

As you can see, both newbrandhosting.net and questionableoverthrow.com have the same administrative email address; domains@newbrandhosting.net.
The phone number listed for questionableoverthrow.com is 702-666-0363; the same voice recording for 3rdcloudhosting.com, 1stinlinehosting.com, coomahosting.com and 5thavehost.com.

The phone number listed for newbrandhosting.net (973-718-4005) is actually a fax line, and registered to CMS Constructions.
This number is also used as phone number for 1stinlinehosting.com.

Domain Name: 1STINLINEHOSTING.COM

Registrant:
1st Inline Hosting
Domain Admin        (contact@1stinlinehosting.com)
PO Box 10188
#88657
Newark
New Jersey,71014
US
Tel. +973.7184005

Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012

Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.net

Similar Modus Operandi with coomahosting.com using 786-350-1567 that turns out to be a number for ADES Emergency locksmith.

Domain Name: COOMAHOSTING.COM

Registrant:
Cooma Hosting
Cooma Hosting        (admin@coomahosting.com)
PO Box 025250
#88657
Miami
Florida,33102
US
Tel. +786.3501567

Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012

Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.net

On newbrandhost.com, the contact phone number listed is 773-938-0601.
It goes straight to voicemail, the same voicemail system used for 5thavehost.com and 3rdcloudhosting.com phone number as listed in domain name registration (202-505-1004).

Whois information on 5thavehost.com:

Domain Name: 5THAVEHOST.COM

Registrant:
5th Ave Host
5th Ave Host        (web@5thavehost.com)
PO Box 3109
#88657
Houston
Texas,77253
US
Tel. +214.2969397

Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012

Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.net

Whois information on 5thavehost.com:

Domain Name: 3RDCLOUDHOSTING.COM

Registrant:
3rdcloudhosting
Domain Admin        (admin@3rdcloudhosting.com)
PO Box 3109
#88657
Houston
Texas,77253
US
Tel. +214.2969397

Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012

Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.net

Whois information on nimbleoaf.com (abbridged):

Domain name: nimbleloaf.com

Registrant Contact:
5thAveHosting
Domains Mgmt ()

Fax:
PO Box 96503
Washington, DC 20090
US

Administrative Contact:
5thAveHosting
Domains Mgmt (domains@5thavehost.com)
+1.3235270448
Fax: +1.3235270448
PO Box 96503
Washington, DC 20090
US

Contact phone number from the respective sites:
– 1stinlinehosting.com | 312-878-2798 | It is going to a voicemail system.
– coomahosting.com | 847-505-0848 | It is going to a voicemail system, and the voice is the same with the one for 1stinlinehosting.com.
– 5thavehost.com | 202-505-1004 | It is going to a voicemail system in one ring, no options to leave any messages.

Contact phone number for 5thavehost.com from “whois nimbleloaf.com” is 323-527-0448, which is registered to Robert McGee in Los Angeles. The first part of the message says:

“Thank you for calling 3rd cloud hosting.”

It is the same voice from the 1stinlinehosting.com and coomahosting.com.
It is also the same voice from (702) 666-0363; the phone number for domains@newbrandhosting.net from questionableoverthrow.com.

Posted on

Spammer Alert: 1stinLineHosting, Cooma Hosting and 5th Ave. Hosting.

Note:
We have opted not to add http links of the spammer domain names in this post. You can alway copy and paste the address to check them out.

Follow up to the post “Spammer Alert: milkcheesedns.com

Offending domain names registered by 5thavehost.com:

  • nimbleloaf.com
  • synergizeroom.com
  • statestructure.com
  • dynamicfrog.com

All four domain names above are using the following name servers:

ns1.mobilegroble.com
ns2.mobilegroble.com

mobilegroble.com is registered by coomahosting.com.

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: mobilegroble.com

Registrant Contact:
CoomaHosting
Domains Support ()

Fax:
PO Box 80333
Chicago, IL 60680-3338
US

Administrative Contact:
CoomaHosting
Domains Support (domains@coomahosting.com)
+1.8475050848
Fax: +1.5555555555
PO Box 80333
Chicago, IL 60680-3338
US

Technical Contact:
CoomaHosting
Domains Support (domains@coomahosting.com)
+1.8475050848
Fax: +1.5555555555
PO Box 80333
Chicago, IL 60680-3338
US

Status: Locked

Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
dns4.registrar-servers.com
dns5.registrar-servers.com

Creation date: 13 Apr 2012 00:25:00
Expiration date: 12 Apr 2013 16:25:00

Offending domain names registered by coomahosting.com:

  • marketexpertsextra.com
  • behavedetailsextra.com
  • adapttipslifetime.com
  • dancelifetimelifetime.com

The four domain name registered by coomahosting.com are also using mobilegroble.com name servers.

Then it gets more complicated. Spam emails that came from the domain names above are using different mail server as shown in the header. For example:

Received: from cowsbucketcast.org ([84.201.8.123])

There are tons of different domain names both used by 5thavehost.com and coomahosting.com, and they are registered by 1stinlinehosting.com.

  • cowsbucketcast.org
  • timehotwood.org
  • fatherbrakebushes.org
  • frogzephyrmint.com
  • boundarychannelbeam.net
  • snakeopiniongirl.net
  • cameraspadetoad.net
  • soundenginejoke.com
  • playgroundinstrumentlace.com
  • middlebraketongue.org
  • plotladybugreward.net
  • marketveilmatch.org
  • teethgood-byelumber.net
  • spadesunmeasure.org
  • yardwristgoose.net
  • northballoonpancake.org
  • lineboatscomfort.com
  • errorrainstormanger.org
  • laborerlibrarycough.org
  • yardwristgoose.net
  • raintrainbone.com
  • mlifeprogression.com

milkcheesedns.com has something to do with this spammer, for example:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: yardwristgoose.net

Registrant Contact:
1stinlinehost
Inline First ()

Fax:
1608 S. Ashland Ave.
Chicago, IL 60608
US

Administrative Contact:
1stinlinehost
Inline First (domains@1stinlinehosting.com)
+1.3128782798
Fax: +1.5555555555
1608 S. Ashland Ave.
Chicago, IL 60608
US

Technical Contact:
1stinlinehost
Inline First (domains@1stinlinehosting.com)
+1.3128782798
Fax: +1.5555555555
1608 S. Ashland Ave.
Chicago, IL 60608
US

Status: Locked

Name Servers:
ns1.milkcheesedns.com
ns2.milkcheesedns.com

Creation date: 01 Mar 2012 06:14:00
Expiration date: 28 Feb 2013 22:14:00

Note the name servers:

Name Servers:
ns1.milkcheesedns.com
ns2.milkcheesedns.com

whois milkcheesedns.com:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: milkcheesedns.com

Registrant Contact:
5th AVE Hosting
Trev Itamar ()

Fax:
PO Box 96503
Washington, DC 20090
US

Administrative Contact:
5th AVE Hosting
Trev Itamar (domains@5thavehost.com)
+1.3235270448
Fax: +1.3235270448
PO Box 96503
Washington, DC 20090
US

Technical Contact:
5th AVE Hosting
Trev Itamar (domains@5thavehost.com)
+1.3235270448
Fax: +1.3235270448
PO Box 96503
Washington, DC 20090
US

Status: Locked

Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
dns4.registrar-servers.com
dns5.registrar-servers.com

Creation date: 28 Feb 2012 00:07:00
Expiration date: 27 Feb 2013 16:07:00

It goes back to 5thavehost.com.

UPDATE:

5thavehost.com also registers:

  • beaverguineafowl.com
  • deskactions.info
  • appointfrightfullyvainly.com
  • structureshare.com
  • riflemilk.com
  • organizationcommand.com
  • oryxgiraffe.com
  • castlovinglyblissfully.com
  • relationfire.com
  • measureoriginate.com
  • ratseahorse.com
  • nightstemgatekeeper.info
  • menbandwidth.info
  • chancelookhorizontal.info
  • massnegotiate.com
  • butterflykudu.com
  • TinUserCentric.info
  • cattleplatypus.com
  • waterbuffalowren.com
  • dogfishchamois.com
  • ChurchDrillDown.info
  • CoreExcellence7086.info
  • TouchBaseEvolve8179.info
  • CrushBeliefSimplify.info
  • AppleBenchmark.info
  • locketfade.com
  • armyart.info
  • sealjaguar.com
  • holistichighlight1028.info
  • softlycallout22.info
  • structureshare.com
  • locketfade.com
  • good-byeeventparadigmshift.info
  • constraintsleverage2433.info
  • meerkatcoyote.com
  • talkrespectsustainable.info
  • covershockvalueadded.info
  • micepositivemomentum.info
  • goosekangaroo.com
  • armysynergistically.info
  • siloprocessmanagement5599.info
  • fancompensation.info
  • respectpicklegametheory.info
  • metricsmilestonesmatureonboarding7716.info
  • thingspressures.info
  • curtainrightsize.info
  • questioninglyusercentric71.info
  • manscalable.info
  • systemthoughtful.info
  • veincowstreadlightly.info
  • fogmonthconstraints.info
  • starfanmatrixorganization.info
  • thrilltablethat.info
  • generatepressures7282.info
  • windowbuttonstate.info
  • governorrevenuegrowth.info
  • ironpartner.info
  • yamcallout.info
  • controlministerincome.info
  • digestionhospitalfoster.info
  • drumcustomercentric.info
  • substancemastery.info
  • mapassessment.info
  • loudlycorevalues52.info
  • loftilyprocessmanagement20.info
  • coachgovernance4307.info
  • sadlyrecommendation23.info
  • parentprocess.info
  • tacklemastery9217.info
  • innovativeactions2319.info
  • integrateimplement9802.info
  • serviceenvironmentgolden8482.info
  • downsizeexecute7598.info
  • ideatecouch7251.info
  • partnergolden6939.info
  • outcomessynergy9448.info
  • teamworkadvantage1073.info
  • verticalidea5460.info
  • granularsilo7326.info

The domain names in this group are using professdns.com as name server.

Name Server: NS1.PROFESSDNS.COM
Name Server: NS2.PROFESSDNS.COM

/UPDATE

It is clear that 5thavehost.com, 1stinlinehosting.com and coomahosting.com are run by the same individual or individuals.

Contact phone numbers based on whois information on each domain:

  • 1stinlinehosting.com | 973-718-4005 | It turns out to b e a fax line.
  • 5thavehost.com |214-296- 9397 | It turns out to be a fax line.
  • coomahosting.com | 786-350-1567 | It turns out to be a number for ADES Emergency locksmith.
    The same phone number is also used to register other domain names with email fifithave@gmail.com. All sampled domain names registered to this email address already expired or terminated.

Contact phone number from the respective sites:

  • 1stinlinehosting.com | 312-878-2798 | It is going to a voicemail system.
  • coomahosting.com | 847-505-0848 | It is going to a voicemail system, and the voice is the same with the one for 1stinlinehosting.com.
  • 5thavehost.com | 202-505-1004 | It is going to a voicemail system in one ring, no options to leave any messages.

Contact phone number for 5thavehost.com from “whois nimbleloaf.com” is 323-527-0448, which is registered to Robert McGee in Los Angeles. The first part of the message says:

“Thank you for calling 3rd cloud hosting.”

It is the same voice from the 1stinlinehosting.com and coomahosting.com!

There is 3rdcloudhosting.com, and whois provide the following information:

Registration Service Provided By: PLANET ONLINE
Contact: +1.8887654932
Website: http://www.planetonline.net

Domain Name: 3RDCLOUDHOSTING.COM

Registrant:
3rdcloudhosting
Domain Admin        (admin@3rdcloudhosting.com)
PO Box 3109
#88657
Houston
Texas,77253
US
Tel. +214.2969397

Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012

Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.net

That number 214-296-9397 is the same number listed in 5thavehost.com whois information.

It is clear that all four domain names are related and likely run by the same individual. Who is this Robert McGee person, the name registered to 323-527-0448?

If you’re receiving spam email from the domains listed in this post or somehow related to 1stinlinehosting.com, coomahosting.com and 5thavehost.com; please let us know. Don’t forget to report the spam to:

Do run whois query to find out more about the domain name registration.

Close

Ad-blocker not detected

Please consider installing Ad-blocker such as uBlock Origin.

On computers, please consider browsing the web using Mozilla Firefox with uBlock Origin.