Tag: FTC

Posted on

Spammer Alert: 1stinLineHosting, Cooma Hosting and 5th Ave. Hosting.

Note:
We have opted not to add http links of the spammer domain names in this post. You can alway copy and paste the address to check them out.

Follow up to the post “Spammer Alert: milkcheesedns.com

Offending domain names registered by 5thavehost.com:

  • nimbleloaf.com
  • synergizeroom.com
  • statestructure.com
  • dynamicfrog.com

All four domain names above are using the following name servers:

ns1.mobilegroble.com
ns2.mobilegroble.com

mobilegroble.com is registered by coomahosting.com.

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: mobilegroble.com

Registrant Contact:
CoomaHosting
Domains Support ()

Fax:
PO Box 80333
Chicago, IL 60680-3338
US

Administrative Contact:
CoomaHosting
Domains Support (domains@coomahosting.com)
+1.8475050848
Fax: +1.5555555555
PO Box 80333
Chicago, IL 60680-3338
US

Technical Contact:
CoomaHosting
Domains Support (domains@coomahosting.com)
+1.8475050848
Fax: +1.5555555555
PO Box 80333
Chicago, IL 60680-3338
US

Status: Locked

Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
dns4.registrar-servers.com
dns5.registrar-servers.com

Creation date: 13 Apr 2012 00:25:00
Expiration date: 12 Apr 2013 16:25:00

Offending domain names registered by coomahosting.com:

  • marketexpertsextra.com
  • behavedetailsextra.com
  • adapttipslifetime.com
  • dancelifetimelifetime.com

The four domain name registered by coomahosting.com are also using mobilegroble.com name servers.

Then it gets more complicated. Spam emails that came from the domain names above are using different mail server as shown in the header. For example:

Received: from cowsbucketcast.org ([84.201.8.123])

There are tons of different domain names both used by 5thavehost.com and coomahosting.com, and they are registered by 1stinlinehosting.com.

  • cowsbucketcast.org
  • timehotwood.org
  • fatherbrakebushes.org
  • frogzephyrmint.com
  • boundarychannelbeam.net
  • snakeopiniongirl.net
  • cameraspadetoad.net
  • soundenginejoke.com
  • playgroundinstrumentlace.com
  • middlebraketongue.org
  • plotladybugreward.net
  • marketveilmatch.org
  • teethgood-byelumber.net
  • spadesunmeasure.org
  • yardwristgoose.net
  • northballoonpancake.org
  • lineboatscomfort.com
  • errorrainstormanger.org
  • laborerlibrarycough.org
  • yardwristgoose.net
  • raintrainbone.com
  • mlifeprogression.com

milkcheesedns.com has something to do with this spammer, for example:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: yardwristgoose.net

Registrant Contact:
1stinlinehost
Inline First ()

Fax:
1608 S. Ashland Ave.
Chicago, IL 60608
US

Administrative Contact:
1stinlinehost
Inline First (domains@1stinlinehosting.com)
+1.3128782798
Fax: +1.5555555555
1608 S. Ashland Ave.
Chicago, IL 60608
US

Technical Contact:
1stinlinehost
Inline First (domains@1stinlinehosting.com)
+1.3128782798
Fax: +1.5555555555
1608 S. Ashland Ave.
Chicago, IL 60608
US

Status: Locked

Name Servers:
ns1.milkcheesedns.com
ns2.milkcheesedns.com

Creation date: 01 Mar 2012 06:14:00
Expiration date: 28 Feb 2013 22:14:00

Note the name servers:

Name Servers:
ns1.milkcheesedns.com
ns2.milkcheesedns.com

whois milkcheesedns.com:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: milkcheesedns.com

Registrant Contact:
5th AVE Hosting
Trev Itamar ()

Fax:
PO Box 96503
Washington, DC 20090
US

Administrative Contact:
5th AVE Hosting
Trev Itamar (domains@5thavehost.com)
+1.3235270448
Fax: +1.3235270448
PO Box 96503
Washington, DC 20090
US

Technical Contact:
5th AVE Hosting
Trev Itamar (domains@5thavehost.com)
+1.3235270448
Fax: +1.3235270448
PO Box 96503
Washington, DC 20090
US

Status: Locked

Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
dns4.registrar-servers.com
dns5.registrar-servers.com

Creation date: 28 Feb 2012 00:07:00
Expiration date: 27 Feb 2013 16:07:00

It goes back to 5thavehost.com.

UPDATE:

5thavehost.com also registers:

  • beaverguineafowl.com
  • deskactions.info
  • appointfrightfullyvainly.com
  • structureshare.com
  • riflemilk.com
  • organizationcommand.com
  • oryxgiraffe.com
  • castlovinglyblissfully.com
  • relationfire.com
  • measureoriginate.com
  • ratseahorse.com
  • nightstemgatekeeper.info
  • menbandwidth.info
  • chancelookhorizontal.info
  • massnegotiate.com
  • butterflykudu.com
  • TinUserCentric.info
  • cattleplatypus.com
  • waterbuffalowren.com
  • dogfishchamois.com
  • ChurchDrillDown.info
  • CoreExcellence7086.info
  • TouchBaseEvolve8179.info
  • CrushBeliefSimplify.info
  • AppleBenchmark.info
  • locketfade.com
  • armyart.info
  • sealjaguar.com
  • holistichighlight1028.info
  • softlycallout22.info
  • structureshare.com
  • locketfade.com
  • good-byeeventparadigmshift.info
  • constraintsleverage2433.info
  • meerkatcoyote.com
  • talkrespectsustainable.info
  • covershockvalueadded.info
  • micepositivemomentum.info
  • goosekangaroo.com
  • armysynergistically.info
  • siloprocessmanagement5599.info
  • fancompensation.info
  • respectpicklegametheory.info
  • metricsmilestonesmatureonboarding7716.info
  • thingspressures.info
  • curtainrightsize.info
  • questioninglyusercentric71.info
  • manscalable.info
  • systemthoughtful.info
  • veincowstreadlightly.info
  • fogmonthconstraints.info
  • starfanmatrixorganization.info
  • thrilltablethat.info
  • generatepressures7282.info
  • windowbuttonstate.info
  • governorrevenuegrowth.info
  • ironpartner.info
  • yamcallout.info
  • controlministerincome.info
  • digestionhospitalfoster.info
  • drumcustomercentric.info
  • substancemastery.info
  • mapassessment.info
  • loudlycorevalues52.info
  • loftilyprocessmanagement20.info
  • coachgovernance4307.info
  • sadlyrecommendation23.info
  • parentprocess.info
  • tacklemastery9217.info
  • innovativeactions2319.info
  • integrateimplement9802.info
  • serviceenvironmentgolden8482.info
  • downsizeexecute7598.info
  • ideatecouch7251.info
  • partnergolden6939.info
  • outcomessynergy9448.info
  • teamworkadvantage1073.info
  • verticalidea5460.info
  • granularsilo7326.info

The domain names in this group are using professdns.com as name server.

Name Server: NS1.PROFESSDNS.COM
Name Server: NS2.PROFESSDNS.COM

/UPDATE

It is clear that 5thavehost.com, 1stinlinehosting.com and coomahosting.com are run by the same individual or individuals.

Contact phone numbers based on whois information on each domain:

  • 1stinlinehosting.com | 973-718-4005 | It turns out to b e a fax line.
  • 5thavehost.com |214-296- 9397 | It turns out to be a fax line.
  • coomahosting.com | 786-350-1567 | It turns out to be a number for ADES Emergency locksmith.
    The same phone number is also used to register other domain names with email fifithave@gmail.com. All sampled domain names registered to this email address already expired or terminated.

Contact phone number from the respective sites:

  • 1stinlinehosting.com | 312-878-2798 | It is going to a voicemail system.
  • coomahosting.com | 847-505-0848 | It is going to a voicemail system, and the voice is the same with the one for 1stinlinehosting.com.
  • 5thavehost.com | 202-505-1004 | It is going to a voicemail system in one ring, no options to leave any messages.

Contact phone number for 5thavehost.com from “whois nimbleloaf.com” is 323-527-0448, which is registered to Robert McGee in Los Angeles. The first part of the message says:

“Thank you for calling 3rd cloud hosting.”

It is the same voice from the 1stinlinehosting.com and coomahosting.com!

There is 3rdcloudhosting.com, and whois provide the following information:

Registration Service Provided By: PLANET ONLINE
Contact: +1.8887654932
Website: http://www.planetonline.net

Domain Name: 3RDCLOUDHOSTING.COM

Registrant:
3rdcloudhosting
Domain Admin        (admin@3rdcloudhosting.com)
PO Box 3109
#88657
Houston
Texas,77253
US
Tel. +214.2969397

Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012

Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.net

That number 214-296-9397 is the same number listed in 5thavehost.com whois information.

It is clear that all four domain names are related and likely run by the same individual. Who is this Robert McGee person, the name registered to 323-527-0448?

If you’re receiving spam email from the domains listed in this post or somehow related to 1stinlinehosting.com, coomahosting.com and 5thavehost.com; please let us know. Don’t forget to report the spam to:

Do run whois query to find out more about the domain name registration.

Posted on

Spammer Alert: sallara.com

A spammer from sallara.com responsible for wave of spam emails using numbers of domain names.

sallara.com is registered through enom.com. Don’t even bother complaining to enom.com through their Abuse Policy page, because it always return an error page. Many domains used by spammers are registered through enom.com.

Domain name: sallara.com

Registrant Contact:
Sallara
Philip Stensor ()

Fax:
POBox: 15500 SW Jay Street #38743
Beaverton, OR 97006
US

Administrative Contact:
Sallara
Philip Stensor (admin@sallara.com)
+1.5033038404
Fax: +1.5555555555
POBox: 15500 SW Jay Street #38743
Beaverton, OR 97006
US

Technical Contact:
Sallara
Philip Stensor (admin@sallara.com)
+1.5033038404
Fax: +1.5555555555
POBox: 15500 SW Jay Street #38743
Beaverton, OR 97006
US

Status: Locked

Name Servers:
ns1.sallara.com
ns2.sallara.com

Creation date: 30 Jun 2011 03:41:00
Expiration date: 29 Jun 2012 22:41:00

Recent domains registered by Phillip Stensor of Sallara:

  • indongy.net
  • gospodg.info
  • reavel.info
  • driftsm.com
  • cativeta.com
  • dauphon.net
  • arellari.net
  • parlined.net

The name Phillip Stensor is most likely a pseudonym.

File complaints to FTC: https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en for the violation of CAN-SPAM Act.

Posted on

Spammer Alert: superdooperdeals.com

Readers sent us a few info about new round of spam from superdooperdeals.com. Do not give them your email addresses with hope you’d be unsubscribed from their spam bombardments. superdooperdeals.com site includes some fake testimonials that don’t even make any sense.

Whois info on superdooperdeals.com:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: Superdooperdeals.com

Registrant Contact:
SuperDooperDeals
Liam Carroll ()

Fax:
15500 SW Jay Street #38743
Beaverton, OR 97006
US

Administrative Contact:
SuperDooperDeals
Liam Carroll (liam@superdooperdeals.com)
+1.5033038404
Fax: +1.5555555555
15500 SW Jay Street #38743
Beaverton, OR 97006
US

Technical Contact:
SuperDooperDeals
Liam Carroll (liam@superdooperdeals.com)
+1.5033038404
Fax: +1.5555555555
15500 SW Jay Street #38743
Beaverton, OR 97006
US

Status: Locked

Name Servers:
ns1.superdooperdeals.com
ns2.superdooperdeals.com

Creation date: 23 Mar 2011 03:15:00
Expiration date: 22 Mar 2012 22:15:00

Other Domain Registered by superdooperdeals.com:

  • bingolikey.com
  • carz-online.com
  • luxuryhosting.net
  • yourkeywords.net
  • we-mean-business.org
  • playwithusdaily.com

We will add more info whenever we get them.

eNom and namecheap are the DNS Registrar that superdooperdeal.com uses, but they are willing to resolve the issue.

This is a sample of namecheap.com reply to the complaints:

Hello,

Thank you for your email regarding researchsneeze.info domain name. The domain that you reported is registered with NameCheap but hosted with another company. Please contact the hosting company for help with investigating the incident of spam. You will need to forward entire email with full headers to them. Here are contact details of the company that owns IP address assigned to the domain:

http://who.is/whois-ip/108.60.156.10/
——————–
Regards,
Marta K.
Customer Support

http://whois.arin.net/rest/nets;q=108.60.156.10?showDetails=true&showARIN=false

Other good and responsible DNS Registrars would take the complaints seriously and actually do something to disable the offending domains.

File complaints to FTC: https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en for the violation of CAN-SPAM Act.

Posted on

Spammer Alert: Updates on Agile Media.

Readers sent in a few info regarding Agile Media who has been sending out email spam. Agile Media has registered numerous domain names through moniker.com. If you are victims of Agile Media CAN-SPAM Act violation, please:

From namecheap.com:

Please note that the domain agilemediagroup.net was suspended due to Spamhaus report and it is currently in clientHold status, which prevents any host records from resolving. Email agilereg@agilemediagroup.net cannot be working because of the suspension.

That is one good news, but the spam is still coming. Even though agilemediagroup.net is currently suspended, they have already registered numerous domain names prior to the suspension.

Numerous readers mentioned that they are still getting email spam from linda@eternityme.com.

Domain Name: ETERNITYME.COM
Registrar: MONIKER

Registrant [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US

Administrative Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Billing Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Technical Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Domain servers in listed order:

NS1.DNSMEE.COM         67.137.88.4
NS2.DNSMEE.COM         67.137.88.5

Record created on:        2011-04-01 11:31:22.0
Database last updated on: 2011-04-01 11:35:16.47
Domain Expires on:        2012-04-01 11:31:22.0

From an email header submitted by readers:

Received: from eternityme.com ([204.45.211.122])

Agile Media is still operating pretzelxo.net ([67.137.88.100])

Domain Name: FANGEDME.COM
Registrar: MONIKER

Registrant [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US

Administrative Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Billing Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Technical Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Domain servers in listed order:

NS1.DNSMEE.COM         67.137.88.4
NS2.DNSMEE.COM         67.137.88.5

Record created on:        2011-03-31 11:53:13.0
Database last updated on: 2011-04-01 11:35:17.86
Domain Expires on:        2012-03-31 11:53:14.0

Agile Media owns and operates DNSMEE.COM ([208.73.210.48])

Domain Name: DNSMEE.COM
Registrar: MONIKER

Registrant [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US

Administrative Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Billing Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Technical Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Domain servers in listed order:

NS1.MONIKERDNS.NET         208.73.210.41
NS2.MONIKERDNS.NET         208.73.211.42
NS3.MONIKERDNS.NET         208.73.210.43
NS4.MONIKERDNS.NET         208.73.211.44

Record created on:        2011-04-01 11:20:10.0
Database last updated on: 2011-04-01 11:26:11.997
Domain Expires on:        2012-04-01 11:20:11.0

If you have any informations related to Agile Media, please let us know.

 

Posted on

Spammer Alert: Agile Media Group.

A few people has informed us about spam emails from Agile Media through numbers of domain names.

For example:

All four domains above are registered by Agile Media Group through moniker.com.

Registrar: MONIKER

Registrant [3200836]:
Agile Media agilemedia@yahoo.com
427 N Tatnall St #96335
Wilmington
DE
19801
US

Administrative Contact [3200836]:
Agile Media agilemedia@yahoo.com
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Billing Contact [3200836]:
Agile Media agilemedia@yahoo.com
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Technical Contact [3200836]:
Agile Media agilemedia@yahoo.com
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

If you would like to file complaints:

If you have received spam email originating from Agile Media Group? Check the whois information on the domain name.