Tag: Security

Posted on

Spammer Alert: leecheryl182@gmail.com

We received another tip from readers about a particular spammer related to hefallsintothe.com. The admin contact of the domain name is leecheryl182@gmail.com. The domain name hefallsintothe.com is using ns1.insulationfromtheelements.com and ns2.insulationfromtheelements.com

The domain names are registered through namecheap.com.

whois hefallsintothe.com:

Administrative Contact:

Web Master (leecheryl182@gmail.com)
+1.7734130857
Fax:
616 Corporate Way
Suite 2
Valley College, NY 10989
US

Creation date: 19 Mar 2013 19:06:00
Expiration date: 19 Mar 2014 11:06:00

whois insulationfromtheelements.com:

Administrative Contact:
Brightness Partners
Network Admin (dns@brightnesspartners.com)
+1.8004094960
Fax: +1.5555555555
6321 W Dempster St
Suite 161
Morton Grove, IL 60053
US

Creation date: 19 Mar 2013 20:53:00
Expiration date: 19 Mar 2014 12:53:00

Whois brightnesspartners.com:

Administrative Contact:
Brightness Partners
Network Admin (dns@brightnesspartners.com)
+1.8004094960
Fax: +1.5555555555
6321 W Dempster St
Suite 161
Morton Grove, IL 60053
US

Creation date: 19 Mar 2013 20:36:00
Expiration date: 19 Mar 2014 12:36:00

Partial list of domain names related to dns@brightnesspartners.com:

  • aboveallcanacquire.com
  • allusefulhasthe.com
  • andhopetoobtain.com
  • artitselfbythe.com
  • brightnesspartners.com
  • colouringheshouldlodge.com
  • conductothersashaving.com
  • eminencebyothermeans.com
  • frivolouspursuitscapacityto.com
  • ifhewasallowed.com
  • ifoneactexcluded.com
  • ihaveseenalso.com
  • insulationfromtheelements.com
  • inthedrudgeryof.com
  • isalwaysathand.com
  • isbrilliantthanwith.com
  • ithasbeenso.com
  • itmaybetaken.com
  • managedoftenshortensthe.com
  • maneminentforhis.com
  • momentthepracticeof.com
  • ofagreatdegree.com
  • ofthealphabetif.com
  • onlybeopposedby.com
  • thatidealexcellencewhich.com

 

Partial list of domain names with leecheryl182@gmail.com as admin contacts:

  • anypurposewhohave.com
  • arrivedattheirutmost.com
  • artwhichhemust.com
  • bettercoursehavelong.com
  • bystudyingtheseauthentic.com
  • cannotdobetterthan.com
  • easeandreadinessto.com
  • farastheyshall.com
  • faultifourprogress.com
  • formedinitwhich.com
  • fromthosewhohave.com
  • gratitudeinouracademy.com
  • intheirpupilsprobably.com
  • inventontheirmethod.com
  • itnearthemodel.com
  • itrequiresnoeffort.com
  • leastcontributetoyour.com
  • makesnopretensionsto.com
  • mannerofhandlingemulation.com
  • politebeendoneby.com
  • resultofnaturalpowers.com
  • studenthassucceededin.com
  • studentssooftendisappoint.com
  • tocollectsubjectsfor.com
  • whichnaturehasbeen.com

spam-stamp

Posted on

Spammer Alert: the connection between x-celerated.com and 1stinlinehosting.com

A comment from a reader prompted us to revisit an older post on a spammer with domain name 1stinlinehosting.com. It is apparent that the same spammer also operates x-celerated.com. We should have realized that sooner.

The domain name submitted by reader is mlifeprogression.com and whois information shows the mailing address:

1608 S. Ashland Ave
Chicago, Illinois 6O608

The very same address of a mailbox service used by a possibly fictional Tom Slater of x-celerated.com.

mlifeprogression

If you want to fight the spammers back, consider the followings:

We thank our readers for their contributions.

Posted on

A thing or two to know about two-step verification for Apple ID

On Thursday March 21, 2013 Apple enabled Two-Step Verification for Apple ID.

Two-step verification is an optional security feature for your Apple ID. It requires you to verify your identity using one of your devices before you can:

  • Sign in to My Apple ID to manage your account.
  • Make an iTunes, App Store, or iBookstore purchase from a new device.
  • Get Apple ID-related support from Apple.

HT5570_01-icloud-2stepfaq-001-en

In addition to the Frequently asked questions about two-step verification for Apple ID, there are a few things we found:

  • One phone number can be authenticated to multiple Apple ID two-step verification.
  • Not all SMS-capable phone number can be used, such as Google Voice number and Skype.
    Apple has listed supported carriers for SMS and two-step verification.
  • When verification code sent to an passcode-protected iOS device, user must unlock the device first before the code to be displayed.
    IMG_1668
  • When verification code sent through SMS to a passcode-protected iPhone, the SMS content might be shown depends on the notification setting.
    IMG_1674
  • Nexus 4 running Android 4.2.2 Jelly Bean does not display SMS content when it is passcode-protected (including face-unlock and pattern-unlock).
    Screenshot_2013-03-21-23-21-26

Apple was expected to beef up Apple ID security after the epic hacking of Mat Honan’s Apple ID and Amazon Account.

Posted on

Spammer Alert: x-celerated.com

UPDATE 4:
This spammer also related to wreese2013@hotmail.com.
The first spam reported to us is coming from ldirect.us domain
Definitely related to thegrapekiwi@gmail.com.
The phone number given as administrative contact 1.5037469135 seems to be used a lot for spam domain names.

UPDATE 3:
This spammer is also related to thegrapekiwi@gmail.com which is in the Register of Known Spam Operation (ROKSO).
Source: The Spamhaus Project

UPDATE 2:
Also related with Xcelerate

cherwo.co.uk (Registered on: 21-Mar-2013)

Domain name:
cherwo.co.uk

Registrant:
EvoMedia

Registrant type:
Non-UK Corporation

Registrant’s address:
PO Box 025250 #52990
Miami
FL
33102
United States

Registrar:
eNom, Inc. [Tag = ENOM]
URL: http://www.enom.com

UPDATE:
Based on recent findings, tslater@x-celerated.com spammer is related to admin@sevenquest.com spammer.

We’ve been getting requests to investigate a particular round of spam emails a few weeks ago. The spam seems to be using domain names with the same registration information.

Administrative Contact:
Xcelerate
Tom Slater (tslater@x-celerated.com)
+1.7733288013
Fax: +1.5555555555
1608 S. Ashland Ave
Chicago, IL 60608
US

Partial list of domains registered with email tslater@x-celerated.com through enom.com / namecheap.com:

  • abovearrange.co.uk (Registered on: 27-Dec-2012)
  • acceptgrand.com (creation date: 06-mar-2013)
  • acceptjust.com (creation date: 14-mar-2013)
  • acceptmatter.com (creation date: 14-mar-2013)
  • alongsidethrough.co.uk (registered on: 18-Mar-2013)
  • appledefine.co.uk (Registered on: 27-Dec-2012)
  • behindbelow.co.uk (registered on 18-Mar-2013)
  • buyseem.com (creation date: 21-feb-2013)
  • consideringplus.co.uk (registered on: 18-Mar-2013)
  • dowould.com (creation date: 15-mar-2013)
  • fixuntil.com (creation date: 14-mar-2013)
  • drawnegotiate.co.uk (Registered on: 27-Dec-2012)
  • eitherthose.co.uk (Registered on: 07-Mar-2013)
  • excludingdown.co.uk (registered on 18-Mar-2013)
  • explainlist.com (creation date: 18-mar-2013)
  • findgive.com (creation date: 14-mar-2013) *BLOCKED DUE TO SPAM*
  • fixuntil.com (creation date: 14-mar-2013)
  • insuredegree.net (creation date: 11-mar-2013)
  • measureease.co.uk (registered on: 16-mar-2013)
  • mindget.net (creation date: 11-dec-2012)
  • needwith.com (creation date: 13-mar-2013)
  • organiseevent.us (Domain Registration Date: Oct-10-2012)
  • readeach.com (creation date: 15-mar-2013)
  • sandez.co.uk (registered on: 21-mar-2013)
  • sellstill.com (creation date: 13-mar-2013) *BLOCKED DUE TO SPAM*
  • startenough.co.uk ( Registered on: 09-Mar-2013)
  • studybehind.co.uk (Registered on: 30-Dec-2012)
  • succeedthe.co.uk (Registered on: 03-Mar-2013)
  • talkterm.com (creation date: 15-mar-2013)
  • teachthree.com (creation date: 13-mar-2013)
  • telloffice.com (creation date: 06-mar-2013)
  • usealways.co.uk  (Registered on: 03-Mar-2013)
  • userepeat.co.uk (Registered on: 30-Dec-2012)
  • yourher.co.uk (Registered on: 07-Mar-2013)
  • returning-home.info (expired)
  • iseaadapt.com (expired)
  • actrevise.com (expired)
  • adaptpoint.com (expired)

The domain x-celerated.com was registered through DreamHost:

Registrant Contact:
x-celerated.com Private Registrant x-celerated.com@proxy.dreamhost.com
A Happy DreamHost Customer
417 Associated Rd #324
Brea, CA 92821
US
+1.7147064182

x-celerated

We informed DreamHost of our findings on x-celerated.com, and we received a reply:

Unfortunately, we provide neither hosting services, nor email services, for any of these domains. The same is true for x-celerated.com, for which we are only the
registrar.

We looked into the address of Xcelerate’s Tom Slater. It is a mailbox service by Earth Class Mail in Chicago.

A Virtual Presence In Chicago
Street and PO Box addresses available:

Street Address
1608 S Ashland Ave.
Chicago, Illinois 60608-2013
Just $14.95 per month in addition to Monthly subscription fees
Will-call pickup not available

PO Box
PO Box 803338
Chicago, IL 60680-3338
Included in your monthly subscription fee

We cross referenced the phone number 773-328-8013 and the addresses from Earth Class Mail. We found a domain using Earth Class Mail service and the phone number 773-328-8013.

Administrative Contact:
TruTech
Mike Young (admin@techtru.com)
+1.7733288013
Fax: +1.7733288013
PO Box 803338
Chicago, IL 60680
US

The domain techtru.com was registered through enom.com / namecheap.com on August 27, 2012.

We called the number 773-328-8013 and we got the automated voicemail:

You’ve been forwarded to the voicemail for *text to speech voice* “xcelerate”.

It seems that Xcelerate is a shell company for the spammer to hide behind.

Spoofing the sender’s email address can be done. In this case Xcelerate / x-celerated.com is highly likely to be involved. Consider the following patterns:

  • The Domain Names are registered through enom.com / namecheap.com
  • Each Domain Name is composed of two English dictionary words that seemed to be randomly chosen
  • Registration info of the Domain Names are the same
  • The Domain Names are recently registered / created
  • The voicemail for 773-328-8013 mentions “Xcelerate”

If you would like to fight these spammer, use services like SpamCop.net and report them. SpamCop.net provides free service; we encourage you to subscribe to their service for a nominal fee. After all, they are providing a great service.

——-

Disclaimer:
We use SpamCop.net service.

Posted on

SpywareBlaster 5

SpywareBlaster 5 was released on March 1, 2013. Head out to BrightFort.com to download the latest version of SpywareBlaster. I do recommend people to get the Auto Update, for a small fee to support the developer.

Glad to know BrightFort (formerly JavaCoolSoftware) no longer distributes SpywareBlaster through download.com.

SpywareBlaster 5