Tag: Spam

Posted on

Despicable Scammers

Isn’t it obvious that scammers are unscrupulous?

Latest round of Penny Stock Spams includes lines about the possible U.S. attack on Syria.

Are you interested in enriching yourself by means of war? It`s
right time to realize your plans!!! As soon as the military attack
Syria, oil prices will rise as well as *redacted* share price. Start making cash on September 2nd, buy *redacted* shares!

 

Do you wish to cash in on armed conflicts? It`s right time to do
it!!! Just as the first bombs get to the earth in Syria, stone
oil prices will skyrocket the same as *redacted* stock price!!! Go make profits on September, 02, buy *redacted* shares.

 

Do you want to make a mint of money due to war? It`s right time to
do it! As soon as the US takes military action against Syria, oil
prices will rise as well as *redacted* share price.
Begin earning $$$ on Monday, September 02, purchase *redacted* shares.

 

Do you wish to cash in on armed conflicts? It`s the very time to make
it!!! As soon as the US takes military action against Syria, oil
prices will rise as well as *redacted* share
price. Begin earning $$$ on Monday, Sep 02, purchase *redacted* shares!

Penny Stock Scam Syria

spam-stamp

Posted on

Phishing Alert: Google Apps Edition

There has been a lot of Phishing email for the past week and this one pretending to be coming from Google Apps.

Should you be receiving this type of phishing email, do not click on the link under any circumstances.

You can:

Phishing Spam Google Apps

Posted on

Tasteless and Despicable

Let me start by saying that spammers are despicable and tasteless, especially when they’re exploiting a tragedy such as the explosions at the Boston Marathon.

Spammers who want to spread malware are sinking to another low. Numbers of readers told us they’ve been getting spam with subjects contain: “explosion at Boston Marathon”

despicable-spam-boston-marathon-explosion

despicable-spam-boston-marathon-explosion-2

The from addresses are blanked out because it might be used as identifier by the spammers.

One of the addresses has been flagged by Google that it “may harm your computer.”

fake-boston-marathon-explosion-news

Posted on

Spammer Alert: leecheryl182@gmail.com

We received another tip from readers about a particular spammer related to hefallsintothe.com. The admin contact of the domain name is leecheryl182@gmail.com. The domain name hefallsintothe.com is using ns1.insulationfromtheelements.com and ns2.insulationfromtheelements.com

The domain names are registered through namecheap.com.

whois hefallsintothe.com:

Administrative Contact:

Web Master (leecheryl182@gmail.com)
+1.7734130857
Fax:
616 Corporate Way
Suite 2
Valley College, NY 10989
US

Creation date: 19 Mar 2013 19:06:00
Expiration date: 19 Mar 2014 11:06:00

whois insulationfromtheelements.com:

Administrative Contact:
Brightness Partners
Network Admin (dns@brightnesspartners.com)
+1.8004094960
Fax: +1.5555555555
6321 W Dempster St
Suite 161
Morton Grove, IL 60053
US

Creation date: 19 Mar 2013 20:53:00
Expiration date: 19 Mar 2014 12:53:00

Whois brightnesspartners.com:

Administrative Contact:
Brightness Partners
Network Admin (dns@brightnesspartners.com)
+1.8004094960
Fax: +1.5555555555
6321 W Dempster St
Suite 161
Morton Grove, IL 60053
US

Creation date: 19 Mar 2013 20:36:00
Expiration date: 19 Mar 2014 12:36:00

Partial list of domain names related to dns@brightnesspartners.com:

  • aboveallcanacquire.com
  • allusefulhasthe.com
  • andhopetoobtain.com
  • artitselfbythe.com
  • brightnesspartners.com
  • colouringheshouldlodge.com
  • conductothersashaving.com
  • eminencebyothermeans.com
  • frivolouspursuitscapacityto.com
  • ifhewasallowed.com
  • ifoneactexcluded.com
  • ihaveseenalso.com
  • insulationfromtheelements.com
  • inthedrudgeryof.com
  • isalwaysathand.com
  • isbrilliantthanwith.com
  • ithasbeenso.com
  • itmaybetaken.com
  • managedoftenshortensthe.com
  • maneminentforhis.com
  • momentthepracticeof.com
  • ofagreatdegree.com
  • ofthealphabetif.com
  • onlybeopposedby.com
  • thatidealexcellencewhich.com

 

Partial list of domain names with leecheryl182@gmail.com as admin contacts:

  • anypurposewhohave.com
  • arrivedattheirutmost.com
  • artwhichhemust.com
  • bettercoursehavelong.com
  • bystudyingtheseauthentic.com
  • cannotdobetterthan.com
  • easeandreadinessto.com
  • farastheyshall.com
  • faultifourprogress.com
  • formedinitwhich.com
  • fromthosewhohave.com
  • gratitudeinouracademy.com
  • intheirpupilsprobably.com
  • inventontheirmethod.com
  • itnearthemodel.com
  • itrequiresnoeffort.com
  • leastcontributetoyour.com
  • makesnopretensionsto.com
  • mannerofhandlingemulation.com
  • politebeendoneby.com
  • resultofnaturalpowers.com
  • studenthassucceededin.com
  • studentssooftendisappoint.com
  • tocollectsubjectsfor.com
  • whichnaturehasbeen.com

spam-stamp

Posted on

Spammer Alert: the connection between x-celerated.com and 1stinlinehosting.com

A comment from a reader prompted us to revisit an older post on a spammer with domain name 1stinlinehosting.com. It is apparent that the same spammer also operates x-celerated.com. We should have realized that sooner.

The domain name submitted by reader is mlifeprogression.com and whois information shows the mailing address:

1608 S. Ashland Ave
Chicago, Illinois 6O608

The very same address of a mailbox service used by a possibly fictional Tom Slater of x-celerated.com.

mlifeprogression

If you want to fight the spammers back, consider the followings:

We thank our readers for their contributions.

Posted on

Spammer Alert: x-celerated.com

UPDATE 4:
This spammer also related to wreese2013@hotmail.com.
The first spam reported to us is coming from ldirect.us domain
Definitely related to thegrapekiwi@gmail.com.
The phone number given as administrative contact 1.5037469135 seems to be used a lot for spam domain names.

UPDATE 3:
This spammer is also related to thegrapekiwi@gmail.com which is in the Register of Known Spam Operation (ROKSO).
Source: The Spamhaus Project

UPDATE 2:
Also related with Xcelerate

cherwo.co.uk (Registered on: 21-Mar-2013)

Domain name:
cherwo.co.uk

Registrant:
EvoMedia

Registrant type:
Non-UK Corporation

Registrant’s address:
PO Box 025250 #52990
Miami
FL
33102
United States

Registrar:
eNom, Inc. [Tag = ENOM]
URL: http://www.enom.com

UPDATE:
Based on recent findings, tslater@x-celerated.com spammer is related to admin@sevenquest.com spammer.

We’ve been getting requests to investigate a particular round of spam emails a few weeks ago. The spam seems to be using domain names with the same registration information.

Administrative Contact:
Xcelerate
Tom Slater (tslater@x-celerated.com)
+1.7733288013
Fax: +1.5555555555
1608 S. Ashland Ave
Chicago, IL 60608
US

Partial list of domains registered with email tslater@x-celerated.com through enom.com / namecheap.com:

  • abovearrange.co.uk (Registered on: 27-Dec-2012)
  • acceptgrand.com (creation date: 06-mar-2013)
  • acceptjust.com (creation date: 14-mar-2013)
  • acceptmatter.com (creation date: 14-mar-2013)
  • alongsidethrough.co.uk (registered on: 18-Mar-2013)
  • appledefine.co.uk (Registered on: 27-Dec-2012)
  • behindbelow.co.uk (registered on 18-Mar-2013)
  • buyseem.com (creation date: 21-feb-2013)
  • consideringplus.co.uk (registered on: 18-Mar-2013)
  • dowould.com (creation date: 15-mar-2013)
  • fixuntil.com (creation date: 14-mar-2013)
  • drawnegotiate.co.uk (Registered on: 27-Dec-2012)
  • eitherthose.co.uk (Registered on: 07-Mar-2013)
  • excludingdown.co.uk (registered on 18-Mar-2013)
  • explainlist.com (creation date: 18-mar-2013)
  • findgive.com (creation date: 14-mar-2013) *BLOCKED DUE TO SPAM*
  • fixuntil.com (creation date: 14-mar-2013)
  • insuredegree.net (creation date: 11-mar-2013)
  • measureease.co.uk (registered on: 16-mar-2013)
  • mindget.net (creation date: 11-dec-2012)
  • needwith.com (creation date: 13-mar-2013)
  • organiseevent.us (Domain Registration Date: Oct-10-2012)
  • readeach.com (creation date: 15-mar-2013)
  • sandez.co.uk (registered on: 21-mar-2013)
  • sellstill.com (creation date: 13-mar-2013) *BLOCKED DUE TO SPAM*
  • startenough.co.uk ( Registered on: 09-Mar-2013)
  • studybehind.co.uk (Registered on: 30-Dec-2012)
  • succeedthe.co.uk (Registered on: 03-Mar-2013)
  • talkterm.com (creation date: 15-mar-2013)
  • teachthree.com (creation date: 13-mar-2013)
  • telloffice.com (creation date: 06-mar-2013)
  • usealways.co.uk  (Registered on: 03-Mar-2013)
  • userepeat.co.uk (Registered on: 30-Dec-2012)
  • yourher.co.uk (Registered on: 07-Mar-2013)
  • returning-home.info (expired)
  • iseaadapt.com (expired)
  • actrevise.com (expired)
  • adaptpoint.com (expired)

The domain x-celerated.com was registered through DreamHost:

Registrant Contact:
x-celerated.com Private Registrant x-celerated.com@proxy.dreamhost.com
A Happy DreamHost Customer
417 Associated Rd #324
Brea, CA 92821
US
+1.7147064182

x-celerated

We informed DreamHost of our findings on x-celerated.com, and we received a reply:

Unfortunately, we provide neither hosting services, nor email services, for any of these domains. The same is true for x-celerated.com, for which we are only the
registrar.

We looked into the address of Xcelerate’s Tom Slater. It is a mailbox service by Earth Class Mail in Chicago.

A Virtual Presence In Chicago
Street and PO Box addresses available:

Street Address
1608 S Ashland Ave.
Chicago, Illinois 60608-2013
Just $14.95 per month in addition to Monthly subscription fees
Will-call pickup not available

PO Box
PO Box 803338
Chicago, IL 60680-3338
Included in your monthly subscription fee

We cross referenced the phone number 773-328-8013 and the addresses from Earth Class Mail. We found a domain using Earth Class Mail service and the phone number 773-328-8013.

Administrative Contact:
TruTech
Mike Young (admin@techtru.com)
+1.7733288013
Fax: +1.7733288013
PO Box 803338
Chicago, IL 60680
US

The domain techtru.com was registered through enom.com / namecheap.com on August 27, 2012.

We called the number 773-328-8013 and we got the automated voicemail:

You’ve been forwarded to the voicemail for *text to speech voice* “xcelerate”.

It seems that Xcelerate is a shell company for the spammer to hide behind.

Spoofing the sender’s email address can be done. In this case Xcelerate / x-celerated.com is highly likely to be involved. Consider the following patterns:

  • The Domain Names are registered through enom.com / namecheap.com
  • Each Domain Name is composed of two English dictionary words that seemed to be randomly chosen
  • Registration info of the Domain Names are the same
  • The Domain Names are recently registered / created
  • The voicemail for 773-328-8013 mentions “Xcelerate”

If you would like to fight these spammer, use services like SpamCop.net and report them. SpamCop.net provides free service; we encourage you to subscribe to their service for a nominal fee. After all, they are providing a great service.

——-

Disclaimer:
We use SpamCop.net service.