Tag: Spam

Posted on

Scam and Spam Alert: mobile-testers.com

New round of SMS spam that is also a scam from mobile-testers.com. The unsolicited SMS is coming from +1 (646) 709-7845 and the message is saying:

Apple is looking for iPhone 5 testers! The first 1000 users that go to http://mobile-testers.com and enter code 0214 will get to test & keep a new iPhone 5

Apple IS NOT looking for iPhone 5 testers. Apple IS NOT calling the next iPhone by “iPhone 5” name yet. This is clearly a SCAM.

The domain mobile-testers.com is registered through eNom, Inc. and protected by WhoisGuard (see WhoIs information at the bottom of this post).

If you’re getting this SMS spam, you should:

  • Report mobile-testers.com as spam to WhoisGuard through the Report Spam page.
  • File complaints on FCC site.
    File a complaint on FCC site http://esupport.fcc.gov/complaints.htm
    You should file form 1088G to report this violation.
    You can also call 1-888-CALL-FCC (1-888-2255-322) voice; 1-888-TELL-FCC (1-888-8355-322) TTY.
    According to FCC, this type of “marketing” does violate CAN-SPAM Act.

At the time of this posting mobile-testers.com displays:

Service Unavailable
Server currently undergoing maintenance. Webmaster: please contact support.

UPDATE:
From Google Cache

Based on the WhoIs information, mobile-testers.com is using HostGator DNS. The IP address is 174.132.151.98, a SoftLayer/ThePlanet.com IP which is assigne to HostGator; a reseller of the service.

 

Whois information on mobile-testers.com:

Lions-share:~ suspicious-bagel$ whois mobile-testers.com

Whois Server Version 2.0

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: MOBILE-TESTERS.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1343.HOSTGATOR.COM
Name Server: NS1344.HOSTGATOR.COM
Status: clientTransferProhibited
Updated Date: 05-feb-2012
Creation Date: 01-feb-2012
Expiration Date: 01-feb-2013

>>> Last update of whois database: Mon, 06 Feb 2012 20:39:31 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar’s sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant’s agreement with the sponsoring
registrar.  Users may consult the sponsoring registrar’s Whois database to
view the registrar’s reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services’ (“VeriSign”) Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability.  VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
=-=-=-=

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: mobile-testers.com

Registrant Contact:
WhoisGuard
WhoisGuard Protected ()

Fax:
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US

Administrative Contact:
WhoisGuard
WhoisGuard Protected (ddeb681058d445c29c606b0a45f3dab0.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US

Technical Contact:
WhoisGuard
WhoisGuard Protected (ddeb681058d445c29c606b0a45f3dab0.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
US

Status: Locked

Name Servers:
ns1343.hostgator.com
ns1344.hostgator.com

Creation date: 01 Feb 2012 15:15:00
Expiration date: 01 Feb 2013 07:15:00

——-

Also filed under Text-Spammer

Posted on

More info on LinkedIn spam.

We received more informations on the spam purporting from LinkedIn. It is obvious the emails do not come from LinkedIn. Email sender can easily be spoofed.

From the email headers:

Received: from static.3.100.40.188.clients.your-server.de ([188.40.100.3])

Received: from titan361.startdedicated.com ([62.75.229.17])

Received: from mx.silentpro.de ([212.12.114.235])

Received: from kultserver.de ([46.163.74.103])

Received: from ks35158.kimsufi.com ([213.251.184.181])

The spam even dares to say:

Stop spamming me!

If you see any mails purporting from LinkedIn, do not click on any of the links. As a matter of fact, make it a habit not to click on any links in emails.

Posted on

Spammer Alert: sallara.com

A spammer from sallara.com responsible for wave of spam emails using numbers of domain names.

sallara.com is registered through enom.com. Don’t even bother complaining to enom.com through their Abuse Policy page, because it always return an error page. Many domains used by spammers are registered through enom.com.

Domain name: sallara.com

Registrant Contact:
Sallara
Philip Stensor ()

Fax:
POBox: 15500 SW Jay Street #38743
Beaverton, OR 97006
US

Administrative Contact:
Sallara
Philip Stensor (admin@sallara.com)
+1.5033038404
Fax: +1.5555555555
POBox: 15500 SW Jay Street #38743
Beaverton, OR 97006
US

Technical Contact:
Sallara
Philip Stensor (admin@sallara.com)
+1.5033038404
Fax: +1.5555555555
POBox: 15500 SW Jay Street #38743
Beaverton, OR 97006
US

Status: Locked

Name Servers:
ns1.sallara.com
ns2.sallara.com

Creation date: 30 Jun 2011 03:41:00
Expiration date: 29 Jun 2012 22:41:00

Recent domains registered by Phillip Stensor of Sallara:

  • indongy.net
  • gospodg.info
  • reavel.info
  • driftsm.com
  • cativeta.com
  • dauphon.net
  • arellari.net
  • parlined.net

The name Phillip Stensor is most likely a pseudonym.

File complaints to FTC: https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en for the violation of CAN-SPAM Act.

Posted on

Spammer Alert: superdooperdeals.com

Readers sent us a few info about new round of spam from superdooperdeals.com. Do not give them your email addresses with hope you’d be unsubscribed from their spam bombardments. superdooperdeals.com site includes some fake testimonials that don’t even make any sense.

Whois info on superdooperdeals.com:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: Superdooperdeals.com

Registrant Contact:
SuperDooperDeals
Liam Carroll ()

Fax:
15500 SW Jay Street #38743
Beaverton, OR 97006
US

Administrative Contact:
SuperDooperDeals
Liam Carroll (liam@superdooperdeals.com)
+1.5033038404
Fax: +1.5555555555
15500 SW Jay Street #38743
Beaverton, OR 97006
US

Technical Contact:
SuperDooperDeals
Liam Carroll (liam@superdooperdeals.com)
+1.5033038404
Fax: +1.5555555555
15500 SW Jay Street #38743
Beaverton, OR 97006
US

Status: Locked

Name Servers:
ns1.superdooperdeals.com
ns2.superdooperdeals.com

Creation date: 23 Mar 2011 03:15:00
Expiration date: 22 Mar 2012 22:15:00

Other Domain Registered by superdooperdeals.com:

  • bingolikey.com
  • carz-online.com
  • luxuryhosting.net
  • yourkeywords.net
  • we-mean-business.org
  • playwithusdaily.com

We will add more info whenever we get them.

eNom and namecheap are the DNS Registrar that superdooperdeal.com uses, but they are willing to resolve the issue.

This is a sample of namecheap.com reply to the complaints:

Hello,

Thank you for your email regarding researchsneeze.info domain name. The domain that you reported is registered with NameCheap but hosted with another company. Please contact the hosting company for help with investigating the incident of spam. You will need to forward entire email with full headers to them. Here are contact details of the company that owns IP address assigned to the domain:

http://who.is/whois-ip/108.60.156.10/
——————–
Regards,
Marta K.
Customer Support

http://whois.arin.net/rest/nets;q=108.60.156.10?showDetails=true&showARIN=false

Other good and responsible DNS Registrars would take the complaints seriously and actually do something to disable the offending domains.

File complaints to FTC: https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en for the violation of CAN-SPAM Act.

Posted on

Scam Alert: Fake Email Pretending To Be From Apple.

UPDATE:
The DNS registration information was changed on 2011-05-19, also noted by a reader.

Domain Name: APPLESDOWNLOAD.COM
Registrar: ELB GROUP, INC.
Whois Server: whois.retailstudio.com
Referral URL: http://www.retailstudio.com
Name Server: NS1.QUCKBO.RU
Name Server: NS2.QUCKBO.RU
Name Server: NS3.QUCKBO.RU
Name Server: NS4.QUCKBO.RU
Status: clientTransferProhibited
Updated Date: 19-may-2011
Creation Date: 14-mar-2011
Expiration Date: 14-mar-2012

>>> Last update of whois database: Thu, 19 May 2011 20:15:58 UTC <<<

Whois info as of 2011-05-19

Domain Name: APPLESDOWNLOAD.COM

Registrant:
Vanna Berglund
Vanna Berglund        (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Creation Date: 14-Mar-2011
Expiration Date: 14-Mar-2012

Domain servers in listed order:
ns1.quckbo.ru
ns2.quckbo.ru
ns3.quckbo.ru
ns4.quckbo.ru

Administrative Contact:
Vanna Berglund
Vanna Berglund        (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Technical Contact:
Vanna Berglund
Vanna Berglund        (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Billing Contact:
Vanna Berglund
Vanna Berglund        (stalk@mailae.com)
Danska Vagen 68-70
Gothenburg
Västra Gotalandslän,SE-41659
SE
Tel. +46.317078999

Status:LOCKED

——-

A reader sent in a screenshot of an email pretending to be from Apple.

All clicks lead to: http://tariacuri.crefal.edu.mx/dweb/images/smilies/index.php which redirects to applesdownload.com.
It is likely that tariacuri.crefal.edu.mx site has been compromised.

applesdownload.com whois info:

Domain Name: APPLESDOWNLOAD.COM

Registrant:
Lyubov Bushmakina
Lyubov Bushmakina        ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822

Creation Date: 14-Mar-2011
Expiration Date: 14-Mar-2012

Domain servers in listed order:
ns1.thejobrano.com
ns2.thejobrano.com

Administrative Contact:
Lyubov Bushmakina
Lyubov Bushmakina        ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822

Technical Contact:
Lyubov Bushmakina
Lyubov Bushmakina        ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822

Billing Contact:
Lyubov Bushmakina
Lyubov Bushmakina        ()
ul.Yuriya Gagarina d.38 k.2 kv.99
Sankt-Peterburg
Sankt-Peterburg,196105
RU
Tel. +7.8125540822
Fax. +7.8125540822

Status:LOCKED

The site is currently still up.

This is not the first time such email pretending to come from Apple.

Posted on

Spammer Alert: Updates on Agile Media.

Readers sent in a few info regarding Agile Media who has been sending out email spam. Agile Media has registered numerous domain names through moniker.com. If you are victims of Agile Media CAN-SPAM Act violation, please:

From namecheap.com:

Please note that the domain agilemediagroup.net was suspended due to Spamhaus report and it is currently in clientHold status, which prevents any host records from resolving. Email agilereg@agilemediagroup.net cannot be working because of the suspension.

That is one good news, but the spam is still coming. Even though agilemediagroup.net is currently suspended, they have already registered numerous domain names prior to the suspension.

Numerous readers mentioned that they are still getting email spam from linda@eternityme.com.

Domain Name: ETERNITYME.COM
Registrar: MONIKER

Registrant [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US

Administrative Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Billing Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Technical Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Domain servers in listed order:

NS1.DNSMEE.COM         67.137.88.4
NS2.DNSMEE.COM         67.137.88.5

Record created on:        2011-04-01 11:31:22.0
Database last updated on: 2011-04-01 11:35:16.47
Domain Expires on:        2012-04-01 11:31:22.0

From an email header submitted by readers:

Received: from eternityme.com ([204.45.211.122])

Agile Media is still operating pretzelxo.net ([67.137.88.100])

Domain Name: FANGEDME.COM
Registrar: MONIKER

Registrant [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US

Administrative Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Billing Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Technical Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Domain servers in listed order:

NS1.DNSMEE.COM         67.137.88.4
NS2.DNSMEE.COM         67.137.88.5

Record created on:        2011-03-31 11:53:13.0
Database last updated on: 2011-04-01 11:35:17.86
Domain Expires on:        2012-03-31 11:53:14.0

Agile Media owns and operates DNSMEE.COM ([208.73.210.48])

Domain Name: DNSMEE.COM
Registrar: MONIKER

Registrant [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US

Administrative Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Billing Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Technical Contact [3164720]:
Agile Media agilereg@agilemediagroup.net
427 N Tatnall St #96335
Wilmington
DE
19801
US
Phone: +1.3024828110

Domain servers in listed order:

NS1.MONIKERDNS.NET         208.73.210.41
NS2.MONIKERDNS.NET         208.73.211.42
NS3.MONIKERDNS.NET         208.73.210.43
NS4.MONIKERDNS.NET         208.73.211.44

Record created on:        2011-04-01 11:20:10.0
Database last updated on: 2011-04-01 11:26:11.997
Domain Expires on:        2012-04-01 11:20:11.0

If you have any informations related to Agile Media, please let us know.