Spammer Alert: leecheryl182@gmail.com

We received another tip from readers about a particular spammer related to hefallsintothe.com. The admin contact of the domain name is leecheryl182@gmail.com. The domain name hefallsintothe.com is using ns1.insulationfromtheelements.com and ns2.insulationfromtheelements.com

The domain names are registered through namecheap.com.

whois hefallsintothe.com:

Administrative Contact:

Web Master (leecheryl182@gmail.com)
+1.7734130857
Fax:
616 Corporate Way
Suite 2
Valley College, NY 10989
US

Creation date: 19 Mar 2013 19:06:00
Expiration date: 19 Mar 2014 11:06:00

whois insulationfromtheelements.com:

Administrative Contact:
Brightness Partners
Network Admin (dns@brightnesspartners.com)
+1.8004094960
Fax: +1.5555555555
6321 W Dempster St
Suite 161
Morton Grove, IL 60053
US

Creation date: 19 Mar 2013 20:53:00
Expiration date: 19 Mar 2014 12:53:00

Whois brightnesspartners.com:

Administrative Contact:
Brightness Partners
Network Admin (dns@brightnesspartners.com)
+1.8004094960
Fax: +1.5555555555
6321 W Dempster St
Suite 161
Morton Grove, IL 60053
US

Creation date: 19 Mar 2013 20:36:00
Expiration date: 19 Mar 2014 12:36:00

Partial list of domain names related to dns@brightnesspartners.com:

  • aboveallcanacquire.com
  • allusefulhasthe.com
  • andhopetoobtain.com
  • artitselfbythe.com
  • brightnesspartners.com
  • colouringheshouldlodge.com
  • conductothersashaving.com
  • eminencebyothermeans.com
  • frivolouspursuitscapacityto.com
  • ifhewasallowed.com
  • ifoneactexcluded.com
  • ihaveseenalso.com
  • insulationfromtheelements.com
  • inthedrudgeryof.com
  • isalwaysathand.com
  • isbrilliantthanwith.com
  • ithasbeenso.com
  • itmaybetaken.com
  • managedoftenshortensthe.com
  • maneminentforhis.com
  • momentthepracticeof.com
  • ofagreatdegree.com
  • ofthealphabetif.com
  • onlybeopposedby.com
  • thatidealexcellencewhich.com

 

Partial list of domain names with leecheryl182@gmail.com as admin contacts:

  • anypurposewhohave.com
  • arrivedattheirutmost.com
  • artwhichhemust.com
  • bettercoursehavelong.com
  • bystudyingtheseauthentic.com
  • cannotdobetterthan.com
  • easeandreadinessto.com
  • farastheyshall.com
  • faultifourprogress.com
  • formedinitwhich.com
  • fromthosewhohave.com
  • gratitudeinouracademy.com
  • intheirpupilsprobably.com
  • inventontheirmethod.com
  • itnearthemodel.com
  • itrequiresnoeffort.com
  • leastcontributetoyour.com
  • makesnopretensionsto.com
  • mannerofhandlingemulation.com
  • politebeendoneby.com
  • resultofnaturalpowers.com
  • studenthassucceededin.com
  • studentssooftendisappoint.com
  • tocollectsubjectsfor.com
  • whichnaturehasbeen.com

spam-stamp

Spammer Alert: the connection between x-celerated.com and 1stinlinehosting.com

A comment from a reader prompted us to revisit an older post on a spammer with domain name 1stinlinehosting.com. It is apparent that the same spammer also operates x-celerated.com. We should have realized that sooner.

The domain name submitted by reader is mlifeprogression.com and whois information shows the mailing address:

1608 S. Ashland Ave
Chicago, Illinois 6O608

The very same address of a mailbox service used by a possibly fictional Tom Slater of x-celerated.com.

mlifeprogression

If you want to fight the spammers back, consider the followings:

We thank our readers for their contributions.

Spammer Alert: margretriverhosting.com

This is the continuation to milkcheesedns.com spammer.

properlymysteriouslyupbeat.com

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: properlymysteriouslyupbeat.com

Registrant Contact:
margretriverhosting
Domain Management ()

Fax:
PO Box 66738
Saint Louis, MO 63166-6738
US

Administrative Contact:
margretriverhosting
Domain Management (domains@margretriverhosting.com)
+1.3147146057
Fax: +1.3147146057
PO Box 66738
Saint Louis, MO 63166-6738
US

Technical Contact:
margretriverhosting
Domain Management (domains@margretriverhosting.com)
+1.3147146057
Fax: +1.3147146057
PO Box 66738
Saint Louis, MO 63166-6738
US

Status: Locked

Name Servers:
ns1.safetyorangeblazeorangemule.com
ns2.safetyorangeblazeorangemule.com

Creation date: 30 May 2012 07:20:00
Expiration date: 29 May 2013 23:20:00

margretriverhosting.com

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Registration Service Provided By: PLANET ONLINE
Contact: +1.8887654932
Website: http://www.planetonline.net

Domain Name: MARGRETRIVERHOSTING.COM

Registrant:
Margret River Hosting
Margret River Hosting        (webmaster@margretriverhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366

Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012

Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.net

Administrative Contact:
Margret River Hosting
Margret River Hosting        (webmaster@margretriverhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366

Technical Contact:
Margret River Hosting
Margret River Hosting        (webmaster@margretriverhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366

Billing Contact:
Margret River Hosting
Margret River Hosting        (webmaster@margretriverhosting.com)
PO Box 105603
#88657
Atlanta
Georgia,30348
US
Tel. +404.6719366

From contact page, which most likely useless:

(314) 714-6057
PO Box 66738 Saint Louis, MO 63166-6738

The information provided in the contact page can be used to chart the spammer’s pattern.

Note the Name server: safetyorangeblazeorangemule.com

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: safetyorangeblazeorangemule.com

Registrant Contact:

Technical Support ()

Fax:
PO Box 29502
Las Vegas, NV 89126
US

Administrative Contact:

Technical Support (domains@newbrandhosting.net)
+1.7026660363
Fax: +1.5555555555
PO Box 29502
Las Vegas, NV 89126
US

Technical Contact:

Technical Support (domains@newbrandhosting.net)
+1.7026660363
Fax: +1.5555555555
PO Box 29502
Las Vegas, NV 89126
US

Status: Locked

Name Servers:
dns1.registrar-servers.com
dns2.registrar-servers.com
dns3.registrar-servers.com
dns4.registrar-servers.com
dns5.registrar-servers.com

The problem is that domain name registrars such as eNom and NameCheap would not take pro-active stance in fighting against these type of spammer. It is pretty obvious that the same individuals are responsible for these domain names. They keep registering new domain names and the domain name registrars did not do a thing to stop them from doing so.

Diagram of a Spammer

Diagram of a spammer.

Fake hosting company:

  • strongcloudhosting.com
  • 3rdcloudhosting.com
  • coomahosting.com
  • newbrandhosting.net
  • 5thavehost.com
  • blackshosting.com
  • 1stilinehosting.com
  • railsonhosting.com

Spammer’s Name Servers:

  • mobilegroble.com
  • milkcheesedns.com
  • grandfatherdns.com
  • professdns.com
  • safetyorangeblazeorangemule.com

Samples of spammer’s domain names:

  • nimbleloaf.com
  • hallcow.com
  • questionableoverthrow.com
  • cameraspadetoad.net
  • answerloveonline.com
  • spadesunmeasure.org (not listed in the diagram)
  • boundarychannelbeam.net (not listed in the diagram)

Click on the image below to view the diagram.

 

 

Spammer Alert: strongcloudhosting.com

Another domain name related to milkcheesedns.com and grandfatherdns.com just popped up.

Whois information for hallcow.com:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: hallcow.com

Registrant Contact:
Strong Cloud Hosting
System Administrator ()

Fax:
PO Box 660675
Dallas, TX 75266-0675
US

Administrative Contact:
Strong Cloud Hosting
System Administrator (domains@strongcloudhosting.com)
+1.7026660363
Fax: +1.7026660363
PO Box 660675
Dallas, TX 75266-0675
US

Technical Contact:
Strong Cloud Hosting
System Administrator (domains@strongcloudhosting.com)
+1.7026660363
Fax: +1.7026660363
PO Box 660675
Dallas, TX 75266-0675
US

Status: Active

Name Servers:
ns1.grandfatherdns.com
ns2.grandfatherdns.com

Creation date: 28 Feb 2012 20:48:00
Expiration date: 28 Feb 2013 12:48:00

Note the System Administrator email: domains@strongcloudhosting.com

Whois information on strongcloudhosting.com:

Registration Service Provided By: PLANET ONLINE
Contact: +1.8887654932
Website: http://www.planetonline.net

Domain Name: STRONGCLOUDHOSTING.COM

Registrant:
Strong Cloud Hosting
Domain Admin        (contact@strongcloudhosting.com)
PO Box 10188
#88657
Newark
New Jersey,71014
US
Tel. +973.7184005

Creation Date: 20-Aug-2010
Expiration Date: 20-Aug-2012

Domain servers in listed order:
ns1.planetonline.net
ns2.planetonline.net
ns3.planetonline.net
ns4.planetonline.net

Administrative Contact:
Strong Cloud Hosting
Domain Admin        (contact@strongcloudhosting.com)
PO Box 10188
#88657
Newark
New Jersey,71014
US
Tel. +973.7184005

Technical Contact:
Strong Cloud Hosting
Domain Admin        (contact@strongcloudhosting.com)
PO Box 10188
#88657
Newark
New Jersey,71014
US
Tel. +973.7184005

Billing Contact:
Strong Cloud Hosting
Domain Admin        (contact@strongcloudhosting.com)
PO Box 10188
#88657
Newark
New Jersey,71014
US
Tel. +973.7184005

According to contact information on strongcloudhosting.com:

(702) 666-0363

admin@strongcloudhosting.com
PO Box 29502 Las Vegas, NV 89126-9502

The same numbers from newbrandhosting.net and questionableoverthrow.com.

Text Spammer: (631) 398-2764

I just received another Text-Spam on my mobile phone. I have neither heard of them nor dealt with them.

The text spam is coming from (631) 398-2764.

The Spam says:

You’ve been chosen for a FREE NFL Jersey! Click here to choose your team jersey: www.myfreeoffersite.com/jerseyfree

myfreeoffersite.com is registered through GoDaddy.com. You can file complaint to GoDaddy here.

myfreeoffersite.com redirects through multiple addresses and landed on http://walmart.mygiftcarddeal.com/

mygiftcarddeal.com is registered through namecheap.com and protected through WhoisGuard.

According to FCC, this type of “marketing” does violate CAN-SPAM Act.

You should file form 1088G to report this violation.

File a complaint on FCC site http://esupport.fcc.gov/complaints.htm

You can also call 1-888-CALL-FCC (1-888-2255-322) voice; 1-888-TELL-FCC (1-888-8355-322) TTY.

Spammer Alert: superdooperdeals.com

Readers sent us a few info about new round of spam from superdooperdeals.com. Do not give them your email addresses with hope you’d be unsubscribed from their spam bombardments. superdooperdeals.com site includes some fake testimonials that don’t even make any sense.

Whois info on superdooperdeals.com:

Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.com

Domain name: Superdooperdeals.com

Registrant Contact:
SuperDooperDeals
Liam Carroll ()

Fax:
15500 SW Jay Street #38743
Beaverton, OR 97006
US

Administrative Contact:
SuperDooperDeals
Liam Carroll (liam@superdooperdeals.com)
+1.5033038404
Fax: +1.5555555555
15500 SW Jay Street #38743
Beaverton, OR 97006
US

Technical Contact:
SuperDooperDeals
Liam Carroll (liam@superdooperdeals.com)
+1.5033038404
Fax: +1.5555555555
15500 SW Jay Street #38743
Beaverton, OR 97006
US

Status: Locked

Name Servers:
ns1.superdooperdeals.com
ns2.superdooperdeals.com

Creation date: 23 Mar 2011 03:15:00
Expiration date: 22 Mar 2012 22:15:00

Other Domain Registered by superdooperdeals.com:

  • bingolikey.com
  • carz-online.com
  • luxuryhosting.net
  • yourkeywords.net
  • we-mean-business.org
  • playwithusdaily.com

We will add more info whenever we get them.

eNom and namecheap are the DNS Registrar that superdooperdeal.com uses, but they are willing to resolve the issue.

This is a sample of namecheap.com reply to the complaints:

Hello,

Thank you for your email regarding researchsneeze.info domain name. The domain that you reported is registered with NameCheap but hosted with another company. Please contact the hosting company for help with investigating the incident of spam. You will need to forward entire email with full headers to them. Here are contact details of the company that owns IP address assigned to the domain:

http://who.is/whois-ip/108.60.156.10/
——————–
Regards,
Marta K.
Customer Support

http://whois.arin.net/rest/nets;q=108.60.156.10?showDetails=true&showARIN=false

Other good and responsible DNS Registrars would take the complaints seriously and actually do something to disable the offending domains.

File complaints to FTC: https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en for the violation of CAN-SPAM Act.