Note:
\nWe have opted not to add http links of the spammer domain names in this post. You can alway copy and paste the address to check them out.<\/p>\n
Follow up to the post “Spammer Alert: milkcheesedns.com<\/a>”<\/p>\n Offending domain names registered by 5thavehost.com:<\/p>\n All four domain names above are using the following name servers:<\/p>\n ns1.mobilegroble.com mobilegroble.com is registered by coomahosting.com.<\/p>\n Registration Service Provided By: Namecheap.com Domain name: mobilegroble.com<\/p>\n Registrant Contact: Fax: Administrative Contact: Technical Contact: Status: Locked<\/p>\n Name Servers: Creation date: 13 Apr 2012 00:25:00 Offending domain names registered\u00a0by coomahosting.com:<\/p>\n The four domain name registered by coomahosting.com are also using mobilegroble.com name servers.<\/p>\n Then it gets more complicated. Spam emails that came from the domain names above are using different mail server as shown in the header. For example:<\/p>\n Received: from cowsbucketcast.org ([84.201.8.123])<\/p><\/blockquote>\n There are tons of different domain names both used by 5thavehost.com and coomahosting.com, and they are registered by 1stinlinehosting.com.<\/p>\n milkcheesedns.com has something to do with this spammer, for example:<\/p>\n Registration Service Provided By: Namecheap.com Domain name: yardwristgoose.net<\/p>\n Registrant Contact: Fax: Administrative Contact: Technical Contact: Status: Locked<\/p>\n Name Servers: Creation date: 01 Mar 2012 06:14:00 Note the name servers:<\/p>\n Name Servers: whois milkcheesedns.com:<\/p>\n Registration Service Provided By: Namecheap.com Domain name: milkcheesedns.com<\/p>\n Registrant Contact: Fax: Administrative Contact: Technical Contact: Status: Locked<\/p>\n Name Servers: Creation date: 28 Feb 2012 00:07:00 It goes back to 5thavehost.com.<\/p>\n UPDATE:<\/strong><\/p>\n 5thavehost.com also registers:<\/p>\n The domain names in this group are using professdns.com as name server.<\/p>\n Name Server: NS1.PROFESSDNS.COM \/UPDATE<\/strong><\/p>\n It is clear that 5thavehost.com, 1stinlinehosting.com and coomahosting.com are run by the same individual or individuals.<\/p>\n Contact phone numbers based on whois information on each domain:<\/p>\n Contact phone number from the respective sites:<\/p>\n Contact phone number for 5thavehost.com from “whois nimbleloaf.com” is 323-527-0448, which is registered to Robert McGee in Los Angeles. The first part of the message says:<\/p>\n “Thank you for calling 3rd cloud hosting.”<\/p><\/blockquote>\n It is the same voice from the 1stinlinehosting.com and coomahosting.com!<\/p>\n There is 3rdcloudhosting.com, and whois provide the following information:<\/p>\n Registration Service Provided By: PLANET ONLINE Domain Name: 3RDCLOUDHOSTING.COM<\/p>\n Registrant: Creation Date: 20-Aug-2010 Domain servers in listed order: That number 214-296-9397 is the same number listed in 5thavehost.com whois information.<\/p>\n It is clear that all four domain names are related and likely run by the same individual. Who is this Robert McGee person, the name registered to 323-527-0448?<\/p>\n If you’re receiving spam email from the domains listed in this post or somehow related to 1stinlinehosting.com, coomahosting.com and 5thavehost.com; please let us know. Don’t forget to report the spam to:<\/p>\n\n
\nns2.mobilegroble.com<\/p><\/blockquote>\n
\nContact: support@namecheap.com
\nVisit: http:\/\/namecheap.com<\/p>\n
\nCoomaHosting
\nDomains Support ()<\/p>\n
\nPO Box 80333
\nChicago, IL 60680-3338
\nUS<\/p>\n
\nCoomaHosting
\nDomains Support (domains@coomahosting.com)
\n+1.8475050848
\nFax: +1.5555555555
\nPO Box 80333
\nChicago, IL 60680-3338
\nUS<\/p>\n
\nCoomaHosting
\nDomains Support (domains@coomahosting.com)
\n+1.8475050848
\nFax: +1.5555555555
\nPO Box 80333
\nChicago, IL 60680-3338
\nUS<\/p>\n
\ndns1.registrar-servers.com
\ndns2.registrar-servers.com
\ndns3.registrar-servers.com
\ndns4.registrar-servers.com
\ndns5.registrar-servers.com<\/p>\n
\nExpiration date: 12 Apr 2013 16:25:00<\/p><\/blockquote>\n\n
\n
\nContact: support@namecheap.com
\nVisit: http:\/\/namecheap.com<\/p>\n
\n1stinlinehost
\nInline First ()<\/p>\n
\n1608 S. Ashland Ave.
\nChicago, IL 60608
\nUS<\/p>\n
\n1stinlinehost
\nInline First (domains@1stinlinehosting.com)
\n+1.3128782798
\nFax: +1.5555555555
\n1608 S. Ashland Ave.
\nChicago, IL 60608
\nUS<\/p>\n
\n1stinlinehost
\nInline First (domains@1stinlinehosting.com)
\n+1.3128782798
\nFax: +1.5555555555
\n1608 S. Ashland Ave.
\nChicago, IL 60608
\nUS<\/p>\n
\nns1.milkcheesedns.com
\nns2.milkcheesedns.com<\/p>\n
\nExpiration date: 28 Feb 2013 22:14:00<\/p><\/blockquote>\n
\nns1.milkcheesedns.com
\nns2.milkcheesedns.com<\/p><\/blockquote>\n
\nContact: support@namecheap.com
\nVisit: http:\/\/namecheap.com<\/p>\n
\n5th AVE Hosting
\nTrev Itamar ()<\/p>\n
\nPO Box 96503
\nWashington, DC 20090
\nUS<\/p>\n
\n5th AVE Hosting
\nTrev Itamar (domains@5thavehost.com)
\n+1.3235270448
\nFax: +1.3235270448
\nPO Box 96503
\nWashington, DC 20090
\nUS<\/p>\n
\n5th AVE Hosting
\nTrev Itamar (domains@5thavehost.com)
\n+1.3235270448
\nFax: +1.3235270448
\nPO Box 96503
\nWashington, DC 20090
\nUS<\/p>\n
\ndns1.registrar-servers.com
\ndns2.registrar-servers.com
\ndns3.registrar-servers.com
\ndns4.registrar-servers.com
\ndns5.registrar-servers.com<\/p>\n
\nExpiration date: 27 Feb 2013 16:07:00<\/p><\/blockquote>\n\n
\nName Server: NS2.PROFESSDNS.COM<\/p><\/blockquote>\n\n
\nThe same phone number is also used to register other domain names with email fifithave@gmail.com<\/a>. All sampled domain names registered to this email address already expired or terminated.<\/li>\n<\/ul>\n\n
\nContact: +1.8887654932
\nWebsite: http:\/\/www.planetonline.net<\/p>\n
\n3rdcloudhosting
\nDomain Admin\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 (admin@3rdcloudhosting.com)
\nPO Box 3109
\n#88657
\nHouston
\nTexas,77253
\nUS
\nTel. +214.2969397<\/p>\n
\nExpiration Date: 20-Aug-2012<\/p>\n
\nns1.planetonline.net
\nns2.planetonline.net
\nns3.planetonline.net
\nns4.planetonline.net<\/p><\/blockquote>\n\n