Hanco

Right! So how the hell are they able to do it 20 years later?

I get an email every week for this gummies junk. The domain of the spamvertized URL is always created the same day or very recently. the Nameserver in the domain registration WhoIs is usually also created the same day or very recently. The registrar is always Namecheap (usually for the nameserver and the spam URL) The emails always say they are from someone I know (the same name every time) but I don’t wanna block that name in case they do email me. I have to visit the link in a browser to find the target site. And the spam URL must be hosted somewhere? Why doesn’t SpamCop find it? This is the same in ALL the examples below. December 20 2022 Registered TODAY for spamming and fraudulent misrepresentation of email source/target: tjqpm.abmfamsh.com Target site for the fraudulent “friend/relative” emails: https://theproducttoday.com/us/ksic/acv-citad 23.19.58.21 arin@nobistech.net, admin@nobistech.net, abuse@nobistech.net Domain name: abmfamsh.com Registry Domain ID: 2745957851_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-12-20T15:07:37.00Z And the name server eieesedns.com registered yesterday: Domain name: eieesedns.com Registry Domain ID: 2745701280_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-12-19T08:44:57.00Z December 15 2022 Domain Name: TUIMYDU.COM Registry Domain ID: 2744905971_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 2022-12-15T15:30:17Z Creation Date: 2022-12-15T15:30:11Z AND THE DNS registration in that Whois lookup created 3 days prior: Domain Name: HHAWLSDNS.COM Registry Domain ID: 2744216125_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 2022-12-12T12:42:40Z Creation Date: 2022-12-12T12:36:19Z December 12 2022 agxiu.ktwrer.com Domain Name: KTWRER.COM Registry Domain ID: 2744230606_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 2022-12-12T15:24:15Z Creation Date: 2022-12-12T15:24:11Z And Nameserver registration: Domain name: aooiaonhedns.com Registry Domain ID: 2744216142_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-12-12T12:36:27.00Z And GWHOIS says… (blocking the resolving of the host IP): Failed to resolve the following nameservers: ns1.aooiaonhedns.com, ns2.aooiaonhedns.com December 06 2022 lgfdc.niadag.com Domain Name: NIADAG.COM Registry Domain ID: 2742888200_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 2022-12-06T14:07:09Z Creation Date: 2022-12-06T14:07:04Z December 03 December 2022 Registered TODAY for spamming and fraudulent misrepresentation of email source/target: Domain name: edmawtr.com Registry Domain ID: 2742345059_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.namecheap.com Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-12-03T15:24:47.00Z Received 23 November 2022 Registered today for spamming and fraudulent misrepresentation of who the email is from: wyky.oedeskr.com hosted at 179.60.149.119 info@vds4you.ru Domain name: oedeskr.com Registry Domain ID: 2740325849_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-11-23T15:09:58.00Z Received 11 November 2022 mdqs.ntlilud.com created same day, to redirect spam traffic to thebesttipsway.com hosted at 205.185.120.177 : admin@frantech.ca Domain name: thebesttipsway.com Registry Domain ID: 2727269186_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-09-23T14:16:37.00Z Domain name: ntlilud.com Registry Domain ID: 2737885207_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-11-11T14:58:34.00Z Received 7 November 2022 oklb.ryoiit.com created same day, to target spam traffic to trywaytipstoday.com hosted at 209.141.53.16 fdias@frantech.ca Domain name: trywaytipstoday.com Registry Domain ID: 2727269193_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-09-23T14:16:42.00Z Domain name: ryoiit.com Registry Domain ID: 2737018605_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-11-07T14:44:21.00Z Received 1 November 2022 icde.crikele.com - On 12 Nov this site is not found in browser Domain name: crikele.com Registry Domain ID: 2735775930_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-11-01T14:39:24.00Z Received 27 October 2022: crce.hraogani.com - on 12 Nov this redirects to thebesttipsway.com hosted at 205.185.120.177 : admin@frantech.ca Domain name: hraogani.com Registry Domain ID: 2734765324_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-10-27T14:17:53.00Z Received 22 October 2022: mkxj.eeansu.com Domain name: eeansu.com Registry Domain ID: 2733706599_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-10-22T14:25:13.00Z Received 18 October 2022: ttdgn.sgckit.com Domain name: sgckit.com Registry Domain ID: 2732810877_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-10-18T14:19:36.00Z Received 13 October 2022: hzgk.ltdoeiv.com Domain Name: LTDOEIV.COM Registry Domain ID: 2731777137_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 2022-10-13T14:34:38Z Creation Date: 2022-10-13T14:34:32Z Received 08 October 2022: snpb.xuoatkaa.com Domain name: xuoatkaa.com Registry Domain ID: 2730658186_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-10-08T13:58:37.00Z Received 04 October 2022: ibel.aacnxoap.com Domain name: aacnxoap.com Registry Domain ID: 2729728762_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-10-04T13:57:15.00Z Received 29 September 2022: zzim.ylrrayo.com Domain name: ylrrayo.com Registry Domain ID: 2728623480_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-09-29T13:57:53.00Z Received 24 September 2022: aotv.ecncsee.com Domain name: ecncsee.com Registry Domain ID: 2727479420_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Creation Date: 2022-09-24T12:57:39.00Z Received 20 September 2022: dvjd.eeopss.com Domain Name: EEOPSS.COM Registry Domain ID: 2726582547_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Creation Date: 2022-09-20T14:21:59Z Received 14 September 2022: mkvl.eolhshev.com Domain name: eolhshev.com Registry Domain ID: 2725237818_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Creation Date: 2022-09-14T13:36:27.00Z Received 21 May 2020: uxlt.aaansg.info Registry Domain ID: D503300001185489685-LRMS Registrar URL: http://www.namecheap.com Creation Date: 2020-05-21T14:12:30.00Z Received 19 May 2020: u2v.cetdnwr.info Domain name: cetdnwr.info Registry Domain ID: D503300001185467624-LRMS Registrar WHOIS Server: whois.namecheap.com Creation Date: 2020-05-19T15:59:25.00Z Received 11 May 2020 l5rp.solnxat.info Domain name: solnxat.info Registry Domain ID: D503300001185368476-LRMS Registrar URL: http://www.namecheap.com Creation Date: 2020-05-11T14:30:06.00Z Received 29 April 2020 cq2r.aofypgs.info Domain name: aofypgs.info Registry Domain ID: D503300001183967263-LRMS Registrar URL: http://www.namecheap.com Creation Date: 2020-04-29T15:00:49.00Z And more before April 2020

Yeah they’ve given up. It’s a cost to them that they don’t want to spend on. They don’t lose out, so why bother I guess. They have to compete against others who don’t care, I guess. Still, the spammer harassing me and others must be fed up for some reason. This one came through, and there doesn’t seem to be any point in sending this, other than to express frustration. I imagine it was sent to the full list of targets he spams. I never asked for the spam. Not very nice! “Please find a big wooden stick and shove it up your ***. I really hope you die soon, ****ing piece of ****!” Edit: subject of the email? “Go **** your self”

Ignore my last post. That report was sent but this is not… this was a spam about auto insurance sent by: greenconcretecjsc.onmicrosoft.com WTH is greenconcretecjsc?

I just reported a Phishing email and a copy was sent to hotmail.com (instead of dev null) report_spam@hotmail.com So that’s a change, right? We were seeing it all go nowhere?

Reset my OHC and restarted phone, cleared cache etc. Looks like my IP address is different OR the blacklisted status corrected. It was these two that had the red checkmark against them. So weird! dnsbl.sorbs.net dul.dnsbl.sorbs.net

Now then… here’s the latest. I noticed my spam keeps containing “warriorforum.com” references (not in the email body but in the headers) So I went to warriorforum.com and it looked like a genuine effort to help affiliates do email marketing well. Since the spam I’m getting all seems to have that reference I thought maybe I can reach out there as there must be an affiliate who thinks what they do is ok and I’ll just get myself off the list and tell them why I don’t like it. All my spam seems to have warriorforum in it lately, so a new lead on how to stop it all (except the “friend or relative” fraud emails) I joined and posted the details. I did use an Apple Hide Email ID at this point to get the connection going in case it is not genuine and I just make things worse. So the forum mod sends me email “post removed” because I posted links and asked the sender to PM me. So I removed (broke) the links and asked that the sender reply in the forum. Mod sends message “post removed - don’t repost a thread already removed” and I thought, benefit of the doubt, maybe he did not see the changes. I reposted with highlighting that. Reply came swift, not permitted again and I explained I was not “complaining” but want to get off the list. Reply came that I would be banned if I continued. I did reply saying I was trying to be constructive. Now I am seeing my IP address is flagged in sorbs.net and others. I really don’t know what to do here. I need to get that flagging resolved I guess, so I’ll start researching that. Meantime, in March 2019 Amazon sorted out spam that started coming from FoxSearchlight.com. It stopped. An hour ago I received Searchlight.com spam (suggesting I go to a place nowhere near where I live (have not lived there for 7 years so what’s that about?) And yeah, all the emails originate at Microsoft that is not accepting reports.

I suspect foul play. Rather than an internal issue or planned update.

Oh I do that a lot

Yeah, Namecheap has been getting these regularly for weeks, with a growing length of history!

Thank you for that!

Yeah I always report to abuse@gmail.com for the reply to and the requests reply in body (or has call to action button/link to generate reply to gmail address) And report to Imgur, Zupimages, ConstantContact, or other abused provider… I find they are very willing to delete and stop abuse of their services. And all the shortening services including the organized spammer’s in house processes. Not off topic for me. Integral to the fight against these IDIOTS. They can work out who is doing it and remove me. Then they can carry on (unfortunately)

Looks like Spamcop.net is down for everyone and not just me? wanted to report the latest in a regular spamming of Louis Vuitton sites on China domains!

New today http:// www. mdqs. ntlilud. com/ Spamcop says it’s a fake, not found, no reporting address. Browse to it though… it answers, it redirects like all the others did/do. What are they doing? Why can’t SpamCop see them?

Tonight I had Microsoft spam, with a link to a Google document for the first redirect. Microsoft won’t get a report Google won’t get a report from SpamCop Google did get a report from me and replied, “If you would like to report suspected spam, Malware, Phishing, or other abuse on Google Cloud, please fill out the form at the following link: https://support.google.com/code/contact/cloud_platform_report If you would like to send a legal request to Google, please submit a request through our webform for the fastest response time: http://support.google.com/legal” Google, how about you deal with it ?!?! we are officially f*****

I’m seeing the same. Reports go to junk@devnull.spamcop.net What’s the point if that’s the situation now?

Thanks - I need to learn a bit more about DNS I think This one is VERY effective. None of the above could be reported over the recent months (Spamcop can’t handle this DNS issue)

Hi Example: the domain below was created today with Namecheap). Spamcop does not find it hosted, neither do other tools I have tried. However, browsing to it finds it and redirects to the scam website (domain created in September with Namecheap) The actual target today is very similar to all of them TryWayTipsToday.com (Namecheap domain registration 23 Sept and hosted at 209.141.53.16 fdias@frantech.ca) The sender of the spam makes the email look like it was from a friend or relative. It tends to say there are photographs I will find interesting so I should click the link… A long history of this going back YEARS, but only recently became so regular and hard to actually report without clicking the link: Received 7 November 2022 oklb.ryoiit.com Domain name: ryoiit.com Registry Domain ID: 2737018605_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-11-07T14:44:21.00Z Received 1 November 2022 icde.crikele.com Domain name: crikele.com Registry Domain ID: 2735775930_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-11-01T14:39:24.00Z Received 27 October 2022: crce.hraogani.com Domain name: hraogani.com Registry Domain ID: 2734765324_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-10-27T14:17:53.00Z Received 22 October 2022: mkxj.eeansu.com Domain name: eeansu.com Registry Domain ID: 2733706599_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-10-22T14:25:13.00Z Received 18 October 2022: ttdgn.sgckit.com Domain name: sgckit.com Registry Domain ID: 2732810877_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-10-18T14:19:36.00Z Received 13 October 2022: hzgk.ltdoeiv.com Domain Name: LTDOEIV.COM Registry Domain ID: 2731777137_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 2022-10-13T14:34:38Z Creation Date: 2022-10-13T14:34:32Z Received 08 October 2022: snpb.xuoatkaa.com Domain name: xuoatkaa.com Registry Domain ID: 2730658186_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-10-08T13:58:37.00Z Received 04 October 2022: ibel.aacnxoap.com Domain name: aacnxoap.com Registry Domain ID: 2729728762_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-10-04T13:57:15.00Z Received 29 September 2022: zzim.ylrrayo.com Domain name: ylrrayo.com Registry Domain ID: 2728623480_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Updated Date: 0001-01-01T00:00:00.00Z Creation Date: 2022-09-29T13:57:53.00Z Received 24 September 2022: aotv.ecncsee.com Domain name: ecncsee.com Registry Domain ID: 2727479420_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Creation Date: 2022-09-24T12:57:39.00Z Received 20 September 2022: dvjd.eeopss.com Domain Name: EEOPSS.COM Registry Domain ID: 2726582547_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Creation Date: 2022-09-20T14:21:59Z Received 14 September 2022: mkvl.eolhshev.com Domain name: eolhshev.com Registry Domain ID: 2725237818_DOMAIN_COM-VRSN Registrar URL: http://www.namecheap.com Creation Date: 2022-09-14T13:36:27.00Z Received 21 May 2020: uxlt.aaansg.info Registry Domain ID: D503300001185489685-LRMS Registrar URL: http://www.namecheap.com Creation Date: 2020-05-21T14:12:30.00Z Received 19 May 2020: u2v.cetdnwr.info Domain name: cetdnwr.info Registry Domain ID: D503300001185467624-LRMS Registrar WHOIS Server: whois.namecheap.com Creation Date: 2020-05-19T15:59:25.00Z Received 11 May 2020 l5rp.solnxat.info Domain name: solnxat.info Registry Domain ID: D503300001185368476-LRMS Registrar URL: http://www.namecheap.com Creation Date: 2020-05-11T14:30:06.00Z Received 29 April 2020 cq2r.aofypgs.info Domain name: aofypgs.info Registry Domain ID: D503300001183967263-LRMS Registrar URL: http://www.namecheap.com Creation Date: 2020-04-29T15:00:49.00Z Any ideas how the spammer is doing this so effectively to make it hard to report?

Yeah the sender is using US brand names to try get responses. Any US brand name will do. Couche-Tard is not actually well known but I guess they might think it is. The Couche-Tard business operates convenience stores. Circle K gas stations being one of them.

Yes, this is a problem. Daily now for me also. gnbrandschile.onmicrosoft.com GreenConcreteCJSC.onmicrosoft.com overseasvamani.onmicrosoft.com and more… Any of you guys look at the image hosts for spams too? I tend to look and report the image files. Imgur.com is quick to respond and delete. My spam sender rarely uses this now. Zupimages also VERY quick to respond and delete. ConstantContact.com was interesting. Spammer created dozens of customer accounts and uploaded images. Did not send emails from the accounts but called the images via the URLs. CC acted to close/delete.

I think this is a communication from flex Marketing Group (or their subsidiary AD1 Media Group) to their disparate community of affiliate spammer folks. The list is a list of people they know don’t want/may report spam. It’s a very poor way of communicating this list though!

No reply from KyivStar, the host of the website. I guess that could be understandable given the war raging in the South/South East (and I’m all for Ukrainian victory in that regard) but what to do now? Domain registrar is Namesilo and they just reply with the standard email and ironically they advise keeping your email address private and not showing on any public webpages! The suggestion they give is to raise a UDRP dispute… would that even work? Any other ideas? I’ve checked for a reply from Flex Marketing Group to my request to remove me from all their data on 30th June and there has not even been a reply. That was sent via the BBB website.

I just noticed the page I started the opening post with refers to “AD1 Publishers” and a Gogle around finds a privacy policy for “AD1 Media Group” on the Flex Marketing Group website (https://flexmg.com/legal/ad1-privacy-policy/) - it is a bit weird because it starts “Thank you for visiting the AD1 Media Group website located at www.AD1mg.com” (even though this privacy policy is hosted at flexmg.com and not AD1mg.com) Anyway, after contacting the business Flex Marketing Group a couple of weeks ago and getting no reply at all, I’m asking the hosting provider if they’ll take down a public page listing all those email addresses. The host is Kyiv Star (in Ukraine so hopefully they are operating ok). Will see if they can sort it.

Thanks guys

So here’s the thing! Last night I had a really good look. The site pages above (and others) show the same company involved. Looking at THEIR website, they claim to service the brands I have been harassed by for several years. And the emails have familiar spam characteristics like no relationship between anything (nothing whatsoever) and the company behind it all. Deceptive subject lines. spam redirect links that dance around before they hit the target. And pulling images from all over the place against the terms of use. What is very surprising is the companies paying for the spamming services by this “business” - I haven’t decided yet how far to take this but I’m mulling it over for sure. Is there a way to pull the history of all reports I have made through SpamCop for several years? I’d like to build up the comprehensive file of evidence. These people need to realize this is NOT acceptable behavior!