Scam Alert: samplerewardsonline.com February 6, 2012
Posted by very in : Announcement, News, Resources, Security, Tech , add a commentUPDATE:
samplerewardsonline.com has the IP 38.101.10.141 which belongs to Cogent.
Please contact: abuse@cogentco.com
——-
First, there is no such thing as iPhone 5 at this point in time. Apple is not looking for iPhone 5 testers and never did so in the past with their product.
This investigation was prompted by a spam SMS from +1 (646) 709-7845 that says:
Apple is looking for iPhone 5 testers! The first 1000 users that go to http://mobile-testers.com and enter code 0214 will get to test & keep a new iPhone 5
The site mobile-testers.com is a portal to samplerewardsonline.com. The domain name was registered on February 1st, 2012 through eNom, Inc. and hosted by HostGator. The domain registration is also protected by WhoisGuard based on whois query.
You can enter any 4-character-code into the field and continue and it will redirect to samplerewardsonline.com.
Whois information on samplerewardsonline.com:
Lions-share:~ suspicious-bagel$ whois samplerewardsonline.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.Domain Name: SAMPLEREWARDSONLINE.COM
Registrar: DYNAMIC DOLPHIN, INC.
Whois Server: whois.dynamicdolphin.com
Referral URL: http://www.dynamicdolphin.com
Name Server: NS1.SAMPLEREWARDSONLINE.COM
Name Server: NS2.SAMPLEREWARDSONLINE.COM
Status: clientTransferProhibited
Updated Date: 21-sep-2011
Creation Date: 21-sep-2011
Expiration Date: 21-sep-2012>>> Last update of whois database: Tue, 07 Feb 2012 02:14:38 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar’s sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant’s agreement with the sponsoring
registrar. Users may consult the sponsoring registrar’s Whois database to
view the registrar’s reported date of expiration for this registration.TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services’ (“VeriSign”) Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Registration Service Provided By: DYNAMIC DOLPHIN, INC
Contact: +1.7208723477Domain Name: SAMPLEREWARDSONLINE.COM
Registrant:
Dynamic Dolphin Privacy Protection
Privacy Protect (privacyprotect@dynamicdolphin.com)
5023 W 120th Ave #233
Broomfield
Colorado,80020
US
Tel. +001.7208723477Creation Date: 21-Sep-2011
Expiration Date: 21-Sep-2012Domain servers in listed order:
ns1.samplerewardsonline.com
ns2.samplerewardsonline.comAdministrative Contact:
Dynamic Dolphin Privacy Protection
Privacy Protect (privacyprotect@dynamicdolphin.com)
5023 W 120th Ave #233
Broomfield
Colorado,80020
US
Tel. +001.7208723477Technical Contact:
Dynamic Dolphin Privacy Protection
Privacy Protect (privacyprotect@dynamicdolphin.com)
5023 W 120th Ave #233
Broomfield
Colorado,80020
US
Tel. +001.7208723477Billing Contact:
Dynamic Dolphin Privacy Protection
Privacy Protect (privacyprotect@dynamicdolphin.com)
5023 W 120th Ave #233
Broomfield
Colorado,80020
US
Tel. +001.7208723477Status:LOCKED
Note: This Domain Name is currently Locked. In this status the domain
name cannot be transferred, hijacked, or modified. The Owner of this
domain name can easily change this status from their control panel.
This feature is provided as a security measure against fraudulent domain name hijacking.
samplerewardsonline.com is registered through Dynamic Dolphin, Inc.
samplerewardsonline.com IP is 38.101.10.141 which in the same block with similar scam sites such as Populargiftsforyou.com and PlanetGiftRewards.com
Posted from Los Angeles, California, United States.
Scam and Spam Alert: mobile-testers.com February 6, 2012
Posted by very in : Announcement, News, Resources, Security, Tech , add a commentNew round of SMS spam that is also a scam from mobile-testers.com. The unsolicited SMS is coming from +1 (646) 709-7845 and the message is saying:
Apple is looking for iPhone 5 testers! The first 1000 users that go to http://mobile-testers.com and enter code 0214 will get to test & keep a new iPhone 5
Apple IS NOT looking for iPhone 5 testers. Apple IS NOT calling the next iPhone by “iPhone 5″ name yet. This is clearly a SCAM.
The domain mobile-testers.com is registered through eNom, Inc. and protected by WhoisGuard (see WhoIs information at the bottom of this post).
If you’re getting this SMS spam, you should:
- Report mobile-testers.com as spam to WhoisGuard through the Report Spam page.
- File complaints on FCC site.
File a complaint on FCC site http://esupport.fcc.gov/complaints.htm
You should file form 1088G to report this violation.
You can also call 1-888-CALL-FCC (1-888-2255-322) voice; 1-888-TELL-FCC (1-888-8355-322) TTY.
According to FCC, this type of “marketing” does violate CAN-SPAM Act.
At the time of this posting mobile-testers.com displays:
Service Unavailable
Server currently undergoing maintenance. Webmaster: please contact support.
UPDATE:
From Google Cache
Based on the WhoIs information, mobile-testers.com is using HostGator DNS. The IP address is 174.132.151.98, a SoftLayer/ThePlanet.com IP which is assigne to HostGator; a reseller of the service.
Whois information on mobile-testers.com:
Lions-share:~ suspicious-bagel$ whois mobile-testers.com
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.Domain Name: MOBILE-TESTERS.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1343.HOSTGATOR.COM
Name Server: NS1344.HOSTGATOR.COM
Status: clientTransferProhibited
Updated Date: 05-feb-2012
Creation Date: 01-feb-2012
Expiration Date: 01-feb-2013>>> Last update of whois database: Mon, 06 Feb 2012 20:39:31 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar’s sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant’s agreement with the sponsoring
registrar. Users may consult the sponsoring registrar’s Whois database to
view the registrar’s reported date of expiration for this registration.TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services’ (“VeriSign”) Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
=-=-=-=Registration Service Provided By: Namecheap.com
Contact: support@namecheap.com
Visit: http://namecheap.comDomain name: mobile-testers.com
Registrant Contact:
WhoisGuard
WhoisGuard Protected ()Fax:
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
USAdministrative Contact:
WhoisGuard
WhoisGuard Protected (ddeb681058d445c29c606b0a45f3dab0.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
USTechnical Contact:
WhoisGuard
WhoisGuard Protected (ddeb681058d445c29c606b0a45f3dab0.protect@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
11400 W. Olympic Blvd. Suite 200
Los Angeles, CA 90064
USStatus: Locked
Name Servers:
ns1343.hostgator.com
ns1344.hostgator.comCreation date: 01 Feb 2012 15:15:00
Expiration date: 01 Feb 2013 07:15:00
——-
Also filed under Text-Spammer
Posted from Los Angeles, California, United States.
More info on LinkedIn spam. January 16, 2012
Posted by very in : Announcement, News, Resources, Security, Tech , add a commentWe received more informations on the spam purporting from LinkedIn. It is obvious the emails do not come from LinkedIn. Email sender can easily be spoofed.
From the email headers:
Received: from static.3.100.40.188.clients.your-server.de ([188.40.100.3])
Received: from titan361.startdedicated.com ([62.75.229.17])
Received: from mx.silentpro.de ([212.12.114.235])
Received: from kultserver.de ([46.163.74.103])
Received: from ks35158.kimsufi.com ([213.251.184.181])
The spam even dares to say:
Stop spamming me!
If you see any mails purporting from LinkedIn, do not click on any of the links. As a matter of fact, make it a habit not to click on any links in emails.
Posted from Los Angeles, California, United States.
Spam disguised as email via LinkedIn. January 15, 2012
Posted by very in : Announcement, News, Resources, Security, Tech, Troubleshooting , add a commentA few people told us they have been getting email purportedly coming via LinkedIn. Do not blindly click any links in your email.
Posted from Los Angeles, California, United States.
Spammer Alert: sallara.com August 25, 2011
Posted by very in : Announcement, Media, News, Resources, Tech , add a commentA spammer from sallara.com responsible for wave of spam emails using numbers of domain names.
sallara.com is registered through enom.com. Don’t even bother complaining to enom.com through their Abuse Policy page, because it always return an error page. Many domains used by spammers are registered through enom.com.
Domain name: sallara.com
Registrant Contact:
Sallara
Philip Stensor ()Fax:
POBox: 15500 SW Jay Street #38743
Beaverton, OR 97006
USAdministrative Contact:
Sallara
Philip Stensor (admin@sallara.com)
+1.5033038404
Fax: +1.5555555555
POBox: 15500 SW Jay Street #38743
Beaverton, OR 97006
USTechnical Contact:
Sallara
Philip Stensor (admin@sallara.com)
+1.5033038404
Fax: +1.5555555555
POBox: 15500 SW Jay Street #38743
Beaverton, OR 97006
USStatus: Locked
Name Servers:
ns1.sallara.com
ns2.sallara.comCreation date: 30 Jun 2011 03:41:00
Expiration date: 29 Jun 2012 22:41:00
Recent domains registered by Phillip Stensor of Sallara:
- indongy.net
- gospodg.info
- reavel.info
- driftsm.com
- cativeta.com
- dauphon.net
- arellari.net
- parlined.net
The name Phillip Stensor is most likely a pseudonym.
File complaints to FTC: https://www.ftccomplaintassistant.gov/FTC_Wizard.aspx?Lang=en for the violation of CAN-SPAM Act.
Posted from Los Angeles, California, United States.
