The Doctors - Choice 1000 Caralluma, CLA Safflower Oil

Spammers should not profit, so post information here that hits their pockets. There are many ways to fight spammers, and we have automation tools to combat them efficiently. These forums are moderated, but do not reflect the views of the hosting company, domain registrar, etc. By entering any of these forums, you agree that you cannot hold anyone liable for anything related in any way to these forums.

The Doctors - Choice 1000 Caralluma, CLA Safflower Oil

Postby Red Dwarf » Wed Apr 08, 2015 4:43 pm

Also seen as "Everyday Health & Wellness"

In April/May this scam pushed Caralluma in a weight-loss fraud.
In June, Caralluma was temporarily withdrawn, and replaced with another weight-loss scam - CLA Safflower Oil and Forskolin Fuel and Garcinia Cambogia depending on your geography. Caralluma has been restored as a current alternative.

Since December 2015, the sites seemed to be redirected to savethechildren.org.
The redirection was achieved using a triple obfuscated java script method. This was a subterfuge to escape detection by law enforcement and registrars.
In actual fact, they were still sending victims to the weight-loss fraud sites, when clicked from within their spam.


How to get even with spammers - Part 1

Today I received a blast of spams in my inbox, all looking the same - here are 7 examples
spammers wrote:Do you miss being skinny like you were in high school?
You won't marry a real prince until you get rid of some kilos of your weight! I want to hear that you're smaller next month. We have got what you are looking for! http://x.co/8nuvu

This medication helped me stop my husband's obesity at initiatory stage!
I just wanted to let you know how simple it is to get slim! How to Use Portion Control to Lose Pounds You may search for a long time, but we already have it! http://x.co/8nugY

I just wanted to let you know how simple it is to get slim!
Don't leave obesity a single chance! Follow a diet or use effective medications! This will only take a week before you see what it does. Over a thousand names in our shop! http://x.co/8nuqR

Go on eating your favorite food and slenderize! Today it's absolutely possible!
can you still fit into your old clothes? My body looks 100x improved. With us you will purchase any medicine you are after! http://x.co/8nuce

Do you know how to slenderize in few months and maintain you weight ever since?
The hottest news of our thin growing world! The way out was invented in 1980-s! I started last sunday and I am aready down two sizes. We have the larget selection of products! http://x.co/8nugY

Powerful medication helps people lose weight without giving up tasty food!
If your diagnosis is obesity it's important to treat it as an illness, not a lifestyle! You only live once so there is no point sitting on your hands. In our shop there is everything you need! http://x.co/8nuyW

I know what it means to suffer from excess weight and be ashamed of your body!
How many men look at you with desire? Your weight is the main problem! Try it out right and see for yourself. On our site you will for sure find your cure! http://x.co/8nukU


Each has a shortened link. To find out where the shortened link goes, visit http://www.wheregoes.com/ and key it in.
You get
Code: Select all
http://x.co/8nukU
301 Redirect
http://com-o8u.net/?a=355006&c=wl_con
302 Redirect
http://595-weightloss.com-o8u.net/doczmkv/usrzmkv/


Another example
Code: Select all
http://x.co/8nuyW
301 Redirect
http://com-o8u.net/?a=355006&c=wl_con
302 Redirect
http://607-diet.com-o8u.net/docmwoj/usrmwoj/


Although the final target is different, the common point (com-o8u.net) is the same for all of them.

The web site is called "The Doctors" and sells a product called "Choice 1000 Caralluma™ ". The checkpout page is at https://my-secured-checkout.com which is registered with REGISTER.COM INC and privacy protected.

How to shut this operation down?
Look up the registrant details at http://whois.domaintools.com/com-o8u.net
The registrar is SHANGHAI MEICHENG TECHNOLOGY INFORMATION DEVELOPMENT CO., LTD.
Code: Select all
Registrant Name: zhang nengzhong
Registrant Organization: zhang nengzhong
Registrant Street: changhelu98hao201
Registrant City: gaoyaoshi
Registrant State/Province: Guangdong
Registrant Postal Code: 302102
Registrant Country: CN
Registrant Phone : +86.02488541254
Registrant Phone Ext:
Registrant Fax: +86.02488541254


Pick up your phone and dial +86.02488541254 and you find there is no such number. That is a violation of ICANN's terms. Fill in the report for com-o8u.net at
https://forms.icann.org/en/resources/compliance/complaints/whois/inaccuracy-form

Sit back and grin :evil:

[EDIT: April 9 2015 - The above shortened URLs like http://x.co/8nukU no longer work, and com-o8u.net no longer resolves] :axe:

See also the entry at http://fraud-reports.wikia.com/The_Doctors
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors

Postby Red Dwarf » Wed Apr 08, 2015 4:56 pm

How to get even with spammers - Part 2

But wait! Is there more?

Take that fictitious street address, changhelu98hao201 and Google it for fun. Hits:

https://www.virustotal.com/en/domain/com-6s8.net/information/
http://whois.domaintools.com/com-o17.net
http://wa-com.com/com-291.net
http://www.whoismind.com/whois/com-9jo.net.html

com-o17.net (suspended by registrar)
com-291.net (suspended by registrar)
com-6s8.net Phone : +86.02488541254
com-9jo.net Phone: +86.02488541254

There are two more that can be reported to ICANN.
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors

Postby Red Dwarf » Wed Apr 08, 2015 5:47 pm

How to get more than even with spammers - Part 3

But wait some more! Is this the gift that keeps on giving? By looking up these turkeys on a passive DNS system, you can find over 100 of these domains, registered in China, with random phone numbers. Here is a list of 86 sure fire hits, with invalid phone numbers and some with invalid addresses as well:

Code: Select all
com-1pa.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-226.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-234.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-23u.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-243.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-2b3.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-2l5.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-2li.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-2lo.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-2m6.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-2p1.net   feng cheng   luojiagonglu 2019hao,,, jiadingqu, shagnhai, 100020, cn   +86.013661522725   both   
com-1bi.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-1g9.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-1gu.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-1k5.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-1k6.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-1l4.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-1r7.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-1z6.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-259.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-28a.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-29a.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-2b4.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-2b6.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-2b8.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-2be.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-2c3.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-2c8.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-2co.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-2dy.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-2f9.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-2fa.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-2fo.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-2g3.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-2g7.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-2ju.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-2k3.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-2p2.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-2r5.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-316.net   cheng feng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, cn   +86.13661522725   both   
com-339.net   feng cheng   luojiagonglu 2019hao, jiadingqu, shagnhai, 100020, CN   +86.13661522725   both   
com-179.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-1g4.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-1h4.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-1k4.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-1ke.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-1s7.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-1w2.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-1xy.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-227.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-279.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-2c2.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-2hi.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-2l1.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-388.net   Petr Abandonato   Gazetny Lane Bldg. 1 17 9, 125009 Moscu, Rusia, 125009, RU   +39.390648930557   phone   
com-287.net   zhou chao   shandong sheng qingdaoshi shinanqu fuzhoulu 76hao, qingdao, shandong, 266000, CN   +86.013954202302   phone   
com-1zu.net   zhang nengzhong   changhelu98hao201, gaoyaoshi, Guangdong, 302102, CN   +86.02488541254   phone   
com-o8u.net   zhang nengzhong   changhelu98hao201, gaoyaoshi, Guangdong, 302102, CN   +86.02488541254   phone   
com-1z9.net   zhao fen   zhong quan bei lu 3 6 hao, ZhuHai, GD, 400011, CN   +86.02588541365   phone   
com-1fo.net   huang quan huang quan   hefeishi changjiangbeilu96hao, hefei, Anhui, 235521, CN   +86.02899587841   phone   
com-113.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-1ko.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-1m7.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-1q5.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-1qa.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-1so.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-1sy.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-1w8.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-1wy.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-1ze.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-2bo.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-2l8.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-2v3.net   Yu Qin   Shan Dong Sheng Ji Nan Shi Li Xia Qu Li Shan Lu 102Hao, Ji Nan, Shan Dong, 250000, CN   +86.05318613256   phone   
com-23a.net   zhang neng   zhengzhounanshanlu33hao201shi, zhengzhou, Henan, 300210, CN   +86.0584411477   phone   
com-1cu.net   neng zhang   zhengzhounanshanlu33hao201shi, zhengzhou, Henan, 300210, CN   +86.05844114770   phone   
com-136.net   fei jiang   changhequnanshanlu1239hao,,, beijing, Beijing, 100011, cn   +86.1085541236   phone   
com-2g4.net   zhang quan   hongkoulu358hao, gongxhulingshi, gongxhulingshi, 520012, China   +86.441 2584551   phone   
com-1s5.net   zhang hai   changchunshichangninglu32hao, chang chun, chang chun, 360211, China   +86.445 8521254   phone   
com-16o.net   qin yu   Li Xia Qu Li Shan Lu 102Hao, jinan, shandong, 250013, CN   +86.5318613256   phone   
com-183.net   qin yu   Li Xia Qu Li Shan Lu 102Hao, jinan, shandong, 250013, CN   +86.5318613256   phone   
com-184.net   qin yu   Li Xia Qu Li Shan Lu 102Hao, jinan, shandong, 250013, CN   +86.5318613256   phone   
com-1me.net   qin yu   Li Xia Qu Li Shan Lu 102Hao, jinan, shandong, 250013, CN   +86.5318613256   phone   
com-15y.net   neng zhang   zhengzhounanshanlu33hao201shi,,, zhengzhou, Henan, 300210, cn   +86.5844114770   phone   
com-1xa.net   neng zhang   zhengzhounanshanlu33hao201shi,,, zhengzhou, Henan, 300210, cn   +86.5844114770   phone   
com-2c4.net   neng zhang   zhengzhounanshanlu33hao201shi,,, zhengzhou, Henan, 300210, cn   +86.5844114770   phone   
com-2q1.net   neng zhang   zhengzhounanshanlu33hao201shi,,, zhengzhou, Henan, 300210, cn   +86.5844114770   phone   
com-346.net   neng zhang   zhengzhounanshanlu33hao201shi,,, zhengzhou, Henan, 300210, cn   +86.5844114770   phone   


ICANN's little robot is going to be busy. :mrgreen:

[Update, September 30 2015: Over 3,300 domain names used in this scam have been suspended by the various registrars]
[Update, November 5 2015: Over 4,000 domain names used in this scam have been suspended by the various registrars]
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Thu Apr 09, 2015 11:48 pm

Suspended or not operational:

GUANGDONG NAISINIKE INFORMATION TECHNOLOGY CO LTD
com-1z9.net

SHANGHAI MEICHENG TECHNOLOGY INFORMATION DEVELOPMENT CO., LTD. Broken DNS Server
com-1zu.net
com-23a.net
com-o8i.net
com-o8u.net

HOSTING CONCEPTS B.V. D/B/A OPENPROVIDER Broken DNS Server
com-1ke.net

BIZCN ClientHold
com-28a.net
com-2b4.net
com-2b6.net
com-2b8.net
com-2be.net
com-2c3.net
com-2c8.net
com-2f9.net
com-2r5.net

JIANGSU BANGNING SCIENCE & TECHNOLOGY CO. LTD ClientHold
com-339.net

FOSHAN YIDONG NETWORK CO. LTD
com-y2a.net
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Sat Apr 11, 2015 4:57 am

Today, they have switched across to com-a17.net

http://x.co/8po6a
301 Redirect
http://com-a17.net/?a=306534&c=wl_con
302 Redirect
http://258-health.com-a17.net/docbqqa/usrbqqa/

Spam:
Code: Select all
I am sure that if given the chance you would love to become slender
Want to lose any weight? go here
http://x.co/8po1V


Redirection trace
Code: Select all
http://x.co/8po1V
301 Redirect
http://com-a17.net/?a=306534&c=wl_con
302 Redirect
http://384-beauty.com-a17.net/docmjut/usrmjut/


Domain Name: COM-A17.NET
Registrar: BIZCN.COM, INC.
Registrant Name: zhang yuan
Registrant Organization: zhang yuan
Registrant Street: zhongyuanxinlu changhexincun32hao305
Registrant City: haidianqu
Registrant State/Province: beijing
Registrant Postal Code: 100000
Registrant Country: cn
Registrant Phone: +86.1088512566 (does not exist)
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Sun Apr 12, 2015 10:51 pm

BIZCN has not yet taken action. Sample spam -
Code: Select all
Subject: There no better product on the market
Good to see you
Are you addicted to food?
http://x.co/8pnpg


Redirection trace from wheregoes.com -
Code: Select all
http://x.co/8pnpg
301 Redirect
http://com-a17.net/?a=306534&c=wl_con
302 Redirect
http://196-health.com-a17.net/dockbjs/wekbjs/


BIZCN response, translated:
BIZCN wrote:Dear user: Your reported information has been received, and will be treated in accordance with the relevant procedures, thank you for your support of our work, thank you! !


                                                                                                             12321 Reporting Center


Another example, different shortener and different target
Code: Select all
http://catcut.net/UH3
302 Redirect
http://com-y2a.net/?a=306534&c=wl_con
302 Redirect
http://107-healthandbeauty.com-y2a.net/doczuvz/usrzuvz/


Domain Name: COM-Y2A.NET
Registrar: FOSHAN YIDONG NETWORK CO. LTD
Sponsoring Registrar IANA ID: 1563
Whois Server: whois.72dns.com
Referral URL: http://www.72e.net
Registrant Phone: +86.4526548554 (Does not exist)
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Sun Apr 12, 2015 11:57 pm

Great to see GoDaddy shutting down abusive x.co shortened URLs

https://support.godaddy.com/help/article/5760/preventing-and-reporting-abuse-of-x-co-links

Reported these, scraped from spam in my inbox
Code: Select all
x.co/8hy7d
x.co/8hy7N
x.co/8hy9n
x.co/8hyJH
x.co/8jbft
x.co/8jbiY
x.co/8jbjY
x.co/8jbmd
x.co/8jbQK
x.co/8jbU7
x.co/8jbUo
x.co/8npbz
x.co/8npdi
x.co/8npfl
x.co/8npgD
x.co/8nphg
x.co/8npoo
x.co/8npoP
x.co/8npVa
x.co/8npXU
x.co/8pagZ
x.co/8pahH
x.co/8paS8
x.co/8pffQ
x.co/8pg55
x.co/8pg5X
x.co/8pnnp
x.co/8pnpg
x.co/8pnqM
x.co/8pnrw
x.co/8pnsg
x.co/8pnsv
x.co/8pnvZ
x.co/8pnwO
x.co/8pnxf
x.co/8pnyq
x.co/8pnzj
x.co/8po1V
x.co/8po2h
x.co/8po3E
x.co/8po6a
x.co/8po6v
x.co/8po8c
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Mon Apr 13, 2015 5:17 pm

Oh what joy!

Domain Name: COM-Y2A.NET
Registrar: FOSHAN YIDONG NETWORK CO. LTD
Whois Server: whois.72dns.com
Referral URL: http://www.72e.net
Status: clientHold http://www.icann.org/epp#clientHold
Updated Date: 13-apr-2015

All those spammed redirections are failing:
Code: Select all
http://catcut.net/UH3
302 Redirect
http://com-y2a.net/?a=306534&c=wl_con
Error Tracing URL
Error: Timeout Error when fetching URL http://com-y2a.net/?a=306534&c=wl_con


We await action from XIN NET on COM-A17.NET
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Wed Apr 15, 2015 2:19 am

Sample request to BIZCN (send to abuse @bizcn.com and abuse@12321.cn)

Code: Select all
BIZCN.COM
Dear Registrar

This is a compliance request for you to suspend the illegal domain com-a17.net
It is used for illegal activity, breaking the ICANN RAA terms.

CRIMINAL EVIDENCE
http://mywot.com/en/scorecard/com-a17.net

FAKE REGISTRANT
Registrant phone does not exist: +86.1088512566

Your company is the registrar sponsoring the illegal domain name

ACTION
Set the status to Client Hold

Thank you for your efforts to reduce crime and to keep criminals from abusing your terms of service.


[Edit April 29, suspended on Client Hold]
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Thu Apr 16, 2015 4:15 pm

At the ground level, you can get the URL shorteners to kill the spammed URLs. These were all killed immediately on request

CATCUT.NET
To: support@catcut.net
Please delete these shortened URLs. They are used in spam

Code: Select all
catcut.net/eQ3
catcut.net/cQ3
catcut.net/9Q3
catcut.net/rQ3
catcut.net/BQ3
catcut.net/iA3
catcut.net/jH3
catcut.net/LQ3
catcut.net/MA3
catcut.net/nA3
catcut.net/PH3
catcut.net/PQ3
catcut.net/QQ3
catcut.net/rH3
catcut.net/sQ3
catcut.net/UQ3
catcut.net/vH3
catcut.net/wQ3
catcut.net/xA3
catcut.net/xQ3
catcut.net/YH3
catcut.net/zH3
catcut.net/DQ3


GODADDY
These were also killed immediately on request
To: abuse@godaddy.com
In response to your request at

https://support.godaddy.com/help/article/5760/preventing-and-reporting-abuse-of-x-co-links


Additional shortened URLs found in spam.

Code: Select all
x.co/8npfl
x.co/8pahH
x.co/8pnnp
x.co/8pnqM
x.co/8pnrw
x.co/8pnsv
x.co/8pnvZ
x.co/8pnyq
x.co/8po2h
x.co/8po3E
x.co/8po6v
x.co/8hy7d
x.co/8hy7N
x.co/8hy9n
x.co/8hyJH
x.co/8jbft
x.co/8jbiY
x.co/8jbjY
x.co/8jbmd
x.co/8jbQK
x.co/8jbU7
x.co/8jbUo
x.co/8npbz
x.co/8npdi
x.co/8npgD
x.co/8nphg
x.co/8npoo
x.co/8npoP
x.co/8npVa
x.co/8npXU
x.co/8pagZ
x.co/8paS8
x.co/8pffQ
x.co/8pg55
x.co/8pg5X
x.co/8pnpg
x.co/8pnsg
x.co/8pnwO
x.co/8pnxf
x.co/8pnzj
x.co/8po1V
x.co/8po6a
x.co/8po8c

User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Thu Apr 16, 2015 6:21 pm

User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Thu Apr 16, 2015 8:53 pm

Reporting the shortened URLs

    LY1.RU at http:/ly1.ru - click the link at the bottom right (Report link) and supply the bad url in the second input field. You can also use Google translate to see it in English.

    X.CO email to abuse@godaddy.com

    CATCUT.NET email to support@catcut.net

    HOP.KZ - http://hop.kz/report_url.html
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Fri Apr 17, 2015 4:23 pm

Registrar actions.
These are not operational, and were registered with BIGROCK SOLUTIONS LTD (UAE)
Code: Select all
com-uj9.net
com-ujo.net
com-uk4.net
com-uka.net
com-ul2.net
com-yg1.net
com-yjy.net
com-yla.net
com-ymo.net
com-yr3.net
com-ytu.net
com-yja.net
com-ylu.net
com-ym1.net


These are not operational, and were registered with WEB COMMERCE COMMUNICATIONS LIMITED / WEBNIC.CC
Code: Select all
com-yh1.net
com-yh3.net
com-yhu.net
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Fri Apr 17, 2015 9:58 pm

The latest preferred target redirection domain is
COM-5HW.NET
which is sponsored by registrar: HICHINA ZHICHENG TECHNOLOGY LTD.

Sample spammed URL and the redirection trace:
Code: Select all
http://catcut.net/Pu4
302 Redirect
http://com-5hw.net/?a=306534&c=wl_con
302 Redirect
http://326-fitness.com-5hw.net/doclmha/usrlmha/
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Re: The Doctors - Choice 1000 Caralluma

Postby Red Dwarf » Sun Apr 19, 2015 4:22 pm

One temporary victory - of the two most spammed redirector targets (com-a17.net and com-5hw.net) one is currently not resolving, making their efforts a pointless exercise.
:-)
Domain Name: COM-5HW.NET
Registrar: HICHINA ZHICHENG TECHNOLOGY LTD.
Name Server: NS1.NCSEDIGS.RU
Name Server: NS2.NCSEDIGS.RU

Looking up at the 2 com-5hw.net. parent servers:

ns1.ncsedigs.ru [78.47.178.205] [Broken DNS server: Reports that it refuses to respond!]
ns2.ncsedigs.ru [103.28.46.139] Timeout

>host -t a com-5hw.net
;; connection timed out; no servers could be reached

Others not resolving for the same reason
com-8x0.net
com-cbz.net
com-cg8.net
com-c93.net
com-g77.net
com-l79.net
com-njl.net
com-s5s.net

[EDIT: April 29 com-a17.net is also suspended]
Registrar: BIZCN.COM, INC.
Status: clientHold
User avatar
Red Dwarf
You are kiillllling-a my bizinisss!
 
Posts: 10452
Joined: Tue Jun 27, 2006 2:01 am

Next

Return to Fight Spammers

Who is online

Users browsing this forum: Google [Bot] and 1 guest

cron