Sponsored by..

Showing posts with label SEO. Show all posts
Showing posts with label SEO. Show all posts

Wednesday 14 January 2015

Isabella Rossellini falls on hard times, starts sending SEO spam

Now, I enjoyed Isabella Rossellini very much in Blue Velvet ..


But it seems that she must have fallen on hard times and has started spamming for some Indian SEO outfit..

From:    Isabella Rossellini [isabellarosselliniwebmaster@hotmail.com]
Date:    14 January 2015 at 11:30
Subject:    SEO Package Get 25% Discount

Hi,

My name is Isabella Rossellini and working with a reputed leading S.E.O. Company in INDIA having the experience of getting our customer’s websites top in Google, Yahoo, and Msn and other search engine rankings producing high revenue with top page rank.

We provide a S.E.O. Special Offer going for the following package.

Monthly task and Responsibilities:-

1. 150 Directory submissions
2. 10 Social Bookmarking Submissions
3. 10 Article Submissions (1 article x 10 article directories)
4. 10 Press Release Submissions (1 press release x 10 press release websites)
5. Google Submissions
6. 1 unique, 400 word article written
7. 1 unique, 400 word press releases
8. 15 One Way back links with mix PR
9. Meta tags changes suggestions
10. Keyword research
11. Competitor Analysis
12. Heading tag changes
13. Alt tag changes
14. Interlinking wherever required.
15. Keyword Density in site content.
16. HTML Site Map
17. XML site map and Submission in webmaster tool
18.Search Engine Submission
19.Content Optimization
20.Deep linking submission

Wish u a happy,healthy,peaceful & prosperous 2015!!!

Let me know if you are interested and I would happy to send you more details on this.

Kind Regards

Isabella Rossellini
Online Marketing Executive
I suppose it is marginally possibly that this isn't the same "Isabella Rossellini" or indeed that the name is completely made up. Anyway, I think I will give this SEO spammer a wide berth.

Monday 23 June 2014

"Domain Listing Expired" scam spam (ibulkmailer.com / 192.99.148.65)

I've received this spam to the contact details for several domains I own in the past few weeks:

Date:      Sun, 22 Jun 2014 07:53:10 +0200 [06/22/14 01:53:10 EDT]
From:      Domain Notification [chandan@gmail.com]
Reply-To:      chandan@gmail.com
Subject:      re: Domain Listing Expired

Attention: Important Notice

ATT: [redacted].COM
ADMINISTRATIVE CONTACT
[redacted].COM
[redacted]

[redacted].COM
Please ensure that your contact information is correct or make the necessary changes above

DOMAIN SERVICE NOTICE

Domain Name: [redacted].COM
Search Engine Submission

Pay By

June 30,2014
 PART I: REVIEW SOLICITATION


Attn: [redacted].COM
As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it's time to send in your registration and save.

Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.

Privatization allows the consumer a choice when registering. Search engine subscription includes domain name search engine submission. You are under no obligation to pay the amounts stated below unless you accept this offer. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.

This Notice for: [redacted].COM will expire on June 15,2014 Act today!

DETAIL OF SERVICE: ANNUAL WEBSITE SEARCH ENGINE SUBMISSION FOR DOMAIN NAME [redacted].COM
Detail of Service:
SEARCH SUBMISSIONS
Act by Date:
06/15/2014
For Domain
Name:
[redacted].COM


Select Term
Your Existing Domain
Period Covered
Price
    [redacted].COM        
1year     Valid for 1 Year CLICK TO RENEW     06/15/2014 - 06/15/2015     $75.00
2year     Valid for 2 Year CLICK TO RENEW     06/15/2014 - 06/15/2016     $119.00
3year     Valid for 3 Year CLICK TO RENEW     06/15/2014 - 06/15/2017     $199.00
4year     -Most Recommended- CLICK TO RENEW     04/04/2014 - 04/04/2024     $295.00
5year     Limited time offer - Best value! CLICK TO RENEW     Lifetime     $499.00


Payment by Credit Card
Select the term and complete the form above, (do not reply this mail with your credit card details on this mail , just click on pay above. once we receive your pay we will send you details and report after payment is successful, also make sure you provide us with your correct information at time of signup.

Unsubscribe me from this list


Powered by Interspire

It looks like a domain renewal notice.. but it isn't. It's a renewal notice for SEO services. "But wait," I hear you cry, "I haven't signed up for any SEO services!" to which my answer is "Exactly!"

This is where the spam moves from being annoying to being a more of a scam. The use of the word "Renew" implies that you already have a relationship with these people but you do not. There is nothing to renew, but stating that this is something you already use is not only incorrect but in my personal opinion it is a fraudulent misrepresentation.

The link in the email goes to 192.99.148.65 (OVH Canada, not surprisingly) and then onto a landing page at ibulkmailer.incom on 192.185.170.196 (Websitewelcome, US).


The WHOIS details for ibulkmailer.com are as follows:

Registry Registrant ID:
Registrant Name: kumar, chandan
Registrant Organization:
Registrant Street: DDA FLAT NO 556 PKT B HASTSAL
Registrant City: New Delhi
Registrant State/Province: Delhi
Registrant Postal Code: 110059
Registrant Country: IN
Registrant Phone: 7838808080
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: admin@ibulkmailer.com


WHOIS details can easily be faked, but the "Chandan" name in the registration details tallies with the address chandan@gmail.com in the spam itself.

An examination of the sites co-hosted with ibulkmailer.com along with several other identifying factors identity this website as belonging to Chandan Kumar of CNS Web Technologies Pvt Ltd (U72300DL2009PTC191574) of India.

To save you from having to do the analysis yourself, a shortcut is to visit Chandan Kumar's LinkedIn page which links through to ibulkmailer.com in one of the "Company Website" links.


The contact details for Mr Kumar's company are below:

CNS Web Technologies Private Limited
625 LIG HASTSAL
VIKAS PURI
New Delhi
Delhi
110059
INDIA
+91-7838808080
chandan988@gmail.com
chandan_988@rediffmail.com
chandan_988@yahoo.com

If you get these spam messages (and the link still leads to ibulkmailer.com) then one effective way of dealing with it would be to forward the message to the webhost abuse department at abuse -at- websitewelcome.com.

Doing business with spammers is never a good idea, and doing business with spammers who misrepresent your relationship with them is likely to be a very bad idea indeed. Avoid.

The following domains are also associated with CNS Web Technologies and Chandan Kumar. Do with them what you will.

ibulkmailer.com
webtrafficguru.net
ewebmail.in
ewebmailsolution.info
host-cns.com
cnswebtech.com
rajumehandiart.com
chauhanmehandiart.com
maahihosting.com
cnswebtech.com
cnsxpert.com
websms.co.in
ibulkmailer.in
domainnotices.in
ebizmail.in
pconlinexpert.com
turnaround-systems.com
ecataloguepromo.info

Tuesday 14 July 2009

43.gs: massive Google SERPs poisoning

I can't tell if this is accidental or deliberate, but there are a whole bunch of spam entries in Google for the 43.gs domain as you can see from this search.

It looks like some sort of redirect or copy, but the odd thing is that the 43.gs subdomain actually points to the legitimate server.

For example, ethviumvthvie.43.gs resolves as 198.246.98.21 which belongs to the US Centers for Disease Control (CDC). For some reason, the CDC server accepts requests for ethviumvthvie.43.gs as a request to display the genuine website.

As a result, Google has about 3.2 million results for 43.gs subdomains, all of which are duplicates of existing sites.

It looks like 43.gs offers some sort of legitimate URL shortening service based on subdomain names rather than the more common tinurl/bit.ly. Have the bad guys found a way to use this to their advantage? Are they suddenly going to switch traffic to somewhere bad?

43.gs is showing a small bump in traffic recently, perhaps as a result of this?

Presumably there is a way of telling your web server to reject this kind of request.