Sponsored by..

Monday, 23 June 2014

"Domain Listing Expired" scam spam (ibulkmailer.com / 192.99.148.65)

I've received this spam to the contact details for several domains I own in the past few weeks:

Date:      Sun, 22 Jun 2014 07:53:10 +0200 [06/22/14 01:53:10 EDT]
From:      Domain Notification [chandan@gmail.com]
Reply-To:      chandan@gmail.com
Subject:      re: Domain Listing Expired

Attention: Important Notice

ATT: [redacted].COM
ADMINISTRATIVE CONTACT
[redacted].COM
[redacted]

[redacted].COM
Please ensure that your contact information is correct or make the necessary changes above

DOMAIN SERVICE NOTICE

Domain Name: [redacted].COM
Search Engine Submission

Pay By

June 30,2014
 PART I: REVIEW SOLICITATION


Attn: [redacted].COM
As a courtesy to domain name holders, we are sending you this notification for your business Domain name search engine registration. This letter is to inform you that it's time to send in your registration and save.

Failure to complete your Domain name search engine registration by the expiration date may result in cancellation of this offer making it difficult for your customers to locate you on the web.

Privatization allows the consumer a choice when registering. Search engine subscription includes domain name search engine submission. You are under no obligation to pay the amounts stated below unless you accept this offer. Do not discard, this notice is not an invoice it is a courtesy reminder to register your domain name search engine listing so your customers can locate you on the web.

This Notice for: [redacted].COM will expire on June 15,2014 Act today!

DETAIL OF SERVICE: ANNUAL WEBSITE SEARCH ENGINE SUBMISSION FOR DOMAIN NAME [redacted].COM
Detail of Service:
SEARCH SUBMISSIONS
Act by Date:
06/15/2014
For Domain
Name:
[redacted].COM


Select Term
Your Existing Domain
Period Covered
Price
    [redacted].COM        
1year     Valid for 1 Year CLICK TO RENEW     06/15/2014 - 06/15/2015     $75.00
2year     Valid for 2 Year CLICK TO RENEW     06/15/2014 - 06/15/2016     $119.00
3year     Valid for 3 Year CLICK TO RENEW     06/15/2014 - 06/15/2017     $199.00
4year     -Most Recommended- CLICK TO RENEW     04/04/2014 - 04/04/2024     $295.00
5year     Limited time offer - Best value! CLICK TO RENEW     Lifetime     $499.00


Payment by Credit Card
Select the term and complete the form above, (do not reply this mail with your credit card details on this mail , just click on pay above. once we receive your pay we will send you details and report after payment is successful, also make sure you provide us with your correct information at time of signup.

Unsubscribe me from this list


Powered by Interspire

It looks like a domain renewal notice.. but it isn't. It's a renewal notice for SEO services. "But wait," I hear you cry, "I haven't signed up for any SEO services!" to which my answer is "Exactly!"

This is where the spam moves from being annoying to being a more of a scam. The use of the word "Renew" implies that you already have a relationship with these people but you do not. There is nothing to renew, but stating that this is something you already use is not only incorrect but in my personal opinion it is a fraudulent misrepresentation.

The link in the email goes to 192.99.148.65 (OVH Canada, not surprisingly) and then onto a landing page at ibulkmailer.incom on 192.185.170.196 (Websitewelcome, US).


The WHOIS details for ibulkmailer.com are as follows:

Registry Registrant ID:
Registrant Name: kumar, chandan
Registrant Organization:
Registrant Street: DDA FLAT NO 556 PKT B HASTSAL
Registrant City: New Delhi
Registrant State/Province: Delhi
Registrant Postal Code: 110059
Registrant Country: IN
Registrant Phone: 7838808080
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: admin@ibulkmailer.com


WHOIS details can easily be faked, but the "Chandan" name in the registration details tallies with the address chandan@gmail.com in the spam itself.

An examination of the sites co-hosted with ibulkmailer.com along with several other identifying factors identity this website as belonging to Chandan Kumar of CNS Web Technologies Pvt Ltd (U72300DL2009PTC191574) of India.

To save you from having to do the analysis yourself, a shortcut is to visit Chandan Kumar's LinkedIn page which links through to ibulkmailer.com in one of the "Company Website" links.


The contact details for Mr Kumar's company are below:

CNS Web Technologies Private Limited
625 LIG HASTSAL
VIKAS PURI
New Delhi
Delhi
110059
INDIA
+91-7838808080
chandan988@gmail.com
chandan_988@rediffmail.com
chandan_988@yahoo.com

If you get these spam messages (and the link still leads to ibulkmailer.com) then one effective way of dealing with it would be to forward the message to the webhost abuse department at abuse -at- websitewelcome.com.

Doing business with spammers is never a good idea, and doing business with spammers who misrepresent your relationship with them is likely to be a very bad idea indeed. Avoid.

The following domains are also associated with CNS Web Technologies and Chandan Kumar. Do with them what you will.

ibulkmailer.com
webtrafficguru.net
ewebmail.in
ewebmailsolution.info
host-cns.com
cnswebtech.com
rajumehandiart.com
chauhanmehandiart.com
maahihosting.com
cnswebtech.com
cnsxpert.com
websms.co.in
ibulkmailer.in
domainnotices.in
ebizmail.in
pconlinexpert.com
turnaround-systems.com
ecataloguepromo.info

No comments: