Redswitches.com & 1and1.com – unresponsive to SEO spammer complaints

Аватара пользователя
A440
Сообщения: 2326
Зарегистрирован: Сб ноя 20, 2010 1:56 am

Redswitches.com & 1and1.com – unresponsive to SEO spammer complaints

Сообщение A440 » Вс ноя 22, 2015 3:13 am

I have been getting SEO spam from a narrow range of IP addresses that point back to this vendor, [red]redswitches.com[/red]. Other than that, they all have the common link of having reply email addresses that point to a Chinese portal.

The spam is as so:
Return-Path: gavincik•yahoo.com
Received: from 211.48.62.162 (211.48.62.162) at KTMAIL with ESMTP Hanmir by ktmail2;Sat, 21 Nov 2015 18:27:15 +0900
Received: from [103.41.176.49] ([103.41.176.49])
by relay2.kornet.net ([211.48.62.162])
with ESMTP id 2015112118:27:13:032511.304.663
for <xxx•kornet.net>;
Sat, 21 Nov 2015 18:27:12 +0900 (KST)
Date: Sat, 21 Nov 2015 10:04:22 +0100
Subject: leads for your business
From: "Roy Davis" <gavincik•yahoo.com>
To: xxx•kornet.net
X-MsgID: 1448098035132437.0.ktmail2
Message-ID: <1448098035132437.0.ktmail2@ktmail2>
Y-Message-ID: <23bfc634c27f0fe48e908ae800447c85@finecooking.com>
X-RECEIVED-IP: 211.48.62.162
Reply-To: yrdhins(at)sina.com
MIME-Version: 1.0
X-Mailer-LID: 3
X-Mailer-RecptId: 4465598
X-Mailer-SID: 1185
X-Mailer-Sent-By: 1
X-TERRACE-SPAMMARK: NO (SR:2.03) (by Terrace)
Content-Transfer-Encoding: 8bit
Content-type: text/plain; format=flowed; charset="UTF-8"

Hi,

We can generate you more business leads and sales from our email marketing
services.
We would like to grow your business sales 1-2 times than what it is now.

Let me know if you are interested to hear more.

Thanks,
Roy Davis
Contact: aloenins(at)tom.com


Remember! It won't sell if nobody knows you have it.
[red]Redswitches[/red] has been repeatedly unresponsive to direct reports that cite these TOS violations and should be labeled as untrustworthy at this point.

Please review this and rate accordingly here.

Additionally, [red]1and1.com[/red] most certainly should be rated [red]red[/red] (link for rating here)due to the now many phish and spam that originate from their IP space that point to "My Canadian Pharmacy" sites through hacked sites that are hosting links.
Complaints to [red]1and1.com[/red] have gone unanswered and rejected.
I must consider this business to be a hostile site, here on in.
Here is just one sample:
Delivered-To: xxx@gmail.com
Received: by 10.55.77.87 with SMTP id a84csp798890qkb;
Sun, 22 Nov 2015 01:04:47 -0800 (PST)
X-Received: by 10.194.94.100 with SMTP id db4mr24281227wjb.110.1448183087598;
Sun, 22 Nov 2015 01:04:47 -0800 (PST)
Return-Path: [crcastro@yaonline.es]
Received: from u16848359.onlinehome-server.com (u16848359.onlinehome-server.com. [74.208.65.217])
by mx.google.com with SMTP id qr6si11620244wjc.206.2015.11.22.01.04.47
for [xxx@gmail.com];
Sun, 22 Nov 2015 01:04:47 -0800 (PST)
Received-SPF: neutral (google.com: 74.208.65.217 is neither permitted nor denied by best guess record for domain of crcastro@yaonline.es) client-ip=74.208.65.217;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 74.208.65.217 is neither permitted nor denied by best guess record for domain of crcastro@yaonline.es) smtp.mailfrom=crcastro@yaonline.es
Unrest-Edict: 93456
To: "xxx@gmail.com" [xxx@gmail.com]
Content-Type: text/html; charset=UTF-8
Message-ID: [38876ca9c3e6f4a697eb612@u16848359.onlinehome-server.com]
MIME-Version: 1.0
X-Priority: 1
Subject: New voicemail 4:04AM
Content-Transfer-Encoding: 7bit
From: Whats App Notifier [crcastro@yaonline.es]
Date: Sun, 22 Nov 2015 04:04:47 +0000

[html] [body style="background:#393e43;padding:20px;"] [div posture="grimes" style="max-width:680px;"]
[table width="100%" cellspacing="0" cellpadding="10" border="0"] [tr]
[td style="background:#26252a;border-bottom:solid 10px #34af23;padding:20px;"]

[table cellspacing="0" cellpadding="0" border="0"][tr][td remarks=32 style="font-family:arial;font-weight:bold;font-size:30px;color:#ffffff;"] Whats App [/td][/tr][/table]

[/td]

[/tr]
[tr simplistic="5"]



[td style="background:#ffffff;font-family:arial;font-weight:normal;font-size:14px;color:#333333;"]

[div bilingual=72][br/][table anton='66' cellspacing="0" cellpadding="0" border="0" align="center"] [tr selectivity='electrophoresis'][td intensely='43' style="font-family:arial;font-weight:bold;font-size:22px;color:#808080;"]

New voice mail.
[/td][/tr] [/table][/div][br/] [div style="color:#40a9d8;"]Description[/div][br/] [div halverson="54" style="padding-left:30px;"]Nov 22 4:04 AM[br/]05 sec[/div] [/td]

[/tr] [tr] [td bellhop="88" style="background:#ffffff;text-align:center;padding:20px;"][br/]

[a strengthen=23 href="hwwot://teesplanet.com/dwindle.php" style="border-radius:20px 20px 20px 20px;padding:5px 40px 5px 40px;background:#67bb34;color:#ffffff;text-decoration:none;font-family:arial;font-weight:bold;font-size:30px;"]autoplay[/a][br/][br/]

[/td] [/tr] [tr]

[td microseconds=26 style="background:#d9d9d9;font-family:arial;font-weight:normal;font-size:11px;color:#808080;"]&copy; Whats App[/td] [/tr] [/table] [/div] [/body] [/html]
This link leads eventually to [red]yourdrugquality.ru[/red]

Аватара пользователя
drsumit
Сообщения: 792
Зарегистрирован: Вс янв 05, 2014 5:15 pm

RE: Redswitches.com – unresponsive to SEO spammer complaints

Сообщение drsumit » Вс ноя 22, 2015 5:08 am

[red]rated[/red]

Аватара пользователя
A440
Сообщения: 2326
Зарегистрирован: Сб ноя 20, 2010 1:56 am

RE: Redswitches.com & 1and1.com – unresponsive to SEO spammer

Сообщение A440 » Пн ноя 23, 2015 6:07 am

Here is yet another spam that was generated from a related company [red]oneandone.net[/red] -
which seems to be related to [red]1and1.com[/red]:
Domain Name: oneandone.net
Registry Domain ID: MIGR-50097971
Registrar WHOIS Server: whois.1and1.com
Registrar URL: http://1and1.com
Updated Date: 2011-06-27T10:01:24.000Z
Creation Date: 2001-07-23T19:30:23.000Z
Registrar Registration Expiration Date: 2016-07-23T13:34:00.000Z
[red]Registrar: 1&1 Internet AG[/red]
Registrar IANA ID: 83
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.8774612631
Reseller:
Registry Registrant ID:
Registrant Name: Andreas Gauger
Registrant Organization: 1&1 Internet AG
Registrant Street: Elgendorfer Strasse 57
Registrant City: Montabaur
Registrant State/Province:
Registrant Postal Code: 56410
Registrant Country: DE
Registrant Phone: +49.2602960
Registrant Phone Ext:
Registrant Fax: +49.72191374215
and
Domain Name: 1and1.com
Registry Domain ID: MIGR-10100147
Registrar WHOIS Server: whois.1and1.com
Registrar URL: http://1and1.com
Updated Date: 2011-06-27T10:04:32.000Z
Creation Date: 1997-09-27T21:00:00.000Z
Registrar Registration Expiration Date: 2016-09-27T03:00:00.000Z
[red]Registrar: 1&1 Internet AG[/red]
Registrar IANA ID: 83
Registrar Abuse Contact Email:
Registrar Abuse Contact Phone: +1.8774612631
Reseller:
Registry Registrant ID:
Registrant Name: Robert Hoffmann
Registrant Organization: 1&1 Internet Inc.
Registrant Street: 701 Lee Rd.
Registrant City: Chesterbrook
Registrant State/Province: PA
Registrant Postal Code: 19087
Registrant Country: US
Registrant Phone: +1.8774612631
Registrant Phone Ext:
Registrant Fax: +1.6105601501
A sample of this sample is as follows:
Delivered-To: xxx@gmail.com
Received: by 10.55.77.87 with SMTP id a84csp1171465qkb;
Sun, 22 Nov 2015 20:09:26 -0800 (PST)
X-Received: by 10.194.82.99 with SMTP id h3mr32377030wjy.41.1448251766026;
Sun, 22 Nov 2015 20:09:26 -0800 (PST)
Return-Path: [etowandabo(at)ganymede.com]
Received: from s15280465.onlinehome-server.info (s15280465.onlinehome-server.info. [87.106.218.58])
by mx.google.com with SMTP id 72si16516705wmt.121.2015.11.22.20.09.25
for [xxx@gmail.com];
Sun, 22 Nov 2015 20:09:26 -0800 (PST)
Received-SPF: neutral (google.com: 87.106.218.58 is neither permitted nor denied by best guess record for domain of etowandabo(at)ganymede.com) client-ip=87.106.218.58;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 87.106.218.58 is neither permitted nor denied by best guess record for domain of etowandabo(at)ganymede.com) smtp.mailfrom=etowandabo(at)ganymede.com
Security-Dates-Sugared: deb2a1525fcd4d9
MIME-Version: 1.0
X-Priority: 1
Content-Type: text/html; charset=UTF-8
Admonishments-Droop: a8dcbf1df37
Subject: Hey Delayed emails resumptions
Message-ID: [c24b2e8b88a5bec-2c6e@ganymede.com]
To: "xxx@gmail.com" [xxx@gmail.com]
Date: Mon, 23 Nov 2015 04:09:26 +0000
From: Skype Reminder [etowandabo@ganymede.com]
Optional-Gasket-Unified: ea3484cd2615d3be
Content-Transfer-Encoding: 7bit

[html]
[head] [title][/title]
[/head] [body monitoring='harry' style="background:#fff;"] [div style="max-width:700px;"]

[table idly='cartoon' cellspacing="0" cellpadding="0" style="background:#fff;font-family:arial;font-size:13px;color:#333;border-right:solid 1px #eee;border-bottom:solid 1px #eee;width:100%;"]
[tr]

[td style="font-size:30px;color:#17B4EF;padding:20px;font-weight:400;"]Skype[/td]

[/tr] [tr advisee='reacting'] [td style="padding:0px 20px 20px 20px"] Delayed email.[br/] [br/]

[a style="color:#0078ca;" href="hwot://www . smokecloud9.com/brutal.php"]View emails[/a].[br/]

[br/]



Sincerely[br/]

Skype service[br/]
[br/] [/td] [/tr]


[tr] [td injuns='shotguns' style="padding:0px 20px 20px 20px"]
[div lizzie='beneath' style="padding-top:10px;border-top:solid 1px #eee;font-size:11px;color:#888"]


&copy; 2015 Skype and/or Microsoft. The Skype name, associated trade marks and logos and the "S" logo are trade marks of Skype or related entities.

Skype Communications S.a.r.l. 23-29 Rives de Clausen, L-2165 Luxembourg.
[/div] [/td]
[/tr]
[/table]
[/div] [/body]
[/html]

Аватара пользователя
A440
Сообщения: 2326
Зарегистрирован: Сб ноя 20, 2010 1:56 am

RE: Redswitches.com & 1and1.com – unresponsive to SEO spammer

Сообщение A440 » Пн ноя 23, 2015 6:17 am

It also seems that [red]1and1.com[/red] has a bad history of untrustworthy activity.
The last account (listed below) even includes a story of how these scammers demand a credit card for a "free trial" and end up putting charges on the unsuspecting mark's card. This is very similar to the common online streaming scam sites but with potentially worse results:

https://www.sitepoint.com/community/t/1 ... -scam/7166
http://www.complaintsboard.com/complain ... 61434.html
http://www.cnet.com/forums/discussions/ ... ed-564933/
https://webhostinggeeks.com/user-reviews/1and1/
http://www.complaintslist.com/websites/design/1-and-1/

Аватара пользователя
williKi
Сообщения: 519
Зарегистрирован: Чт окт 01, 2015 6:52 pm

RE: Redswitches.com & 1and1.com – unresponsive to SEO spammer

Сообщение williKi » Пн ноя 23, 2015 2:26 pm

As far as 1and1.com is concerned, already handled because of another issue.

<Red Rated.

Аватара пользователя
nova7
Сообщения: 266
Зарегистрирован: Пт апр 06, 2012 11:32 pm

RE: Redswitches.com & 1and1.com – unresponsive to SEO spammer

Сообщение nova7 » Пн ноя 23, 2015 7:00 pm

@ A440
www.senderbase.org/lookup/?search_string=103.41.176.49 Cisco (very high spam level since last month--network owner Hosting Solutions)
www.senderbase.org/lookup/?search_string=74.208.65.217 (high spam level since last month -- network owner 1&1 Internet)
www.senderbase.org/lookup/?search_string=87.106.218.58 (very high spam level since last month -- network owner 1&1 Internet))

More 1 & 1 Internet spammy IPs at the bottom of this page:
www.senderbase.org/lookup/org/?search_s ... 20Internet

Аватара пользователя
nova7
Сообщения: 266
Зарегистрирован: Пт апр 06, 2012 11:32 pm

RE: Redswitches.com & 1and1.com – unresponsive to SEO spammer

Сообщение nova7 » Пн ноя 23, 2015 7:10 pm

<quote user="a440">
Here is yet another spam that was generated from a related company [red]oneandone.net[/red] -
which seems to be related to [red]1and1.com[/red]:
[/quote]

AKA Schlund.net too:
https://who.is/whois/Schlund.net (and supported--providing bad support--by 1and1.com AND 1und1.de)
www.mywot.com/en/scorecard/1and1.com
www.mywot.com/en/scorecard/1und1.de


Аватара пользователя
nova7
Сообщения: 266
Зарегистрирован: Пт апр 06, 2012 11:32 pm

RE: Redswitches.com & 1and1.com – unresponsive to SEO spammer

Сообщение nova7 » Чт ноя 26, 2015 11:52 pm

ONEandONE network, ranked second worst spam-originating network in the "rest of the world" (excluding US), as recent as March 2015:
www.spamrankings.net/chronic/row_all_cbl_volume.php

Аватара пользователя
A440
Сообщения: 2326
Зарегистрирован: Сб ноя 20, 2010 1:56 am

RE: Redswitches.com & 1and1.com – unresponsive to SEO spammer

Сообщение A440 » Вс ноя 29, 2015 5:32 am

More of the same spammer, still on [red]oneandone.net[/red] (rate them here):
Delivered-To: xxx(at)gmail.com
Received: by 10.55.77.71 with SMTP id a68csp502158qkb;
Sat, 28 Nov 2015 10:24:25 -0800 (PST)
X-Received: by 10.194.87.201 with SMTP id ba9mr27056551wjb.125.1448735065128;
Sat, 28 Nov 2015 10:24:25 -0800 (PST)
Return-Path: [efollowingh@cavignac.com]
Received: from s17325663.onlinehome-server.info (s17325663.onlinehome-server.info. [217.160.5.94])
by mx.google.com with SMTP id kj9si55960921wjb.72.2015.11.28.10.24.24
for [xxx(at)gmail.com];
Sat, 28 Nov 2015 10:24:25 -0800 (PST)
Received-SPF: neutral (google.com: 217.160.5.94 is neither permitted nor denied by best guess record for domain of efollowingh@cavignac.com) client-ip=217.160.5.94;
Authentication-Results: mx.google.com;
spf=neutral (google.com: 217.160.5.94 is neither permitted nor denied by best guess record for domain of efollowingh@cavignac.com) smtp.mailfrom=efollowingh@cavignac.com
Content-Transfer-Encoding: 7bit
Gel-Cryptographically-Staunch: 82312BB44946D5AD
To: "xxx(at)gmail.com" [xxx(at)gmail.com]
Subject: Incoming voicemessage: 7:19PM
Frowned-Intransitively: culpa
From: WhatsAppNotifier [efollowingh@cavignac.com]
Content-Type: text/html; charset=UTF-8
X-Priority: 1
Date: Sat, 28 Nov 2015 19:19:50 +0000
MIME-Version: 1.0
Message-ID: [8663c8f5517873ca7f6ff8b8ea@s17325663.onlinehome-server.info]

[html] [body style="background:#393e43;padding:20px;"]

[div style="max-width:680px;"]
[table differential="fertilizes" width="100%" cellspacing="0" cellpadding="10" border="0"]

[tr] [td fields='2' style="background:#26252a;border-bottom:solid 10px #34af23;padding:20px;"]


[table ghastly=5 cellspacing="0" cellpadding="0" border="0"][tr][td absconding="deeming" style="font-family:arial;font-weight:bold;font-size:30px;color:#ffffff;"]


Whats App
[/td][/tr][/table] [/td]
[/tr] [tr excommunicating='excitation'] [td style="background:#ffffff;font-family:arial;font-weight:normal;font-size:14px;color:#333333;"] [div][br/][table storage=6 cellspacing="0" cellpadding="0" border="0" align="center"] [tr protruded='6'][td style="font-family:arial;font-weight:bold;font-size:22px;color:#808080;"]


New voice message.

[/td][/tr]

[/table][/div][br/]
[div style="color:#40a9d8;"]Details[/div][br/] [div minuend='6' style="padding-left:30px;"]Nov 28 7:19 PM[br/]06 seconds[/div]

[/td] [/tr]
[tr] [td commencements=28 style="background:#ffffff;text-align:center;padding:20px;"][br/]

[a dreamt='avenged' href="hwotp://www . tmbw.fr/wp-content/plugins/tradeoff.php" style="border-radius:20px 20px 20px 20px;padding:5px 40px 5px 40px;background:#67bb34;color:#ffffff;text-decoration:none;font-family:arial;font-weight:bold;font-size:30px;"]Listen[/a][br/][br/]

[/td] [/tr]

[tr biomedicine='crystallizing']

[td style="background:#d9d9d9;font-family:arial;font-weight:normal;font-size:11px;color:#808080;"]&copy; Whats App[/td]
[/tr] [/table]

[/div]

[/body] [/html]
and the hacked site used is "tmbw.fr/wp-content/plugins/tradeoff.php"
which points to [red]mynaturaloutlet.ru[/red]
a Canadian pharmacy site.

Аватара пользователя
Myxt
Сообщения: 2086
Зарегистрирован: Сб мар 05, 2011 6:18 am

RE: WARNING

Сообщение Myxt » Вс ноя 29, 2015 9:20 am

Be extremely cautious about visiting those link targets! Be prepared to disinfect and/or restore your system drive.

teesplanet.com/dwindle.php
https://www.virustotal.com/en/url/8fe68 ... 448787178/

smokecloud9.com/brutal.php
https://www.virustotal.com/en/url/c0dde ... 448787452/

For anyone familiar with HTML attributes, many of the HTML tags include fake, possibly joke, attributes - excommunicating='excitation', ghastly=5, absconding="deeming", and the like. These fake attributes serve as a signature of a recent flood of spam, spoofed as notifications from Google+, Whatsapp, Youtube, and others, that links to malware, regardless of whatever else they may be hawking.

Ответить

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 1 гость