Spam Hosting

The following IP addresses host A records and websites of domains advertised in snowshoe spam. The domains offer luxury goods, apparently counterfeit.

lcvmk.com. 299 IN A 104.21.96.7
lcvmk.com. 299 IN A 172.67.150.29

http://lvsrb.com. << Illegal product shutdown page!

Was:

lcvmk.com has address 104.27.183.176
lcvmk.com has address 172.67.150.29
lcvmk.com has address 104.27.182.176

lvsrb.com has address 104.31.71.88
lvsrb.com has address 172.67.203.203
lvsrb.com has address 104.31.70.88

The formatting of the spams, their origin from IPs within a single /24, and other factors point to a single spam operation. Cloudflare, please shut down not only these domains but all others associated with the same account(s).

SPAM SAMPLES:

Received: from a.eriksweb.com (a.eriksweb.com [199.66.91.35])
Date: Wed, 25 Nov 2020 00:##:## +0800
From: Ray Ban <<x>@eriksweb.com>
Subject: [Black Friday] Save up to 80% on Ray Ban Sunglasses Today!

URI: https://www.lvsrb.com/

$ host www.lvsrb.com
www.lvsrb.com has address 172.67.203.203
www.lvsrb.com has address 104.31.70.88
www.lvsrb.com has address 104.31.71.88
www.lvsrb.com has IPv6 address 2606:4700:3034::ac43:cbcb
www.lvsrb.com has IPv6 address 2606:4700:3033::681f:4658
www.lvsrb.com has IPv6 address 2606:4700:3031::681f:4758

$ host lvsrb.com
lvsrb.com has address 104.31.71.88
lvsrb.com has address 172.67.203.203
lvsrb.com has address 104.31.70.88
lvsrb.com has IPv6 address 2606:4700:3033::681f:4658
lvsrb.com has IPv6 address 2606:4700:3031::681f:4758
lvsrb.com has IPv6 address 2606:4700:3034::ac43:cbcb

Domain name: lcvmk.com
Registry Domain ID: 2564523632_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ordertld.com
Registrar URL: http://www.ordertld.com
Updated Date: 2020-10-07T23:52:26Z
Creation Date: 2020-10-07T00:00:00Z
Registrar Registration Expiration Date: 2021-10-07T00:00:00Z
Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED
Registrar IANA ID: 3254
Registrar Abuse Contact Email: abuse@ordertld.com
Registrar Abuse Contact Phone: +852.81926949
Reseller:
Domain Status: clientDeleteProhibited (http://www.icann.org/epp#clientDeleteProhibited)
Domain Status: clientTransferProhibited (http://www.icann.org/epp#clientTransferProhibited)
Registry Registrant ID: Not Available From Registry
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Georgia
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: us
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: please send email to whois@ordertld.com to request the domain whois
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: please send email to whois@ordertld.com to request the domain whois
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: please send email to whois@ordertld.com to request the domain whois
Name Server: carlos.ns.cloudflare.com
Name Server: jessica.ns.cloudflare.com
DNSSEC: unsignedDelegation

Received: from a.yytree.com (a.yytree.com [199.66.91.163])
Date: Wed, 25 Nov 2020 00:##:## +0800
From: «Michael Kors» <<x>@yytree.com>
Subject: [Black Friday] Up to 80% OFF Michael Kors <x>

<snip>

[ Shop Michael Kors The Walk ]
[ View on a web browser ]

<snip>

*We offer free standard ground shipping valid on orders of $50.00 or more (after all discounts and promotions are applied) on our website. Minimum purchase amount does not include taxes or gift wrapping charges. If you choose 2-Day or Next Day shipping, additional charges will apply. See our full Shipping Policy.

[ Click here to unsubscribe ]

Michael Kors, Customer Support, Attn: E-mail Database, 1 Meadowlands Plaza, 12th Floor, East Rutherford, NJ 07073

<snip>

URI: https://www.lcvmk.com/

$ host www.lcvmk.com
www.lcvmk.com has address 104.27.182.176
www.lcvmk.com has address 104.27.183.176
www.lcvmk.com has address 172.67.150.29
www.lcvmk.com has IPv6 address 2606:4700:3037::ac43:961d
www.lcvmk.com has IPv6 address 2606:4700:3032::681b:b7b0
www.lcvmk.com has IPv6 address 2606:4700:3034::681b:b6b0

$ host lcvmk.com
lcvmk.com has address 104.27.183.176
lcvmk.com has address 172.67.150.29
lcvmk.com has address 104.27.182.176
lcvmk.com has IPv6 address 2606:4700:3037::ac43:961d
lcvmk.com has IPv6 address 2606:4700:3032::681b:b7b0
lcvmk.com has IPv6 address 2606:4700:3034::681b:b6b0

Domain name: lcvmk.com
Registry Domain ID: 2564523632_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ordertld.com
Registrar URL: http://www.ordertld.com
Updated Date: 2020-10-07T23:52:26Z
Creation Date: 2020-10-07T00:00:00Z
Registrar Registration Expiration Date: 2021-10-07T00:00:00Z
Registrar: CNOBIN INFORMATION TECHNOLOGY LIMITED
Registrar IANA ID: 3254
Registrar Abuse Contact Email: abuse@ordertld.com
Registrar Abuse Contact Phone: +852.81926949
Reseller:
Domain Status: clientDeleteProhibited (http://www.icann.org/epp#clientDeleteProhibited)
Domain Status: clientTransferProhibited (http://www.icann.org/epp#clientTransferProhibited)
Registry Registrant ID: Not Available From Registry
Registry Registrant ID: REDACTED FOR PRIVACY
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant City: REDACTED FOR PRIVACY
Registrant State/Province: Georgia
Registrant Postal Code: REDACTED FOR PRIVACY
Registrant Country: us
Registrant Phone: REDACTED FOR PRIVACY
Registrant Phone Ext: REDACTED FOR PRIVACY
Registrant Fax: REDACTED FOR PRIVACY
Registrant Fax Ext: REDACTED FOR PRIVACY
Registrant Email: please send email to whois@ordertld.com to request the domain whois
Registry Admin ID: REDACTED FOR PRIVACY
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: REDACTED FOR PRIVACY
Admin State/Province: REDACTED FOR PRIVACY
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: REDACTED FOR PRIVACY
Admin Phone: REDACTED FOR PRIVACY
Admin Phone Ext: REDACTED FOR PRIVACY
Admin Fax: REDACTED FOR PRIVACY
Admin Fax Ext: REDACTED FOR PRIVACY
Admin Email: please send email to whois@ordertld.com to request the domain whois
Registry Tech ID: REDACTED FOR PRIVACY
Tech Name: REDACTED FOR PRIVACY
Tech Organization: REDACTED FOR PRIVACY
Tech Street: REDACTED FOR PRIVACY
Tech City: REDACTED FOR PRIVACY
Tech State/Province: REDACTED FOR PRIVACY
Tech Postal Code: REDACTED FOR PRIVACY
Tech Country: REDACTED FOR PRIVACY
Tech Phone: REDACTED FOR PRIVACY
Tech Phone Ext: REDACTED FOR PRIVACY
Tech Fax: REDACTED FOR PRIVACY
Tech Fax Ext: REDACTED FOR PRIVACY
Tech Email: please send email to whois@ordertld.com to request the domain whois
Name Server: carlos.ns.cloudflare.com
Name Server: jessica.ns.cloudflare.com
DNSSEC: unsignedDelegation

Добавить комментарий

Ваш адрес email не будет опубликован.