Search FraudFYI

Wednesday, January 25, 2017

Consumer Alert! Annoying Clickbaiting email from Emily Cooper emilhcooper@gmx.com www.elpaix.science

Ugggh - I hate these.  These are emails that are SPAMMED out that pose as a company (much like PHISHING emails) but forward you to generic marketing or affiliate sites, etc.  This one has been spammed all over the place, so I'm putting it here as an FYI just because it irritates me.

The link in this email, http://www.elpaix.science/craigslist actually forwards you to http://classifieds-news.com/ which is supposedly another classified ads website, but there's nothing there.  It could also be a PHISHING site where they're hoping that you create an account there using the same log-in as your Craigslist account.  It could also be datamining your information to sell to other scammers/spammers.  So a warning - don't click on links like this.

Originating IP: 79.137.73.11
Originating ISP: Ovh Sas
City: n/a
Country of Origin: France

from: Emily Cooper <emilhcooper@gmx.com> 
to: 
date: Mon, Jan 23, 2017 at 3:54 PM
subject: Contact for your ad on craigslist

Hello

you have received a message for your ad on craigslist

to read the message Enter here : www.elpaix.science/craigslist

Thank you

you wish to stop receiving our messages, simply Click here : www.elpaix.science/unsub


But in any case, this is the domain registration for http://classifieds-news.com that is SPAMMING you:

Domain Name: classifieds-news.com
Registry Domain ID: 1872076541_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.ovh.com
Registrar URL: http://www.ovh.com
Updated Date: 2016-08-16T21:33:23.0Z
Creation Date: 2014-08-21T12:45:12.0Z
Registrar Registration Expiration Date: 2017-08-21T12:45:12.0Z
Registrar: OVH, SAS
Registrar IANA ID: 433
Registrar Abuse Contact Email: abuse@ovh.net
Registrar Abuse Contact Phone: +33.972101007
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Domain Status: clientDeleteProhibited https://icann.org/epp#clientDeleteProhibited
Registry Admin ID:
Admin Name: Khammesi Wasim
Admin Organization:
Admin Street: classifieds-news.com, office #7343024, c/o OwO, BP80157
Admin City: Roubaix Cedex 1
Admin State/Province:
Admin Postal Code: 59053
Admin Country:  FR
Admin Phone: +33.972101007
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: 2dutf5kv44ezevcdcicv@f.o-w-o.info
Registry Tech ID:
Tech Name: Khammesi Wasim
Tech Organization:
Tech Street: classifieds-news.com, office #7343024, c/o OwO, BP80157
Tech City: Roubaix Cedex 1
Tech State/Province:
Tech Postal Code: 59053
Tech Country:  FR
Tech Phone: +33.972101007
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: 2dutf5kv44ezevcdcicv@f.o-w-o.info
Registry Registrant ID:
Registrant Name: Khames Wasim
Registrant Organization:
Registrant Street: classifieds-news.com, office #7343024, c/o OwO, BP80157
Registrant City: Roubaix Cedex 1
Registrant State/Province:
Registrant Postal Code: 59053
Registrant Country:  FR
Registrant Phone: +33.972101007
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: 735dzwnhebwr3lkfhroq@m.o-w-o.info
Name Server: ns109.ovh.net
Name Server: dns109.ovh.net
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System:
http://wdprs.internic.net/

1 comment:

  1. It looks like the same folks are also spamming Canadians with similar fake notifications, but for Kijiji instead of of Craigslist: numerous, nearly-identical messages, with links to various URLs that all redirect to classifieds-news.com.

    And the WHOIS details you posted list "OVH, SAS" as the domain registrar for classifieds-news.com - it's worth noting that they are also the hosting provider for that website. And if you check the details of the spam EMails you've received (E.g. using a tool like Spamcop), I'd wager that the messages were sent from OVH's servers as well. They are also typically the host & registrar for the links/domain names in the spam EMails (that redirect to classifieds-news.com).

    Despite having sent OVH multiple abuse reports for this spam (going back to May 2015 - and I assume I'm not the only one who's reported it), they're still hosting classifieds-news.com.

    ReplyDelete

Thank you for commenting! Your comment will be reviewed and posted shortly!