ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
PredictLabs / Sphere Digital

Evidence Menu:

PredictLabs / Sphere Digital Index


Country: United States
State: IL
This operation uses dozens of "hosting" companies as fronts to lease IP addresses which are then used to send spam. Based in Chicago, Illinois and Tangier, Morocco.


PredictLabs / Sphere Digital SBL Listings History
Current SBL Listings
Archived SBL Listings

Resellers Panel: Increase in spam email?


http://forum.resellerspanel.com/forum/resellerspanel-general-discussion/webmaster-lounge/60833-increase-in-spam-email

--------------------------------------------------------------------------------

djblalock
Member

Increase in spam email?

25-07-2015, 06:41 AM

Hey everyone,

I have started getting an increased number of requests for a quote on dedicated servers by email. Nothing out of the ordinary the first time you get them, but when you get multiple within the same day from different people with almost identical requests it gets a little strange... Then even more strange when they send you the same email from the same identity at a late date.

In November I received requests for D.S. quotes from Greg Hollimon (an @experions.com address) and an Anna Sovgut (an @predictlabs.com address). I provided them both quotes at the same time as the same general features offered met their requests. Greg Hollimon responded requesting a Paypal invoice be created. Since the request was for my RSP site (I almost never have signups/inquiries from it), I referred him to my RSP site and told him he could select his plan/pay on the site. I never received a reply back from Greg Hollimon about the purchase or invoice, and never received a response at all from Anna Sovgut.

Today I checked my RSP site email and noticed another request for the exact same thing from Anna Sovgut. After doing some research this time, it turns out they make these requests with hosts all the time. I found a site called FraudRecord that had tons of hosts talking about the Anna Sovgut person (based on an email address search on Google). Many were saying they will sign up and pay the amount due for the server, use it for spam only to chargeback when caught. There were some saying that the requests were made via support tickets and emails. That just makes me wonder if live support chat has these requests.

Funny thing is, not only have they been messaging me on my RSP email (which I'm pretty sure is published on the site somewhere) but also to my main website's email. I don't even directly advertise my hosting services on it.

Has anyone else been receiving these messages? If so I'd like to blacklist as many as I can so I don't even see their messages.

Both are added to my blacklist.

--------------------------------------------------------------------------------

clivejo
Spam Annihilator

25-07-2015, 11:50 AM

It is wise to double check these emails. If you Google the @theirdomain.com and abuse/spam, you will usually find they have been at this before. To be honest, I wouldn't even bother replying to these "companies" involved with spam. If you let one of them in by mistake they can really make your life difficult and basically they walk away scot-free, leaving you with a mess to clean up!

Also, if you look at the predictlabs website, none of the social media links are working. They also have WHOIS protection on the domain. This is typical behaviour of someone wanting to "appear" to be legit, but who doesnt want people to know who is really behind the business. If they were a real business, they would be trying to link to social media etc, not hide from it!

Your email address is probably on your domain WHOIS records. But Id reckon they are targeting smaller resellers, in the hope to trick them into providing the service. By the time the spam catches up with the reseller and he/she is snowed under with a ton of spam reports the spammers are long gone trying to find another victim.

--------------------------------------------------------------------------------

djblalock
Member

25-07-2015, 07:35 PM

clivejo, I won't even be responding to any more requests with any of my online businesses before checking on that fraud website (can also submit suspicious activity/misbehavior on it to help other companies that use the same site). I just wish I would have Googled them before wasting my time replying.

The funny thing about "Greg Hollimon" is they are using an actors information as an alias. One host shared the information that they provided during a fraud screening and they provided a scanned drivers license. The name, picture, DOB, physical details, and location matched the actor exactly. I don't know if they got a photocopy of his drivers license or created a fake one... If they created their own I don't know that Mr. Hollimon would appreciate them signing him up to be an organ donor without asking him first.

I checked all around my site and my WHOIS info and couldn't find the address they emailed in either. They emailed the generic one (sales@) which, correct me if I'm wrong, was one automatically made by RSP if you do not host your reseller site yourself. I just made that email redirect to help@ which I give to people, so I'm not sure how they even got that email. However, I don't really care as I'm going to be creating a filter to just delete any further emails from either domain extension.


--------------------------------------------------------------------------------

yav0r
Administrator

26-07-2015, 10:36 PM

"Anna Sovgut (an @predictlabs.com address)." - that is a well known spammer organization. They have probably made about 200+ purchases/requests for a dedicated server (usually with a lot of additional IPs so when one gets blacklisted they move on to the other. I would advise you to stay away from them . Not that we won't sniff them out and cancel their orders, am just giving you the heads up although it seems that you have made quite the investigation yourself. Good work!

--------------------------------------------------------------------------------


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK12360/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2019 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy