First renewal scam & spam email from an .ICU #domain arrives

Phuck all spammers.

The phucksticks that send out fake domain renewal notices have moved to the new .ICU domain – perhaps riding on a low cost promotional campaign.

Operating from the lowclassic.ICU domain and a subdomain to evade detection, the spamming jizz guzzlers used NameCheap to register their spamming launchpad.

These slimeballs are using a subdomain: ms1119.lowclassic.icu – a technique to make the main spamming domain appear “clean.”

Here’s the email they send out to domain owners they’ve skimmed their contact information from the WHOIS:

RENEWAL REMINDER FOR DOMAIN
EXPIRATION DATE: x.x.2018
YOUR PACKAGE IS DUE TO EXPIRE
RENEWAL REMINDER FOR DOMAIN Notice#: xxx
[domain] Date: x.x.2018
DOMAIN:
[domain]
FOLLOW UP ON
RENEW NOW
TO COMPLETE YOUR PAYMENT.
[domain WHOIS]
Domain Name: Registration Period: Price: Term:
[domain] x.x.2018 to x.x.2019 $84.00 1 Year
RENEW NOW
TO PROCESS PAYMENT FOR

[domain]
ACT IMMEDIATELY!
Dear PrivacyDotLink Customer xxxx,
Please renew your package by x.x.2018 to keep your website service active. You can renew right now.
Thank you for your cooperation.

Let’s hope that NameCheap and the .ICU Registry will cut off those spammers’ greedy fingertips one by one.

Copyright © 2024 DomainGang.com · All Rights Reserved.

Comments

7 Responses to “First renewal scam & spam email from an .ICU #domain arrives”
  1. Kevin Kopas says:

    Thanks for posting this! Spam and malicious use is, unfortunately, something that nearly every registry and registrar has dealt with from time to time. We actively monitor our zone and while we have had abuse cases that required action from the registry, our registrar partners have immediately handled most of the issues. In this case, the domain in question may be violating our terms and conditions and we have notified the registrar. An investigation will be conducted and if needed any corrective measures will be taken. While improper usage of domain names is inevitable we believe in maintaining the healthiest namespace possible and will continue to monitor the .icu zone, notify registrars and take action as necessary.

  2. DomainGang says:

    Kevin – Thanks for taking prompt action, much appreciated!

  3. hest says:

    Just today I have received +10 spam mails from *.icu domains. So *.icu is now in my spam list and will never bother be again…

  4. DomainGang says:

    hest – I agree that I have seen an increase in .ICU spam lately versus the opposite.

  5. David Henry says:

    Can confirm that the .icu is being used to spam my email address hundreds of registered domain names all from .icu it’s clear there is no legitimate reason for any real business to do business with .icu or .date or any of the other spam favourites, time for these crook facilitators to be shut down.

  6. Trevor Cook says:

    This is still going on on the 15th April 2019. I am getting between 20 and 30 .icu emails a day. Also getting .bid ones too.

  7. Keth says:

    I’m getting at least 20 to 30 from .icu as well including a few from .pro and .world

Leave a Reply

Your email address will not be published. Required fields are marked *

 characters available