Phuck all spammers.
The phucksticks that send out fake domain renewal notices have moved to the new .ICU domain – perhaps riding on a low cost promotional campaign.
Operating from the lowclassic.ICU domain and a subdomain to evade detection, the spamming jizz guzzlers used NameCheap to register their spamming launchpad.
These slimeballs are using a subdomain: ms1119.lowclassic.icu – a technique to make the main spamming domain appear “clean.”
Here’s the email they send out to domain owners they’ve skimmed their contact information from the WHOIS:
RENEWAL REMINDER FOR DOMAIN
EXPIRATION DATE: x.x.2018
YOUR PACKAGE IS DUE TO EXPIRE
RENEWAL REMINDER FOR DOMAIN Notice#: xxx
[domain] Date: x.x.2018
DOMAIN:
[domain]
FOLLOW UP ON
RENEW NOW
TO COMPLETE YOUR PAYMENT.
[domain WHOIS]
Domain Name: Registration Period: Price: Term:
[domain] x.x.2018 to x.x.2019 $84.00 1 Year
RENEW NOW
TO PROCESS PAYMENT FOR[domain]
ACT IMMEDIATELY!
Dear PrivacyDotLink Customer xxxx,
Please renew your package by x.x.2018 to keep your website service active. You can renew right now.
Thank you for your cooperation.
Let’s hope that NameCheap and the .ICU Registry will cut off those spammers’ greedy fingertips one by one.
