Banned Spammers at Hoax~Slayer and here

Comment spammers are thick on social networking sites like Digg most of their comments include a link back to a bogus site. If you go to their profile you will see all of the spam they have posted and it is easy to bury from there. Post a link to that page here and we can all bury it as spam.

Moderators: JeanInMontana, rockingmtranch, ShadowPuterDude, admin, MysteryFCM, Owner

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Banned Spammers at Hoax~Slayer and here

Postby JeanInMontana » Sun Jun 24, 2007 10:47 pm

~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Known Spider

Postby JeanInMontana » Tue Jul 17, 2007 3:57 pm

Just banned a known comment spammer spider!!
http://www.projecthoneypot.org/i_1368c4 ... 6ac1c168ea
Troppikas
Pitusa@mymail.net
74.107.53.202
Total posts: 0
[0.00% of total / 0.00 posts per day]
Find all posts by Troppikas
Location: UK
Website: hxxp://buy-phentermine.thepharmmedic.info
Occupation: sale
Interests: buy phentermine


Tupalo Honey Spidey
~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Combining into one thread

Postby JeanInMontana » Tue Jul 17, 2007 4:17 pm

Tue Jun 19, 2007 9:27 am First Spammer
Ipatiplakat
advert2007@tut.by
145.116.239.28 using the IP look up for this site I got this DUWO.IPv4.PTR.145.116.239.28.INVALID
Using DNSStuff tool bar Whois it come from a student at a university in the Netherlands I have forgotten. Embarassed The board language they had chosen was Albanian, go figure.

Edit to add, further investigation shows this to be a level 1 spammer in UCEPROTECT

From Hoax~Slayer 6/23 Fri Jun 22, 2007 7:48 pm
frequensea@bonbon.net
drypolkisa@drypol.com
martyn-172@goodsite.com
gali_plotnikov72@bk.ru

83.167.111.39
213.200.183.88
201.53.42.1

Sorry 83.167.111.39 is currently listed in APEWS :-(
Entry matching your Query: E-217628
83.167.0.0/16CASE: C-137
SANS Internet Storm Center attack sourcesSpecial Reason:
http://isc.incidents.org/sources.html Seems you are hosting attack bot[s]History:
Entry created 2007-06-23





Mass Ban Sat Jun 30, 2007 7:52 pm
212.254.207.13
70.160.86.230
210.131.52.50
89.149.217.20
217.20.163.8
88.208.222.27

hlorisensia-1@imstations.com
garyhernz@pmrmail.com
pztzevtepptv@uastar.net
ggizgggzilgi@mainru.com
brain@phpbbmy.no-ip.org Note this one...
steve.johnson00@hotmail.com
superguy@aol.com
pkkkkkkkkyky@ua-news.net
pipa@sexpusik.info
coqcooochcqc@peugeot-club.org

I banned the entire domains of all above except AOHell and Hotmail.
~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Postby JeanInMontana » Tue Jul 17, 2007 9:50 pm

Sorry 76.16.166.170 is currently listed in APEWS :-(
Entry matching your Query: E-186609
76.16.128.0/17CASE: C-130
One or more bots in ASN / CIDR, unprofessional / negligent ownerHistory:
Entry created 2007-05-30

TerrDerek ddddeeledded@list.ru hxxp://buy-tylenol-with-codeine.thepharmmedic.info

From Project Honey Pot http://www.projecthoneypot.org/i_4ddeb3 ... c6394b25b7

Geographic Location United States
Spider First Seen approximately 1 week ago
Spider Last Seen within 1 week
Spider Sightings 1 visit(s)
First Post On approximately 1 week ago
Last Post On within 1 week
Form Posts 1 web post submission(s) sent from this IP
~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Postby JeanInMontana » Wed Jul 18, 2007 11:14 am

~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

July 19 & 20 Spammer Scum

Postby JeanInMontana » Fri Jul 20, 2007 10:53 am

I probably shouldn't say it but as of right now we are 3/3 members vs spammers in the last 2 days!! That might seem trivial to some, but for a long time there were 6 or more spammers a day! I don't know if they are on vacation, or regrouping to really attack, or maybe the honey pot is doing something.

Donald-Ratt <=== Ratt indeed
piter666@runbox.com
hxxp://www.new-nokia.car-dir.com

Tadbazy
alexfrance@xmail.com
hxxp://topsearche.info/tramadol.htm

AntonSadko
antonsadko@bk.ru
hxxp://viagra-on-line-order.pharmdoctoronline.info
=========================================
These are strays that were on my little tool I use to save stuff without really creating files etc.
dralandre
coolsearch@mail333.com
========================================
This is the malicious link spammer
globfixer
sbob@ukr.net
203.121.79.95
The website hosting the malware ====>195.225.177.206

Site Owner: Orbita OOO
IP Address: 195.225.177.207
Country: UKRAINE (UA)
hxxp://freerealitympegs.com/vmovie/black/3/1/170/0/

hxxp://hometown.aol.com/ReynaSavala8466/ <======This is the compromised AOHell page. Notice the Russian/Slav name.

Comments from Spamhaus Project about: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL53244
Ref: SBL53244

203.121.78.0/23 is listed on the Spamhaus Block List (SBL)

18-Jul-2007 10:30 GMT | SR04

Looks like a block controlled by spammers

Now hosting malware!
http:// airbiz.ws/ update.exe



Now hosting child-pornography?!
http://vipzax.com/
>>> http://hidvideos.com (Russian Business Networks!)


Hosting more spammers -
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL54811

This is what Project Honey Pot says========> http://www.projecthoneypot.org/i_2194b5 ... 7459b1ef0f

~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

July 21 Attack bot & more

Postby JeanInMontana » Sat Jul 21, 2007 5:11 pm

caserpoloter
robertusa@gmail.com

hxxp://www.lemonmyrtle.com <=======Searching this domain used in the profile in SpamDBASE resulted in this:

Sorry 72.249.30.233 is currently listed in APEWS :-(
Entry matching your Query: E-217626
72.249.0.0-72.249.127.255CASE: C-137
SANS Internet Storm Center attack sourcesSpecial Reason:
http://isc.incidents.org/sources.html Seems you are hosting attack bot[s]
History: Entry created 2007-06-23

Whois

Registrant:
Lemon Myrtle Growers Group

PO Box 501
Alstonville, New South Wales 2477
Australia

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: LEMONMYRTLE.COM
Created on: 07-May-99
Expires on: 07-May-08
Last Updated on:

Administrative Contact:
Baker, Brad domains@bradleebaker.com
PO Box 98
New Brighton, New South Wales 2483
Australia
411065584

Technical Contact:
Baker, Brad domains@bradleebaker.com
PO Box 98
New Brighton, New South Wales 2483
Australia
411065584

Domain servers in listed order:
NS11.BRADLEEBAKER.NET
NS12.BRADLEEBAKER.NET


Registry Status: clientRenewProhibited
Registry Status: clientTransferProhibited
Registry Status: clientUpdateProhibited
Registry Status: clientDeleteProhibited
====================================
Kolkossalli
bobshtolz@e-mail.com
==========================
davidfoxson
212.150.97.114
davidfoxson@havebetter.org
Comment spammer from Hoax~Slayer drug sites.


The Project Honey Pot system has detected behavior from the IP address consistent with that of a comment spammer. Below we've reported some other data associated with this IP. This interrelated data helps map spammers' networks and aids in law enforcement efforts. If you know something about this IP, please leave a comment.

Geographic Location Israel
Spider First Seen approximately 7 months, 4 weeks ago
Spider Last Seen within 1 week
Spider Sightings 266 visit(s)
First Post On approximately 2 months, 3 weeks ago
Last Post On within 1 week
Form Posts 101 web post submission(s) sent from this IP


~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Postby JeanInMontana » Sun Jul 22, 2007 9:38 am

:whp: :0!: caserpoloter <====== I banned this attack bot bastard yesterday!!
johnivanov@xmail.com

85.249.135.116

LookSukasese
pitchvs@email.net


OFFLEASE-RU
hxxp://www.offlease.ru

Sorry 85.249.135.116 is currently listed in APEWS :-(
Entry matching your Query: E-216587
85.249.128.0/20CASE: C-82
IP space of "hot" UCE/UBE operations per NANAS, NANAE, UCEtraps & published statistics

~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Banned from Site!!

Postby JeanInMontana » Thu Jul 26, 2007 8:12 pm

When one IP address gets half a page of 403 (forbidden access) errors it makes me start looking. Well guess what? Known Spider in Project Honey Pot, IP listed with ten!! sites using same IP at hpHosts. RubberDucky is going after them with a bat for me soon as SwampDiner gets back to Shytown.

rgName: FDC Servers.net, LLC
OrgID: FDCSE
Address: 141 West Jackson Blvd, Suite 1135
City: Chicago
StateProv: IL
PostalCode: 60604
Country: US

ReferralServer: rwhois://rwhois.fdcservers.net:4321

NetRange: 67.159.0.0 - 67.159.63.255
CIDR: 67.159.0.0/18
NetName: FDCSERVERS
NetHandle: NET-67-159-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
NameServer: NS3.FDCSERVERS.NET
NameServer: NS4.FDCSERVERS.NET
Comment: 1 adware-bazooka.com
2 adware-punisher.com
3 nursemania.com
4 spy-iblock.com
5 the-spy-guard.com
6 www.adware-bazooka.com
7 www.adware-punisher.com
8 www.nursemania.com
9 www.spy-iblock.com
10 www.the-spy-guard.com
RegDate: 2004-10-12
Updated: 2006-12-27

OrgAbuseHandle: ABUSE438-ARIN
OrgAbuseName: ABUSE department
OrgAbusePhone: +1-312-913-9304
OrgAbuseEmail: abuse@fdcservers.net

OrgNOCHandle: NOC1402-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-312-913-9304
OrgNOCEmail: support@fdcservers.net

OrgTechHandle: PKR5-ARIN
OrgTechName: Kral, Petr
OrgTechPhone: +1-630-729-0228
OrgTechEmail: abuse@fdcservers.net

# ARIN WHOIS database, last updated 2007-07-26 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.


==================================================
69.41.238.188
217.16.16.81
86.136.222.83
====================
clucrus@gmail.com




*******************************************
Net-block Information
*******************************************

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US

ReferralServer: rwhois://rwhois.theplanet.com:4321

NetRange: 69.41.224.0 - 69.41.255.255
CIDR: 69.41.224.0/19
NetName: NETBLK-THEPLANET-BLK-6
NetHandle: NET-69-41-224-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
Comment:
RegDate: 2003-04-24
Updated: 2003-11-19

RTechHandle: PP46-ARIN
RTechName: Pathos, Peter
RTechPhone: +1-214-782-7800
RTechEmail: admins@theplanet.com

OrgAbuseHandle: ABUSE271-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-214-782-7802
OrgAbuseEmail: abuse@theplanet.com

OrgNOCHandle: TECHN33-ARIN
OrgNOCName: Technical Support
OrgNOCPhone: +1-214-782-7800
OrgNOCEmail: admins@theplanet.com

OrgTechHandle: TECHN33-ARIN
OrgTechName: Technical Support
OrgTechPhone: +1-214-782-7800
OrgTechEmail: admins@theplanet.com

# ARIN WHOIS database, last updated 2007-07-26 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

I tried to ban the entire netblock from ThePlanet and this Cpanel won't do it. 69.41.224.0 - 69.41.255.255

instantpaydayloan@mail.com
gopneg@tut.by
gregorusa@hotmail.com

hxxp://www.mulka.ru <====== Bad domain one of these had links that traced back to there.


~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Special Scum Today

Postby JeanInMontana » Mon Jul 30, 2007 10:52 am

Centurnion who is

Registrant Contact Information:
Name: Mogosanu Ion
Organization: Outworld
Address 1: Str. Grigore Florescu nr. 10
Address 2: Bl. A4 Sc. 3 Ap. 14
City: Drobeta Turnu Severin
Zip: 1500
Country: RO
Phone: +40.0724649509
Fax: +1.9737361355
Email:John@unft.ro <======this was in the original as an image, so spambots couldn't mine it. Haha not gonna happen here asshole!

Administrative Contact Information:
Name: Mogosanu Ion
Organization: Outworld
Address 1: Str. Grigore Florescu nr. 10
Address 2: Bl. A4 Sc. 3 Ap. 14
City: Drobeta Turnu Severin
State: NJ
Zip: 1500
Country: RO
Phone: +40.0724649509
Fax: +1.9737361355
Email:John@unft.ro

Technical Contact Information:
Name: Mogosanu Ion
Organization: Outworld
Address 1: Str. Grigore Florescu nr. 10
Address 2: Bl. A4 Sc. 3 Ap. 14
City: Drobeta Turnu Severin
Zip: 1500
Country: RO
Phone: +40.0724649509
Fax: +1.9737361355
Email:John@unft.ro

Billing Contact Information:
Name: Mogosanu Ion
Organization: Outworld
Address 1: Str. Grigore Florescu nr. 10
Address 2: Bl. A4 Sc. 3 Ap. 14
City: Drobeta Turnu Severin
Zip: 1500
Country: RO
Phone: +40.0724649509
Fax: +1.9737361355
Email: John@unft.ro

Hope your buried in spam John! So here is the scoop Centurnion registers and posts this website Aurar.info which [DONT GO THERE!]redirects to a nasty pr0n site TGP69.INFO [DONT GO THERE] I get an immediate warning from OnlineArmor, love this program BTW. Warning!! ActiveX wants to run. Hell no I say! These days when you get that from a website you have been redirected to, it means one thing only. TROJAN! OK moving right along, we have this site.

Who is:

Domain ID:D14654351-LRMS
Domain Name:TGP69.INFO
Created On:10-Sep-2006 14:34:22 UTC
Last Updated On:29-Jul-2007 20:59:52 UTC
Expiration Date:10-Sep-2008 14:34:22 UTC
Sponsoring Registrar:GoDaddy.com Inc. (R171-LRMS)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Registrant ID:GODA-032007318
Registrant Name:Registration Private
Registrant Organization:Domains by Proxy, Inc.
Registrant Street1:DomainsByProxy.com
Registrant Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Registrant Street3:
Registrant City:Scottsdale
Registrant State/Province:Arizona
Registrant Postal Code:85260
Registrant Country:US
Registrant Phone:+1.4806242599
Registrant Phone Ext.:
Registrant FAX:+1.4806242599
Registrant FAX Ext.:
Registrant ****************@domainsbyproxy.com
Admin ID:GODA-232007318
Admin Name:Registration Private
Admin Organization:Domains by Proxy, Inc.
Admin Street1:DomainsByProxy.com
Admin Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Admin Street3:
Admin City:Scottsdale
Admin State/Province:Arizona
Admin Postal Code:85260
Admin Country:US
Admin Phone:+1.4806242599
Admin Phone Ext.:
Admin FAX:+1.4806242599
Admin FAX Ext.:
Admin ****************@domainsbyproxy.com
Billing ID:GODA-332007318
Billing Name:Registration Private
Billing Organization:Domains by Proxy, Inc.
Billing Street1:DomainsByProxy.com
Billing Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Billing Street3:
Billing City:Scottsdale
Billing State/Province:Arizona
Billing Postal Code:85260
Billing Country:US
Billing Phone:+1.4806242599
Billing Phone Ext.:
Billing FAX:+1.4806242599
Billing FAX Ext.:
Billing ****************@domainsbyproxy.com
Tech ID:GODA-132007318
Tech Name:Registration Private
Tech Organization:Domains by Proxy, Inc.
Tech Street1:DomainsByProxy.com
Tech Street2:15111 N. Hayden Rd., Ste 160, PMB 353
Tech Street3:
Tech City:Scottsdale
Tech State/Province:Arizona
Tech Postal Code:85260
Tech Country:US
Tech Phone:+1.4806242599
Tech Phone Ext.:
Tech FAX:+1.4806242599
Tech FAX Ext.:
Tech ****************@domainsbyproxy.com
Name Server:NS1.EXCLUSIVEHOSTING.INFO
Name Server:NS2.EXCLUSIVEHOSTING.INFO

I have to laugh an evil laugh at this http://www.exclusivehosting.info/ I hope it means they have been taken down. Hard to say.

Sorry 89.185.228.59 is currently listed in APEWS :-(
Entry matching your Query: E-238100
89.185.224.0/19CASE: C-166
AS24971 CZ, ISP permits abuse and/or ignores criminal activityHistory:
Entry created 2007-07-07

And here are some other scumbag email addresses and IP's:

olgatex@hotmail.org <====sneaky there is no hotmail.org!
129.105.203.65
75.38.72.219
Sorry 75.38.72.219 is currently listed in APEWS :-(
Entry matching your Query: E-216759
75.32.0.0/12CASE: C-130
One or more bots in ASN / CIDR, unprofessional / negligent ownerSpecial Reason:
If your IP address is NOT listed but is part of a larger IP listing, only the block owner can solve the problem, contact your ISP, see FAQ 16. Your ISP needs to action FAQ 42History:
Entry created 2007-06-20
Both above also in Project Honey Pot

farmacom555@runbox.com
angelyandex@xmail.com
annatts@e-mail.org
pitjunior@gmail.com
johngoogle@email.com

82.208.60.203
Sorry 82.208.60.203 is currently listed in APEWS :-(
Entry matching your Query: E-215884
82.208.0.0/18CASE: C-82
IP space of "hot" UCE/UBE operations per NANAS, NANAE, UCEtraps & published statisticsSpecial Reason:
If your IP address is listed, go to Google Groups and search for your criteria in news.admin.net-abuse.sightings for evidence of your problem, you are causing abuse. If your IP address is NOT listed but is part of a larger IP listing, only the block owner can solve the problem, contact your ISP, see FAQ 16. Your ISP needs to action FAQ 42History:
Entry created 2007-06-17
~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Busy Day For Scum

Postby JeanInMontana » Mon Jul 30, 2007 9:14 pm

From SORBS
Database of vulnerable/hacked servers
Address and Port: 81.169.137.209
Record Created: Wed Nov 29 16:24:18 2006 GMT
Record Updated: Fri Jul 13 23:33:43 2007 GMT
Additional Information: Likely Trojaned Machine, host running trojan
loonmdesam
adamdark@xmail.com

Kolliosan
annashtolz@email.com
Paseruias
bobpetrov@e-mail.net

204.13.236.244

159.149.155.89
Exploitable server listed in SORBS
~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Postby JeanInMontana » Thu Aug 02, 2007 1:42 pm

87.242.116.201
work@electronicsdsa.com
milestop@e-mail.com
HopkinsDAS

Sorry 87.242.116.201 is currently listed in APEWS :-(
Entry matching your Query: E-216286
87.242.116.0/24CASE: C-82
IP space of "hot" UCE/UBE operations per NANAS, NANAE, UCEtraps & published statisticsSpecial Reason:
If your IP address is listed, go to Google Groups and search for your criteria in news.admin.net-abuse.sightings for evidence of your problem, you are causing abuse. If your IP address is NOT listed but is part of a larger IP listing, only the block owner can solve the problem, contact your ISP, see FAQ 16. Your ISP needs to action FAQ 42History:
Entry created 2007-06-18
~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Postby JeanInMontana » Fri Aug 03, 2007 9:33 pm

I am pleased with the results of my recent IP blocking from the site. Spammer registration dropped considerably. Today I discovered a feature of Project Honey Pot I had not been aware of! The bots targeting my QuickLinks are all listed! http://www.projecthoneypot.org/bsh_X19t ... .?rf=30577 The countries, email domains a banning bonanza. This find also seals my conviction that tracing back to the links and banning those IP's can make a difference. There was a direct correlation between the hosts of the links and the email domains. All Chinese.

222.162.139.105
222.162.139.110
222.162.139.121
222.162.139.122

These above are all Chinese mail servers being used by bots targeting my QuickLinks. BAN them!

69.80.227.41 goes with logina@zadonsk.net and used TuYreaTo and had this link in the profile hxxp://zendurl.com/pheasant/honda-250-s ... s.html#top

Visit AboutUs.org for more information about zendurl.com
<a href="http://www.aboutus.org/zendurl.com">AboutUs: zendurl.com</a>

Registration Service Provided By: NameCheap.com
Contact: *******@NameCheap.com

Domain name: zendurl.com

Registrant Contact:
WhoisGuard
WhoisGuard Protected *****************************************@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
8939 S. Sepulveda Blvd
8939 S. Sepulveda Blvd
Westchester, CA 90045
US

Administrative Contact:
WhoisGuard
WhoisGuard Protected *****************************************@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
8939 S. Sepulveda Blvd
8939 S. Sepulveda Blvd
Westchester, CA 90045
US

Technical Contact:
WhoisGuard
WhoisGuard Protected *****************************************@whoisguard.com)
+1.6613102107
Fax: +1.6613102107
8939 S. Sepulveda Blvd
8939 S. Sepulveda Blvd
Westchester, CA 90045
US

Status: Locked

Name Servers:
ns1.zendurl.com
ns2.zendurl.com
ns3.zendurl.com
ns4.zendurl.com

Creation date: 21 Dec 2005 19:11:32
Expiration date: 21 Dec 2009 19:11:32

Sorry 69.80.227.41 is currently listed in APEWS :-(
Entry matching your Query: E-271545
69.80.224.0/21CASE: C-130
One or more bots in ASN / CIDR, unprofessional / negligent ownerSpecial Reason:
Only the ASN/CIDR owner can solve this listing by actioning FAQ 42 apews.org SHUTDOWN BOTS, ZOMBIES, NET ABUSEHistory:
Entry created 2007-07-18

I suspect but have not searched server logs to confirm that that this IP 12.156.242.194 is Neertixal salope@orkeor.cn CN = China for those not obsessed with this. I spied the "guest" just after banning our pal above and checked the member list to see Neertixal, right. It doesn't matter if I'm wrong because APEWS says this:
Sorry 12.156.242.194 is currently listed in APEWS :-(
Entry matching your Query: E-213771
12.128.0.0/9CASE: C-130
One or more bots in ASN / CIDR, unprofessional / negligent ownerSpecial Reason:
If your IP address is listed, go to Google Groups and search for your criteria in news.admin.net-abuse.sightings for evidence of your problem, you are causing abuse. If your IP address is NOT listed but is part of a larger IP listing, only the block owner can solve the problem, contact your ISP, see FAQ 16. Your ISP needs to action FAQ 42History:
Entry created 2007-06-13

I can't get any Whois for it via the site tool but DNS Stuff says it belong to AT&T. :roll: I guess I have to unban it.
~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Spammer with a sense of humor.

Postby JeanInMontana » Sat Aug 04, 2007 12:49 am

Note the interests of this one.
Joined: 04 Aug 2007
Total posts: 0
[0.00% of total / 0.00 posts per day]
Find all posts by ValeraNic
Location: Russia
Website: hxxp://viagra.rusmafia.com
Occupation: web
Interests: vodka drink

viagra@rusmafia.com
ValeraNic
WhoIs server: whois.internic.net

*******************************************
Net-block Information
*******************************************

OrgName: Layered Technologies, Inc.
OrgID: LAYER-3
Address: 1647 Witt Road Suite#201
City: Frisco
StateProv: TX
PostalCode: 75034
Country: US

ReferralServer: whois://rwhois.layeredtech.com:4321

NetRange: 72.21.32.0 - 72.21.63.255
CIDR: 72.21.32.0/19
NetName: LAYERED-TECH
NetHandle: NET-72-21-32-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.LAYEREDTECH.COM
NameServer: NS2.LAYEREDTECH.COM
Comment:
RegDate: 2004-12-08
Updated: 2006-04-13

OrgAbuseHandle: LAT-ARIN
OrgAbuseName: LT Abuse Team
OrgAbusePhone: +1-972-398-7998
OrgAbuseEmail: abuse@layeredtech.com

OrgNOCHandle: LIT-ARIN
OrgNOCName: LT IP-Network Team
OrgNOCPhone: +1-972-398-7998
OrgNOCEmail: ipnet@layeredtech.com

OrgTechHandle: LNT3-ARIN
OrgTechName: LT NOC Team
OrgTechPhone: +1-972-398-7998
OrgTechEmail: ipnet@layeredtech.com
~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Spammered the last couple of days

Postby JeanInMontana » Sat Aug 11, 2007 7:57 pm

My oh my but I should never have made that statement about the site banning working so well. Holy crap, 9 spammers yesterday alone. I just deleted, didn't bother getting email etc.

boc@buy-24h.net.ru
hordunloada@bimgir.net

alanprkr@mail333.com
testowy@buziaczek.pl
qqqqqiqiqi@mytop-in.net
juanyv@atlaskit.com
licicac@bigmir.net
cymnpsymn@kremenchug.ws

Most of theses are from Hoax~Slayer. I banned the entire bigmir.net domain.
~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.

User avatar
JeanInMontana
It's Mine!!
It's Mine!!
Posts: 3331
Joined: Fri Jun 08, 2007 6:10 am
Location: South Central Montana
Contact:

Postby JeanInMontana » Wed Aug 22, 2007 3:15 pm

Over due in listing these. New wave of scum has hit the site hard in the last couple of days. Here and HS. Here there were 8 yesterday and 4 today. I also just did a pre-ban of a jackass! He is more or less a spammer too, bottom line he will not be a member here. 218.186.8.13 LU, or Lusher big windbag.

gregorpitt@hotmail.com
annetshtolz@hotmail.com
maximtts@xmail.org
@web-pharmacy-rx.info
@bigmir.net
@gamebox.net
@mymail-in.net
@zenxengine.cn
zxc2020@ukr.net
@xmail.net
pon@zenxengine.cn
@lviv.in

82.230.9.55
24.59.251.3
69.73.80.30
216.32.70.162
88.208.16.128
217.11.233.210
217.197.114.13
91.121.67.145

These four are bots in the Project Honey Pot data base, they were banned from Hoax~Slayer. Using a new method [to me anyway] one IP was used to join and then another to post. Two days in a row and both with porn links supposedly on a legit looking sites one an art school and the other an architecture firm. All I could get was a 403 error for the links.
216.32.80.234
194.9.14.82
125.46.36.223
I've lost one IP and PHP is down for maintenance.

~Think Globally * Dream Universally~Anon
ImageImageImage Donating any amount helps keep this site alive.


Return to “Mission Comment Spammer”

Who is online

Users browsing this forum: No registered users and 1 guest