Another Bulgarian IP number
I found this post by Michael’s Mind dissecting another Bulgarian IP number.
I did a Google search for the IP number
82.103.65.225
And found a spam post from January 29 this year.
The whois info comes back to a John Coleman, but the dns servers are:
Name Server: TWINS.NETISSAT.BG
Name Server: TWINS2.NETISSAT.BG
Also, I’ve found that IP number trying to crawl my site yesterday, with this referrer and user agent:
“http://www.google.com” “MSIE 5.0″
Somehow the crawler was seriously screwed up, so got a 404 (my logs show a full URL instead of the relative path)
There was a human accessing from that IP number on February 16, twice in a few minutes.
The website spamvertized in the sample I found was ultimate-bet dot us. It’s hosted at 66.154.7.43 which also hosts Buy-phentermine-deals dot com, which was registered by Tommy Hilder, who just happens to have an e-mail address:
tzahariev at hotmail.com
So yeah, I believe that’s the same outfit.
Oh, I found another spamvertized domain: hold-em-i dot com
Whoisguard protected whois, and the dns servers are interesting:
dns1.suspended-for-spam-and-abuse.com
dns2.suspended-for-spam-and-abuse.com
It’s fake, though. The site is working, and trying to drop some kind of software as you load the site. Same empirepoker thing as they usually use, as well. Different affiliate ID, though. Probably smart…
February 23rd, 2005 at 7:42 pm
he just like my rss feed. 280 times. heh.
82.103.65.225 - - [17/Feb/2005:03:51:05 -0800] “GET http://www.candygenius.com/node/feed HTTP/1.1″ 200 96175 “http://www.google.com” “MSIE 5.0″