Spam my blog and I report your site to Google for banning. You've been warned!
« A string to watch out for - master spambot | Main | What's this? »
January 14, 2005
A small batch of proxies
I had three IP numbers trying my comment script since last night.
80.248.1.3
This one is from Nigeria, and it sends a 400 bad request from a proxy server that isn't configured to receive anything on protocol 80. The error page has a link to Cisco.
-------------
213.174.190.219
Sailinitaly.com again...
-----------
The third doesn't answer on http, but it did come with referrer spam.
And the server is an old acquaintance, 161.58.59.8. If I remember correctly, it's the server that had all those other domain names I got in referral spam earlier.
And the account is supposedly terminated for TOS violation. If I'm not mistaken, webhosts aren't allowed to say why they close websites? It's supposed to be open ended. That visitors are allowed to guess, but they can't say the exact reason on a closing page? Correct me if I'm wrong.
The whois record was last updated yesterday, which is kind of weird.
The owner is supposedly in Puerto Rico, but I plain don't believe in whois info anymore. Too much deception.
The webserver supposedly serves 280 domains (round number, could be wrong).
The domain name for the server itself reveals whois information that, although it's possibly false, resembles Thomas Reece's style. He also has domains on that server.
Hmmm, I googled some, and came upon Cody Smith, who's certainly got balls. He managed to shut down a spammer temporarily. Wouldn't mind comparing notes with this guy. Problem is, as Cody anticipated, the spammer is back on another host...
Posted by Ann at January 14, 2005 11:42 AM
Trackback Pings
TrackBack URL for this entry:
http://www.annelisabeth.com/blog/mt-tb.cgi/78
Comments
Whoa... the scumbag is back. I've not finished looking at my logs yet but the first referral spam listed on my logs is this one: stories-on-cd dot org from the IP 193.145.222.70.
A whois of the spam URL shows that the site is:
- parked at GoDaddy
- Server type is: Apache/1.3.29 (Unix) PHP/4.3.2.
- Server IP is: 64.202.167.192
- IP location is at: Arizona - Scottsdale - Go Daddy Software Inc
The rest of the whois info is as follows:
Domain ID:D81353059-LROR
Domain Name:STORIES-ON-CD.ORG
Created On:18-Dec-2001 18:11:23 UTC
Last Updated On:13-Jan-2005 07:24:13 UTC
Expiration Date:18-Dec-2007 18:11:23 UTC
Sponsoring Registrar:Moniker Online Services Inc. (R145-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Registrant ID:moniker21494
Registrant Name:Sarahi Calista
Registrant Organization:Sarahi Calista
Registrant Street1:Fairway Rd
Registrant Street2:26
Registrant Street3:
Registrant City:Lytton
Registrant State/Province:Puerto Rico
Registrant Postal Code:83623
Registrant Country:US
Registrant Phone:+1.9017635434
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:Whois Privacy and Spam Prevention by Whois Source
Admin ID:moniker21494
Admin Name:Sarahi Calista
Admin Organization:Sarahi Calista
Admin Street1:Fairway Rd
Admin Street2:26
Admin Street3:
Admin City:Lytton
Admin State/Province:Puerto Rico
Admin Postal Code:83623
Admin Country:US
Admin Phone:+1.9017635434
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:Whois Privacy and Spam Prevention by Whois Source
Tech ID:moniker21494
Tech Name:Sarahi Calista
Tech Organization:Sarahi Calista
Tech Street1:Fairway Rd
Tech Street2:26
Tech Street3:
Tech City:Lytton
Tech State/Province:Puerto Rico
Tech Postal Code:83623
Tech Country:US
Tech Phone:+1.9017635434
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:Whois Privacy and Spam Prevention by Whois Source
Name Server:NS0.DNS-4U.ORG
Name Server:NS1.DNS-4U.ORG
The one thing I notice with this scumbag is that he/she is using Moniker Online Services Inc. a lot to register all these domains. The other thing is if you look at the email provided in the whois above, it leads back to 217.70.180.17 at gandi.net. Incidently, if you remember, team-support-24x7.net also leads back to the same IP at gandi.net.
Posted by: ady at January 14, 2005 10:19 PM