Spam my blog and I report your site to Google for banning. You've been warned!
« Web spam summit | Main | spamhuntress.com soon online »
February 23, 2005
Another Bulgarian IP number
I found this post by Michael's Mind dissecting another Bulgarian IP number.
I did a Google search for the IP number
82.103.65.225
And found a spam post from January 29 this year.
The whois info comes back to a John Coleman, but the dns servers are:
Name Server: TWINS.NETISSAT.BG
Name Server: TWINS2.NETISSAT.BG
Also, I've found that IP number trying to crawl my site yesterday, with this referrer and user agent:
"http://www.google.com" "MSIE 5.0"
Somehow the crawler was seriously screwed up, so got a 404 (my logs show a full URL instead of the relative path)
There was a human accessing from that IP number on February 16, twice in a few minutes.
The website spamvertized in the sample I found was ultimate-bet dot us. It's hosted at 66.154.7.43 which also hosts Buy-phentermine-deals dot com, which was registered by Tommy Hilder, who just happens to have an e-mail address:
tzahariev at hotmail.com
So yeah, I believe that's the same outfit.
Oh, I found another spamvertized domain: hold-em-i dot com
Whoisguard protected whois, and the dns servers are interesting:
dns1.suspended-for-spam-and-abuse.com
dns2.suspended-for-spam-and-abuse.com
It's fake, though. The site is working, and trying to drop some kind of software as you load the site. Same empirepoker thing as they usually use, as well. Different affiliate ID, though. Probably smart...
Posted by Ann at February 23, 2005 01:55 PM
Trackback Pings
TrackBack URL for this entry:
http://www.annelisabeth.com/blog/mt-tb.cgi/260
Comments
he just like my rss feed. 280 times. heh.
82.103.65.225 - - [17/Feb/2005:03:51:05 -0800] "GET http://www.candygenius.com/node/feed HTTP/1.1" 200 96175 "http://www.google.com" "MSIE 5.0"
Posted by: cindy at February 23, 2005 07:42 PM