Relief aid?
Tom Raftery sent me a comment spam. Very weird piece.
The e-mail address entered is not valid (norman at chick.com).
The site spamvertized with this text is 11say.com
I came to your site accidentially, but found it very good to read. Thanks
The site contains a good deal of nonsensical text. Snipped from somewhere, and doesn’t make sense.
It’s got some relief organizations at the top. Possibly to avoid being thrown out, and to appear legit. The organizations are for different sections of humanity depending on the domain peddled.
The spam links go to long coded URL’s, which then go to long coded URL’s at feed.peakclick.com before they resolve to some affiliate scheme.
The domain name has whois protection.
Domain registered March 9, 2005
I checked the IP number of the server:
70.85.62.24
and found a few more domains, with a different decor, but similar scheme. Enough so I believe they’re owned by the same outfit:
orangeyogi.net
Ash, Benjamin sylviocate@yahoo.com
74 Underpass Rd.
Columbus, GA 31901
US
+1.3247265341
Domain registered February 11, 2005
POTATOLAND.BIZ
Registrant Name: Jonathan Armstrong
Registrant Address1: 989 Annex St.
Registrant City: Phoenix
Registrant State/Province: AZ
Registrant Postal Code: 85043
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.2161043785
Registrant Email: sylviocate@yahoo.com
Domain registered February 11, 2005
Spamvertized by:
IP number:
205.242.0.93
a WebSTAR/3.0.2 ID/66178 proxy on the Netalliance IP block.
User agent:
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
———–
Some Googleing later, I found other sites spamvertized by the same outfit.
I’ll detail those with whois info:
oxgm.com - 70.85.62.33
Lisle, Seth sylviocate@yahoo.com
389 Isle Rd
New York, NY 10039
US
+1.635330708
makedeal.net - 70.85.62.33
Koch, Jose Maria sylviocate@yahoo.com
899 Turnpike Rd.
San Diego, CA 92140
US
+1.2102144507
———-
Did some more searching. This one’s got quite a lot of domains, and spamming quite a bit. Sort of, not laying all your eggs in the same blog? Nevermind…
March 29th, 2005 at 5:53 am
Quick follow-up Ann,
A Google search for 11say.com yields no results - has it been banned by Google, do you think?
Tom
March 29th, 2005 at 5:56 am
Nah, too early. It takes a few days for results to enter Google. Have to use msn for very recently spamvertized material.
March 29th, 2005 at 6:13 am
They also have etto.biz
March 29th, 2005 at 6:18 am
Yes Tom, they do. I was trying not to give them any links though… Had to edit your comment so it wouldn’t hyperlink.
They have LOTS of domains. I’m collecting as many as I can find, but won’t put them up here.
March 29th, 2005 at 6:38 am
Ah!
found a few more - won’t bother mentioning them so!
A Google (and MSN) search for “came to your site accidentially,” (including the inverted commas) shows they have been busy.
They are also using the comment text:
“I have learned about this at school today!” and
“Hey Jon did’t know you are reading this too :0. Greets”
March 29th, 2005 at 7:19 am
[…] info, traceroute, etc.) and forwarded my findings to SpamHuntress. She subsequently wrote a comprehensive post on it. Searches on Google and MSN Search for the term “I came to your […]
June 26th, 2005 at 6:28 pm
Hi Ann,
Came across your site while doing a Google search on sylviocate@yahoo.com. Yours was one of only two listings. The other being
http://books.dreambook.com/flash718/
which seems to be the landing point for NUMEROUS bogus outfits, since every guestbook entry I could find was nothing but URL’s of such sites.
My problem wasn’t with spam - it was with doing searches on Google and having the top sites come up for things non-related. You can see the pattern in the URLS. And some “whois” checking on ownership showed many different addresses, etc., but that same email.
My most recent search in Google was for +”class action lawsuit” +weslo +tub
120 listings came up, and I haven’t seen a valid one.
But the Tech info in the “whois” listings for those bogus URL’s needs to be accurate. And they all show the same company:
Tech ID:C8936810-LRMS
Tech Name:EV1 Servers Domain Services
Tech Organization:EV1.net
Tech Street1:390 Benmar
Tech Street2:Suite 200
Tech City:Houston
Tech State/Province:Texas
Tech Postal Code:77060
Tech Country:US
Tech Phone:+1.7133337873
Tech Email:domains@ev1servers.net
Name Server:NS1.FLYMARS.INFO
Name Server:NS2.FLYMARS.INFO
The above phone number is valid. Google shows it for:
Everyones Internet, (713) 333-7873, 2600 Southwest Fwy, Houston, TX 77098
These people have got to know who they’re dealing with.
Here’s a link regarding EV1 and their questionable hosting:
http://www.emailbattles.com/archive/battles/spam_aaafeadhfi_ab/
There are a couple sites that sylviocate must’ve gotten wise with when registering them, since “whois” shows limited information, though the URL links have the same pattern and they were registered the first few months of the year by Tucows, such as: runback.com and ochroma.com.
My .02.
-Scott
June 27th, 2005 at 4:11 am
EV1 has an abuse department that appears to only take action when pressured by NANAE or NANAB (risk of getting into or not getting out of SPEWS).
However, they do have legitimate customers as well. Including my webhost. Yes, spamhuntress.com is on EV1.