Spamhuntress

I found a referrer in my log for a domain I hadn’t seen before:

tammynishijima

Right now it’s connected to the oingo parked domain program. And it’s owned by Kalin Stamenov, with Todor’s e-mail address attached. But that was the last thing I checked.

When I saw the IP number it was spamvertized from, I had this uh oh feeling. I guess my subconscious is better at this than my conscious:

82.103.65.225

inetnum: 82.103.65.224 - 82.103.65.239
netname: ZAHARIEV-BG
descr: Todor Zahariev
country: BG
admin-c: TZ32-RIPE
tech-c: TZ32-RIPE
tech-c: TD939-RIPE
rev-srv: ns.spnet.net
rev-srv: purgatory.spnet.net
status: ASSIGNED PA
mnt-by: SPNET-MNT
source: RIPE # Filtered

person: Todor Zahariev
address: Sofia, Bulgaria
phone: +359 2
e-mail: todor@twins-bg.com
nic-hdl: TZ32-RIPE
source: RIPE # Filtered

person: Tatiana Dimitrova
address: Spectrum Net
address: 36, G.M.Dimitrov blvd.
address: BG 1797 Sofia
address: Bulgaria
phone: +359 2 9867481
fax-no: +359 2 9657646
e-mail: taniad@spnet.net
nic-hdl: TD939-RIPE
mnt-by: SPNET-MNT
source: RIPE # Filtered

% Information related to ‘82.103.64.0/18AS8717′

route: 82.103.64.0/18
descr: Spectrum NET PA space
origin: AS8717
mnt-by: SPNET-MNT
source: RIPE # Filtered

I found a number of accesses from that IP number, starting from May 13. Not spam, but clearly a bot. Then yesterday there was a fake Google referrer, and the user agent changed to:
MSIE 5.0

And there are no identifying marks at all on the headers.

Block the IP number.

This entry was posted on Friday, May 27th, 2005 at 5:16 am and is filed under Referrer spam. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.