Spamhuntress

I guess the big boys have shot him down one too many times for mail spamming, so now he’s into guestbook spamming. And he goes for sites that are naturally positive towards preachers - other Christian sites.

He’s currently got one of his sites hosted on what I assume is his broadband net connection:
67.166.241.132
Update, August 1, 2005: It’s off that IP address. Currently on Netfirms - 64.34.66.18.

Search for roygiles.org on Google, and you’ll find lots of guestbooks he’s posted on.

I’ve come across some people before who say they’re in the ministry and have the ethics of alleycats. This guy is a good number two on my list of top unethical people in the Christian ministry. Shame on you, Roy!

For more back story on Roy Giles
Before you read this, let me tell you the story about him and the spamhuntress server. He had his site on the same server, and before the webhost could figure out he was a spammer, the IP number got blacklisted at Spamhaus. It got sorted quickly when he was booted by the webhost and Spamhaus released the block.
Iknowwhatimdoing
Spam Kings
Spam Kings 2
419eater

Eugene Blagodarny is at it again.

This time he’s created a fake dyndns site. It’s got text and design elements from DNS Wizard.

chiki-piki.com

And he’s already spamvertized subdomains on it. A passable fake, but I caught him.

UPDATE: ESTdomains has suspended the domain. First time I’ve seen them do that, except possibly Eugene’s submitter sites.

One of Eugene Blagodarny’s domains is using the DomainsByProxy address, fraudulently:

404traff.com
Prime, Inc
Prime, Inc (webmaster@workst.net)
15111 N Hayden Rd., Suite 14
Scottsdale
Arizona,85260
US
Tel. +480.6242599

Sneaky…

There’s a discussion about jaja-jak-globusy.com on the digitalpoints forum.

It takes them until the second page to figure out that it uses the Google domain park Adsense program. This is a domain spamvertized by Manila Industries.

Thanks to spamfuxor for notifying me in a comment on this post.

I noticed some search terms to that effect in my logs yesterday, and wondered what had happened. Got an e-mail today from one of my readers with some links. He called it “the ultimate antispam system”

Guys, don’t do this at home. It just isn’t worth it…

Spammer dead
Spam assassin

I just ran down a very aggressive referrer spammer. One of the worst I’ve ever seen, actually.

JackyZhao

I’ve been working on an update of the Airline ticket spammer page today.

As usual, you can find trails going in more directions than we first saw. My update is at the bottom of the page.

I got a comment spam on annelisabeth.com today and started running it down. First of all, there’s no obvious payoff. None at all. So it might be a future bait and switch.

The spam came in from (spambot):
85.250.204.98
217.132.186.33
Both are Netvision broadband IP numbers in Israel.

All pages are currently hosted on
192.117.97.56
which is an Actcom broadband IP number in Israel.

Some pages still point to
212.143.91.115
A Netvision IP address in Israel
Those pages are not served, so I’m guessing the IP number was lost somehow.

But the really interesting part is that the root domain, every single one of them, point somewhere else. The most recent ones point to various webhost providers, but earlier domains point to IANA reserved IP space, and one even pointed to an IP number in a DoD (Department of Defense) IP block!

All spam from this spammer is preceded by the letters
mn
and then the domain name of the hour, with no space between them. So finding the spam is easy. He spams guestbooks, forums and wikis.

Whois info is obviously fake, but I’ll include a recent one:

tsahal
24 rashborn ave.
yorkshier, NA 441456
GB

jordan, tomner tomberd@yahoo.com
24 rashborn ave.
yorkshier, NA 441456
GB
+41556623456

Another little wrinkle concerns the name servers. Some are a bit fishy:

This is one of the name servers:
NS.BROWSE-DNS-ONLINE.COM.NS-NOT-IN-SERVICE.COM

I removed this part, because it no longer resolves. But it did earlier today. And it had the IP number: 62.219.224.168. The domain itself has been terminated by the registrar, so it’s weird that it pinged earlier on.

In fact, you can look for NS.FREE-TV-DNS.COM as well. It’s also on bezeqint.net, and is used by this spammer as a name server.

I came across a 419 scam letter site by accident. It’s maintained by StorOslo Sikkerhetstjeneste (Security company in Oslo, Norway). They have a large selection of scam letters.

419 scam letter reports

I found another site a ways back, but it was about scamming the scammers. This is just a database of the various letters, so more useful for those of us itching to report stuff.

My desktop was getting more and more noisy, even changing tune now and then. So instead of getting a new one, just yet, I thought, hmmm, how much dust is in there?

So out comes the pressurized air, and off comes the top.

It’s just AMAZING how much dust was in that puppy!!!

And now it’s purring a lot more contentedly…

Guys, clean your desktop computers regularly!