Message Board

Tracking Harvesters/Spammers

Older Posts ]   [ Newer Posts ]
 Proboards forum spammer
Author: B.Gripling   (2 Sep 07 4:22am)
Hi! I'm new to this project, and I was wondering about this spammer who attacked several Proboards forums, and often spams links leading to sites such as earn2000.cn or something like that. According to the whois/IP lookup data, it appears as though the spammer's Chinese, although my PC doesn't have Chinese language support (the name only appears in the form of question marks).

Address lookup
canonical name earn2000.cn.
aliases
addresses 208.113.186.188
Domain Whois record

Queried whois.cnnic.net.cn with "earn2000.cn"...

Domain Name: earn2000.cn
ROID: 20070809s10001s48746651-cn
Domain Status: ok
Registrant Organization: 高国辉
Registrant Name: 在 在
Administrative Email: gghggh2009@126.com
Sponsoring Registrar: 北京星缘新动力科技有限公司
Name Server:ns1.beijingidc.com
Name Server:ns4.beijingidc.com
Registration Date: 2007-08-09 19:46
Expiration Date: 2008-08-09 19:46

Network Whois record

Queried whois.arin.net with "208.113.186.188"...

OrgName: New Dream Network, LLC
OrgID: NDN
Address: 417 Associated Rd
Address: PMB #257
City: Brea
StateProv: CA
PostalCode: 92821
Country: US

NetRange: 208.113.128.0 - 208.113.223.255
CIDR: 208.113.128.0/18, 208.113.192.0/19
NetName: DREAMHOST-BLK6
NetHandle: NET-208-113-128-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.DREAMHOST.COM
NameServer: NS2.DREAMHOST.COM
NameServer: NS3.DREAMHOST.COM
Comment:
RegDate: 2006-04-12
Updated: 2007-01-05

OrgAbuseHandle: DAT5-ARIN
OrgAbuseName: DreamHost Abuse Team
OrgAbusePhone: +1-714-706-4182
OrgAbuseEmail: abuse@dreamhost.com

OrgNOCHandle: ZD69-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-714-706-4182
OrgNOCEmail: netops@dreamhost.com

OrgTechHandle: ZD69-ARIN
OrgTechName: Network Operations
OrgTechPhone: +1-714-706-4182
OrgTechEmail: netops@dreamhost.com

# ARIN WHOIS database, last updated 2007-09-01 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

DNS records
name class type data time to live
earn2000.cn IN SOA
server: ns1.beijingidc.com
email: root.ns1.beijingidc.com
serial: 2007070901
refresh: 10800
retry: 3600
expire: 604800
minimum ttl: 86400
43200s (12:00:00)
earn2000.cn IN A 208.113.186.188 43200s (12:00:00)
earn2000.cn IN MX
preference: 0
exchange: mail.earn2000.cn
43200s (12:00:00)
earn2000.cn IN NS ns1.beijingidc.com 43200s (12:00:00)
earn2000.cn IN NS ns4.beijingidc.com 43200s (12:00:00)
188.186.113.208.in-addr.arpa IN PTR apache2-yak.ocean.dreamhost.com 14400s (04:00:00)
Traceroute

Tracing route to earn2000.cn [208.113.186.188]...
hop rtt rtt rtt ip address fully qualified domain name
1 0 0 0 70.84.211.97 61.d3.5446.static.theplanet.com
2 0 0 0 70.84.160.129 vl1.dsr01.dllstx5.theplanet.com
3 10 0 0 70.85.127.105 po51.dsr01.dllstx3.theplanet.com
4 0 0 0 70.87.253.9 et3-1.ibr04.dllstx3.theplanet.com
5 0 0 0 64.208.170.197 gigabitethernet7-3.ar2.dal2.gblx.net
6 37 189 37 64.215.183.50 new-dream-networks-llc-los-angeles.ge-0-1-0.410.ar1.lax3.gblx.net
7 37 37 37 208.113.186.188 apache2-yak.ocean.dreamhost.com

Trace complete
Service scan
FTP - 21 220 ProFTPD 1.3.1rc2 Server (DreamHost FTP) [208.113.186.188]
SMTP - 25 220 ocean.dreamhost.com ESMTP
HTTP - 80 HTTP/1.1 200 OK
Date: Sun, 02 Sep 2007 08:11:49 GMT
Server: Apache/2.0.54 (Unix) PHP/4.4.7 mod_ssl/2.0.54 OpenSSL/0.9.7e mod_fastcgi/2.4.2 DAV/2 SVN/1.4.2
Last-Modified: Sat, 11 Aug 2007 11:45:09 GMT
ETag: "30afb12-2793-6071b40"
Accept-Ranges: bytes
Content-Length: 10131
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
POP3 - 110 Error: ConnectionRefused
IMAP - 143 Error: ConnectionRefused

Any opinions?
 
 Re: Proboards forum spammer
Author: P.Hauser   (2 Sep 07 6:33am)
May I ask you:

Do you wonder why people do post such sites in a forum?

-What is your question to that issue after all your checks?
 
 Re: Proboards forum spammer
Author: B.Gripling   (15 Sep 07 10:45pm)
I dunno, they're just looking for attention...



do not follow this link

Privacy Policy | Terms of Use | About Project Honey Pot | FAQ | Cloudflare Site Protection | Contact Us

Copyright © 2004–17, Unspam Technologies, Inc. All rights reserved.

contact | wiki | email