Boo-yah! Down another one goes... I found a registrar who's actually taking action against one of our spammers.
Here's the message from InterCosmos.com: Thanks for the information. We have put the domain tecmnsd.info on registrar-hold. So the domain will stop resolving. Donny
I sent them back a message, telling them about the spammer having other URLs registered through them, 5 of them, so I may just get this spammer shut down wholesale.
> I sent them back a message, telling them about the spammer having other > URLs registered through them, 5 of them, so I may just get this spammer > shut down wholesale.
My mistake, only two of the spammer's 5 domains were registered with InterCosmos.com, but they're gone now... all Registrars should be as responsive as InterCosmos.com. That's damned impressive. Now we wait for the DNS changes to propagate, and they'll be off the air.
What's funny is that even though the domains are on Registrar hold, meaning that DNS won't resolve for them anymore, my DNS server's still got the required information to hit them with SpamVampire. So, nobody can visit, except for me. And I'm visiting a lot. And I'm not allowing my DNS server to update that DNS record, so I'll be able to continue hitting them for as long as that server is serving those websites, even if DNS won't point anyone else to them.
I've got to be hell on the poor spammers... nobody can visit their websites except the one they don't want to have visit under any circumstances... too much fun. But, it's all part of striking fear into the hearts of spammers everywhere. If I can become world-famous in spammer circles as someone to avoid, I'll have accomplished my goal.
> "Anonymous" <Anonym...@domain.invalid> wrote in message > news:laaQc.459$of6.157@newssvr29.news.prodigy.com... > > I sent them back a message, telling them about the spammer having other > > URLs registered through them, 5 of them, so I may just get this spammer > > shut down wholesale.
> My mistake, only two of the spammer's 5 domains were registered with > InterCosmos.com, but they're gone now... all Registrars should be as > responsive as InterCosmos.com. That's damned impressive. Now we wait for > the DNS changes to propagate, and they'll be off the air.
> What's funny is that even though the domains are on Registrar hold, meaning > that DNS won't resolve for them anymore, my DNS server's still got the > required information to hit them with SpamVampire. So, nobody can visit, > except for me. And I'm visiting a lot. And I'm not allowing my DNS server > to update that DNS record, so I'll be able to continue hitting them for as > long as that server is serving those websites, even if DNS won't point > anyone else to them.
> I've got to be hell on the poor spammers... nobody can visit their websites > except the one they don't want to have visit under any circumstances... too > much fun. But, it's all part of striking fear into the hearts of spammers > everywhere. If I can become world-famous in spammer circles as someone to > avoid, I'll have accomplished my goal.
That's the Russian Spam Gang.
Intercosmos is DirectNIC. How did you contact them? What did you tell them?
How about going after the nameserver for lots of them- LIONSTAM.BIZ?
Yep, that's the Russian Spam Gang... I've been hammering the living hell out of their websites with my SpamVampire (http://www.hillscapital.com/antispam/index.htm feel free to grab the source code and set up your own).
> Intercosmos is DirectNIC. How did you contact them? What did you tell
them?
I sent the LART to ab...@intercosmos.com, with a note at the top that they were the registrar, and that they should check the registration information for the site, and terminate it if it was found that the registration information was invalid.
> How about going after the nameserver for lots of them- LIONSTAM.BIZ?
Tried that... the email address obtained by doing a dig on Lionstam.biz bounces.
> Yep, that's the Russian Spam Gang... I've been hammering the living hell > out of their websites with my SpamVampire > (http://www.hillscapital.com/antispam/index.htm feel free to grab the > source code and set up your own).
Hooo-BOY, we're going after these scumbags in a big way! I just got another spam from them on a new domain they'd registered with InterCosmos. It's already down...
#begin Ale...@invalid.domain.exe (or was it Alexis.com) message <mDbQc.4499$Mg1.2...@bignews4.bellsouth.net> reply:
<SNIP>
> Intercosmos is DirectNIC. How did you contact them? What did you tell them?
I have several such replies from Intercosmos, when CC:ing DirectNIC on spams. But in all other cases I get their standard "we are just a Registrar, contact ISPs" answer. No idea what triggers that "lucky" reply.
> Hooo-BOY, we're going after these scumbags in a big way! I just got another > spam from them on a new domain they'd registered with InterCosmos. It's > already down...
Many of those on that list that I gave for IP 61.128.198.12 are registered at namebay.com. It appears that BUENOCARTO.INFO has 27 domain names registered, all associated with this spam group.
BUENOCARTO.INFO doesn't appear on Polarbeach because it doesn't resolve and they apparently only used it to sign up the other spam domains. Here is the info:
[Note: using the whois.namebay.com server reveals the actual registrar while whois.afilias.info does not]
contacting server whois.namebay.com
Domain Name : BUENOCARTO.INFO Created On : 2004-07-01 Expiration Date : 2005-07-01 Status : ACTIVE Registrant Name : Valery Binanaka Registrant Street1 : Bolshoy Kamenniy Most 21, 14 Registrant City : Moscow Registrant State/Province : RU Registrant Postal Code : 132423 Registrant Country : RU Admin Handle : VB38284 Admin Name : Valery Binanaka Admin Street1 : Bolshoy Kamenniy Most 21, 14 Admin City : Moscow Admin State/Province : RU Admin Postal Code : 132423 Admin Country : RU Admin Phone : +7.6490189 Admin Email : valerybinan...@mail.ru Tech Handle : VB38284 Tech Name : Valery Binanaka Tech Street1 : Bolshoy Kamenniy Most 21, 14 Tech City : Moscow Tech State/Province : RU Tech Postal Code : 132423 Tech Country : RU Tech Phone : +7.6490189 Tech Email : valerybinan...@mail.ru Billing Handle : VB38284 Billing Name : Valery Binanaka Billing Street1 : Bolshoy Kamenniy Most 21, 14 Billing City : Moscow Billing State/Province : RU Billing Postal Code : 132423 Billing Country : RU Billing Phone : +7.6490189 Billing Email : valerybinan...@mail.ru Name Server : FIRST.BUENOCARTO.INFO Name Server : SECOND.BUENOCARTO.INFO Name Server : THIRD.BUENOCARTO.INFO Name Server : ADDON.BUENOCARTO.INFO Registrar Name : NAMEBAY Registrar WebSite : http://www.namebay.com
