David Bolt wrote:
> On Fri, 29 Apr 2005, SuN Tsu <bananana
...@spamblocked.com> wrote:-
> <snip>
> Since you didn't decode this script:
> here it is for the record:
> var s='magic-babes.com'
Thanks, David, for revealing another component of that spam gang.
magic-babes.com (registered via a Russian source)
Domain Type Class TTL Answer
magic-babes.com. A IN 86400 69.50.167.230
magic-babes.com. NS IN 86400 ns2.speedy-hosting.net.
magic-babes.com. NS IN 86400 ns1.speedy-hosting.net.
ns1.speedy-hosting.net. A IN 86400 69.50.167.226
ns2.speedy-hosting.net. A IN 86400 69.50.166.190
69.50.167.230
TXT= "Spam Received See:
http://www.dnsbl.sorbs.net/lookup.shtml?69.50.167.230"
TXT= "! [1] ATRIVO, see http://spews.org/html/S2489.html
ATRIVO
|--------------------
0, 170.208.3.2, ISD / ATRIVO.COM / megashell.atrivo.com
0, 170.208.0.0 - 170.208.63.255, RECLAIMED (ISD / ATRIVO.COM)
0, 170.208.64.0 - 170.208.127.255, RECLAIMED (ISD / ATRIVO.COM)
0, 170.208.128.0 - 170.208.191.255, RECLAIMED (ISD / ATRIVO.COM)
0, 170.208.192.0 - 170.208.255.255, RECLAIMED (ISD / ATRIVO.COM)
1, 69.1.78.170, ns2.atrivo.com (wworks.net)
1, 69.1.78.171, pavel.atrivo.com (atrivo.wofut.com) (wworks.net)
1, 66.12.147.125, fiber3.atrivo.com (bdsl.66.12.147.125.gte.net)
2, 193.124.133.151, fiber2.atrivo.com / divi.ru (relcom.net)
2, 64.21.9.12, billing.atrivo.com (1155.ubersmith.com) (dead?)
2, 212.1.235.242, ekey.atrivo.com (biplane.ru)
1, 69.50.160.0/19, ATRIVO.COM (ASN'd - bluetelegraph.com via AS23256)
1, 69.31.64.0/20, ATRIVO.COM (on listed nLayer)
1, 69.1.78.0/24, ATRIVO.COM (on wworks.net spam house)
1, 69.22.162.0/23, ATRIVO.COM (on listed nLayer)
1, 69.22.168.0/21, ATRIVO.COM (on listed nLayer)
1, 69.22.184.0/22, ATRIVO.COM (on listed nLayer)
---------------------|
Hosting spammers.
Interesting ARIN data. 1995 to 2003? Hmmm...
Meaning the sudden re-birth of a dead /16 is puzzling in these times
of ARIN block piracy. More details would certainly be welcome.
UPDATE: "more details" =>
<http://www.merit.edu/mail.archives/nanog/msg09730.html>
It's stolen. Crime don't pay Emil.
UPDATE: More crime, proxy hijacking:
<http://www.monkeys.com/upl/top-20030912.post>
10. 66.250.145.0/24
backbone = cogentco.com
provider = atrivo.com (Walnut Creek, CA)
See:
<http://groups.google.com/groups?q=%22atrivo.%2Bcom%22+group:news.admi...>
<http://groups.google.com/groups?q=170.208+group:*abuse*&hl=en&lr=&ie=...>
<http://groups.google.com/groups?selm=slrnba4ka2.2qf6.andrew%2Bnonews%...>
Routing via fellow "netblock stealer" nLayer: AS4474 => AS27595
And routes some of their stolen block 146.100.32.0/19 via AS27595
Has /19 out of another stolen ARIN block "Ready Systems" 138.121.0.0/16
<http://groups.google.com/groups?selm=ba86vt%24bcl%241%40half.spin.it>
<http://www.google.com/groups?selm=3FA3B8A9.2010408%40rambler.ru>
--------------------------------------------------------------------------- -
Posted by Cogent Abuse -
Spews,
Please remove the following listings, as Cogent has severed its
business relationship with ISD/ATRIVO
66.28.38.224/28 ISD/ATRIVO
66.250.6.2/32 ISD/ATRIVO
66.250.6.0/30 ISD/ATRIVO
66.250.145.0/24 ISD/ATRIVO
:::: END SPEWS S2489 Listing ::::
Registrant:
Ted Teddy webmas...@magic-babes.com +1.8462555123
Teddy Inc.
13 Nowhere road
Oxford,CA,UNITED KINGDOM 95050
Domain Name:magic-babes.com
Record last updated at 2004-10-08 13:45:49
Record created on 2004/10/8
Record expired on 2005/10/8
Domain servers in listed order:
ns1.speedy-hosting.net
ns2.speedy-hosting.net
Administrator:
13 Nowhere road
Oxford
CA,
UNITED KINGDOM
95050
name:(Ted Teddy)
mail:(webmas...@magic-babes.com) +1.8462555123
Teddy Inc.
Technical Contactor:
13 Nowhere road
Oxford
CA,
UNITED KINGDOM
95050
name:(Ted Teddy)
mail:(webmas...@magic-babes.com) +1.8462555123
Teddy Inc.
Billing Contactor:
13 Nowhere road
Oxford
CA,
UNITED KINGDOM
95050
name:(Ted Teddy)
mail:(webmas...@magic-babes.com) +1.8462555123
Teddy Inc.
Registration Service Provider:
name: Regtime.net
tel: +7 8462788201
fax: +7 8462788201
web:http://www.webnames.ru
OrgName: Atrivo
OrgID: ATRIV
Address: 200 Paul Avenue
City: San Francisco
StateProv: CA
PostalCode: 94124
Country: US
NetRange: 69.50.160.0 - 69.50.191.255
CIDR: 69.50.160.0/19
NetName: ATRIVOTECHNOLOGIES
NetHandle: NET-69-50-160-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
NameServer: MAIL.ATRIVO.COM
NameServer: PAVEL.ATRIVO.COM
Comment:
Comment: ## Comments listed here will appear in
ARIN's WHOIS database.
RegDate: 2003-06-04
Updated: 2003-08-21
NOCHandle: EKA4-ARIN
NOCName: Kacperski, Emil
NOCPhone: +1-925-550-3947
NOCEmail: ab...@atrivo.com
OrgAbuseHandle: ABUSE658-ARIN
OrgAbuseName: Abuse Department
OrgAbusePhone: +1-925-550-3947
OrgAbuseEmail: ab...@atrivo.com
OrgNOCHandle: NETWO601-ARIN
OrgNOCName: Network Operations
OrgNOCPhone: +1-925-550-3947
OrgNOCEmail: n...@atrivo.com
OrgTechHandle: EKA4-ARIN
OrgTechName: Kacperski, Emil
OrgTechPhone: +1-925-550-3947
OrgTechEmail: ab...@atrivo.com
# ARIN WHOIS database, last updated 2005-04-30 19:10
--
speedy-hosting.net
">http://groups-beta.google.com/groups?hl=en&lr=&ie=UTF-8&q=speedy-host...>
http://www.spam-protect.org
... for additional hints on searching ARIN's WHOIS database. Dig
freexporn.info@
ns2.speedy-hosting.net (69.50.167.226) ... Authoritative ...
news.admin.net-abuse.email - Jan 13, 4:59 pm by Jamie - 7 messages - 4
authors
It's "quote"sad, actually, that Jamie has researched and posted about
more spammers and spam than many regular NANAE kooks who consider
themselves spam fighters, and who can't or won't contribute as much to
spam fighting as Jamie has, all whilst attacking every serious post
Jamie ever mad.
Too many one-eyed posters pursue their own personal agendas in a spam
fighting froup. :(
He may be a kook and he may be a well documented spammer, but he has
contributed more to the concerted effort of spam fighting than kooks
like Russell Miller and Marc Dufour, both of whom have stalked their,
and other posters', posts.
Domain Type Class TTL Answer
speedy-hosting.net. A IN 86400 69.50.167.226
speedy-hosting.net. NS IN 86400 ns1.speedy-hosting.net.
speedy-hosting.net. NS IN 86400 ns2.speedy-hosting.net.
ns1.speedy-hosting.net. A IN 86400 69.50.167.226
ns2.speedy-hosting.net. A IN 86400 69.50.166.190
Shireley these spammers are professionals (sic) registering the domain
in San Diego, USA and using a yahoo.co.uk email contact addrss.
Domain name: speedy-hosting.net
Registrant Contact:
Speedy Hosting Inc.
Kean Mikell (stehling76238...@yahoo.co.uk)
+1.6192343351
Fax: none
1546 2nd Ave # A
San Diego, 92101
US
Administrative Contact:
Speedy Hosting Inc.
Kean Mikell (stehling76238stt [] yahoo.co.uk)
+1.6192343351
Fax: none
1546 2nd Ave # A
San Diego, 92101
US
Technical Contact:
Speedy Hosting Inc.
Kean Mikell (stehling76238...@yahoo.co.uk)
+1.6192343351
Fax: none
1546 2nd Ave # A
San Diego, 92101
US
Billing Contact:
Speedy Hosting Inc.
Kean Mikell (stehling76238stt [] yahoo.co.uk)
+1.6192343351
Fax: none
1546 2nd Ave # A
San Diego, 92101
US
Status: Locked
Name Servers:
ns1.speedy-hosting.net
ns2.speedy-hosting.net
Creation date: 26 Mar 2004 10:38:21
Expiration date: 26 Mar 2006 10:38:21
Cheers,
SuN
--
One entry found for NANAE terrorist.
Main Entry: NAˇNAE terˇrorˇist
Pronunciation: Nae-nay ter-&r-"i-st"
Function: noun
: one who employs the systematic use of terror, lies and FUD
especially as a means of coercion in NANAE
: one willing to destroy ones own RL reputation in an attempt to
destroy another's alias reputation, usually motivated by deep
rooted control issues and an advanced anger management problem;
aggravated by paranoia and irritated by shadow chasing.
See: Russell Miller / kook [@] Duskglow.com / Jamie Masterbaiter
