Spam Bank

Have you ever been spammed? Did you record the IP Address? If so use this blog to add the IP addresses of the alleged spammers so when forum, blog or web site owners are uncertain about a member, it can help them make up their minds and share some data.

Saturday, October 15, 2005

Fight Blog Spam

Look above and click and follow that link to share some stuff about how to fight blog spam. Go also Here and share your ideas. One thing that was funny, is Splog Spot, the search engine drawing its results from spam blogs. Those are some of the worst search results that you can possibly imagine ;)

Saturday, September 10, 2005

Anti Spam Software

Anti Spam Software - Anti spam software for preventing junk and spam email from your inbox.

Sunday, July 24, 2005

July '05 Comment Spammers (week 4)

July's weeks 2 & 3 merged into one. But today, I find a whole new batch so week 4 is born!

Anyone else want to post their spam?
  1. Author : slot machines (IP: 63.165.61.249 , 63.165.61.249)
    URL : http://www.casino-results.com/slot-machines.html
    Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=63.165.61.249
  2. Author : casino game (IP: 203.166.96.239 , cache5.syd.ops.aspac.uu.net)
    URL : http://www.specific-casino.com/casino-game.html
    Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=203.166.96.239
  3. Author : pacific poker deposit bonus (IP: 61.95.202.92 , dsl-KK-static-092.202.95.61.touchtelindia.net)
    URL : http://www.2002sogwipo.com/pacific-poker.html
    Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=61.95.202.92
  4. Author : online craps (IP: 62.81.214.42 , sa628121442.mundivia.es)
    URL : http://www.forever-casino.com/online-craps.html
    Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=62.81.214.42
  5. Author : craps table (IP: 81.240.255.226 , 81.240.255.226)
    URL : http://www.casino-amusement.com/craps-table.html
    Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=81.240.255.226
  6. Author : strategy for texas holdem poker (IP: 203.74.175.36 , 203.74.175.36)
    URL : http://www.atlantis-asia.com/texas-holdem.html
    Whois : http://ws.arin.net/cgi-bin/whois.pl?queryinput=203.74.175.36
  7. forum spam pointing to http://mdptma.directmeds.biz/?wrckdlxwntvylictelzpouanwmi
  8. forum spam pointing to http://vnzsqk.igstatdlydm.info/?vK141g__FA6Lfj_ppipxnbmut
  9. forum spam pointing to http://uggjx.igstatdlydm.info/?GfIZIbaGQfNTquaffteac
  10. eBay phishing pointing to http://218.9.7.188/.../e3b/ whois suggests a Chinese domain.

Friday, July 08, 2005

July '05 Comment Spammers (week 2)

The last collection of alleged comment spammers got so long that I've started a second edition and we're not even half way through the month!

So, if you have someone posting on your site purely to get links into their own site, and the comments are spammy list their details here!

Thursday, July 07, 2005

Netsol, Netsolmail and NetsolHost

Got another phishing attempt today in the name of Bank of the West


http:// 0046b05.netsolhost.com//bankofthewest/login/index.htm

not much to see for these guys but they're hosted by NETSOLMAIL.COM on 216.168.230.195. Now the IP apparantly has no websites but netsolmail is controlled by NETSOL.COM

The email itself was sent from VYTJRTACEPOHUGQANBRP@hotmail.com - I'm guessing they won't be checking that account in a hurry.

Tuesday, July 05, 2005

Popular Enterprises

Somebody out there thinks I'll actually believe there is such a thing as Sky Bank, yeah right, as in pie in the sky. Woops, no, I see there is such a bank. Dodgy name ;)

Back to the post... I got sent a phishing email from them today, asking me to update my security info...

  • Their link: http://211.72.152.30 /.servlet/SignOnCustTypeRetailNLSEN.htm
  • The readable link: https://connect.skyfi.com/servlet/SignOn?CustType=Retail&NLS=EN

quite different, but scarily similar.

The cheeky buggers even use a logo from the anti crime site: http://www.publiceyes.org/



I couldn't see anything definitive on that IP for now but it looks like the owner might be planning a Xoops site sometime soon ;)

Spend enough time looking around the system and you'll find the owner's email: simon_pan@p-and-j.com.tw and thew whois info for p-and-j.com.tw

which that takes us back to the USA
Administrator DNS
POPULAR ENTERPRISES, L.L.C. Domain Administration Department
5201 Kingston Pike Suite 6301
Knoxville, TN 37919 US
+1.4075409360


A Google search on the phone number comes up with popularenterprises.com and this forum post: Directi.com Replies to: [media] Pfizer to sue online sellers of fake Viagra.

Popular Enterprises have a basic front page and the links all go to Netster

I found out this about them on The Register...
Popular Enterprises has a history of purchasing expired domain names and directing them to its Netster search site

You'll also find another spam groups list of related domains for popularenterprises. So they are obviously well known.

NB: I've used a live link above so that anyone doing a back link check on them will find us, and our disapproval...

Friday, July 01, 2005

July '05 Alleged Spammers

If you have the IP Adress of someone who allegedly spammed your website, perhaps the comments section, or your guestbook, then go ahead and add it in the comments section. You might be getting these from your blog, your forum, article comments, who knows.

The great thing is Google, MSN and co will index this blog like any other and when someone is trying to research who a user is this site will come up and they'll see that we weren't happy!

July Referral Spammers

I don't know if people check their stats logs as often as they check their comments but this post is a place to list the IP addresses of the people spamming your stats. Here's a great article about referral spam, why it happens and what to do about it.

In the meantime, bust them here!