oldskoolflash Posted October 6, 2005 Share Posted October 6, 2005 I have sucesfully shut down 3 websites in a row for this idiot who keeps spamming me. Now is seems he is getting smarter. Spamcop was never able to resolve the website link of the previous spamvertized websites, but a little legwork yeilded the required info. This one I am having a little trouble with http://belfry.thebestpills4u.com/ It resolves to: Registration Service Provided By: WEB-NAMEZ.COM Domain servers in listed order: ns1.drrecommends.info ns2.yourgoldenhealth.info ns2.drrecommends.info ns1.yourgoldenhealth.info "web-namez" hmmmmmm That resolves to: Domain servers in listed order: 24572.mercury.orderbox-dns.com 24572.venus.orderbox-dns.com 24572.earth.orderbox-dns.com 24572.mars.orderbox-dns.com And the above resolves to: mercury.orderbox-dns.com = [ 66.135.40.144 ] Registration Service Provided By: DIRECTI Contact: 91.2256797500 Website: http://www.directi.com Domain Name: ORDERBOX-DNS.COM Leaving me with a reporting address of abuse[at]directi.com Is that right, could someone confirm? Ta. Link to comment Share on other sites More sharing options...
Wazoo Posted October 6, 2005 Share Posted October 6, 2005 http://www.dnsreport.com/tools/dnsreport.c...bestpills4u.com .. shows the usual spammer-controlled DNS server issues of the day http://www.dnsstuff.com/tools/lookup.ch?na...ls4u.com&type=A Domain Type Class TTL Answer thebestpills4u.com. A IN 600 220.80.107.190 thebestpills4u.com. NS IN 600 ns1.thebestpills4u.com. thebestpills4u.com. NS IN 600 ns2.thebestpills4u.com. ns1.thebestpills4u.com. A IN 600 220.80.107.190 ns2.thebestpills4u.com. A IN 600 220.80.107.190 (Note DNS running on the same server as the web-site .. not normal and also probably contributing to the time-out issue) http://www.whois.sc/thebestpills4u.com Name Server: NS1.DRRECOMMENDS.INFO ICANN Registrar: CRITICAL INTERNET, INC. Created: 2005-10-05 Expires: 2006-10-05 Status: ACTIVE Registration Service Provided By: WEB-NAMEZ.COM Domain Name: THEBESTPILLS4U.COM Registrant: n/a DAMOC ALBERT (yahoo.com address) Istriei, Nr. 32 Apart Bucure'ti,31949 RO Tel. +40.0213463491 Creation Date: 05-Oct-2005 Expiration Date: 05-Oct-2006 Domain servers in listed order: ns1.drrecommends.info ns2.yourgoldenhealth.info ns2.drrecommends.info ns1.yourgoldenhealth.info Status:ACTIVE Website Status: not active (probably also timed out / blocked) http://www.dnsstuff.com/tools/tracert.ch?i...bestpills4u.com 220.80.107.190 AS0 IANA-RSVD-0 (but, technically, this could be the compromised system of the moment) TTL = 53 Country = KR Time = [Router did not respond] http://www.dnsstuff.com/tools/whois.ch?ip=...db.net&email=on route: 220.80.0.0/13 descr: KORnet operation Center(Korea Telecom) origin: AS4766 mnt-by: MAINT-AS4766 source: RADB (Probably a waste of time trying to contact these folks) Jumping directly to Directi wouldn't be appropriate without documentation that indicated no-action taken by WEB-NAMEZ.COM .... I've not checked their page to see what their policies are ... so I'll leave that as "your call" for now ... Link to comment Share on other sites More sharing options...
Merlyn Posted October 6, 2005 Share Posted October 6, 2005 Lately DirectI has been taking some great measures to remove spammers. I suggest manually larting WEB-NAMEZ.COM with a CC to DirectI. Link to comment Share on other sites More sharing options...
oldskoolflash Posted October 6, 2005 Author Share Posted October 6, 2005 Lately DirectI has been taking some great measures to remove spammers. I suggest manually larting WEB-NAMEZ.COM with a CC to DirectI. 33808[/snapback] Thanks guys - to tell you the truth, I didn't even bother with web-namez.com - their page would not display without cookies enabled. The organisation doesn't sound legit "namez"????! I'll look into them in more detail tommorow and if they look ok i'll lart them and like Merlyn suggests, cc it to directi. Failing that, I have a friend who works for Pfizer; I may forward the details to them, they are usually pretty efficient in closing down this kind of site! Thanks again. Link to comment Share on other sites More sharing options...
oldskoolflash Posted October 7, 2005 Author Share Posted October 7, 2005 An update..... Decided to report to DirectI as I didn't like the look of web-namez.com at all. I got the following e-mail from them. At least it seems like a "human" reply, and they responded extremely quickly.... We have received your complaint for spam from thebestpills4u.com. We are extremely strict and proactive with regards to our terms of usage. Pursuant to our terms of service we have sent WARNING emails to the customer, all the contacts and any associated reseller about this domain. Failing to comply with our terms by the Customer will result in immediate termination of the domain name. Thank you for contacting our abuse department. Regards, DirectI Abuse Team ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Board Line (USA): +1 (415) 240 4171/2 Board Line (India): +91 (22) 5679 7500 FAX (USA): +1 (320) 210 5146 FAX (India): +91 (22) 5679 7508 ~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to comment Share on other sites More sharing options...
Farelf Posted October 7, 2005 Share Posted October 7, 2005 ... We are extremely strict and proactive with regards to our terms of usage. Pursuant to our terms of service we have sent WARNING emails to the customer, all the contacts and any associated reseller about this domain. Failing to comply with our terms by the Customer will result in immediate termination of the domain name. ... 33824[/snapback] Nice work - though if they have trouble apprehending that a site with a name like "thebestpills4u.com" just might contravene their "terms of usage" on a regular basis then their assurances might ring a little hollow. Still - different rules in India (pressure of finding a living for some 50 million extra "workers" each and every year and all that ...) Link to comment Share on other sites More sharing options...
Havel Posted October 8, 2005 Share Posted October 8, 2005 Lately DirectI has been taking some great measures to remove spammers. I suggest manually larting WEB-NAMEZ.COM with a CC to DirectI. 33808[/snapback] I'd welcome a place to report the Pfizer piracy. The bestpills4u domain seems to have been suspended by web-namez on 5/10 but it is still sending stuff out. A lot of the spam domains I look up seem to have a home in Korea at: 220.80.107.190 If anyone can find a way to get a reply out of these people, let me know. Incidentally, I looked up Albert Damoc and found that he seems to work for a Hungarian refugee outfit in Bucharest, which was how I stumbled across this thread. Link to comment Share on other sites More sharing options...
tired of conartists Posted July 2, 2014 Share Posted July 2, 2014 Host llyodservicesinc.com llyodservicesinc.com llyodservicesinc.com llyodservicesinc.com * TTL = Time to Live A records Host llyodservicesinc.com MX records (mail) Host llyodservicesinc.com llyodservicesinc.com llyodservicesinc.com SOA records (Start of Authority) Host llyodservicesinc.com Not sure if this helps but i have recently come across these sites. Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to [link removed] detailed information. Domain Name: LLYODSERVICESINC.COM Registrar: PDR LTD. D/B/A PUBLICDOMAINREGISTRY.COM Whois Server: whois.PublicDomainRegistry.com Referral URL: [link removed] Name Server: BENJ481502.EARTH.ORDERBOX-DNS.COM Name Server: BENJ481502.MARS.ORDERBOX-DNS.COM Name Server: BENJ481502.MERCURY.ORDERBOX-DNS.COM Name Server: BENJ481502.VENUS.ORDERBOX-DNS.COM Status: clientTransferProhibited Updated Date: 22-jun-2014 Creation Date: 22-jun-2014 Expiration Date: 22-jun-2015 >>> Last update of whois database: Wed, 02 Jul 2014 12:22:40 UTC Name servers benj481502.mercury.orderbox-dns.com IP : 50.23.136.230 Country : United States benj481502.earth.orderbox-dns.com IP : 67.15.253.220 Country : United States Region : TX City : Houston ISP : THEPLANET.COM INTERNET SERVICES Organization : Optical Jungle Position : 29.775 / -95.613 benj481502.venus.orderbox-dns.com IP : 50.23.75.45 Country : United States benj481502.mars.orderbox-dns.com IP : 184.173.149.222 Country : United States Useful tools - See more at: http:/ /wscheck.com/trust-report/llyodservi...h.aWMJjngD.dpuf 173.193.105.241 IP address information Passive DNS replication VirusTotal's passive DNS only stores address records. The following domains resolved to the given IP address. 2014-05-30 001565.com 2014-03-10 16flower.com 2013-12-15 3wwbancochile.in 2014-03-10 4seniorcarerx.com 2014-03-10 6rb1.com 2014-03-23 aartidrugs.com 2013-09-11 ajudarcomsaude.org 2013-09-25 alamericatopmodel.com 2013-09-16 arnoldcommunityfoundationfund.com 2014-04-18 aviationanalysis.net More Latest detected URLs Latest URLs hosted in this IP address detected by at least one URL scanner or malicious URL dataset. 1/53 2014-06-28 22:30:06 http:/ /cadastro-hsbc.com/ 3/52 2014-06-11 00:52:51 http:/ /update-microsoft.co.uk/showroom/bupdate.exe 1/52 2014-06-06 23:24:34 http:/ /flywayindia.com/%7Escam0/us/cgi-bin/webscr.php 1/52 2014-06-06 02:43:26 http:/ /hostrd.net/1/filenames.php 1/52 2014-05-27 01:16:43 http:/ /brasil23.com/ 2/51 2014-05-10 20:39:30 http:/ /microprecisionindustries.com/ 2/51 2014-04-14 23:05:11 http:/ /manutekabc.com/ 3/51 2014-04-01 06:50:46 http:/ /update-microsoft.co.uk/showroom/update.exe 2/51 2014-03-17 14:42:54 http:/ /systemlink.co.in/ 3/52 2014-03-09 02:43:34 http:/ /nakolochka.in/ More Latest undetected files that were downloaded from this IP address Latest files that are not detected by any antivirus solution and were downloaded by VirusTotal from the IP address provided. 0/46 2014-06-06 23:24:36 b03f07d20c282cb8d7151e0546e2e3631c882f1e96de8384001d0c87aade75d4 0/47 2013-06-09 06:27:26 a86ff27cc9788fa9e2796a024bc4955f8710cd53690f79ddb1835c45b7c9aeb9 Latest detected files that communicate with this IP address Latest files submitted to VirusTotal that are detected by one or more antivirus solutions and communicate with the IP address provided when executed in a sandboxed environment. 49/51 2014-06-06 02:43:21 9c50f43ba57aebfb465abf25d889d6c74d59f56d5525ce42238140448974db50 the last info was from virus total anyways have no clue if this helps but i figure any info is better than no info. [Edit 2-Jul-2014 2:55 pm EDT by SteveT (turetzsr) to remove hyperlinks to reduce the chance that someone might navigate unintentionally] Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.