Jump to content

[Resolved] colo4dallas


bobbear

Recommended Posts

Posted

Tracking URL

This money laundering fraudster, (norden.hk) appears to be running a zombie botnet herded by an Apache webserver running on the nameserver IP 72.29.99.77 (ns1.bg-arati.com [72.29.99.77])

The IP 72.29.99.77 is owned by Colo4Dallas & is part of a block reassigned to one Patrick Moore (no, not the Sky at Night Patrick Moore for UK readers, but then I suspect that it's an alias....).

Colo4Dallas are totally unresponsive to innumerable abuse reports sent to all addresses including the CEO & VP

So, what's the word on Colo4Dallas? Are they a blackhat organisation? Anyone any info?

Norden United are one of my most prolific crooked spammers, but the IP 72.29.99.77 doesn't appear to be listed anywhere, but then the Spamcop parser doesn't see the nameserver IP, just the source IP which is just one of umpteen ever changing zombies, so it's not a lot of use in getting the controlling IP listed.

The registrar for norden.hk is HKDNR who is also totally unresponsive to abuse reports & is in the blackhat frame along with Joker etc.

Posted

Thanks for that Steve - tried a web search but didn't try the groups. Lots of chaff that's hard work to make much sense of, but two things appear to be certain, firstly that colo4dallas crops up an awful lot, but the main thing is that they do not respond to abuse reports. Despite Paul VanMeter's claim that they "do not support spammers", they appear to support both spammers & fraudsters in my, admittedly limited, experience in trying to get them to take action.

Posted

Finally managed to make contact with Jeremy Pope of colo4dallas. It seems the problem was a not unusual one - spam filtering on the abuse address along with no NDRs being sent.

I'm happy to report back that now we have made contact they report that they have given the offending IP address owner 2 hours notice to remove the service prior to null routing it.

[Edit] Jeremy was as good as his word and turned it round very fast. Mind the crook wasted no time in switching his apache botnet herder over to a layeredtech IP address, (72.36.159.12). Here we go again..... At least they don't appear to have a spamfilter on their abuse reporting address....

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...