« On Henges and Funnel Beakers | Main | Oi! »

Third time's the charm... of a diseased toad!

Because I don't like having my time of my resources stolen from me, I am not happy with the proprietors of Adult-movies.org and Hot-gay.tk (both links go to the Sam Spade pages for the spammed URLs) who spammed this weblog three times from the same IP address ( 83.237.7.75 - may be spoofed) in the past hour or so.

Unfortunately, both domains are less than penetrable. No domain registrar that I recognise as a reliable name, so no use complaining to them (although the domainsbyproxy IDs suggest that it's a subletter for Go-Daddy who are usually responsive). However, I have reproduced what I could find in the hope that a smarter person than me can take them down.

http://www.hot-gay.tk/ = [ 63.247.77.187 ]


Rights restricted by copyright. See
http://www.dot.tk/vc001100.html
Domain name:
HOT-GAY.TK
Organisation:
PSO
PSO
481 Eighth Avenue
10001 New York
U.S.A.
Phone: 212-971-0101
Fax:
E-mail: nyk@mail333.com


Domain Nameservers:
NS1.XXXNAMESERVERS.COM
NS2.XXXNAMESERVERS.COM
Domain registered: 06/12/2003
Record will expire on: 06/12/2006
Record maintained by: Dot TK Domain Reg

Drilling down using that IP address:


63.247.77.187 = [ ]

network: Class-Name: network
network: ID: 271.63.247.64.0/19
network: Auth-Area: 63.247.64.0/19
network: Network-Name: Capitalweb-550-2
network: IP-Network: 63.247.77.160/27
network: Organization;I: Capital Web
network: Tech-Contact;I: engineering@gnax.net


network: Admin-Contact;I: engineering@gnax.net

network: Created: 20030829
network: Updated: 20030829
network: Updated-By: engineering@gnax.net


------------------------------------------------------------------

Server Used: [ whois.pir.org ]

http://www.xxx-adult-movies.org/ = [ 63.247.77.187 ]


Domain ID: D94385143-LROR
Domain Name: XXX-ADULT-MOVIES.ORG
Created On: 28-Jan-2003 11: 56: 22 UTC
Last Updated On: 22-Jun-2003 09: 34: 03 UTC
Expiration Date: 28-Jan-2005 11: 56: 22 UTC
Sponsoring Registrar: R91-LROR
Status: OK
Registrant ID: GODA-02338325
Registrant Name: Registration Private
Registrant Organization: Domains by Proxy Inc.
Registrant Street1: 15111 N Hayden Rd. Suite 160
Registrant Street2: PMB353
Registrant City: Scottsdale
Registrant State/Province: Arizona
Registrant Postal Code: 85260
Registrant Country: US
Registrant Phone: 1.4806242599
Registrant Email: XXX-ADULT-MOVIES.ORG@domainsbyproxy.com


Admin ID: GODA-22338325
Admin Name: Registration Private
Admin Organization: Domains by Proxy Inc.
Admin Street1: 15111 N Hayden Rd. Suite 160
Admin Street2: PMB353
Admin City: Scottsdale
Admin State/Province: Arizona
Admin Postal Code: 85260
Admin Country: US
Admin Phone: 1.4806242599
Admin Email: XXX-ADULT-MOVIES.ORG@domainsbyproxy.com


Tech ID: GODA-12338325
Tech Name: Registration Private
Tech Organization: Domains by Proxy Inc.
Tech Street1: 15111 N Hayden Rd. Suite 160
Tech Street2: PMB353
Tech City: Scottsdale
Tech State/Province: Arizona
Tech Postal Code: 85260
Tech Country: US
Tech Phone: 1.4806242599
Tech Email: XXX-ADULT-MOVIES.ORG@domainsbyproxy.com


Name Server: NS1.XXXNAMESERVERS.COM
Name Server: NS2.XXXNAMESERVERS.COM

Drilling down again:
63.247.77.187 = [ ]

network: Class-Name: network
network: ID: 271.63.247.64.0/19
network: Auth-Area: 63.247.64.0/19
network: Network-Name: Capitalweb-550-2
network: IP-Network: 63.247.77.160/27
network: Organization;I: Capital Web
network: Tech-Contact;I: engineering@gnax.net


network: Admin-Contact;I: engineering@gnax.net


network: Created: 20030829
network: Updated: 20030829
network: Updated-By: engineering@gnax.net


-----
Note that both servers resolve to an IP address in the 63.247.77 range. This could be coincidence, but probably is not. The info for Gnax.net is


Server Used: [ whois.domaindiscover.com ]

gnax.net = [ 209.51.128.152 ]



Registrant:
Global Net Access LLC
55 Marietta St. Suite 1720
Atlanta GA 30303
US
Domain Name: GNAX.NET
Administrative Contact:
Global Net Access LLC
Hinkle Jeff
55 Marietta St. Suite 1720
Atlanta GA 30303
US
404-230-9150
404-230-9149 [fax]
jhinkle@gnax.net


Technical Contact Zone Contact:
Global Net Access LLC
GNAX Engineering
55 Marietta St. Suite 1720
Atlanta GA 30303
US
404-230-9150
404-230-9149 [fax]
engineering@gnax.net


Domain created on 26-Feb-2003
Domain expires on 26-Feb-2005
Last updated on 10-Jul-2003
Domain servers in listed order:
DNS1.GNAX.NET
DNS2.GNAX.NET

But I can't be arsed to contact them just yet, mainly because with Despammed still being down, I do not have any evidence to present. However, if I see their name turn up in connection with more crap in my blog, I will.

Comments (5)

Smilodon:

As always I'm not sure that putting the onus on registrars is a useful tactic. Service providers I can see, they are the one's providing the actual service that is being abused. Its also easy for them to stop letting their service be abused.

Registrars have one advantage over service providers: there are fewer of them. Once a spammer has been canned by a few registrars, they will have nowhere else to go.
Plus, some registrars already have anti-spam language in their AUPs. I think that validates the approach, and that as a consumer, I prefer to use the registrar that chooses to be part of the solution over the one that chooses to be part of the problem.

Not that I wouldn't advocate going after the service provider (both the host of the spammed website and the channel through which the spamming is done) as well. But service providers are a dime a dozen and too many of them are actively evil.

Cernenus:

What does despammed do for you? does it de-obfuscate the spam and traceback through the headers? If so you can get the same sort of service from spamcop.net maybe you can use that while despammed is down?

They're a spam-filtered email forwarder. Basically they supply me with an email address that I can safely publish on my various websites.

Transcripts of forum comments also go to my despammed address, which lets them through because they come from a server that doesn't send a lot of spam. This is good, because I need the transcripts to be alerted to spam postings and to deal with them later.

Despammed is back up, by the way.

don't Ripe allocate IP ranges?
gnax.net are either fly by night or numpties - as they have no reverse dns on their name servers...

I wonder what Ripe's views on such internet abuse is & whether they'd be willing to pull the allocated range on the abusers?

About

This page contains a single entry from the blog posted on July 27, 2004 7:32 PM.

The previous post in this blog was On Henges and Funnel Beakers.

The next post in this blog is Oi!.

Many more can be found on the main index page or by looking through the archives.

Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.34