Part I - Spam and Punishment.
As you might have noticed, I’ve got an attic full of spam, and Evil Santa backs the sleigh up and unloads more every night.
It started out as a joke and an experiment – both of which are still going quite well I think (I’m both still amused and am apparently far more renowned in some quarters for my spamcatcher than anything I’ve ever written :-)
I do worry a little about the weight of them (the joists are moaning under their tonnage, and sawdust and drywall shake sifts down into my soup every time they squirm around up there) but I have grown attached to the little bastards. So as one of you has suggested, perhaps I’ll crack a bottle of something good and have a spam-e-que when the counter tops 1,000.
However, recently some new spamutation has been getting past the netting and not landing waaay downstream where I let the weeds grow high and the primeval spam prairie return to its natural state.
And its kinda pissing me off.
The one that has seen fit to track its scrofulous hooves thru this site is an offer from “Degree Programs-Online” to give you free shit if you do product testing for them.
Of course we all know this is a lie, and that people who spam schemes like this cry out for a benevolent Diety to seal their nostrils and ball-gag-strap them to a Hummer’s tailpipe until their toenail-beds turn a festive blue.
It also bears the true mark of a lazy criminal; some fat-assed slob who can’t even be bothered to rechristen the front company when he changes the con.
But what do we really know about the pod people who make a living flinging electronic poo at the rest of us? Inflicting wretched digital syphilis like “Degree Programs Online” on the rest of humanity?
Yeah, I could turn on the wards that Blogger provides. I may yet do so but honestly, where’s the Swinging, Penis Enlarging, Bad Face Lifting, Day Trading, Women Attracting Loosers (loosers? Hell, better pair that up with a Kegel Exercising site), Gastric Bypassing, Black Mold Testing, Debt Eliminating sport in that?
We’ll turns out it’s a longer story than I originally anticipated, and takes several turns – and that spam is grottier and more well-traveled than a globe-trotting crack-whore -- but I felt like taking a break from the political stuff for a day or two, and it felt to me like there might be the makings of a cool story here.
And a relaxing way to kill a few hours on a Saturday afternoon waiting for other pies to cool.
Judge for yourself.
So what do we really know about these barnacles?
Well, we know, for example, that the parent company of the “Degree Programs Online” scam are these guys:
“Consumer Research Corporation”And that this is their address:
3830 Forest Drive, Suite 207Which looks like this from atop Mt. Olympus:
Columbia South Carolina 29204
U.S.A.
And that their phone number is as follows:
803-790-8381That one of their “divisions” is RetailReportCard.com, which runs under this IP address: 208.38.131.22, and was or is being used to run a Golf Equipment scam.
In fact, this Golf Equipment scam, which also amply demonstrates the fact that that these fuckers also spam via email, as this gentleman learned…
I, too, fell prey to their "fulfill two offers and get free golf club". No answer on the phone and now no recourse. The unsolicited email I received did not explicitly spell out that the two offers had to be made on each pageWe know this IP address was repeatedly blackballed (redballed, really) here for a variety of Spams Against Humanity
These people need to be put out of business. I now get 20 - 30 spams per day since falling for this scam.
But what else do we know?
We know that the main server they use is addressed in Dallas, Texas at a company called this:
“Theplanet.com”We know that this is the server IP address:
70.85.182.10So what do we know about that server IP and company?
Quite a bit, actually.
We know this…
OrgName: ThePlanet.com Internet Services, Inc.We know the name and number of their tech support person:
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US
ReferralServer: rwhois://rwhois.theplanet.com:4321
NetRange: 70.84.0.0 - 70.87.255.255
CIDR: 70.84.0.0/14
NetName: NETBLK-THEPLANET-BLK-13
NetHandle: NET-70-84-0-0-1
Parent: NET-70-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.THEPLANET.COM
NameServer: NS2.THEPLANET.COM
Comment:
RegDate: 2004-07-29
Updated: 2006-02-17
RTechHandle: PP46-ARINWe know what they look like from LEO (Low Earth Orbit)
RTechName: Pathos, Peter
RTechPhone: +1-214-782-7800
RTechEmail: ******@theplanet.com
...just in case you have access to the targeting software for any space-based weapon’s platforms and are suddenly seized with the urge to make the Homeland a little less stinky.
We know they were also redballed on this site for refusing to remove spammers.
This site also notes another contact phone number for the “ThePlanet” here, should you ever want to give them a call:
added 2002-10-17; listwashing, refusal to remove spammersWe know that good people at this same, spam-alert site noted that “Arameda” was being hosted by ThePlanet.com on IP addy 67.19.8.122, and that Arameda came to the immediate attention of Project Honeypot.
added 2002-10-17; see http://groups.google.com/groups?selm=ur7uqu0mjfgd9k21tonfdb8eqkn1t2kea4%404ax.com&oe=UTF-8
added 2003-06-21; called theplanet +1-214-782-7802 - abuse person never returned the call
added 2003-06-28; called theplanet +1-214-782-7802 - told them about the SBL and SPEWS listings.
What is Project Honeypot?
A frabjous and benevolent conspiracy to take down spammers and make ‘em sizzle like roaches on a hot plate.
Let them speak for themselves…
Project Honey Pot is the first and only distributed system for identifying spammers and the spambots they use to scrape addresses from your website. Using the Project Honey Pot system you can install addresses that are custom-tagged to the time and IP address of a visitor to your site. If one of these addresses begins receiving email we not only can tell that the messages are spam, but also the exact moment when the address was harvested and the IP address that gathered it.And so what is “Arameda”?
D. Logan at Project Honeypot explains:
Arameda is appearently a search engine. Spam bot 67.19.8.122 user agent is "Mozilla/6.0 (compatible; arameda.com Spider)". It has 19 messages associated with it according to its stats page. Does this mean that arameda is a spammer?And where does Arameda come from?
Well I asked them this:
A spidering bot (ip 67.19.8.122) has been viewing my site and claims to be from arameda according to the logs. Is this an ip address that your spider uses?
They replied:
Yes, this IP belongs to our spider.
Either arameda is a spammer or someone is posing as arameda. Anyone have any ideas?
Well tell the band to play a little traveling music and strap yourself into your James Bond/George Smiley/Arkady Renko mink hat, ‘cause we’re Russia-bound, baby.
A.Blanchard at Project Honeypot picks up the narrative…
Totally Russian. All paths lead back to TomskA Russian mail-drop in Boston, that forwards to another mail-drop in NYC, being operated from Tomsk?
from the whois for arameda.com:
Domain Name: ARAMEDA.COM
Administrative Contact:
Mouraviev, Mikhail sales@arameda.com
423 Brookline Avenue, #359
Boston, MA 02215
US
781-791-2413
Googling the address reveals that it's just a maildrop.
Googling the phone number finds it also on the privacy page for trevolta.com
The address for trevolta.com is given as
Trevolta, Ltd.
410 Park Avenue, 15th floor
New York, NY 10022.
But this is just another maildrop, see: http://www.manhattan-office.com/virtual.html
whois for trevolta.com:
Domain Name: TREVOLTA.COM
Administrative Contact:
Prokofiev, Konstantin sales@trevolta.com
37 Kirova St.
Tomsk, Tomsk 634042
RU
7-382-257-3780
The IP address 67.19.8.122 (see first message in this thread) is more interesting.
Arin reveals this is owned by theplanet.com.
OK, now this is getting fun, although I will be hiring someone to start my car for me for the next few weeks.
Anyway, now let lace up our Seven League Boots and leap to the other side of the planet for a trip to America’s sunny West Coast.
Why?
Because the owner/registrar of the domain name -- “Degree Programs Online “ – that is being hosted by the servers at the Spammer’s Hotel California – TheWorld.com -- is in...California.
Domain ID:D11323068-LRMSIsn’t it cool that it comes with a phone number?
Domain Name:DEGREE-PROGRAMS-ONLINE.INFO
Created On:22-Nov-2005 18:29:16 UTC
Last Updated On:21-Jan-2006 20:31:22 UTC
Expiration Date:22-Nov-2006 18:29:16 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:OK
Registrant ID:78444F177D483CF3
Registrant Name:WhoisGuard Protected
Registrant Organization:WhoisGuard
Registrant Street1:8939 S. Sepulveda Blvd
Registrant Street2:8939 S. Sepulveda Blvd
Registrant Street3:
Registrant City:Westchester
Registrant State/Province:CA
Registrant Postal Code:90045
Registrant Country:US
Registrant Phone:+1.6613102107
It was registered in May of 2004 with an expiration date/time of 20 May 2010 15:22:23, which means he or she plans to keep jizzing their spamagma (tm) all over the internets for another four years.
Presuming of course that some irate citizen doesn’t go digitally-postal on their ass, ball-gag-strap them to a Hummer’s tailpipe, and so forth.
But that would be so very wrong.
Namecheap.com (the people who offer “WhoisGuard” shielding for their clients) is the name of the company operating out of 8939 S. Sepulveda Blvd. They also own-or-shield this Domain Name --
theonlinebusinesssystem.com – and both are registered with ICANN (Internet Corporation for Assigned Names and Numbers) via an organization called, eNom, Inc.
Namecheap.com is itself also registered via, eNom, Inc.
Namecheap.com also owns-or-shields BAD-CREDIT-REPAIR.INFO at IP 66.111.234.36
Also SECRETSERVERS.BIZ at IP 65.98.56.90
Also ran this email-based doozy from 2005
“Subject: Why Pay When It's Free?The link would then reedirected you to this site:
Introducing "2005 Digital Cable Filters"
Equipped with latest pass-through technology video bypass chip.
Guarantee to work with all digital cable receivers..
or your moneeys back!
- Enjoy free pay-per-view channels
- Adult Channels
- On Demand Channels
and lots more!
http://1click4store.com/ronn_022/cablefilter/index.html
The "bait" and the "switch" here are both dead links now.
Which is where the first half of all good mysteries should end: with a coupla stiffs and a hatful of suspects.
28 comments:
driftglass, you are the shit. nice terry pratchett reference too. cheers.
Are you sure about the Tomsk address being a warehouse? Kirova Street is several blocks long, so there are a lot of buildings on it. One of them, as I recall, is FSB (KGB) HQ in Tomsk. (Corner of Lenina Prospekt and some street, Kirova I think, in front of Tomsk State University. In any case, all lines run through FSB via SORM2 (Google it.) Not saying they're involved with the Tomsk thing. But if it makes money, that's the main thing. It's then protected under a "roof", and that means some pretty nasty people. On the other hand, if the Tomsk connection is up and running under radar, no roof and probably not paying taxes in place of protection money, then pointing it out to Tomsk officials (filing a complaint through US State or US DOC, or both) would create a mess for the Tomsk operators. Unless they're established mafia and provide their own roof. Only FSB and mafia can provide roofs that matter.
I worked anti-corruption in Tomsk, BTW.
Anyway, nice work.
Mesmerizing detective work!
Wow!
And I thought that I got off on some wild tangents following crazy trails!
I am a mere amateur.
Love your spamcatcher. Full metal spambot protection? Maybe not so much as it turns out. BTW, how come I can only read a handful of those delightful missives? Is it a space-wasting spambot attack?
US expat,
I worked anti-corruption in Tomsk, BTW.
Very cool.
As for my setting, nah. Just poetic license. I read that Tomsk was an exporter of ballbearings and it sounded like a good setting for low-rent intrigue.
pretty shaved ape,
Thanks.
mommybrain,
Takes a long while to load. There's gold up there.
Terry of the C.A./Matt St. Amand,
I was just curious to see how far I could push one piece of spam.
Turned out, quite a long way.
I�m sure these erotic phone sex Olympics will feel a lot different.
There is not only more pressure on us as a team but more pressure individually. erotic phone sex
I have been following a site now for almost 2 years and I have found it to be both reliable and profitable. They post daily and their stock trades have been beating
the indexes easily.
Take a look at Wallstreetwinnersonline.com
RickJ
I have been following a site now for almost 2 years and I have found it to be both reliable and profitable. They post daily and their stock trades have been beating
the indexes easily.
Take a look at Wallstreetwinnersonline.com
RickJ
I have been following a site now for almost 2 years and I have found it to be both reliable and profitable. They post daily and their stock trades have been beating
the indexes easily.
Take a look at Wallstreetwinnersonline.com
RickJ
I have been following a site now for almost 2 years and I have found it to be both reliable and profitable. They post daily and their stock trades have been beating
the indexes easily.
Take a look at Wallstreetwinnersonline.com
RickJ
Very informative blog site.
It must have taken a while to put all
this info here, Very cool.
I have a business from home internet uk work site.
It pretty much covers business from home internet uk work related stuff.
Come and check it out if you get time.
Hi,
I was searching through Blogger to see if I can find some information on Home-based Business. I stumbled on your blog, as this was not quite what I was looking for about Home-based Business. I did however read your blog and found it quite interesting, keep up the good work and hopefully I will visit it again.
Regards,
First Class all the way!
- http://proof.sitesell.com/web-sales22.html - services
Very Nicely said!
Pete - http://buildit.sitesell.com/web-sales22.html - services
I have been following a site now for almost 2 years and I have found it to be both
reliable and profitable. They post daily and their stock trades have been beating
the indexes easily.
Take a look at Wallstreetwinnersonline.com
RickJ
Hey, you have a great blog here! I'm definitely going to bookmark you!
I have a totally free credit report site.
Come and check it out if you get time :-)
Greetings.
Student Consolidation
Debt Consolidation Loan can help you reduce your interest burden by charging an interest rate lower than the rate on your existing loans. Debt consolidation loan can also allow you to make small monthly payments by extending the loan period
Student Consolidation
Debt Consolidation Loan can help you reduce your interest burden by charging an interest rate lower than the rate on your existing loans. Debt consolidation loan can also allow you to make small monthly payments by extending the loan period
Student Consolidation
Debt Consolidation Loan can help you reduce your interest burden by charging an interest rate lower than the rate on your existing loans. Debt consolidation loan can also allow you to make small monthly payments by extending the loan period
Student Consolidation
Debt Consolidation Loan can help you reduce your interest burden by charging an interest rate lower than the rate on your existing loans. Debt consolidation loan can also allow you to make small monthly payments by extending the loan period
Student Consolidation
Debt Consolidation Loan can help you reduce your interest burden by charging an interest rate lower than the rate on your existing loans. Debt consolidation loan can also allow you to make small monthly payments by extending the loan period
Hello Friend! I just came across your blog and wanted to
drop you a note telling you how impressed I was with
the information you have posted here.
Keep up the great work, you are providing a great resource on the Internet here!
If you have a moment, please make a visit to my stocks site.
Good luck in your endeavors!
Hey Fellow, you have a top-notch blog here!
If you have a moment, please have a look at my bad credit debt consolidation mortgage site.
Good luck!
Hey Fellow, you have a top-notch blog here!
If you have a moment, please have a look at my bad credit home equity loans site.
Good luck!
I was searching blogs,and I found yours.Please,
accept my congratulations for your excellent work!
If you have a moment, please visit my wpa wireless security site.
Have a good day!
I am here because of search results for blogs with a related topic to mine.
Please,accept my congratulations for your excellent work!
I have a bad credit instant personal loan site.
Come and check it out if you get time :-)
Best regards!
Hey, you have a great blog here! I'm definitely going to bookmark you!
I have a bad credit illinois loan personal site.
Come and check it out if you get time :-)
Greetings.
Your blog I found to be very interesting!
I just came across your blog and wanted to
drop you a note telling you how impressed I was with
the information you have posted here.
I have a .biz domain name register
site.
Come and check it out if you get time :-)
Best regards!
A fantastic blog yours. Keep it up.
If you have a moment, please visit my .net domain names for site.
I send you warm regards and wish you continued success.
I was searching blogs,and I found yours.Please,
accept my congratulations for your excellent work!
If you have a moment, please visit my bad credit mortgage site.
Have a good day!
Your blog I found to be very interesting!
I just came across your blog and wanted to
drop you a note telling you how impressed I was with
the information you have posted here.
I have a used golf car
site.
Come and check it out if you get time :-)
Best regards!
Post a Comment