The same cloaking bullshit artist I wrote about before has surfaced on Netfirms server.
Details:
IP Address: 80.77.80.103Where scraping content and redirect appear:
User Agent: "" [blank]
rbmusicartist.netfirms.com/Which redirects to some Ukranian or Russian bullshit artist's site:artistic-family-portrait.html
Domain Name: DEVAMATRI.COMGuess what?
Registrant:
Oleg Povaljaev
Oleg Povaljaev (anandasat@narod.ru)
Tereshkovoj
Odessa
null,65072
UA
Tel. +380.482648166
They host it on ThePlanet.com, you could knock me over with a feather, I'm so surprised.
DEVAMATRI.COM (70.87.136.118)
OrgName: ThePlanet.com Internet Services, Inc.Guess we should drop Netfirms in our blocked list too just to be safe:
OrgID: TPCM
Address: 1333 North Stemmons Freeway
Address: Suite 110
City: Dallas
StateProv: TX
PostalCode: 75207
Country: US
NetRange: 70.84.0.0 - 70.87.255.255
rbmusicartist.netfirms.com (64.34.66.18)
Netfirms Inc PEER1-NETFIRMS-02 (NET-64-34-66-0-1)Well, it's not much, but a little blocking each day will keep the scrapers away.
64.34.66.0 - 64.34.66.255
Now, here comes the real fun...
I was curious what else was on the server with DEVAMATRI.COM (70.87.136.118) and found a shitload of cloaking spam sites:
derrdek1234.infoNote: The sites are indexed in both Yahoo and MSN but they aren't in Google.
devamatri.com
fred00med.info
fredodermok2.info
goramon.com
greddertrniko.info
koljazzza.info
nikkasder4ee.info
nikkrongz.info
niko0lwerty.info
nikolannsw12.info
nikolansedd.info
nikolas1qqq4.info
nikolas1qwe.info
nikolazqwii.info
nikolfdsaz.info
ringvvv.info
vvvorgs.org
vwwvcom.info
wvvver54.info
xkoljazzzao.info
Probably not the last of the sites from this slimeball, most likely the tip of the iceberg, but it's definitely a start to unearthing his network of crap.
1 comment:
Great findings, Bill :-)
I'd like to add that the spammer's ip address shouldn't be neglected:
inetnum: 80.77.80.0 - 80.77.80.255
netname: UAONLINE-1
descr: ipipe network
country: GB
admin-c: MS9776-ripe
tech-c: VK1045-ripe
status: ASSIGNED PA
mnt-by: uaonline
mnt-domains: uaonline
source: RIPE # Filtered
person: Soldatov Maxim
address: Marylebone high street 78
address: W1U 5AP London
phone: +380 50 4985406
e-mail: makc @ ipipe.net
org: ORG-RIBC1-RIPE
nic-hdl: MS9776-ripe
mnt-by: uaonline
source: RIPE # Filtered
person: Vladimir Klenov
address: London, United Kingdom
phone: +380 50 4985406
e-mail: maple @ ipipe.net
nic-hdl: VK1045-ripe
mnt-by: uaonline
source: RIPE # Filtered
UAonline stands, as you may have already guessed, for Ukraine online and these ip addresses primarily serve as VPS/Proxy connectivity for hire:
Spamhuntress #1
Spamhuntress #2
Spamhuntress mention hqhost, who are offering their services in English, too. Well, you can figure it out yourself: Spammer rents a proxy for a couple of weeks, signs hosting services, spams the hell out of them (or the rented address) and gets away with it unidentified.
Olliver
Post a Comment