forum spammer: 72.229.251.243

Post Reply
alphacentauri
Posts: 3291
Joined: Mon Nov 02, 2009 12:52 pm

forum spammer: 72.229.251.243

Post by alphacentauri » Tue Sep 07, 2010 4:49 am

I had a visit from a comment spammer crawling a website of mine looking for a forum to spam (there is no forum). His IP address, 72.229.251.243, has been active for some time. Project Honey Pot has a list of the domains he's promoting:

http://www.projecthoneypot.org/ip_72.229.251.243
norxbuy.com
buyphentermine1.com
thehighrollerclub.com
bingoeuphoria.com
bingokisses.com
affrewards.com
triumphcasino.com
redlotuscasino.com
pulsebet.com
casinolesoleil.com


This blog has a list of the usernames he has registered and the email addresses he has given. (Forum spammers don't necessarily have to check those email inboxes, because they can predict the confirmation URL based on which forum software is used. But they do need an email address that won't bounce the confirmation messages.)

http://deathgleaner.wordpress.com/spam/

The spammer using that IP address has registered as
PeterMeyers jessygirl24@gmail.com 72.229.251.243
VickySanchezRamon elegantnyc9@gmail.com 72.229.251.243
escortforyoupapi zoroisabatman@gmail.com 72.229.251.243
Bodog bodog@gawab.com 72.229.251.243
Michaelescov helenkul25@pspgo.info 72.229.251.243


That first domain, norxbuy.com, is a pharma web site that claims to have U.S. licensed physicians who will write a prescription based on information submitted on a questionnaire. Since the US requires physicians to have a valid therapeutic relationship for this to be legal, one has to wonder who this doctor is and how long he'll be keeping that license -- if there really is a doctor or a license.

Their registration information:

Domain Name:norxbuy.com
Record last updated at
Record created on 2010/7/29
Record expired on 2011/7/29

Domain servers in listed order:
ns1.sunwave.com ns2.sunwave.com

name:(Gamtech Inc)
mail:(docheff@gmail.com) +1.7182076463
Gamtech Inc
Technical Contactor:
3077 42nd st 2Fl
Long Island City
NY,
US
11103

That same address is used for a casino site:
Domain Name:onlinecasinos5.com
Record last updated at 2009-09-10 22:22:23
Record created on 2009/9/10
Record expired on 2010/9/10

Domain servers in listed order:
ns1.sunwave.com ns2.sunwave.com

Administrator:
Name-- Dariy Margaritov
EMail-: (docheff@gmail.com)
tel --: +1.7182076463
org: Dariy Margaritov
3077 42nd st 2fl
long island city,new york,UNITED STATES 11103

reverse lookup on that number shows it's a cell phone number

Other domains for Dariy Margaritov:
dayforexblog.com (parked)
buyphentermine1.com
redsqcasino.com
(parked)

Figure10
Posts: 270
Joined: Sun Jun 20, 2010 9:46 pm

Thanks

Post by Figure10 » Tue Sep 07, 2010 5:15 am

rated and commented

Post Reply

Who is online

Users browsing this forum: Google [Bot] and 3 guests