|
 Author |
 How to remove many spammer sites at once (currently 2,597 views) |
| dj |
| Posted on: Sunday, May 6th, 2007, 4:21am |
 |
|
Super Spam Fighter 
Posts: 108
|
Used the Complainerator to report a spam email to WILD WEST DOMAINS (now theres a name!) and got the following reply  -
Our support staff has responded to your request, details of which are described below:
Discussion Notes
Support Staff Response
Dear *****,
Thank you for contacting support. Unfortunately, we are unable to assist you with this issue because we do not host the domain name that you provided. You must contact the hosting provider with your concerns. You can typically determine who the hosting provider is by the Name Servers that are provided on a Whois Search.
Regards,
Adam S
Customer Inquiry
Registrar: WILD WEST DOMAINS, INC.
Dear Registrar
This is a request for you to remove the spamvertized domain wonderblogs.com
EVIDENCE
From this link, you can see that your company is the spammed site's
registrar
* http://www.dnsstuff.com/tools/whois.ch?ip=wonderblogs.com
ACTION
Removal instructions for spammed domains are in this link
* http://www.spamtrackers.eu/wiki/index.php?title=Registrar_Advice
Thank you for your efforts to reduce spam and to keep criminals from abusing
your terms of service.
Regards
***************
--------------------------------------------------------------------------------
If you need further assistance with this matter, please reply to this email or contact customer service at 480-505-8857 and reference Incident ID: *********.
Thanks,
Wild West Domains |
Dave
"Now its personal" "Don't get mad, get even!" |
|
|
|
 |
Reply: 75 - 80 |
|
|
| MarkGiles |
| Posted on: Tuesday, May 8th, 2007, 10:17pm |
|
|
Posts: 363
|
Adam S is technically correct. Wild West Domains does not "host" the web site.
But then, the request did not state that they did.
As the registrar, they have accepted a contract with the registrant, whose details are sown in that link.
Quoted Text Registrant:
Adil Mohammed
Flat 3, 30 St Lawrence Terrace
London, London W10 5SX
United Kingdom
Registered through: DomainRightNow
Domain Name: WONDERBLOGS.COM
Created on: 05-Nov-05
Expires on: 05-Nov-07
Last Updated on: 30-Aug-06 |
Note the creation date.
If you really believe this site should be removed, you have two options.
1. Respond with a request that they remove the site by setting it to Client Hold.
2. Request the ISP to remove it - as follows
a. what is its IP address? ping http://www.wonderblogs.com
>> wonderblogs.com [216.86.146.129]
b. Lookup the owner of that IP
http://www.dnsstuff.com/tools/whois.ch?ip=216.86.146.129&email=on
c. Forward the request to the abuse dept
|
|
|
|
|
Reply: 76 - 80 |
|
|
| gentlemike2 |
| Posted on: Tuesday, August 28th, 2007, 9:22pm |
|
|
Posts: 4
|
Okay, Let me see if I understand all this:
I got an e-mail from phaonica dot com today. It is registered by Sammy Lee of Liquid Ventures Inc. It redirects to a site --- herbalonez dot com registered to Danny Lee of Healthworldwide Inc. herbalonez advertises p**** enlargement products.
The name servers for phaonica are:
ns1.met-dns.com
ns2.met-dns.com
ns3.met-dns.com
ns4.met-dns.com
The name servers for herbalonez are:
ns2.chechiewaz67.com
ns1.chechiewaz67.com
All of these name servers are registered with Beijing Innovative Linkage Technology Inc. (No surprise there).
So, I should e-mail Beijing Innovative and request that the met-dns.com servers be taken down, or the chechiewaz67 servers be taken down, or both?
What is my specific complaint?
Who do I cc this to?
I really want to get this down, so I can teach others. I will write up a how to on my own site's spam awareness forum, and spread the word on this technique.
This is new to me, forgive me for being a little slow. Rest assured, when I get it down, I will be using the technique with vigor and enthusiasm.
Gentlemike2 |
|
|
|
|
Reply: 77 - 80 |
|
|
| MarkGiles |
| Posted on: Wednesday, August 29th, 2007, 6:59am |
|
|
Posts: 363
|
Thanks for asking. Here is the evidence relating to that site. First of all, what do others think about it - what are their reviews? See the McAfee Site Advisor reviews at
http://www.siteadvisor.com/sites/phaonica.com/
(For any spammed site, you can simply replace the site name in that link.)
Next, who is the registrar? A whois lookup shows this
Domain Name: PHAONICA.COM
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com
Name Server: NS1.MET-DNS.COM
Name Server: NS2.MET-DNS.COM
Name Server: NS3.MET-DNS.COM
Name Server: NS4.MET-DNS.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 27-aug-2007
Creation Date: 27-aug-2007
Expiration Date: 27-aug-2008
You can go to the http://www.joker.com web site and complain there.
Who is the registrar for met-dns.com?
Domain Name: MET-DNS.COM
Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Whois Server: whois.dns.com.cn
..
Creation Date: 24-aug-2007
You can complaint to B.I.L.T. and request the name servers to be suspended,
because they are used solely for resolving illegally spammed sites.
But as you have noticed, this is just one of the front-ends that redirect to the Elite Herbal site, herbalonez.com
Who is its registrar?
Domain Name: HERBALONEZ.COM
Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Its name servers are listed as follows
Nameserver(s) according to NS-records
Internal lookup Address Reverse Liststatus Country URIBL associated domains Comment
ns2.chechiewaz67.com 216.243.251.247 216.243.251.247 Blacklisted United States URIBL SBL55229 |
ns1.chechiewaz67.com 216.243.251.247 216.243.251.247 Blacklisted United States URIBL SBL55229 |
The registrar for the name servers?
Domain Name: CHECHIEWAZ67.COM
Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
You can see that both the herbalonez.com web site and its name servers are all on the same IP address, 216.243.251.247 - that's fortuitous. Who is the ISP who is responsible for that IP?
OrgName: Matrix Consulting Group
Address: 108 West 13th Street
City: Wilmington
StateProv: DE
PostalCode: 19801
Country: US
So who to contact?
ABUSE280-ARIN
MCG Abuse Staff
+1-302-476-2747
MCG Support Staff
+1-302-476-2747
support@matrix-cg.net
Now there is a whole lot of contacts. How do you convince them that this site is no good?
Well, the European Spam Wikipedia has an entry describing Elite Herbal web site at
http://www.spamtrackers.eu/wiki/index.php?title=Herbal_King
Also the site advisor referenced above is useful evidence. Likewise the one for the redirected site:
http://www.siteadvisor.com/sites/herbalonez.com/ (3 pages of "reviews")
If all that sounds like hard work, there is a quicker way.
The Complainterator tool at http://www.complainterator.com automates the process of complaining to the registrars. You would run it once for phaonica.com, and again for herbalonez.com
The complaints about the IP address can be achieved by joining up with Spamcop, and submitting a spam to them.
Over to you. |
|
|
|
|
Reply: 78 - 80 |
|
|
| Spam_Killer |
| Posted on: Friday, September 28th, 2007, 1:18pm |
|
|
Posts: 2
|
Hi everyone,
I notify each domain URL's and use the complainterator spam tool.
I use OpenRBL http://openrbl.org/ to look up the URL to get the IP address. To find the URL "Fake IP address" I click the IP Whois on openRBL.
I notify the spammer's URL's and terminate them, also I notify the owner's of the spammer's URL's and terminate them.
Things I added to the complainterator spam tool letterhead.
1) news.admin.net-abuse.sightings
2) http://moensted.dk/spam/ stuff on that website. |
|
|
|
|
Reply: 79 - 80 |
|
|
| MarkGiles |
| Posted on: Tuesday, October 2nd, 2007, 12:01am |
|
|
Posts: 363
|
|
|
|
|
Reply: 80 - 80 |
|
|
Pages: 
Logged
Locked Board