Category Archives: the mallet

interesting

the past few weeks (maybe as much as a couple months) i have been getting anywhere from 4 to 24 “porn spam scam” emails per day — you know the ones, where the guy claims to be a “hacker” who has “taken over” your computer, is emailing you “from your own email address”, doesn’t speak english too well, and demands some random amount in bitcoin to prevent him from revealing your “pornographic indiscretions” to “everyone on your contact list” (😒) — and i have been reporting EVERY! SINGLE! ONE! to their upstream provider, and to the bitcoin abuse web site… but for the past couple of days, i have noticed that the constant stream has dropped off considerably: two days ago, i received two messages, yesterday i only received one, and, so far, today, i haven’t received any.

i also noticed that, a few days ago, i started seeing specific SpamAssassin rules that are targeted towards the porn-spam-scam racket (bitcoin address recognition and “from:” address spoofing are the two big ones), but considering the massive influx of porn-spam-scam messages over the past couple of months, i would have expected a much more gradual drop-off.

spam spam spam spam spam spam spam spam spam spam MALLET!

i never get tired of this… 😎

[#RNZ-396-23469]: ABUSE VIOLATION: RE: PAYMENT INVOICE
From: Namecheap Legal & Abuse Team <abuse@namecheap.com>
To: you know who
Date: 180520 12:37 am
Spam Status: Spamassassin
Hello,

Thank you for your report.

While the gaushmedical.us domain name is registered with Namecheap, it is hosted with another company. That is why we cannot check the logs for the domain and confirm if it is involved in sending unsolicited emails.

However, it seems the domain name is blacklisted by SURBL. Since we consider SURBL to be a trusted organization, we opened a case regarding the domain name. Please allow about 48 hours for our further investigation.

Thank you for letting us know about the issue.


[#RNZ-396-23469]: ABUSE VIOLATION: RE: PAYMENT INVOICE
From: Namecheap Legal & Abuse Team <abuse@namecheap.com>
To: you know who
Date: 180521 08:19 pm
Spam Status: Spamassassin
Hello,

Please be informed that as a result of the investigation, the domain gaushmedical.us was suspended. It was null-routed and locked in our system, so the spamming activity should end once the propagation is over.

Thank you for letting us know about the issue.


whois gaushmedical.us
Domain Name: gaushmedical.us
Registry Domain ID: DC3FBD2D4DC1743DE92E082A91D15BEDE-NSR
Registrar WHOIS Server: whois.namecheap.com
Registrar URL: http://www.namecheap.com
Updated Date: 2018-05-22T03:18:40Z
Creation Date: 2018-05-15T06:56:45Z
Registry Expiry Date: 2019-05-15T06:56:45Z
Registrar: NameCheap, Inc.
Registrar IANA ID: 1068
Registrar Abuse Contact Email: abuse@namecheap.com
Registrar Abuse Contact Phone: +1.6613102107
Domain Status: clientTransferProhibited https://icann.org/epp#clientTransferProhibited
Registry Registrant ID: C29C72D760FD14C7FAD8D886E1C016E55-NSR
Registrant Name: New Oru
Registrant Organization:
Registrant Street: Hertzstr. 4
Registrant Street:
Registrant Street:
Registrant City: Heidelberg
Registrant State/Province: Heidelberg
Registrant Postal Code: 69126
Registrant Country: DE
Registrant Phone: +49.8635999192
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: neworu2@gmail.com
Registrant Application Purpose: P1
Registrant Nexus Category: C11
Registry Admin ID: CBBCDFB2B18654CFC972C6274C0858A93-NSR
Admin Name: New Oru
Admin Organization:
Admin Street: Hertzstr. 4
Admin Street:
Admin Street:
Admin City: Heidelberg
Admin State/Province: Heidelberg
Admin Postal Code: 69126
Admin Country: DE
Admin Phone: +49.8635999192
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: neworu2@gmail.com
Registry Tech ID: C3200FE79814B420EB1FA838AEBEF9060-NSR
Tech Name: New Oru
Tech Organization:
Tech Street: Hertzstr. 4
Tech Street:
Tech Street:
Tech City: Heidelberg
Tech State/Province: Heidelberg
Tech Postal Code: 69126
Tech Country: DE
Tech Phone: +49.8635999192
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: neworu2@gmail.com
Name Server: blockedduetospam.pleasecontactsupport.com
Name Server: dummysecondary.pleasecontactsupport.com
DNSSEC: unsigned
URL of the ICANN Whois Inaccuracy Complaint Form: https://www.icann.org/wicf/
>>> Last update of WHOIS database: 2018-05-22T04:57:32Z <<<

😂

Rule 3

an example of Rule 3, spammers are stooOOpid…

at 3:24 pm, today, this happened:

180501 stupid crack attempt
180501 stupid crack attempt

at 3:26 pm, today, i blocked 88.99.0.0/16 from accessing my web site.

you may not fit the definition of a spammer, but you are definitely stooOOpid. is it possible that you are a machine? you have not done your owner a favour, you know.

dear OVH

dear OVH,

i have been reporting, and blocking spam from your network for at least 5 years. i have at least 500 different addresses that you have used to hide behind, so that when the spam-reporting gets too extreme, you just start a new, incomprehensible email address… yes, i’m talking about fp01iidryzteec0r2yld@a.o-w-o.info and mkc7d52oxkmej7gwghxj@a.o-w-o.info and 94nhgu6xjcnivuapgan0@m.o-w-o.info and 0og193qe7kalvv4n0key@z.o-w-o.info and EVERY FUCKING thing in between…

through my moderate poking around, i have discovered that most of these addresses are for Florent Demuynck, Stephane LeSimple, Falco Schmutz, Grillion Alexis, Tarik Benammar, Edouard Vanbelle, Benjamin Ficheland, Laurent Allard, and others (some of whom may or may not still be employees of OVH), and/or their boss, Octave Klaba.

today, for the first time, i have actually blocked someone from OVH for trying to login to this blog… YES, MY BLOG has been probed by 158.69.223.8.

this is a warning: if i EVER catch you or any of your minions poking around my web again, i will block you so fast that it’ll make your head spin.

i’m on to you OVH. don’t push me, or you’ll feel my mallet! 😠