Saturday, November 24, 2007

Seedcash / cluster

Daniel Lessing
An oldtimer, listed in ROKSO (Spamhaus' Register of Known Spam Operations).
Nicks on bulkerforum.biz are seedcash and cluster.
He used "cluster" on the spammer forum specialham too, in addition to dl1227.
On other he used dl69hunt.

Into porn, mortgage spamming, hosting and trying to sell some harvested lists on bulkerforum.

Hmm, selling harvested lists? Is that legal?

Posted by Ducks In Two Rows

Posted by Spam-Court at 3:30 PM 0 comments

Labels: ,

Bioshah

Let's just give this one the status of "under construction" now.

A "dropshipper".
Content from the private part of bulkerforum has been "outed" by the smelly ex-wannabe-spammer.

The most interesting part is who he really is.
We don't know. Yet.
Only a couple of clues.

Small keywords to be checked and sorted out:


  • Hitesh

  • biologicalmiracle

  • shacro

  • hitmanshah

  • London


Hmm, London.
A few years back a letter went out from the FDA to:
Biologicalmiracle.com
PO Box 726
London, England EC1 V 7QQ
United Kingdom

Time will show if this is the same guy.
Biologicalmiracle is still up, same snake oil.

Quoting from one of his posts on the former private part of bulkerforum (smelly ex-wannabe-spammers can sometimes come in handy):
Pharma Sponsor & Drop Shipping
Im posting this here as I dont want Anti Fuckers to contact me in main Forum.
We still have pharma sponsor with controlled meds. So if any of you are interested PM.

Maybe FDA, FBI or others would like to contact him too?
Posted by Ducks In Two Rows

Posted by Spam-Court at 3:29 PM 0 comments

Labels:

LHL

LHL or lhyfrank


A Smart Condor. Known at least since the specialham days. Probably Chinese. Aka "lhyfrank".
lhl1922@yahoo.com
At first glance he specializes in adult, MySpace and yahoo bots.
Has at least one listing in Spamhaus.
Some indications that this one also is or was involved in hosting.
Latest domain is thxkilo.com. Whatever that is.
Easy to spot and trace. I will leave that to others and maybe fill in some more later.

Posted by Spam-Court at 3:27 PM 0 comments

Labels:

Thursday, November 22, 2007

Sanjay / sancash

A quick note to self:
This guy is involved with Elite Herbal.
How high up he is in the food chain cannot be established accurately.
If not on top, he is very high up.

Definitely to be continued.

Posted by Spam-Court at 9:05 PM 0 comments

Labels: ,

ProfDDoS

Saturday, November 17, 2007

The Nickname says it all.
His post #5 on bulkerforum.biz:
Greeting!!!!

Let me to bring to your attention professional DDoS service!
Quality is guaranteed by uniqueness of the updated and supported software. Huge, constantly growing quantity of bots worldwide online.
Destroy a site of the competitor!!!
The prices depend on duration and complexity of the project.
For information welcome in the icq.
For all questions: ICQ support 448845. skype ss_support1


Moderators Dollar and Crypto are not totally happy about that post.
A bit strange regarding Crypto when reading his greetings to AbdAllah, but who knows what's inside these guys' brains.
Crypto has not been showing too much intelligence in his posts, so it is perhaps not so strange after all.

Phantom rushes to the defense of ProfDDoS:
I have to disagree here guys LOL this person has been of great service to us all without you even knowing about it ..Thanks guy


ProfDDoS is the same guy as, or in bed with .....damn I lost that part.

[end of Ducks' posting]

Note: ProfDDoS is the same guy as, or in bed with "Caesar" on bulkerforum.

Posted by Spam-Court at 8:48 PM 0 comments

Labels:

onlinecasino Jeroen Puttemans

An old acquaintance from the specialham days.
I am not visiting the bulkeforum board so often these days.
It is good to have other spammers draw your attention to stuff you overlook.

Good old Jeroen (well, he is not that old, soon 24) is now selling stolen lists.
Our spammer suspected it when he saw this post from him:

1.7 million opt-in gamblers data from pureplay.com for sale
exclusive leads taken by our team straight downloaded from database
i'm selling them cheap
price 2 k


And the best part of it is that Puttemans confirmed the list was stolen when he was accused of selling a fake list:
it's not fake you fag!
our hacker stole it, the data is real


Another criminal on bulkerforum.biz.

Puttemans will mess it up for himself sooner or later, he tends to do that.
Here is a sad story from him (godmailer) back in 2004:


godmailer: damn my sagonet servers all got shutdown
godmailer: im going to charge back

godmailer: i have no proxies, no server damn im out of business
godmailer: i was too greedy
godmailer: should i apologize to god maybe thats best lol

godmailer: i need to complete 80 gamblers in 2 weeks and i have nothing'
godmailer: especially no proxys
godmailer: thats a 10 K pre paid order
bisz: sucks to be u
godmailer: yes it is
godmailer: i already received the 10 k pre paid order


Nice little row of IP-adresses he had back then:

Sago Networks SAGO-20030401 (NET-65-110-32-0-1)
65.110.32.0 - 65.110.63.255
Jeroen Puttemans SAGO-65-110-63-100 (NET-65-110-63-100-1)
65.110.63.100 - 65.110.63.109


But he messed up.

There are some other stories about him too.
I will be filling in more stuff. Maybe a picture, if I can find it. The fatcat.
Posted by veruccawatcher

Posted by Spam-Court at 8:41 PM 0 comments

Labels:

Abdullah / AbdAllah

Thursday, November 22, 2007

tiket.cc - AbdAllahs support site?

AbdAllah, the proud member of bulkerforum.biz with connections to the Russian Business Network has a site that avoids attention:
Some info:


Domain: tiket.cc
Status: Protected

DNS:
       ns1.dnsmanager.org
       ns2.dnsmanager.org

Created: 2007-11-04 03:15:56
Expires: 2008-11-04
Last Modified: 2007-11-03 15:15:53

Registrant Contact:
       Private person
       Ahmad Gashmi Ahmad Gashmi (mailbox@abdulla.cc)
       Rublevskoe Shosse 7
       Moskow, Moskow, RU 542009
       P: +7.4952038129         F: +7.4952038129


Hosted at leaseweb in the Netherlands, 85.17.184.21.

Compare with this one:

Domain Name: ABDULLA.CC

Registrant:
   AbdAllah net inc.
   AbdAllah El Ahmad Gashmi        (abdulla@abdulla.cc)
   Kreshatik street 32/16
   Kreshatik street 32/16
   Kyiv
   Kyïv,45434
   UA
   Tel. +38.0632687263


The last one is listed on spamhaus.org, SBL49890.


This guy has connection to the Russian Business Network, one of the worst criminal networks in history.
And he is a proud member of bulkerforum.biz, offering his services there.
The moderator Crypto (Victor Goncearencu) gives him a nice welcome hug:

[Nov 16, 2007]
His second post on bulkerforum.biz:

BP servers & hosting for mailing, trojan's, exploit's, etc. in Turkey, Malaysia, HongKong, USA, Thailand, China.
Fast setup, cheap price.
Please contact ICQ: 483-384-343 (Mr.Abdulla)
or write to PM.
Thank you !


One example of the typical hard working, honest members of bulkerforum.biz.

And the moderator Crypto (Victor Goncearencu) greets him:

He is a well known russian BP provider.
Dobro pajalovati na bulkerforum AbdAllah.



We know that hosting mule scams is one of those included in his term "etc.", but what else is possible?
Child porn, carder sites? Not unlikely.

Honored with an SBL-listing in Spamhaus in November 2007, SBL59691.
And if you look closely you will find him in SBL49890 from January 2007 too.

To be continued ........
One "snippet" from ducksintworows.blogspot.com, which is still under DDoS.

Posted by Spam-Court at 8:30 PM 0 comments

Labels: ,

Subscribe to: Posts (Atom)

About Me

Take a web site down with a DDoS and you get multiple spin-offs, and the information you tried to suppress proliferates. In fact, everyone wants to see what the fuss was about, and it becomes even more widely known. Karma. Get used to it.