[63733] in North American Network Operators' Group
Re: Wired mag article on spammers playing traceroute gameswith
daemon@ATHENA.MIT.EDU (Hank Nussbacher)
Thu Oct 9 17:16:55 2003
Date: Thu, 9 Oct 2003 22:24:22 +0200 (IST)
From: Hank Nussbacher <hank@att.net.il>
To: John Neiberger <john.neiberger@efirstbank.com>
Cc: nanog@merit.edu
In-Reply-To: <sf856601.090@efirstbank.com>
Errors-To: owner-nanog-outgoing@merit.edu
On Thu, 9 Oct 2003, John Neiberger wrote:
Doing some Googling on tubul I found:
WAP S.A.
Katarzyna Piatek (tubul at wp.pl)
+48.327811019
FAX- +48.327811025
Opolska 22
Katowice, 40-084
PL
-Hank
> >Actually, in the case of the wired article (removeform.com), it seems
> to be
> >connected to a site in Florida.I asked my programmer
> (gabor@sentex.net)
> >to decode the obfuscated java script/page that is served up by one of
> the
> >zombies (On FreeBSD fetch -B 18192 -o danger.html
> >http://www.removeform.com/d - I got it from 207.5.215.72at the
> time).I
> >have attached it as a zip file with its contents. You will note that
> the
> >form post goes back to
> >
> >form action="http://207.36.47.68/cgi-bin/addinfo.cgi"
> >
> >
> >OrgName: CyberGate, Inc.
> >OrgID: CYBG
> >Address: 3250 W. Commercial Blvd. Suite 200
> >City: Ft. Lauderdale
> >StateProv:FL
> >PostalCode: 33309
> >Country: US
>
> This appears to be a rather prolific spammer. At first I thought they
> were affiliated with www.skynetweb.com because they have the same
> address, including suite number, but it now appears that they are really
> affiliated with these guys:
>
> http://www.affinity.com/about/our_team/our_team.htm
>
> John
> --
>
Hank Nussbacher
