Page 1 of 1
Spammer IPs and stuff
Posted: Sat Aug 05, 2006 10:55 pm
by Red Squirrel
Figured I should make a post to put information on spammers, wether its email, forum, etc... Now some use proxies, some dont, so information gathered may not always be accurate but if it is accurate then it can hurt them if someone decided to do something bad to the hosts posted.
I'll start with some noob that thought he could get some penis elargment pill comparision video ad on the home page:
Code: Select all
[root@borg ~]# nmap -P0 -v 203.160.1.44
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-08-05 22:52 EDT
DNS resolution of 1 IPs took 0.05s. Mode: Async [#: 2, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan against localhost (203.160.1.44) [1672 ports] at 22:52
Discovered open port 443/tcp on 203.160.1.44
Discovered open port 554/tcp on 203.160.1.44
SYN Stealth Scan Timing: About 17.54% done; ETC: 22:55 (0:02:22 remaining)
Discovered open port 553/tcp on 203.160.1.44
The SYN Stealth Scan took 177.97s to scan 1672 total ports.
Host localhost (203.160.1.44) appears to be up ... good.
Interesting ports on localhost (203.160.1.44):
(The 1662 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp filtered ftp
23/tcp filtered telnet
80/tcp filtered http
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
443/tcp open https
445/tcp filtered microsoft-ds
553/tcp open pirp
554/tcp open rtsp
3128/tcp filtered squid-http
Nmap finished: 1 IP address (1 host up) scanned in 178.048 seconds
Raw packets sent: 1911 (76.4KB) | Rcvd: 1857 (85.4KB)
[root@borg ~]#
[code]
Some rather interesting stuff here. Wonder if there's any big holes anywhere in those services. <_>
[color=#888888][size=85]Archived topic from Iceteks, old topic ID:4483, old post ID:35910[/size][/color]
Spammer IPs and stuff
Posted: Sun Aug 06, 2006 2:35 pm
by Streety
Red Squirrel wrote: I'll start with some noob that thought he could get some penis elargment pill comparision video ad on the home page:
I really hope that isn't what I think it is.
Archived topic from Iceteks, old topic ID:4483, old post ID:35912
Spammer IPs and stuff
Posted: Sun Aug 06, 2006 7:11 pm
by Red Squirrel
Yep been getting quite a few of those in the news validation queue. They think its going to get through somehow. They could at least spoof the name as news-bot to attempt at getting in, since who knows, maybe I'm a noob myself and set a filter to let those go by automaticly.
Archived topic from Iceteks, old topic ID:4483, old post ID:35913
Spammer IPs and stuff
Posted: Wed Aug 16, 2006 7:55 am
by Red Squirrel
Another, well same guy as above: 203.154.77.9 Port scan results pending.
Archived topic from Iceteks, old topic ID:4483, old post ID:35978
Spammer IPs and stuff
Posted: Thu Aug 24, 2006 8:00 am
by Red Squirrel
Another trying to post spam news (bunch of links to weird sites)
85.255.117.253
213.239.199.135 is the IP of the actual site, was basically a .pl address with a bunch of random subdomains.
Code: Select all
-bash-3.1$ su -
Password:
[root@borg ~]# nmap -P0 -v 85.255.117.253
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-08-24 07:56 EDT
DNS resolution of 1 IPs took 0.61s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan against 85.255.117.253-xbox.dedi.inhoster.com (85.255.117.253) [1672 ports] at 07:56
Discovered open port 21/tcp on 85.255.117.253
Discovered open port 22/tcp on 85.255.117.253
Discovered open port 80/tcp on 85.255.117.253
Discovered open port 3128/tcp on 85.255.117.253
Discovered open port 3306/tcp on 85.255.117.253
Increasing send delay for 85.255.117.253 from 0 to 5 due to max_successful_tryno increase to 4
SYN Stealth Scan Timing: About 36.27% done; ETC: 07:57 (0:00:52 remaining)
Increasing send delay for 85.255.117.253 from 5 to 10 due to max_successful_tryno increase to 5
Increasing send delay for 85.255.117.253 from 10 to 20 due to max_successful_tryno increase to 6
Increasing send delay for 85.255.117.253 from 20 to 40 due to max_successful_tryno increase to 7
The SYN Stealth Scan took 83.72s to scan 1672 total ports.
Host 85.255.117.253-xbox.dedi.inhoster.com (85.255.117.253) appears to be up ... good.
Interesting ports on 85.255.117.253-xbox.dedi.inhoster.com (85.255.117.253):
(The 1658 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
57/tcp filtered priv-term
80/tcp open http
111/tcp filtered rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
515/tcp filtered printer
1433/tcp filtered ms-sql-s
3128/tcp open squid-http
3306/tcp open mysql
17300/tcp filtered kuang2
27374/tcp filtered subseven
Nmap finished: 1 IP address (1 host up) scanned in 84.383 seconds
Raw packets sent: 2115 (84.6KB) | Rcvd: 1664 (76.5KB)
[root@borg ~]# nmap -P0 -v 213.239.199.135
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-08-24 07:57 EDT
DNS resolution of 1 IPs took 0.81s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan against 213-239-199-135.clients.your-server.de (213.239.199.135) [1672 ports] at 07:57
Discovered open port 22/tcp on 213.239.199.135
Discovered open port 21/tcp on 213.239.199.135
Discovered open port 25/tcp on 213.239.199.135
Discovered open port 80/tcp on 213.239.199.135
SYN Stealth Scan Timing: About 23.12% done; ETC: 08:00 (0:01:40 remaining)
Discovered open port 110/tcp on 213.239.199.135
SYN Stealth Scan Timing: About 67.96% done; ETC: 08:01 (0:01:02 remaining)
Stats: 0:02:26 elapsed; 1 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 76.97% done; ETC: 08:01 (0:00:43 remaining)
Stats: 0:02:28 elapsed; 1 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 77.15% done; ETC: 08:01 (0:00:43 remaining)
The SYN Stealth Scan took 188.85s to scan 1672 total ports.
Host 213-239-199-135.clients.your-server.de (213.239.199.135) appears to be up ... good.
Interesting ports on 213-239-199-135.clients.your-server.de (213.239.199.135):
(The 1667 ports scanned but not shown below are in state: filtered)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
80/tcp open http
110/tcp open pop3
Nmap finished: 1 IP address (1 host up) scanned in 189.684 seconds
Raw packets sent: 5042 (202KB) | Rcvd: 33 (1518B)
[root@borg ~]#
[code]
[color=#888888][size=85]Archived topic from Iceteks, old topic ID:4483, old post ID:36022[/size][/color]
Spammer IPs and stuff
Posted: Fri Aug 25, 2006 9:49 am
by Red Squirrel
Yet another trying to post stuff in the news. noob.
85.255.117.253
Code: Select all
[root@borg ~]# nmap -P0 -v 85.255.117.253
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-08-25 09:51 EDT
DNS resolution of 1 IPs took 0.32s. Mode: Async [#: 1, OK: 1, NX: 0, DR: 0, SF: 0, TR: 1, CN: 0]
Initiating SYN Stealth Scan against 85.255.117.253-xbox.dedi.inhoster.com (85.255.117.253) [1672 ports] at 09:51
Discovered open port 22/tcp on 85.255.117.253
Discovered open port 21/tcp on 85.255.117.253
Discovered open port 80/tcp on 85.255.117.253
Increasing send delay for 85.255.117.253 from 0 to 5 due to max_successful_tryno increase to 4
Increasing send delay for 85.255.117.253 from 5 to 10 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 85.255.117.253 from 10 to 20 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 85.255.117.253 from 20 to 40 due to max_successful_tryno increase to 5
SYN Stealth Scan Timing: About 32.76% done; ETC: 09:52 (0:01:01 remaining)
Discovered open port 3306/tcp on 85.255.117.253
Discovered open port 3128/tcp on 85.255.117.253
The SYN Stealth Scan took 92.03s to scan 1672 total ports.
Host 85.255.117.253-xbox.dedi.inhoster.com (85.255.117.253) appears to be up ... good.
Interesting ports on 85.255.117.253-xbox.dedi.inhoster.com (85.255.117.253):
(The 1658 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
57/tcp filtered priv-term
80/tcp open http
111/tcp filtered rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
445/tcp filtered microsoft-ds
515/tcp filtered printer
1433/tcp filtered ms-sql-s
3128/tcp open squid-http
3306/tcp open mysql
17300/tcp filtered kuang2
27374/tcp filtered subseven
Nmap finished: 1 IP address (1 host up) scanned in 92.438 seconds
Raw packets sent: 2000 (80KB) | Rcvd: 1667 (76.7KB)
[root@borg ~]#
[code]
Fun
[color=#888888][size=85]Archived topic from Iceteks, old topic ID:4483, old post ID:36039[/size][/color]
Spammer IPs and stuff
Posted: Fri Aug 25, 2006 9:55 am
by Triple6_wild
we need some key words here so google ranks this topic high and a bunch of hackers can get ahold of the ips lol
Archived topic from Iceteks, old topic ID:4483, old post ID:36040
Spammer IPs and stuff
Posted: Fri Aug 25, 2006 10:06 am
by Red Squirrel
Yep. I usually contact their ISP as well. Like that poor fella up there, he's going to probably get his dedicated server account terminated. If not, I'll just keep an eye out for that subseven port. Maybe it will become unfiltered for whatever reason. I would have SO much fun with a wide open sub7 port. omg.
Archived topic from Iceteks, old topic ID:4483, old post ID:36043
Spammer IPs and stuff
Posted: Sat Aug 26, 2006 6:31 pm
by Red Squirrel
wtf these people wont stop
211.243.106.28
221.2.243.114
80.249.73.99
That makes 3 ISPs to contact now.
Archived topic from Iceteks, old topic ID:4483, old post ID:36057
Spammer IPs and stuff
Posted: Wed Nov 15, 2006 5:39 pm
by Red Squirrel
More spammers
66.36.243.62
69.31.86.53
Bah port scan is taking too long so I stopped it.
Code: Select all
[root@borg ~]# nmap -P0 -T 5 -p 0-65535 66.36.243.62 69.31.86.53
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-11-15 17:33 EST
caught SIGINT signal, cleaning up
[root@borg ~]# nmap -vv -P0 -T 5 -p 0-65535 66.36.243.62 69.31.86.53
Starting Nmap 4.00 ( http://www.insecure.org/nmap/ ) at 2006-11-15 17:34 EST
DNS resolution of 2 IPs took 0.00s. Mode: Async [#: 1, OK: 1, NX: 1, DR: 0, SF: 0, TR: 2, CN: 0]
Initiating SYN Stealth Scan against 2 hosts [65536 ports/host] at 17:34
Discovered open port 80/tcp on 66.36.243.62
Discovered open port 21/tcp on 66.36.243.62
Discovered open port 3389/tcp on 69.31.86.53
Discovered open port 3389/tcp on 66.36.243.62
Discovered open port 25/tcp on 66.36.243.62
SYN Stealth Scan Timing: About 0.35% done; ETC: 19:56 (2:21:39 remaining)
SYN Stealth Scan Timing: About 3.13% done; ETC: 19:49 (2:10:50 remaining)
SYN Stealth Scan Timing: About 5.50% done; ETC: 19:42 (2:01:12 remaining)
caught SIGINT signal, cleaning up
[root@borg ~]#
[code]
[color=#888888][size=85]Archived topic from Iceteks, old topic ID:4483, old post ID:36739[/size][/color]
Spammer IPs and stuff
Posted: Thu Nov 16, 2006 3:23 pm
by Red Squirrel
Yet another
61.95.174.50
Archived topic from Iceteks, old topic ID:4483, old post ID:36759