Page 1 of 3 123 LastLast
Results 1 to 25 of 52
  1. #1
    Join Date
    Jun 2001
    Posts
    368

    Massive Spam, no answers from IPTelligent

    Apparently this company is located in Miami. I am receiving massive spam from numerous IPs, different every time I lock off more. I've sent them 3 abuse messages include a last warning to contact me that they received my messages. No response.

    I'm curious if anyone has dealt with them since they are, by far, a company whose IP addresses are the worst offenders of spam on our site. I don't know if it's uber incompetence or perhaps something else. It's so time consuming to deal with them that I'm considering investing more time and money to go after them. Any thoughts? Anyone here that works for them or has an ownership interest? It's really gotten out of hand.

  2. #2
    Join Date
    Feb 2012
    Location
    Memphis, TN
    Posts
    2,978
    Considering their website is empty and Google has a malicious history report I would say you need to send abuse to their provider.

    edit* abuse@quadranet.com
    Last edited by SPINIKR-RO; 06-28-2012 at 09:37 PM.
    hostingcove.com | Tennessee Based Hosting Provider.
    cPanel Shared & Reseller Hosting - Domain Names
    Join thousands of happy customers. Secure & Stable
    HeroicVPS Premium KVM VPS. Ashburn / Phoenix

  3. #3
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,663
    Our abuse email is abuse@quadranet.com as standard with most networks on the Internet.
    I don't believe noc@ is even a valid email, FYI.
    EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
    Bandwidth Billing | Inventory & Asset Management | Server Control
    Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management

  4. #4
    Join Date
    Feb 2012
    Location
    Memphis, TN
    Posts
    2,978
    Oh I am sorry for posting the wrong email, I copy pasted the wrong ip whois email.
    hostingcove.com | Tennessee Based Hosting Provider.
    cPanel Shared & Reseller Hosting - Domain Names
    Join thousands of happy customers. Secure & Stable
    HeroicVPS Premium KVM VPS. Ashburn / Phoenix

  5. #5
    Join Date
    Jun 2001
    Posts
    368
    Quote Originally Posted by CGotzmann View Post
    Our abuse email is abuse@quadranet.com as standard with most networks on the Internet.
    I don't believe noc@ is even a valid email, FYI.
    In WHOIS (lookup at ARIN) all the email addresses for point of contact are IPTelligent. Thanks for the info - but do realize that this looks terrible. As I type this I've got a dozen more spam messages from another fresh set of IPTelligent IPs. It's almost like a spam farm run wild. Hopefully forwarding all these messages one last time will light a fire under someone. Tx.

  6. #6
    Join Date
    Jun 2001
    Posts
    368
    Just sent a message. We'll see what happens. I'd think it's an exploit but it's so many servers and interesting that some appear to be consecutive and potentially owned by the same party.

    68.169.80.146
    68.169.80.147
    68.169.80.148
    68.169.80.149
    68.169.86.218
    68.169.86.219
    68.169.86.220
    68.169.86.222
    96.47.224.42
    96.47.224.50
    96.47.224.58
    96.47.224.218
    96.47.225.66
    96.47.225.74
    96.47.225.82
    96.47.225.162
    96.47.225.170
    173.44.37.226
    173.44.37.234
    173.44.37.242
    173.44.37.250

  7. #7
    Join Date
    Jun 2001
    Posts
    368
    14 hours, still nothing, and these IP addresses are somehow getting by the firewall now. Totally unacceptable. Time to manually add all this crap to the htaccess file. What a disgrace. Can't say the company doesn't know about this.

  8. #8
    Join Date
    Jun 2001
    Posts
    368
    Quote Originally Posted by CGotzmann View Post
    Our abuse email is abuse@quadranet.com as standard with most networks on the Internet.
    I don't believe noc@ is even a valid email, FYI.
    No response at all from anyone. That's four emails and now the spam is starting again from new IP Addresses. If I can't even get back a response, this is beyond just negligence and incompetence. This moves into questions of whether there is knowledge and intent to be a hosting platform for spammers. If you're paying attention, send it down the pipeline fast because I'm about to take necessary action beyond what I've been doing until now. Here's one more.

    96.47.225.178

  9. #9
    Join Date
    Jan 2008
    Location
    Michigan
    Posts
    1,742
    Quote Originally Posted by slinky View Post
    No response at all from anyone. That's four emails and now the spam is starting again from new IP Addresses. If I can't even get back a response, this is beyond just negligence and incompetence. This moves into questions of whether there is knowledge and intent to be a hosting platform for spammers. If you're paying attention, send it down the pipeline fast because I'm about to take necessary action beyond what I've been doing until now. Here's one more.

    96.47.225.178
    From the date of your posts here, unless I am mistaken, you are largely sending these complaints to their abuse over the weekend or maybe the tail end of last week?

    No offense to you, but depending on the size of the company, many do not have abuse reps on the weekend or they are handled by the higher network ops guys. Who again, are not always available on a weekend.

    I am not saying that is always the case, as very large companies could have someone available on site, or on-call. But I can say from hosting experience many of the small to mid sized companies have a skeleton crew on weekends, and their level 3's perhaps on-call for emergencies.

    /2cts
    BLAZINGSWITCH | sales /@/ blazingswitch.com
    SEO VPS (3000+ Subnets Available) | 1G UNMETERED | RESELLER PROGRAM | CLEAN IPv4 LEASING
    HIGH SPEED WEB HOSTING SOLUTIONS | ENTERPRISE GRADE HARDWARE

  10. #10
    Join Date
    Jun 2001
    Posts
    368
    Quote Originally Posted by Barefootsies View Post
    From the date of your posts here, unless I am mistaken, you are largely sending these complaints to their abuse over the weekend or maybe the tail end of last week?

    No offense to you, but depending on the size of the company, many do not have abuse reps on the weekend or they are handled by the higher network ops guys. Who again, are not always available on a weekend.

    I am not saying that is always the case, as very large companies could have someone available on site, or on-call. But I can say from hosting experience many of the small to mid sized companies have a skeleton crew on weekends, and their level 3's perhaps on-call for emergencies.
    Post taken in the good nature intended.

    First report was 10:50 AM on Wednesday. I'd say that not getting a reply to several abuse reports over almost 4 business days qualifies as pitiful.

  11. #11
    Join Date
    Jun 2001
    Posts
    368
    Not one single response from IPTelligent, Quadranet or whomever they are after weeks. Spam coming through again. Cannot say that there wasn't adequate warning. Time to take action since they apparently - IMHO - are either incompetent or deliberately sell space to spammers.

  12. #12
    Join Date
    Feb 2012
    Location
    Memphis, TN
    Posts
    2,978
    Try opening another abuse complaint. Though they may not get back to you they may open a case with the customer.
    hostingcove.com | Tennessee Based Hosting Provider.
    cPanel Shared & Reseller Hosting - Domain Names
    Join thousands of happy customers. Secure & Stable
    HeroicVPS Premium KVM VPS. Ashburn / Phoenix

  13. #13
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,663
    #1. We do not respond to abuse complaints. You are not our customer.
    #2. We forward requests on to our customers to handle. I have no idea who you are, what the issue is, and haven't seen anything come in that would resemble what you are talking about in this thread.
    #3. You need to forward the complaint WITH evidence to abuse at- quadranet.com

    If you have a ticket number or provide me with your name or domain via private message, I will look into the issue and see where we stand and whether the abuse complaint has even come in.
    EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
    Bandwidth Billing | Inventory & Asset Management | Server Control
    Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management

  14. #14
    Join Date
    Jun 2001
    Posts
    368
    Quote Originally Posted by CGotzmann View Post
    #1. We do not respond to abuse complaints. You are not our customer.
    I'm not sure what this is supposed to mean. People who aren't your customers are the ones obviously sending in abuse complaints.

    Quote Originally Posted by CGotzmann View Post
    #2. We forward requests on to our customers to handle. I have no idea who you are, what the issue is, and haven't seen anything come in that would resemble what you are talking about in this thread.
    So you're forwarding complaints. Now there's a question that you actually do read them but all four of my emails were missed. I sent them to both locations, including the information in ARIN. Sent one to abuse@quadranet.com back on June 28.

    Now if the iptelligent.com email address doesn't work then I would have expected a bounce as well. But it appears you just have a site up with nothing there.


    Quote Originally Posted by CGotzmann View Post
    #3. You need to forward the complaint WITH evidence to abuse at- quadranet.com
    What evidence do you want? There was plenty of information as to what your clients are doing - dumping massive obvious forum spam.
    Every IP Address I check is in at least to black hole / blacklisting services. If I need to provide more evidence, let me know who is your legal counsel and I'll send them a preservation letter that can also be forwarded to your client.

    Quote Originally Posted by CGotzmann View Post
    If you have a ticket number or provide me with your name or domain via private message, I will look into the issue and see where we stand and whether the abuse complaint has even come in.
    If I'm not a client of yours, how am I supposed to have a ticket number? On your site the only support link requires someone to be logged in - and you've got email for sales.

    I've sent one more ticket and made sure someone will see it. It's manifestly clear. If I can't get a response from anyone, since your clients are obviously also not playing by the honor system that we know spammers abide by, I'll send you a PM. I very much hope that won't be necessary.

  15. #15
    Join Date
    Jun 2001
    Posts
    368
    So you need some evidence? http://www.stopforumspam.com/ipcheck/173.44.37.250

    This has been going on for months, apparently, at least since as early as May 6 from this report. And during all that time, nobody ever reported this? I would find it very hard to believe. And this is just one IP Address.


    ---------------------------

    5-Jun-12 19:01 173.44.37.250 Life insurance group lpojxertwb@ntgags.com United States Evidence
    5-Jun-12 19:01 173.44.37.250 Electronic cigarette silver case lzsyhvhsaf@pdzrzk.com United States Evidence
    5-Jun-12 18:09 173.44.37.250 Vigrx plus in stores mdokqxqihg@gyxnpk.com United States Evidence
    5-Jun-12 18:05 173.44.37.250 Liberty national life insurance company krqfzxxdju@gsirlz.com United States Evidence
    5-Jun-12 18:01 173.44.37.250 Life insurance group lpojxertwb@ntgags.com United States Evidence
    5-Jun-12 18:01 173.44.37.250 Electronic cigarette silver case lzsyhvhsaf@pdzrzk.com United States Evidence
    5-Jun-12 14:39 173.44.37.250 Vigrx plus in stores mdokqxqihg@gyxnpk.com United States Evidence
    5-Jun-12 12:57 173.44.37.250 Best penis enlargement exercises uxcczeeoph@vcbboi.com United States Evidence
    5-Jun-12 12:54 173.44.37.250 Best penis enlargement exercises uxcczeeoph@vcbboi.com United States Evidence
    5-Jun-12 12:53 173.44.37.250 How many valium prior to dental appointment aarwgpkduo@xvtjyb.com United States Evidence
    5-Jun-12 12:53 173.44.37.250 Faxless payday loans direct lenders

  16. #16
    Join Date
    Mar 2003
    Location
    Jaipur, India
    Posts
    632
    Hi,

    I think you might be interested in the given link
    ZNetLive
    Web Hosting for Designers & Developers

  17. #17
    Join Date
    Nov 2010
    Posts
    98
    this motorcycle video reminds me of the nightmares in dealing with 3rd party abuse departments.

    http://www.youtube.com/watch?v=g_zvEm1KyQ8
    __________________
    Enteracloud Solutions //
    Scalable Enterprise Architecture for Small and Medium Businesses
    www.enteracloud.com

  18. #18
    Join Date
    Mar 2003
    Location
    Jaipur, India
    Posts
    632
    Hi,

    you can install spamassassin in your server, if you already have, then you can set the SpamAssassin™: message size threshold to scan to custom size.

    Set the size as lower as you are receiving your spam mails, Spam emails are usually about 1-4 kB in size; therefore, it is generally wasteful to scan larger emails.
    ZNetLive
    Web Hosting for Designers & Developers

  19. #19
    Join Date
    Aug 2003
    Location
    /dev/null
    Posts
    2,129
    Quote Originally Posted by slinky View Post
    Apparently this company is located in Miami. I am receiving massive spam from numerous IPs, different every time I lock off more. I've sent them 3 abuse messages include a last warning to contact me that they received my messages. No response.

    I'm curious if anyone has dealt with them since they are, by far, a company whose IP addresses are the worst offenders of spam on our site. I don't know if it's uber incompetence or perhaps something else. It's so time consuming to deal with them that I'm considering investing more time and money to go after them. Any thoughts? Anyone here that works for them or has an ownership interest? It's really gotten out of hand.
    Before my name gets cited at some point if it shows in Googled past company history, I just want to inform that I was the previous owner of IPTelligent but sold it entirely to QuadraNet effective February 2011, almost a year and a half ago.

    /end of my participation in this thread.

  20. #20
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,663
    As you posted, not all the IPs belong to IPTelligent. The abuse issue was stated to have been handled by our client and servers secured.
    If you are still receiving any issues, please make sure they are not our IPs but perhaps the other hosts' IPs you listed previously.
    EasyDCIM.com - DataCenter Infrastructure Management - HELLO DEDICATED SERVER & COLO PROVIDERS! - Reach Me: chris@easydcim.com
    Bandwidth Billing | Inventory & Asset Management | Server Control
    Order Forms | Reboots | IPMI Control | IP Management | Reverse&Forward DNS | Rack Management

  21. #21
    Was there any closure to this? I've identified malicious behavior (SQL injection attacks) coming from IP/IPs owned by IPTelligent.

  22. #22

    Exclamation Botnet spam IPTelligent network

    This has been going on for months, apparently, at least since as early as May 6 from this report. And during all that time, nobody ever reported this? I would find it very hard to believe. And this is just one IP Address.

    Was there any closure to this? I've identified malicious behavior (SQL injection attacks) coming from IP/IPs owned by IPTelligent.
    Yes we did a little to investigate, collect, publish, supply tons of trash what comes out from IPTelligent network.

    examples e.g. ==> 173.44.37 casino guestbook
    68.169.80 casino guestbook
    68.169.86 casino guestbook
    96.47.224 casino guestbook
    96.47.225 casino guestbook
    96.47.227 casino guestbook

    NetRange: 173.44.32.0 - 173.44.63.255
    NetName: IPTELLIGENT02
    OrgName: IPTelligent LLC
    Address: 2115 NW 22nd Street
    Address: #C110
    City: Miami
    StateProv: FL
    PostalCode: 33142
    Country: US

    NetRange: 96.47.224.0 - 96.47.239.255 - IPTELLIGENT
    network:Network-Name: Public Network IP Range
    network:IP-Network: 96.47.225.80/29
    network:IP-Network-Block: 96.47.225.80 - 96.47.225.87
    network: Org-Name: Ginat, Tomer
    network: Street-Address: 2115 NW 22nd Street, Miami, FL, US

    spam report tickets [#626337] [#612094] [#628425] - received in one day after complaints

    hopefully it helps - to kickoff those spammers - before the gypsy morons moves ahead .....

    Link list follows .....

  23. #23
    Join Date
    Sep 2007
    Posts
    342
    yesterday I sent the message shown below to abuse@quadranet.com.
    Hi,

    Someone who has the IP 96.44.189.217 trying to hack&ddos our server(s).
    Please see our Control Panel Logs.

    Subject: Brute-Force Attack detected in service log from IP(s) 96.44.189.217 on User(s) abigail, abuse, account, admin, administrator, alessand
    A brute force attack has been detected in one of your service logs.

    IP 96.44.189.217 has 4896 failed login attempts: exim2=4896
    User abigail has 35 failed login attempts: exim2=35
    User abuse has 36 failed login attempts: exim2=36
    User account has 35 failed login attempts: exim2=35
    User admin has 45 failed login attempts: exim2=45
    User administrator has 36 failed login attempts: exim2=36
    User alessandra has 34 failed login attempts: exim2=34
    User alex has 34 failed login attempts: exim2=34
    User amanda has 34 failed login attempts: exim2=34
    User andrew has 34 failed login attempts: exim2=34
    User ashley has 34 failed login attempts: exim2=34
    User backup has 35 failed login attempts: exim2=35
    User belinda has 34 failed login attempts: exim2=34
    but nothing received yet. Looks like quadranet is being used spammers, hackers etc..

  24. #24
    Subject: Brute-Force Attack detected in service log from IP(s) 96.44.189.217 on User(s) abigail, abuse, account, admin, administrator, alessand
    ==> alessand ==> alessandro makes more sense - what name we know from other stuff, or just beginning by a....

    I guess there is much more behind currently with Brute-Force Attacks at one server 96.44.189.217

    spam pickups and specific details showing a range of abused IP's - what blocks locate able to certain servers

    spam IP's in guestbook, government national company portals, blogs, customware

    5.9.215.71, 5.9.186.241
    46.116.43.232, 46.116.112.75, 46.116.228.95
    46.251.228.99
    68.169.80.146, 68.169.80.147, 68.169.80.148, 68.169.80.149
    68.169.86.218, 68.169.86.219, 68.169.86.220, 68.169.86.222
    76.76.101.218
    91.210.105.229
    91.236.74.167
    91.237.249.15, 91.237.249.18, 91.237.249.59, 91.237.249.67, 91.237.249.69
    91.237.249.71, 91.237.249.83, 91.237.249.93, 91.237.249.95, 91.237.249.140
    91.237.249.249, 91.237.249.252
    93.114.44.187
    93.182.134.184
    93.182.135.134
    93.182.136.139
    94.23.212.216, 94.23.212.217
    94.100.25.10
    96.47.69.60, 96.47.69.64, 96.47.69.65
    96.47.224.42, 96.47.224.50, 96.47.224.58
    96.47.225.66 - zserver31.zserver.com.br - 96.47.225.74, 96.47.225.82
    96.47.225.162, 96.47.225.170, 96.47.225.178, 96.47.225.186, 96.47.225.242
    96.47.227.15
    173.44.37.25
    173.44.37.226, 173.44.37.234, 173.44.37.242, 173.44.37.250
    176.9.236.24
    176.36.106.72
    178.63.114.162
    178.158.221.73, 178.238.232.158, 178.238.232.234, 178.238.232.244
    188.143.232.33, 188.143.232.84, 188.143.232.176
    188.165.212.59, 188.165.255.209
    188.234.2.126
    194.226.244.126
    201.242.96.47

    it needs 5 posts to show links of spam reports

  25. #25
    I'm curious to hear what Quadranet comes back with...

    In the interim I've blacklisted the following IPs and would advise the world to do the same:

    173.44.0.0/16
    96.47.0.0/16
    74.92.0.0/16

Page 1 of 3 123 LastLast

Similar Threads

  1. iptelligent Reviews?
    By elektrica in forum Colocation and Data Centers
    Replies: 28
    Last Post: 03-19-2010, 02:05 AM
  2. [MASSIVE MASSIVE Clearout Sale ! ! !]
    By reyna12 in forum Design Offers
    Replies: 1
    Last Post: 06-02-2005, 01:48 PM
  3. Massive SPAM attack to one domain
    By cYbErDaRk in forum Dedicated Server
    Replies: 2
    Last Post: 09-03-2004, 06:51 PM
  4. I new to This.. Answers please
    By aaronbor in forum Domain Names
    Replies: 4
    Last Post: 09-25-2003, 03:33 AM

Related Posts from theWHIR.com

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •