Page 1 of 2 12 LastLast
Results 1 to 40 of 53
  1. #1
    Join Date
    Jun 2001
    Posts
    369

    Massive Spam, no answers from IPTelligent

    Apparently this company is located in Miami. I am receiving massive spam from numerous IPs, different every time I lock off more. I've sent them 3 abuse messages include a last warning to contact me that they received my messages. No response.

    I'm curious if anyone has dealt with them since they are, by far, a company whose IP addresses are the worst offenders of spam on our site. I don't know if it's uber incompetence or perhaps something else. It's so time consuming to deal with them that I'm considering investing more time and money to go after them. Any thoughts? Anyone here that works for them or has an ownership interest? It's really gotten out of hand.

  2. #2
    Join Date
    Feb 2012
    Location
    Memphis, TN
    Posts
    2,978
    Last edited by SPINIKR-RO; 06-28-2012 at 09:37 PM.
    hostingcove.com | Tennessee Based Hosting Provider.
    cPanel Shared & Reseller Hosting - Domain Names
    Join thousands of happy customers. Secure & Stable
    HeroicVPS Premium KVM VPS. Ashburn / Phoenix

  3. #3
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,706

  4. #4
    Join Date
    Feb 2012
    Location
    Memphis, TN
    Posts
    2,978
    Oh I am sorry for posting the wrong email, I copy pasted the wrong ip whois email.
    hostingcove.com | Tennessee Based Hosting Provider.
    cPanel Shared & Reseller Hosting - Domain Names
    Join thousands of happy customers. Secure & Stable
    HeroicVPS Premium KVM VPS. Ashburn / Phoenix

  5. #5
    Join Date
    Jun 2001
    Posts
    369
    In WHOIS (lookup at ARIN) all the email addresses for point of contact are IPTelligent. Thanks for the info - but do realize that this looks terrible. As I type this I've got a dozen more spam messages from another fresh set of IPTelligent IPs. It's almost like a spam farm run wild. Hopefully forwarding all these messages one last time will light a fire under someone. Tx.

  6. #6
    Join Date
    Jun 2001
    Posts
    369
    Just sent a message. We'll see what happens. I'd think it's an exploit but it's so many servers and interesting that some appear to be consecutive and potentially owned by the same party.

    68.169.80.146
    68.169.80.147
    68.169.80.148
    68.169.80.149
    68.169.86.218
    68.169.86.219
    68.169.86.220
    68.169.86.222
    96.47.224.42
    96.47.224.50
    96.47.224.58
    96.47.224.218
    96.47.225.66
    96.47.225.74
    96.47.225.82
    96.47.225.162
    96.47.225.170
    173.44.37.226
    173.44.37.234
    173.44.37.242
    173.44.37.250

  7. #7
    Join Date
    Jun 2001
    Posts
    369
    14 hours, still nothing, and these IP addresses are somehow getting by the firewall now. Totally unacceptable. Time to manually add all this crap to the htaccess file. What a disgrace. Can't say the company doesn't know about this.

  8. #8
    Join Date
    Jun 2001
    Posts
    369
    No response at all from anyone. That's four emails and now the spam is starting again from new IP Addresses. If I can't even get back a response, this is beyond just negligence and incompetence. This moves into questions of whether there is knowledge and intent to be a hosting platform for spammers. If you're paying attention, send it down the pipeline fast because I'm about to take necessary action beyond what I've been doing until now. Here's one more.

    96.47.225.178

  9. #9
    Join Date
    Jan 2008
    Location
    Michigan
    Posts
    1,895
    Quote Originally Posted by slinky View Post
    No response at all from anyone. That's four emails and now the spam is starting again from new IP Addresses. If I can't even get back a response, this is beyond just negligence and incompetence. This moves into questions of whether there is knowledge and intent to be a hosting platform for spammers. If you're paying attention, send it down the pipeline fast because I'm about to take necessary action beyond what I've been doing until now. Here's one more.

    96.47.225.178
    From the date of your posts here, unless I am mistaken, you are largely sending these complaints to their abuse over the weekend or maybe the tail end of last week?

    No offense to you, but depending on the size of the company, many do not have abuse reps on the weekend or they are handled by the higher network ops guys. Who again, are not always available on a weekend.

    I am not saying that is always the case, as very large companies could have someone available on site, or on-call. But I can say from hosting experience many of the small to mid sized companies have a skeleton crew on weekends, and their level 3's perhaps on-call for emergencies.

    /2cts
    BLAZINGSWITCH | sales /@/ blazingswitch.com
    SEO HOSTING | ARIN/RIPE/APNIC | 250+ CLASS-B | CLEAN IPv4 LEASING | 1G UNMETERED
    HIGH SPEED WEB HOSTING SOLUTIONS | ENTERPRISE GRADE HARDWARE

  10. #10
    Join Date
    Jun 2001
    Posts
    369
    Quote Originally Posted by Barefootsies View Post
    From the date of your posts here, unless I am mistaken, you are largely sending these complaints to their abuse over the weekend or maybe the tail end of last week?

    No offense to you, but depending on the size of the company, many do not have abuse reps on the weekend or they are handled by the higher network ops guys. Who again, are not always available on a weekend.

    I am not saying that is always the case, as very large companies could have someone available on site, or on-call. But I can say from hosting experience many of the small to mid sized companies have a skeleton crew on weekends, and their level 3's perhaps on-call for emergencies.
    Post taken in the good nature intended.

    First report was 10:50 AM on Wednesday. I'd say that not getting a reply to several abuse reports over almost 4 business days qualifies as pitiful.

  11. #11
    Join Date
    Jun 2001
    Posts
    369
    Not one single response from IPTelligent, Quadranet or whomever they are after weeks. Spam coming through again. Cannot say that there wasn't adequate warning. Time to take action since they apparently - IMHO - are either incompetent or deliberately sell space to spammers.

  12. #12
    Join Date
    Feb 2012
    Location
    Memphis, TN
    Posts
    2,978
    Try opening another abuse complaint. Though they may not get back to you they may open a case with the customer.
    hostingcove.com | Tennessee Based Hosting Provider.
    cPanel Shared & Reseller Hosting - Domain Names
    Join thousands of happy customers. Secure & Stable
    HeroicVPS Premium KVM VPS. Ashburn / Phoenix

  13. #13
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,706
    #1. We do not respond to abuse complaints. You are not our customer.
    #2. We forward requests on to our customers to handle. I have no idea who you are, what the issue is, and haven't seen anything come in that would resemble what you are talking about in this thread.
    #3. You need to forward the complaint WITH evidence to abuse at- quadranet.com

    If you have a ticket number or provide me with your name or domain via private message, I will look into the issue and see where we stand and whether the abuse complaint has even come in.

  14. #14
    Join Date
    Jun 2001
    Posts
    369
    Quote Originally Posted by CGotzmann View Post
    #1. We do not respond to abuse complaints. You are not our customer.
    I'm not sure what this is supposed to mean. People who aren't your customers are the ones obviously sending in abuse complaints.

    Quote Originally Posted by CGotzmann View Post
    #2. We forward requests on to our customers to handle. I have no idea who you are, what the issue is, and haven't seen anything come in that would resemble what you are talking about in this thread.
    So you're forwarding complaints. Now there's a question that you actually do read them but all four of my emails were missed. I sent them to both locations, including the information in ARIN. Sent one to [email protected] back on June 28.

    Now if the iptelligent.com email address doesn't work then I would have expected a bounce as well. But it appears you just have a site up with nothing there.


    Quote Originally Posted by CGotzmann View Post
    #3. You need to forward the complaint WITH evidence to abuse at- quadranet.com
    What evidence do you want? There was plenty of information as to what your clients are doing - dumping massive obvious forum spam.
    Every IP Address I check is in at least to black hole / blacklisting services. If I need to provide more evidence, let me know who is your legal counsel and I'll send them a preservation letter that can also be forwarded to your client.

    Quote Originally Posted by CGotzmann View Post
    If you have a ticket number or provide me with your name or domain via private message, I will look into the issue and see where we stand and whether the abuse complaint has even come in.
    If I'm not a client of yours, how am I supposed to have a ticket number? On your site the only support link requires someone to be logged in - and you've got email for sales.

    I've sent one more ticket and made sure someone will see it. It's manifestly clear. If I can't get a response from anyone, since your clients are obviously also not playing by the honor system that we know spammers abide by, I'll send you a PM. I very much hope that won't be necessary.

  15. #15
    Join Date
    Jun 2001
    Posts
    369
    So you need some evidence? http://www.stopforumspam.com/ipcheck/173.44.37.250

    This has been going on for months, apparently, at least since as early as May 6 from this report. And during all that time, nobody ever reported this? I would find it very hard to believe. And this is just one IP Address.


    ---------------------------

    5-Jun-12 19:01 173.44.37.250 Life insurance group [email protected] United States Evidence
    5-Jun-12 19:01 173.44.37.250 Electronic cigarette silver case [email protected] United States Evidence
    5-Jun-12 18:09 173.44.37.250 Vigrx plus in stores [email protected] United States Evidence
    5-Jun-12 18:05 173.44.37.250 Liberty national life insurance company [email protected] United States Evidence
    5-Jun-12 18:01 173.44.37.250 Life insurance group [email protected] United States Evidence
    5-Jun-12 18:01 173.44.37.250 Electronic cigarette silver case [email protected] United States Evidence
    5-Jun-12 14:39 173.44.37.250 Vigrx plus in stores [email protected] United States Evidence
    5-Jun-12 12:57 173.44.37.250 Best penis enlargement exercises [email protected] United States Evidence
    5-Jun-12 12:54 173.44.37.250 Best penis enlargement exercises [email protected] United States Evidence
    5-Jun-12 12:53 173.44.37.250 How many valium prior to dental appointment [email protected] United States Evidence
    5-Jun-12 12:53 173.44.37.250 Faxless payday loans direct lenders

  16. #16
    Join Date
    Mar 2003
    Location
    Jaipur, India
    Posts
    642
    Hi,

    I think you might be interested in the given link
    ZNetLive
    Web Hosting for Designers & Developers

  17. #17
    Join Date
    Nov 2010
    Posts
    98
    this motorcycle video reminds me of the nightmares in dealing with 3rd party abuse departments.

    http://www.youtube.com/watch?v=g_zvEm1KyQ8
    __________________
    Enteracloud Solutions //
    Scalable Enterprise Architecture for Small and Medium Businesses
    www.enteracloud.com

  18. #18
    Join Date
    Mar 2003
    Location
    Jaipur, India
    Posts
    642
    Hi,

    you can install spamassassin in your server, if you already have, then you can set the SpamAssassin™: message size threshold to scan to custom size.

    Set the size as lower as you are receiving your spam mails, Spam emails are usually about 1-4 kB in size; therefore, it is generally wasteful to scan larger emails.
    ZNetLive
    Web Hosting for Designers & Developers

  19. #19
    Join Date
    Aug 2003
    Location
    /dev/null
    Posts
    2,131
    Quote Originally Posted by slinky View Post
    Apparently this company is located in Miami. I am receiving massive spam from numerous IPs, different every time I lock off more. I've sent them 3 abuse messages include a last warning to contact me that they received my messages. No response.

    I'm curious if anyone has dealt with them since they are, by far, a company whose IP addresses are the worst offenders of spam on our site. I don't know if it's uber incompetence or perhaps something else. It's so time consuming to deal with them that I'm considering investing more time and money to go after them. Any thoughts? Anyone here that works for them or has an ownership interest? It's really gotten out of hand.
    Before my name gets cited at some point if it shows in Googled past company history, I just want to inform that I was the previous owner of IPTelligent but sold it entirely to QuadraNet effective February 2011, almost a year and a half ago.

    /end of my participation in this thread.

  20. #20
    Join Date
    Aug 2007
    Location
    L.A., CA
    Posts
    3,706
    As you posted, not all the IPs belong to IPTelligent. The abuse issue was stated to have been handled by our client and servers secured.
    If you are still receiving any issues, please make sure they are not our IPs but perhaps the other hosts' IPs you listed previously.

  21. #21
    Was there any closure to this? I've identified malicious behavior (SQL injection attacks) coming from IP/IPs owned by IPTelligent.

  22. #22

    Exclamation Botnet spam IPTelligent network

    This has been going on for months, apparently, at least since as early as May 6 from this report. And during all that time, nobody ever reported this? I would find it very hard to believe. And this is just one IP Address.

    Was there any closure to this? I've identified malicious behavior (SQL injection attacks) coming from IP/IPs owned by IPTelligent.
    Yes we did a little to investigate, collect, publish, supply tons of trash what comes out from IPTelligent network.

    examples e.g. ==> 173.44.37 casino guestbook
    68.169.80 casino guestbook
    68.169.86 casino guestbook
    96.47.224 casino guestbook
    96.47.225 casino guestbook
    96.47.227 casino guestbook

    NetRange: 173.44.32.0 - 173.44.63.255
    NetName: IPTELLIGENT02
    OrgName: IPTelligent LLC
    Address: 2115 NW 22nd Street
    Address: #C110
    City: Miami
    StateProv: FL
    PostalCode: 33142
    Country: US

    NetRange: 96.47.224.0 - 96.47.239.255 - IPTELLIGENT
    network:Network-Name: Public Network IP Range
    network:IP-Network: 96.47.225.80/29
    network:IP-Network-Block: 96.47.225.80 - 96.47.225.87
    network: Org-Name: Ginat, Tomer
    network: Street-Address: 2115 NW 22nd Street, Miami, FL, US

    spam report tickets [#626337] [#612094] [#628425] - received in one day after complaints

    hopefully it helps - to kickoff those spammers - before the gypsy morons moves ahead .....

    Link list follows .....

  23. #23
    Join Date
    Sep 2007
    Posts
    355
    yesterday I sent the message shown below to [email protected].
    Hi,

    Someone who has the IP 96.44.189.217 trying to hack&ddos our server(s).
    Please see our Control Panel Logs.

    Subject: Brute-Force Attack detected in service log from IP(s) 96.44.189.217 on User(s) abigail, abuse, account, admin, administrator, alessand
    A brute force attack has been detected in one of your service logs.

    IP 96.44.189.217 has 4896 failed login attempts: exim2=4896
    User abigail has 35 failed login attempts: exim2=35
    User abuse has 36 failed login attempts: exim2=36
    User account has 35 failed login attempts: exim2=35
    User admin has 45 failed login attempts: exim2=45
    User administrator has 36 failed login attempts: exim2=36
    User alessandra has 34 failed login attempts: exim2=34
    User alex has 34 failed login attempts: exim2=34
    User amanda has 34 failed login attempts: exim2=34
    User andrew has 34 failed login attempts: exim2=34
    User ashley has 34 failed login attempts: exim2=34
    User backup has 35 failed login attempts: exim2=35
    User belinda has 34 failed login attempts: exim2=34
    but nothing received yet. Looks like quadranet is being used spammers, hackers etc..

  24. #24
    Subject: Brute-Force Attack detected in service log from IP(s) 96.44.189.217 on User(s) abigail, abuse, account, admin, administrator, alessand
    ==> alessand ==> alessandro makes more sense - what name we know from other stuff, or just beginning by a....

    I guess there is much more behind currently with Brute-Force Attacks at one server 96.44.189.217

    spam pickups and specific details showing a range of abused IP's - what blocks locate able to certain servers

    spam IP's in guestbook, government national company portals, blogs, customware

    5.9.215.71, 5.9.186.241
    46.116.43.232, 46.116.112.75, 46.116.228.95
    46.251.228.99
    68.169.80.146, 68.169.80.147, 68.169.80.148, 68.169.80.149
    68.169.86.218, 68.169.86.219, 68.169.86.220, 68.169.86.222
    76.76.101.218
    91.210.105.229
    91.236.74.167
    91.237.249.15, 91.237.249.18, 91.237.249.59, 91.237.249.67, 91.237.249.69
    91.237.249.71, 91.237.249.83, 91.237.249.93, 91.237.249.95, 91.237.249.140
    91.237.249.249, 91.237.249.252
    93.114.44.187
    93.182.134.184
    93.182.135.134
    93.182.136.139
    94.23.212.216, 94.23.212.217
    94.100.25.10
    96.47.69.60, 96.47.69.64, 96.47.69.65
    96.47.224.42, 96.47.224.50, 96.47.224.58
    96.47.225.66 - zserver31.zserver.com.br - 96.47.225.74, 96.47.225.82
    96.47.225.162, 96.47.225.170, 96.47.225.178, 96.47.225.186, 96.47.225.242
    96.47.227.15
    173.44.37.25
    173.44.37.226, 173.44.37.234, 173.44.37.242, 173.44.37.250
    176.9.236.24
    176.36.106.72
    178.63.114.162
    178.158.221.73, 178.238.232.158, 178.238.232.234, 178.238.232.244
    188.143.232.33, 188.143.232.84, 188.143.232.176
    188.165.212.59, 188.165.255.209
    188.234.2.126
    194.226.244.126
    201.242.96.47

    it needs 5 posts to show links of spam reports

  25. #25
    I'm curious to hear what Quadranet comes back with...

    In the interim I've blacklisted the following IPs and would advise the world to do the same:

    173.44.0.0/16
    96.47.0.0/16
    74.92.0.0/16

  26. #26

    spambot 96.47.225.82 still high active

    From: @iptelligent.com [mailto:@iptelligent.com]
    Sent: Wednesday, November 14, 2012 21:41 PM

    Subject: spambot 96.47.225.82 still high active - prior ticket #612094

    Subject: ticket #612094 - spam-report ticket#0006 - 173.44.37.234 - IPTelligent LLC

    Your ticket has been submitted to the Support Department. We will begin investigating your issue immediately.
    This email serves as confirmation that your ticket has been received. To save time, please make sure that all information that we need to troubleshoot is included your in email. Information such as your company name, relevant passwords, IP addresses, traceroutes, ping tests, and anything you have done to reproduce the issue. If you have not done this, please reply to this email with that information.

    Ticket Number: 628425

    To view your ticket online, please click here: manage.quadranet.com/ticket.php?ticket=628425

    Thank You! Support Department

    They are working on all issues ..... hopefully ....

  27. #27
    Join Date
    Sep 2007
    Posts
    355

    Angry

    Quote Originally Posted by spamhunter View Post
    ==> alessand ==> alessandro makes more sense - what name we know from other stuff, or just beginning by a....
    here we go:
    Brute-Force Attack detected in service log from IP(s) 96.44.189.217 on User(s) abigail, abuse, account, admin, administrator, alessandra, alex, amanda, andrew, ashley, backup, belinda, betty, brittney, bruce, call, canada, canon, carl, carol, cell, charlie, christina, cindy, client, clock, contact, core, craig, creative, cristina, customer, customers, custserv, dan, dana, daniel, danny, david, demo, destiny, diane, dino, dorothy, dr, edu, elena, elizabeth, email, emily, emma, express, face, ftp, gabriel, gast, general, glenda, guest, handsome, helen, holly, httpserver, im, info, insider, inspire, iphone, ipod, irwin, isabella, itab, jennifer, jerry, jim, lfi, linda, look, madison, mail, mailbox, main, martha, mary, maryanna, master, message, michelle, mike, miller, monica, my, mysql, nathalie, noname, office, olivia, pamela, parker, password, post, postgres, prince, print, printer, rack, ram, robert, robin, rocky, sales, samantha, save, say, scan, scott, send, server, service, shanti, shop, spam, staff, star, start, student, support, susan, susanna, tammy, tech, technic, temp, test, thomas, tom, training, user, violet, visitor, web, yom

    Quote Originally Posted by omerta View Post
    I'm curious to hear what Quadranet comes back with...

    In the interim I've blacklisted the following IPs and would advise the world to do the same:

    173.44.0.0/16
    96.47.0.0/16
    74.92.0.0/16
    They don't care because they just want to earn money..

    I've also banned the IP addres: 96.44.189.217

  28. #28
    In the interim I've blacklisted the following IPs and would advise the world to do the same:
    173.44.0.0/16
    96.47.0.0/16
    74.92.0.0/16
    That's what the said and recommended:

    Same Experience - IPTelligent owns large IP ranges and rotates them in their form spam scripts
    96.47.225.xxx 96.47.224.xxx
    The ranges above hammered me pretty bad with porn/medical form spam
    Blocked both ranges at IP level
    ...ipillion.com/ip/96.47.227.15

    173.44.37.234 - 9826 items in databank
    ....stopforumspam.com/ipcheck/173.44.37.234

  29. #29
    Join Date
    Aug 2003
    Location
    /dev/null
    Posts
    2,131
    Quote Originally Posted by omerta View Post
    I'm curious to hear what Quadranet comes back with...

    In the interim I've blacklisted the following IPs and would advise the world to do the same:

    173.44.0.0/16
    96.47.0.0/16
    74.92.0.0/16
    They are /19's, you are blocking unrelated networks by the /16...

  30. #30
    We can't estimate how IPTELLIGENT02 IPTelligent LLC doing their job and how they dealing with such massive spamming.

    Abused by certain IP groups for trash and backlink promotions in guestbook, national government company portals, customware, blogs, forum, music, photo sessions etc.

    We hunting those who spams casino/poker/games/Vietnam/porn/story/medial/pills/loan/pharmacy/sales/webhosting/joombla in English, Italian, French, German, poor Spanish, Russian, Vietnamese what identical scrap contents are to find 10,000 times again and again.

    The same example as for IPTELLIGENT02 IPTelligent LLC currently with:

    inetnum: 5.9.186.224 - 5.9.186.255
    netname: BERMAN-TECHNOLOGIES-LTD
    descr: Berman Technologies Ltd.
    descr: HETZNER-RZ-FKS-BLK5

    inetnum: 5.9.215.64 - 5.9.215.95
    netname: BERMAN-TECHNOLOGIES-LTD
    descr: Berman Technologies Ltd.
    descr: HETZNER-RZ-FKS-BLK5

    inetnum: 178.63.114.160 - 178.63.114.191
    netname: BERMAN-TECHNOLOGIES-LTD
    descr: Berman Technologies Ltd.
    descr: HETZNER-RZ-FKS-BLK2

    spam-report ticket#0005 - 5.9.215.71 - 178.63.114.162 - descr HETZNER-RZ-FKS-BLK4 - Abuse Message [AbuseID:0926E7:29]

  31. #31
    Join Date
    Jun 2001
    Posts
    369
    Quote Originally Posted by omerta View Post
    Was there any closure to this? I've identified malicious behavior (SQL injection attacks) coming from IP/IPs owned by IPTelligent.
    After some time the abuse from the IP Addresses unquestionably owned by IP Teligent and Quadranet stopped only to occur several weeks later.

    Right now the largest problem is dealing with some tool abusing ****** with pitiful English and is trying to spam our vBulletin forums. Some of these clowns use IP Teligent and Quadranet as proxies to try to fool the system and filters into believing that they are US based traffic. This is probably why virtually all my US based spammers are from these companies.

  32. #32
    I'm curious to hear what Quadranet comes back with...
    In the interim I've blacklisted the following IPs and would advise the world to do the same:
    173.44.0.0/16
    96.47.0.0/16
    74.92.0.0/16
    Indeed a well wish.

    They are still active e.g.
    10916+ spam items 20-May-12 15:42 - 14-Nov-12 10:17
    11004+ spam items 16-Nov-12 11:57

    After some time the abuse from the IP Addresses unquestionably owned by IP Teligent and Quadranet stopped only to occur several weeks later.
    Right now the largest problem is dealing with some tool abusing ****** with pitiful English and is trying to spam our vBulletin forums. Some of these clowns use IP Teligent and Quadranet as proxies to try to fool the system and filters into believing that they are US based traffic. This is probably why virtually all my US based spammers are from these companies.
    We can confirm that known spam from IP Teligent Quadranet network is posted in partly pitiful English but well in Italian, French and German. Some poor in Spanish, Russian and Vietnamese.

    Anyway we keep our eyes wide open for two west European spammers who uses characteristic contents, keyword mix, language expressions what's mentioned above.

    And keep IP Teligent Quadranet informed.

  33. #33
    no progress to stop that spamming

    11004 spam items 16-Nov-12 11:57
    11114 spam items 19-Nov-12 04:42
    11150 spam items 20-Nov-12 01:26
    http://www.stopforumspam.com/ipcheck/173.44.37.234

    #628425 #612094 - spam-report-ticket#007 - 173.44.37.234 - IPTelligent LLC

    our mail 3 days ago: We don't send any further spam-report ticket# and closing that complaint.

    spam subjects and contents remaining

  34. #34

    Same here

    Sent this message to them today:

    Several IP addresses from your network have initiated a spam attack on
    my servers.

    Logs and details below. Please let me know if you need any more information.

    The IP 173.44.37.250 has just been banned by Fail2Ban after 3 attempts
    against apache-spam.
    The IP 96.47.225.178 has just been banned by Fail2Ban after 3 attempts
    against apache-spam.
    The IP 173.44.37.226 has just been banned by Fail2Ban after 3 attempts
    against apache-spam.
    The IP 96.47.225.186 has just been banned by Fail2Ban after 3 attempts
    against apache-spam.

    From: Sarah thompson pokies
    Company: Celeb pokies
    Email: [email protected]
    Address: Birmingham
    City: Birmingham
    State: AK
    Zip: Celeb pokies
    Country: United Kingdom
    Phone: Celeb pokies
    Fax: Celeb pokies
    Date Equipment Available: Celeb pokies
    Catalog: no
    ------------------------------------------------------

    Equipment Item # 0
    Quantity: Celeb pokies
    Date of Manufacture: Celeb pokies
    Manufacturer: Celeb pokies
    Model: Celeb pokies
    Description:

    [Message snipped because of vbcode restrictions]

    ------------------------------------------------------

    Office Use Only:
    From: Sarah thompson pokies
    Email: [email protected]
    Login Name: Not Logged In
    Login Email: Not Logged In
    Telephone: Not Logged In
    IP Address: 173.44.37.226 - 173.44.37.226
    Host Address: 173.44.37.226
    Date and Time: Tue Jan 29 2013 7:59:56 CST


    This email address was given to us by you or by one of our customers. If you
    feel that you have received this email in error, please send an email to
    [email protected]
    This email is sent in accordance with the US CAN-SPAM Law in effect
    01/01/2004. Removal requests can be sent to this address and will be honored
    and respected.

    From: Hgh hormone human
    Company: HGH
    Email: [email protected]
    Address: Geneva
    City: Geneva
    State: AK
    Zip: HGH
    Country: Switzerland
    Phone: HGH
    Fax: HGH
    Date Equipment Available: HGH
    Catalog: no
    ------------------------------------------------------

    Equipment Item # 0
    Quantity: HGH
    Date of Manufacture: HGH
    Manufacturer: HGH
    Model: HGH
    Description:

    [Message snipped because of vbcode restrictions]

    ------------------------------------------------------

    Office Use Only:
    From: Hgh hormone human
    Email: [email protected]
    Login Name: Not Logged In
    Login Email: Not Logged In
    Telephone: Not Logged In
    IP Address: 173.44.37.250 - 173.44.37.250
    Host Address: 173.44.37.250
    Date and Time: Tue Jan 29 2013 7:25:57 CST


    This email address was given to us by you or by one of our customers. If you
    feel that you have received this email in error, please send an email to
    [email protected]
    This email is sent in accordance with the US CAN-SPAM Law in effect
    01/01/2004. Removal requests can be sent to this address and will be honored
    and respected.

    From: Free online casino monopoly
    Company: Free online casino games
    Email: [email protected]
    Address: Los Angeles
    City: Los Angeles
    State: AK
    Zip: Free online casino games
    Country: USA
    Phone: Free online casino games
    Fax: Free online casino games
    Date Equipment Available: Free online casino games
    Catalog: no
    ------------------------------------------------------

    Equipment Item # 0
    Quantity: Free online casino games
    Date of Manufacture: Free online casino games
    Manufacturer: Free online casino games
    Model: Free online casino games
    Description:


    [Message snipped because of vbcode restrictions]

    ------------------------------------------------------

    Office Use Only:
    From: Free online casino monopoly
    Email: [email protected]
    Login Name: Not Logged In
    Login Email: Not Logged In
    Telephone: Not Logged In
    IP Address: 96.47.225.178 - 96.47.225.178
    Host Address: 96.47.225.178.static.quadranet.com
    Date and Time: Tue Jan 29 2013 6:13:52 CST


    This email address was given to us by you or by one of our customers. If you
    feel that you have received this email in error, please send an email to
    [email protected]
    This email is sent in accordance with the US CAN-SPAM Law in effect
    01/01/2004. Removal requests can be sent to this address and will be honored
    and respected.

    Did receive an automated response along with a ticket #. I've been getting spam attacks from them for days now. Probably going to perma ban their IP blocks.

  35. #35

    ipTelligent blocking

    My site gets bombarded daily with spam from the ipTelligent network, but i appear to have effectively blocked the intrusions by requiring a manual CAPTCHA intervention to proceed to my site, so if it's an "honest" visitor, they'll have an opportunity to get through. I use Cloudflare's security settings, and it seems to be very effective. While I could block everything from ipTelligent, I don't want to exclude legitimate visitors, if there are any. (Note: I am NOT connected to Cloudflare in any way, other than as a paying customer.)

  36. #36
    Join Date
    Jun 2001
    Posts
    369
    Quote Originally Posted by spamhunter View Post
    We can confirm that known spam from IP Teligent Quadranet network is posted in partly pitiful English but well in Italian, French and German. Some poor in Spanish, Russian and Vietnamese. Anyway we keep our eyes wide open for two west European spammers who uses characteristic contents, keyword mix, language expressions what's mentioned above. And keep IP Teligent Quadranet informed.
    Very good information. Thank you for sharing. Across my server I've noticed that almost all my US-based spam comes from the same group of networks. Shutting down the IPs on an individual basis was a massive time suck so I banned additional IP addresses in the sequence that I had been seeing. It has worked to some degree until now and the gain from shutting them out is probably positive against those who can't get in.

  37. #37
    Join Date
    Jun 2012
    Location
    Edmonton, Canada
    Posts
    3

    IPTelligent attacks on our forms

    We've been getting a bunch of attempts on our forms from these IP's (which show in lookup at IPTelligent as well):

    96.47.225.74
    173.44.37.242
    96.47.225.66
    96.47.224.50
    96.47.225.170
    96.47.224.42

    Looking at their website and seeing only the images folder and cgi-bin folder is a huge warning sign. If we don't get replies from hosts that we contact, we just add them to the firewall.

  38. #38
    Join Date
    Jun 2012
    Location
    Edmonton, Canada
    Posts
    3
    ** duplicated it in error - can't find a "delete msg" link.
    Last edited by Outlines; 03-04-2013 at 12:15 PM. Reason: duplicate post in error

  39. #39
    Join Date
    Jun 2012
    Location
    Edmonton, Canada
    Posts
    3

    Interesting article on Quadranet etc

    I ran across an interesting post on the "Complaints Board" people on Quadranet, founder and employees.

    I'm new and as a result can't post links yet. If you do a Google search for:

    site:complaintsboard.com quadranet

    It will be the top result.

    I thought that some forum people would be interested in it.

    - not familiar with the website - just doing whois stuff regarding the IPTelligent issue.

  40. #40

    Quadranet - IPTelligent

    I’ve had 100's of spam in three days.

    Examples:

    [email protected] - IP: 178.238.234.138- RIPE Network Coordination Centre (RIPE) Net Range 178.0.0.0 - 178.255.255.255
    [email protected] – IP: 96.47.225.178 - IPTelligent LLC (IPTEL-1) Net Range 96.47.224.0 - 96.47.239.255
    [email protected] – IP: 96.47.225.82 IP: 173.44.37.234 - IPTelligent LLC (IPTEL-1) Net Range 173.44.32.0 - 173.44.63.255
    [email protected] – IP: 96.47.225.186 - IPTelligent LLC (IPTEL-1) Net Range 96.47.224.0 - 96.47.239.255
    [email protected] – IP: 96.47.224.50 - IPTelligent LLC (IPTEL-1) Net Range 96.47.224.0 - 96.47.239.255

    HOWEVER

    [email protected] – IP: 178.238.234.138 - RIPE Network Coordination Centre (RIPE) Net Range 178.0.0.0 - 178.255.255.255
    ALSO [email protected] – IP: 173.44.37.242 - IPTelligent LLC (IPTEL-1) Net Range 173.44.32.0 - 173.44.63.255

    Consequently RIPE Network Coordination Centre (RIPE) and IPTelligent LLC (IPTEL-1) are run by the same operators.

    [email protected] – IP: 96.47.225.74 - IPTelligent LLC (IPTEL-1) Net Range 96.47.224.0 - 96.47.239.255
    [email protected] – IP: 178.238.232.244 - RIPE Network Coordination Centre (RIPE) Net Range 178.0.0.0 - 178.255.255.255

    Some people's children deserve to be eaten.

Page 1 of 2 12 LastLast

Similar Threads

  1. iptelligent Reviews?
    By elektrica in forum Colocation and Data Centers
    Replies: 28
    Last Post: 03-19-2010, 02:05 AM
  2. [MASSIVE MASSIVE Clearout Sale ! ! !]
    By reyna12 in forum Design Offers
    Replies: 1
    Last Post: 06-02-2005, 01:48 PM
  3. Massive SPAM attack to one domain
    By cYbErDaRk in forum Dedicated Server
    Replies: 2
    Last Post: 09-03-2004, 06:51 PM
  4. I new to This.. Answers please
    By aaronbor in forum Domain Names
    Replies: 4
    Last Post: 09-25-2003, 03:33 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •