Here are the entries in my maillog that have his email address "firstname.lastname@example.org" the signup message was sent to:
http://voidmain.is-a-geek.net/files/mis ... er.maillog
It also contains his mail server (mail.bridgetocasino.com), etc. Feel free to return the favor by signing him up for all the spam one can handle, or whatever else you might like to do to a spammer.
Here are the web logs that contain his IP address etc:
Samspade on domain (Domain just renewed a couple of days ago):
http://www.samspade.org/t/whois?a=BRIDG ... erver=auto
The www/mail and domain name all point to 126.96.36.199 (Hosted on Red Hat Linux by EV1Servers). That address reverses to "ns1.lvvh2.com".
He apparently doesn't know anything about keeping a server up (notice the uptime):
Of course with all those open ports what would you expect?
Code: Select all
# nmap -O ns1.lvvh2.com Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-03-24 20:52 CST Interesting ports on ns1.lvvh2.com (188.8.131.52): (The 1633 ports scanned but not shown below are in state: closed) PORT STATE SERVICE 21/tcp open ftp 22/tcp open ssh 25/tcp open smtp 53/tcp open domain 80/tcp open http 106/tcp open pop3pw 110/tcp open pop-3 135/tcp filtered msrpc 136/tcp filtered profile 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 143/tcp open imap 443/tcp open https 445/tcp filtered microsoft-ds 465/tcp open smtps 539/tcp filtered apertus-ldp 593/tcp filtered http-rpc-epmap 993/tcp open imaps 995/tcp open pop3s 3306/tcp open mysql 4444/tcp filtered krb524 8443/tcp open https-alt 9999/tcp open abyss Device type: general purpose Running: Linux 2.4.X|2.5.X OS details: Linux Kernel 2.4.0 - 2.5.20 Uptime 0.174 days (since Wed Mar 24 16:42:53 2004) Nmap run completed -- 1 IP address (1 host up) scanned in 14.911 seconds
Maybe I should start sending some SPAM of my own. Maybe send some fake forum signup messages, etc.
Code: Select all
# telnet bridgetocasino.com 25 Trying 184.108.40.206... Connected to bridgetocasino.com. Escape character is '^]'. 220 plesk.ev1servers.net ESMTP