InBoxRevenge KS Forum

This forum contains tools and techniques for shutting down illegal spam operations.

Skip to content

HKER, Inc.

Spammers should not profit, so post information here that hits their pockets. There are many ways to fight spammers, and we have automation tools to combat them efficiently. These forums are moderated, but do not reflect the views of the hosting company, domain registrar, etc. By entering any of these forums, you agree that you cannot hold anyone liable for anything related in any way to these forums.
Post a reply

HKER, Inc.

Postby AlphaCentauri » Sat Nov 29, 2008 4:33 am

I started receiving frequent spams for URLs on the domain inclinetransmissions.com. They are for an assortment of things -- stealing satellite signals, weight loss, debt settlement. I haven't visited the sites because the URLs include long code that clearly identifies my email address, and I haven't found an alternate code that will show the sites.

If you visit inclinetransmissions.com itself, it is a webpage for "HKER, Inc." which says
We are a multi-dimensional online marketing firm specializing in e-mail marketing campaigns, strategic advertising consulting and creative design solutions.

Our Company provides marketers with both the technology and the process consulting to get started, and to continuously improve results. By structuring strategies for email marketing campaigns and implementing programs that will increase the lifetime value of a customer clients obtain more purchases and larger order sizes for the marketer. Utilizing our proprietary services enables clients to effectively deliver highly targeted, optimized and measureable email campaigns to their audience.

Creating an effective online message involves more than just putting offline creative into an email. Our in-house design and copywriting team combines knowledge of traditional media with new media experience to apply sound direct marketing principles to your Web marketing. From subject lines to branding considerations to calls-to-action, we tailor your message fro the unique context and demands of an online format - resulting in a message that drives customer response and integrates seamlessly with your offline marketing efforts.

Our offices are located at 20208 NE 15th Court N Miami Beach, Fl 33179

Copyright 2008 HKER Inc., All Rights Reserved


But the page itself is just an image of this text, no actual text, no title. If you Google that address, it's an industrial park, but there is no marketing firm there. If you Google HKER, you get every other kind of HKER. If you look for a phrase from that text image, there are no hits at all. The domain is registered with Domainsite using domainsite's nameservers and privacy protected registration with protecteddomainservices.com. But protecteddomainservices.com is a parked domain. Some of the spams list physical addresses, but not this one. There are several other identical sites on the same IP address:

counterremembered.com
discountcarrying.com
hypotheticalminor.com
misleadingtrip.com
recklessexceptions.com

So the question is who are these people really? If they are so google-proof, how would customers who want email marketing find them? This seems like a scheme that should be exposed in the spamwiki, but I'm not sure where to get the information or whether someone already has.
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 6251
Joined: Thu Mar 01, 2007 3:01 am
Top

Postby MyCanadian Spammerdeath » Sat Nov 29, 2008 1:01 pm

Spammer is a customer of iWeb.com (privatedns.com). Most but not all their business is shady. I would LART them and diplomatically advise them to suspend their network IWEB-CL-T073-190CN-191 (NET-67-205-100-128-1) and to terminate it once it is documented to be involved in criminal activity.
Code: Select all
$ whois -h whois.abuse.net iweb.com
sending query...
abuse@peer1.net (for iweb.com)
abuse@teleglobe.net (for iweb.com)
abuse@privatedns.com (for iweb.com)
abuse@noc.privatedns.com (for iweb.com)
abuse@iweb.com (for iweb.com)


Code: Select all
Target IP   Hostname   Ping   Time   Whois   Responding IP
67.205.100.128   ip-67-205-100-128.static.privatedns.com   N/R   N/R   Y   N/R   
67.205.100.129   mail.AUTOMATICTORQUE.COM   0:0 Echo Reply   47   Y   67.205.100.129   
67.205.100.130   mail.DIRECTTHROTTLEBODY.COM   0:0 Echo Reply   41   Y   67.205.100.130   
67.205.100.131   mail.GEARSHIFTERTORQUE.COM   0:0 Echo Reply   45   Y   67.205.100.131   
67.205.100.132   mail.INCLINETRANSMISSION.COM   0:0 Echo Reply   47   Y   67.205.100.132   
67.205.100.133   mail.REJECTORANALYSIS.COM   0:0 Echo Reply   40   Y   67.205.100.133   
67.205.100.134   mail.VEHICLESEVERANCE.COM   0:0 Echo Reply   40   Y   67.205.100.134   
67.205.100.135   ip-67-205-100-135.static.privatedns.com   N/R   N/R   Y   N/R   
MyCanadian Spammerdeath
Spammer Exterminator
 
Posts: 1128
Joined: Mon Feb 26, 2007 11:13 pm
Top

Postby AlphaCentauri » Sat Nov 29, 2008 1:29 pm

Ah, I recognize rejectoranalysis.com, which spammed me so heavily in the past that I created a filter for them.

I see how you get iWeb and abuse@noc.privatedns.com from looking up the IP address with ARIN's whois. And I see that that particular block of IP's is assigned to
Aaron Green
20208 NE 15th Court
N Miami Beach FL 33179
the same address as listed on the website.

But you're getting past the stuff I understand. (I know about zero about this stuff, except what I've learned here and at Castlecops, so my level of competence drops off pretty sharply.) How did you connect them to abuse@peer1.net and abuse@teleglobe.net? How did you find the stuff in the table labeled "Target IP /Hostname /Ping / Time /Whois / Responding IP?" Do you mean I should report them to all those email addresses? (And if three of them throw him off, can I get him an instant ROKSO listing :) )
User avatar
AlphaCentauri
You are kiillllling-a my bizinisss!
 
Posts: 6251
Joined: Thu Mar 01, 2007 3:01 am
Top

Postby MyCanadian Spammerdeath » Sun Nov 30, 2008 4:39 pm

The teleglobe and peer1 (upstreams) report-addresses come from querying abuse.net. They have a web lookup at http://www.abuse.net/lookup.phtml.

I added the search-query to my Firefox search window - http://maltekraus.de/Firefox/search-tools/. (Go to the first url after installing the extension, then rclick in abuse.net's search window and select "Add to search bar".) Not necessary to add the extension and search that way - you could just bookmark abuse.net - but it's a nice little timesaver, for me.

The rDNS host lookups come from software I was using called NetScan Tools; there are others. Just copied/pasted from that. I knew what net range to query by looking at the CIDR info in the ARIN whois output (from sending a query for 67.205.100.128).

For me, it's useless time spent, to complain directly to spammers. Or to place any stock in the contact-info when a spammer controls an entire subnetwork.
MyCanadian Spammerdeath
Spammer Exterminator
 
Posts: 1128
Joined: Mon Feb 26, 2007 11:13 pm
Top

Postby iH8Spammers » Sun Nov 30, 2008 8:02 pm

I think this asshole has spammed me before. I use a 'trap' email address, which seems to be bought and sold all over the place, but the 'marketers' are all the same:

- Register through eNom
- Registration address is to a Mailboxes Etc or UPS Store place
- They use Lynxtrack or Tracker101 to redirect to the company they are an affilate of

I use SpamCop to report them all and then complainterator on the domains they use.
User avatar
iH8Spammers
Spammer Killing Machine
 
Posts: 602
Joined: Mon Nov 13, 2006 6:02 pm
Top
Post a reply

Return to Fight Spammers

Who is online

Users browsing this forum: No registered users and 1 guest

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group