You now have the abilty to start knocking them off the internet.

http://www.icann.org/announcements/advisory-03apr03.htm

was passed and all registrars must conform.

You need to email the registar with the domain name and demand that they enforce RAA Subsection 3.7.7.2

Run the IP in arin.net and it will tell you who holds the record and where it is located if you need to track down the host.

You have the right to follow up after 15 days to confirm information is correct or domain has been removed.

A committee is being putin place to make sure IP registrars repsond to all complaints or risk having IP's removed.

I can assist in tracking down IP owners, and compete network interrogation if anyone needs help.

very nice, its about time they did this

Great job FUGGER!

Thanks for the link:D

Ok Fugger, I guess I could use a little help Identifying who to try to track here. Just in the last week or so I've started getting about 4 emails a day of some very explicit :banana::banana::banana::banana:, and really not sure who to try to identify. I've gone into the deleted messages of outlook and selected properties of that email (since every other method hides the source of the sender) and here's the copy-n-paste of the message source:

Return-path: <MegaMovies@list.fjotd.com>
Received: from ms-mta-02 (ms-mta-02-mss [10.24.10.6])
by ms-mss-01.columbus.rr.com
(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
with ESMTP id <0HDT001052DJ4X@ms-mss-01.columbus.rr.com> for
bmerwin%cinci.rr.com@ims-ms-daemon; Wed, 23 Apr 2003 12:41:43 -0400 (EDT)
Received: from ncmx01.mgw.rr.com (ncmx01.mgw.rr.com [24.93.67.251])
by ms-mta-02.columbus.rr.com
(iPlanet Messaging Server 5.2 HotFix 1.12 (built Feb 13 2003))
with ESMTP id <0HDT00L7I2DIF6@ms-mta-02.columbus.rr.com> for
bmerwin@cinci.rr.com (ORCPT bmerwin@cinci.rr.com); Wed,
23 Apr 2003 12:41:43 -0400 (EDT)
Received: from mln-7.mlc-9.information-1.eng
(s6-140.9natmp [64.35.6.140] (may be forged))
by ncmx01.mgw.rr.com (8.12.8p1/8.12.5) with ESMTP id h3NGealW026139 for
<bmerwin@cinci.rr.com>; Wed, 23 Apr 2003 12:41:41 -0400 (EDT)
Received: from engine-3 (64.157.143.41) by mln-7.mlc-9.information-1.eng
(LSMTP for Solaris v1.1b)
with SMTP id <139.000048FB@mln-7.mlc-9.information-1.eng>; Wed,
23 Apr 2003 12:14:33 -0400
Date: Wed, 23 Apr 2003 12:41:41 -0400 (EDT)
From: Scream Team <MegaMovies@list.fjotd.com>
Subject: *3 FOR 1
To: bmerwin@cinci.rr.com
Message-id: <1026314042.1051115262206.JavaMail.root@engine-3>
MIME-version: 1.0
Content-type: text/html
Content-transfer-encoding: 7bit
X-mlmsgid: 70529:1051109779705
X-mlcipher: ohKaasJg3f9%2FCCMIrJuCqi9KHATgZjj%2FJ7O270%2FZA0s% 3D
X-Virus-Scanned: Symantec AntiVirus Scan Engine
Original-recipient: rfc822;bmerwin@cinci.rr.com

Now I've tried scanning "MegaMovies@list.fjotd.com" and "0HDT001052DJ4X@ms-mss-01.columbus.rr.com" and arin.com shows nothing on either. So I figured this would be a good opportunity to bring out in the open so others could see exactly what and how they can go about this. So please talk me through this and lets nail these freaks.:toast: :cool:


Edit: btw, the Bmerwin@cinci.rr.com is me:D

The poster originates from roadrunner network, they are the best to deal with spammers at.

I would start off with a tracert 24.93.67.251 and see what pop is hosting that broadband connection (yeah they are very stupid) by going to http://www.roadrunner.com/rdrun/hso/avail.html and calling the pop directly. While on the phone have the tech run it down and stop the spammer by having their service suspended. The techs are ready to handle abuse calls properly at roadrunner.

can you find the URL of the site they are spamming for?

Ping the domain, then put the IP in the "whois" on arin.net page and that will tell you who the ISP is and contact information.

Post the IP here and I follow up even more.

Still stumped, open up a dos prompt and type the following

net view \\23.34.56.78 (ip of host)

If that comes back with drive letters then you can

net use z: \\24.34.56.78\C (whatever drive letter is open)

You will have a drive letter Z: on your machine now, enjoy deleting files.

If that fails, fall back on

net send 24.34.56.78 Hi spammer, your personal info is now posted on the net for others to §§§§ you over.

A pop up box will appear with your machine name with that message. It is very upsetting to have unexpected dialog that you cannot respond too pop up. If this works take it one step farther.

edit screwed.bat

net send 24.34.56.78 You are screwed
call screwed.bat

and then run the file. It will constantly stack up dialog boxes on the desktop untill the machine crashes. They may restart the system if they panic. Just start up the batch file later.

I love to mess with spammers that way,, they deserve it. Hopefully they think twice before firing up spam software again.

thanks Fugger, I'll give it a shot:D

Well, so far here's the ip addy for the site they're advertising for: 64.38.217.148
Here's a copy n paste of my command prompt:

Quick serach reveals the registration information is bogus. The phone number is non-existant.

This was dont to hide the actual owner in the US.

the site is located in AZ

OrgName: CWIE, LLC
OrgID: CWIE
Address: 1125 E. Glendale Avenue
City: Phoenix
StateProv: AZ
PostalCode: 85020
Country: US

NetRange: 64.38.192.0 - 64.38.255.255
CIDR: 64.38.192.0/18
NetName: CWIE-BLK-1
NetHandle: NET-64-38-192-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.CWIE.NET
NameServer: NS2.CWIE.NET
NameServer: NS3.CWIE.NET
NameServer: NS4.CWIE.NET
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2000-02-22
Updated: 2002-08-20

TechHandle: RC622-ARIN
TechName: Cadwell, Ron
TechPhone: +1-602-248-4963
TechEmail: hostmaster@cavecreek.net

Call and have this taken care of personally. Good thing the server is in the US. Its common for :banana::banana::banana::banana: servers to host DNS remotely to confuse anyone trying to find information as no one will call overseas to persue any farther.

Netsol magistrate is supposed to get me a email address yesterday to report bogus listings. I will post in this thread when I get it.

whois-comments@icann.org is unofficial place to file complaints on whois data.

Its best run the net commands on the spammer, the one who originates the email.

Also best to do this right after you get the email, as well as contact the ISP of the spammer at the same time. amuse yourself by plugging away at his system.

fugger - a lady friend of mine has 'pics' of her online that need to come down - the guy who runs the site refuses for almost a year now, and lives here near me. what is best for me to do?

Ok, just sent a email to them and gave them all the info up to date. Btw, don't click the email link, it opened at least a hundred different boxes on me till my computer froze:( So I copied the link and pasted it in the address field of the email:cool:

Does the person have a "model release" if not then you can go directly to the ISP and let them know that the site is hosting images without model release.

I would go to the FBI and file a complaint, If you know that the person is operating without model releases. Your friend is being violated and you need something done now. Do not take no for an answer. Talk to their boss if you do not get a satisfactory answer.

If there is girls of questionable age, and you know he does not have the release by all means use the child :banana::banana::banana::banana:ography angle as it will surely get investigated.

I have no sympathy for low lifes who operate like that.

they are 21 and were drunk at time of pics... the guy has gotten his as skicked and still the pics remain...

I tried contacting a lawyer to see about writing something legal up.

Alright, I feel there's alot of good stuff going on here, so I've stickied this for now. Hopefully it'll get the attention it deserves and more peeps will take action.:cool:

Without the release he is screwed. Contact the FBI and have them step in. Her rights have been violated and they can and will do something about it. Like I said before do not take no for an answer, talk to someone higher up if you get road blocked.