Google Groups Home Help | Sign in
news.admin.net-abuse.email
+ new post
About this group
Subscribe to this group
This is a Usenet group - learn more
Message from discussion S1620 - 69cash.com/hotteenpink.com now on 62.168.125.16 - Cyber Media, s.r.o. - Slovakia
The group you are posting to is a Usenet group. Messages posted to this group will make your email address visible to anyone on the Internet.
Your reply message has not been sent.
Your post was successful
ATIU 33  
View profile
  More options May 3 2003, 8:53 pm
Newsgroups: news.admin.net-abuse.email
From: bananana...@aol.command (ATIU 33)
Date: 04 May 2003 00:52:24 GMT
Local: Sat, May 3 2003 8:52 pm
Subject: [SPEWS update] S1620 - 69cash.com/hotteenpink.com now on 62.168.125.16 - Cyber Media, s.r.o. - Slovakia
Reply to author | Forward | Print | View thread | Show original | Report this message | Find messages by this author
GIST: New IP used by st...@69cash.com and hotteenpink.com

S1620 now spamming porn (with these "assholes" - http://62.168.125.9/  <---
(mild C&C warning ) from 62.168.125.16 (not in SPEWS) Cyber Media, s.r.o.,
Slovakia

It's the same games that dan ivans (S1758) plays with port:80 tricks and
limiting access.  It doesn't matter, however, it can simply be worked from a
different perspective.  Source codes reveals it is 69cash.com and
hottenpink.com, spamvertised on 62.168.125.16, which belongs Cyber-Media.biz.
Let's look to see if cyber-media.biz is in google. (note: "fondness" of the
w0rd media use in bentspokemedia.com and aexismedia.com)

checking  62.168.125.16, no entries, OK let's check the owner of that IP block

checking  peter.fe...@cyber-media.biz, we get

http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&oe=ISO-8859-1...
indow=1&safe=off&q=peter.fe...@cyber-media.biz&btnG=Google+Search&meta=

10 sightings for pr0n, open proxy, penis enlargemen, DVD's and video, all
between 26 March 03  and 1 May 03  These are the same products that S1620 and
S1758 spam.

"ipso facto"

ATIS #33

--

BARELY LEGAL SLUTS!

http://27odw714q...@62.168.125.16/files/hotty/?id=wtf&2i3hvnc83

Barely legal sluts.. Showing it all!  These young girls just LOVE to fuck! 
Join all this hot teen action for FREE with your VIP pass!

--

<head>
<title>-== Hot Teen Pink ==-</title>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">

  <form action=https://wnu.com/secure/fpost.cgi
                  method=post onsubmit="return validForm();">
                        <center>
                          <font face=Tahoma,Arial color=red size=2>
                          <input type=hidden name=reseller value="wtf">
                          <input type=hidden name=x_ref value="wtf">
                          <input type=hidden name=x_userlevel value=1>
                          <input type=hidden name=co_code value="m04">
                          <input type=hidden name=x_siteid value="6">
                          <input type=hidden name=response_post value="yes">
                          <input type=hidden name=handle_response value="yes">
                          <input type=hidden value=69cash name="po_rf_code1">
                          <input type=hidden value=69cash name="po_rf_code2">
                          <input type=hidden value=l18s73 name=po_code>
                          </font>

inetnum: 62.168.125.0 - 62.168.125.255
netname: SK-CYBER-NET
descr: Cyber Media, s.r.o.
descr: Slovakia
country: SK
admin-c: PF945-RIPE
tech-c: PF945-RIPE
status: ASSIGNED PA
mnt-by: GTSSK-MNT
changed: marek.heri...@gtsgroup.sk 20030319
source: RIPE

route: 62.168.64.0/18
descr: GTS Slovakia NET
origin: AS5578
mnt-by: GTSSK-MNT
changed: marek.heri...@gtsgroup.sk 20020610
source: RIPE

person: Peter Felix
address: Skultetyho 18
address: Nitra
address: 949 11
phone: +421 37 7729213
e-mail: peter.fe...@cyber-media.biz
nic-hdl: PF945-RIPE
changed: peter.fe...@cyber-media.biz 20030319
source: RIPE

3    130.152.180.21      9.269 ms   isi-1-lngw2-atm.ln.net [AS226] Los Nettos
origin AS
 4    38.118.132.97       6.097 ms   DNS error [AS174] Performance Systems
International, Inc
 5    66.28.4.201          8.031 ms   p15-1.core01.lax01.atlas.cogentco.com
(DNS error)
 6    66.28.4.74           15.952 ms  p14-0.core01.sjc01.atlas.cogentco.com
(DNS error)
 7    66.28.4.93           17.674 ms  p4-0.core01.sfo01.atlas.cogentco.com (DNS
error)
 8    66.28.4.186          62.980 ms  p14-0.core01.ord01.atlas.cogentco.com
(DNS error)
 9    166.49.173.17      96.613 ms  166-49-173-17.concert.net (DNS error)
[AS5400] BT Ignite European Backbone
10    166.49.208.245   165.317 ms t2c2-p4-0.uk-lon2.concert.net (DNS error)
[AS5400] BT Ignite European Backbone
11    166.49.164.213   168.547 ms t2c1-ge6-1.uk-lon2.concert.net (DNS error)
[AS5400] BT Ignite European Backbone
12    166.49.208.194   183.397 ms aps194-uk-lon2.de-fra.concert.net (DNS error)
[AS5400] BT Ignite European Backbone
13    166.49.222.162   199.767 ms 166-49-222-162.concert.net (DNS error)
[AS5400] BT Ignite European Backbone
14    195.39.49.2        205.177 ms DNS error [AS5588/AS701] GTS Czech Republic
/ Alternet
15    62.168.110.41    208.139 ms g1-10.gwa.gtsi.sk (DNS error) [AS5578]
Bratislava, Slovak Republic
16    62.168.99.89      205.372 ms g0-0.gwb.gtsi.sk [AS5578] Bratislava, Slovak
Republic
17    62.168.125.16    210.445 ms DNS error [AS5578] Bratislava, Slovak
Republic

note: to steve and boiz

Are you proud of yourself?  Did you get the result you wanted?  You make
_ANOTHER_ stupid cart00ney demanding that 69cash.com be taken out of the sig.
And what happens?  It's still there.  69cash.com has 3 *NEW* entries in S1620
which hasn't had a new entry in several months, and 69cash.com now has even
more entries in NANA*

1, 66.96.85.71, VeryNiceTits / hotteenpink.com (on hivelocity.com spam house)
1, 66.96.85.68, VeryNiceTits / mail.69cash.com / ns5.69cash.com (on
hivelocity.com spam house)
1, 199.201.152.66, VeryNiceTits / ns6.69cash.com (on listed FIVE-ELEMENTS.COM
spam house)

You don't like, "CryMeAFuckingRiver"

And you now have new entries in your SPEWS listing, which hadn't changed in
months.  GOOD job, steve.

Now you have also drawn unwanted attention to yourself and your cohorts in
crime.  You are linking people, places and things together that eventually will
be responsible for your downfall.  Every time someone googles on steven payne,
joshua dean stewart, john milhouse johnson, dan ivans, isolate.net, isolnet.bz,
pus.bz, sic.bz, sxiz.com, jeremy williams, tsoh.net, tweekedhost.com, jeff
cooper, verynicetits, win2k-host.com, hotteenpink.com, SPEWS S1620 & S1758,
serverbeach.com, wet.gs, emarkertersamerica.org, AOL, phisher instakiss scams,
schm...@epimp.com, w0rd, w00t, w...@aol.com, "pimpshit," 179711083,
crymeafuckingriver, SOUTHERN DATA SYSTEMS, yambo, nettogo and many more too
voluminous to mention now, *BUT* coming soon!

These are strained times at best, with the tension created by the
emarkertersamerica.org lawsuit and the heated debates going on in threads
between spammers and spam supporters and NANAE and Spamhaus supporters.  Each
side has its own agenda and everyone has a personal opinion or target.  As the
investigation into the AOL fisher page found on the AOL account used as the
admin email address to register emarkertersamerica.org progresses, more
information will be researched and posted.  Each time someone googles on any of
the terms above, your name, 69cash.com, and the name of every person, place or
thing associated with you will be there in front of even more people.  That is
exactly the opposite of what you were trying to do, isn't it?

You remain clueless and in serious trouble.  What awaits you for your part in
all of this is one thing, but why do you insist on to implicating others?
Here's how the trail goes so far.  An entity claiming to be st...@69cash.com
makes a threat about 69cash.com for some "unknown" reason.  69cash.com is in
the name of joshua stewart and john johnson, both of whom have posted and been
indentified by documents as who they claim to be, you haven't.  You are just a
name.  This precipitated an investigation, a closer look if you will, at what
may be the _real_ motivation behind your threat.

1 - S1620 and S1758 are known to be working together.  tsoh.net, sxiz.com,
pus.bz, sic.bz and serverbeach.com enter the picture
2 - jeff cooper is the link, not steve payne, and he is the OH link that
someone in NANAE was looking for in SPEWS S1620

>Domain Name: AEXISMEDIA.COM

>   Administrative Contact:
>        Jeff Cooper jo...@bentspokemedia.com
>        Jeff Cooper
>        8260 Talia Ct
>        Westervile, OH 43081

3 - emarkertersamerica.org sues SPEWS, Spamhaus and 9 NANAE posters.
4 - serverbeach.com is quoted in an article about 87 sites being shut down and
emarketersamerica.org
5 - serverbeach.com is a common denominator between jeff cooper, joshua
stewart, john johnson, steven payne, tsoh,dan ivans, tweekedhost.com and
sxiz.com

>0, 66.139.73.72, VeryNiceTits / www.pus.bz / sxiz.com (dead)
>0, 66.139.73.0/25, VeryNiceTits / www.pus.bz (ServerBeach.com / SBC)
>1, 209.94.177.151, VeryNiceTits / www.pus.bz / dns.merrillpc.com /
ns1.tsoh.net
>1, 209.94.177.0/24, wctc.net (VeryNiceTits / www.pus.bz / dns.merrillpc.com
>1, 68.113.225.63, VeryNiceTits / www.pus.bz / dns2.merrillpc.com

(c68.113.225.63.stp.wi.charter.com)

6 - everyone in #5 was adversely affected by what happened when the named
parties hosted with serverbeach.com, therefore have motivation for actions such
as yours
7 - an AOL instakiss phisher page is found on felstein's AOL account
8 - within the code is found reference to w...@aol.com and schm...@epimp.com
9 - the same code is found in numerous AOL phisher pages on other AOL accounts
10 - both S1620 and S1758 are documented as sending spam from stolen AOL
accounts
11 - S1620 list verynicetits/john johnson/joshua stewart as known suspects in
stealing AOL accounts
12 - "w00t" is well documented in sightings in 69cash.com as both a reseller
value and ref value, now changed to "wtf"

It looks like a 12-step program for Rule #4

You have *NOT* posted anything suggesting that any of this information is
incorrect.  Therefore, it is assumed to be true.

Are you guilty or innocent?  It doesn't really matter.  You are being
investigated and that's a problem for any spammer, especially if it can be
proven that they steal AOL accounts and AOL decides to prosecute you.  There's
a good possibility/probably that if convicted, you will go to prison.
Something to consider is how will this new found attention affect your current
and future business.  And, of course, many will believe you are guilty no
matter how the investigation turns out.   :)

Saddam thought he was invincible, in total control, in power for 30 years.
Where is he now?  Give that some serious thought, 'cause "your" next!      
<----  (spamish for you're)

Your remain clueless.  You still have *NO* idea what you are up against and
what is going to happen to you.  There are clues everywhere on the Internet
that you should be very concerned about.  Can you remember your mistakes.  It
doesn't matter, you can't do anything about them now anyway.    :)

Oh steve, are you and tsoh.net connected in any way with CC theft, AOL account
theft,IP hijacking, malicious scripts, other script kiddie activity and HVN?
That's a rhetorical question, boiz.  We(not NANAE)/authorities already know.
Have a nice day and good luck.  "Your" going to need it!
--
"We have never stolen AOL accounts. We don't spam. We don't support people who
spam."
joshua d stewart, known ass. of 69cash.com/steven payne/john m johnson SPEWS
S1620
-
"cry me a fucking river"
-ad...@wet.gs (crymeafuckingriver)  - 12/20/2002


    Reply to author    Forward  
You must Sign in before you can post messages.
To post a message you must first join this group.
Please update your nickname on the subscription settings page before posting.
You do not have the permission required to post.
Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy
©2008 Google