I have blacklisted Clubdice, Carnival, New York, USA Casinos and CDpoker

GrandMaster · Aug 31, 2006

The situation is getting worse. I got half a dozen of these e-mails informing me of the wonderful opportunity to play at Vegas Lounge or Hi Roller Casin0.

One interesting thing: the domains they are using, e.g., burvirgin.com, wviach.com, stainmayjon.com, ronbervers.com, were all registered on 20 August 2006, the registrants are possibly real people, at least the information is not obviously fake, of course, the spammers could be using real people's names without the victims' knowledge, and all these sites show the hompage of the Romanian Biat group, Link Removed ( Old/Invalid) .

lots0 · Sep 1, 2006

usually the domains used to send spam email are spoofed, in other words the spammer finds a mail server that can be cracked (not that hard too do) and makes it look like the email is comming from these domains when the domains in question almost always have nothing to do with the spammer.

lots0 · Sep 1, 2006

If you really want to find the spammer...

I do believe that this guy is a prime suspect...

Domain ID

12977564-LRMS
Domain Name:SEOEXP.INFO
Created On:04-Apr-2006 18:44:49 UTC
Last Updated On:31-Jul-2006 23:50:23 UTC
Expiration Date:04-Apr-2007 18:44:49 UTC
Sponsoring Registrar

irect Information Pvt. Ltd. d/b/a PublicDomainRegistry.com
(R159-LRMS)
Status:OK
Registrant ID

I_2500786
Registrant Name:Alexander Morohin
Registrant Organization:N/A
Registrant Street1:Moscow
Registrant Street2:
Registrant Street3:
Registrant City:Moscow
Registrant State/Province:Moskovskaya oblast
Registrant Postal Code:200000
Registrant Country:RU
Registrant Phone:+095.7492794324
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:srfmaker@gmail.com
Admin ID

I_2500786
Admin Name:Alexander Morohin
Admin Organization:N/A
Admin Street1:Moscow
Admin Street2:
Admin Street3:
Admin City:Moscow
Admin State/Province:Moskovskaya oblast
Admin Postal Code:200000
Admin Country:RU
Admin Phone:+095.7492794324
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:srfmaker@gmail.com
Billing ID

I_2500786
Billing Name:Alexander Morohin
Billing Organization:N/A
Billing Street1:Moscow
Billing Street2:
Billing Street3:
Billing City:Moscow
Billing State/Province:Moskovskaya oblast
Billing Postal Code:200000
Billing Country:RU
Billing Phone:+095.7492794324
Billing Phone Ext.:
Billing FAX:
Billing FAX Ext.:
Billing Email:srfmaker@gmail.com
Tech ID

I_2500786
Tech Name:Alexander Morohin
Tech Organization:N/A
Tech Street1:Moscow
Tech Street2:
Tech Street3:
Tech City:Moscow
Tech State/Province:Moskovskaya oblast
Tech Postal Code:200000
Tech Country:RU
Tech Phone:+095.7492794324
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:srfmaker@gmail.com
Name Server:NS1.JFNS.INFO
Name Server:NS2.JFNS.INFO

Oh ya, he also goes by the name "Alex Blood"... A real low life scumbag wannabe gangster...

Come get me Blood, you big pussy...

kwblue · Sep 1, 2006

Yes, they explot common scripts to send out mail. They send it out through the server: meuorkut.front.ru in a lot of cases, but use other servers as well.

If you have a directory script, article script, CMS, or forum on your site - please update for the latest version and check your logs for page exploits which could look something like:

Code:

http://www.yoursite.com/index.php?page=http://meuorkut.front.ru/sendto?

Look for ANYTHING that resembles this or has this pattern to it. You are then basically hosting (including) their script on your site which then uses php mail to send out bulk mail.
The script has 2 textboxes which are then hosted on your site which they can post email addresses and a form letter to. This then runs the script which uses recursive programming and delay to send out mail.

kwblue · Sep 1, 2006

BTW - CPays has a 'meeting' on Monday to discuss this problem internally. I hope it has a better outcome than their last 'meeting'.

lots0 · Sep 1, 2006

As far as I am concerned, Cpays can say whatever they want at their meeting, it is not going to change my mind or get me to remove them and their casinos from my Blacklist.

I want to see action from Cpays!

All these people do is talk and stall, talk and stall... No more talk... Except to tell players that they are risking their money when they deposit it with the bunch of thieves at Cpays... and that is just what Cpays are a bunch of thieves that employ wannabe gangsters to do their dirty work.

I really am tired of these scumbags at Cpays.

lots0 · Sep 1, 2006

Oh ya, just to make myself feel better, I have submitted MR. Blood's gmail account to every spammer I know of.... Damn that felt good. :thumbsup:

I even submitted his email to a few Cpays casinos... lol

lots0 · Sep 1, 2006

I forgot to add that Alex Morohin besides going by the name Alex Blood, also uses other names... Alexander Mosh, Alexey Panov, AlekseyB, Alex Polyakov... Oh and his affiliate code for Cpays is aimer.

Alex is reported to be a member(founder) of the Pavka/Artofit & Leo Kuvayev spam gangs located in the Ukraine. These so called people have been involved with every dirty enterprise on the web from kiddy porn to extortion of websites.

No more shadows Alex my boy, doesn't it feel good to be out in the light for a change you scumbag.

ваш кровь мешка с дерьмом и ваше понижение

GrandMaster · Sep 1, 2006

He is the world's top spammer according to Link Removed (invalid URL).

lots0 · Sep 1, 2006

Cpays knows who he is and what he does... yet they keep him on the payroll...

This makes Cpays and their casinos the problem.

Anyone that would hire that scum Alex Blood is a scum.

If you play at a Cpays Casino your funding Russan Orginized crime... Don't do it!

There are many other Online Casinos that don't hire Russan Gangsters to spam for them.

winbig · Sep 1, 2006

lots0 said:
This makes Cpays and their casinos the problem.

Anyone that would hire that scum Alex Blood is a scum.

Most, if not all, of this spam is for Amber Coast. Enough said :rolleyes:

ewhitaker · Sep 6, 2006

I think a major problem with cpays and perhaps some of these other affiliate managers is that they are not educated in what to look for as far as what blackhatters do. I think they should be trained in depth on this stuff. Maybe they are, but not good enough.

I know that cpays doesn't seem to care too much anyway, but this really did it when I saw what spamhaus posted about Blood. I am stunned that cpays would continue to keep him on, in fact, I'm going to point my users to spamhaus so they can get a better understanding of what exactly cpays is doing.

Thanks for the info on this.

dominique · Sep 7, 2006

Guys, you have got to check out this thread:

You do not have permission to view link Log in or register now.

It gets interesting on the second page.

:eek2:

winbig · Sep 8, 2006

ewhitaker said:
Thanks for the info on this.

<derail>
lol, you have the same pic for your avatar that I have for yahoo messenger...

</derail>

Anyways.....

Dumb question, but what does Playtech have to say about this crap?

IMO this is tarnishing (even more than they already are) the rep of the casinos being spammed, as well as Playtech in general.

kwblue · Sep 8, 2006

I have sent out an email to Iris 2 days ago with no response

I have talked with her before and found her to be very helpful. I hope she got the email and is looking into some of the recent findings.

jetset · Sep 9, 2006

Iris is a nice enough person but I don't believe she has any influence or authority at Playtech.

She often ignores emails, but I guess she is useful in a traffic policeman role - waving communications to more senior Playtech managers who may (or may not!) choose to respond.

This company could do much to improve its communications beyond hype press releases, that's for sure.

lots0 · Sep 9, 2006

Playtech’s actions have been to ignore all this spamming nastiness and hope it all just goes away.

I don’t know what Playtech's ‘Official Position” is and I don’t care, their actions are what really counts.

As most of you now know, the reason for all the javascript spam in the search engines has been due to an Exploit found by the spammers in commonly used CMS (Content Management System).

The spammer was able to infect the member system of the CMS with page after page that had a javascript redirect placed on it that would cloak the page (show the search engine bots one thing and then show real visitors something different)

The Exploit has been found and is now patched. Most of the Spam pages in the search engines are now going to a 404 (Page not found) and they should be dropping out of the Search Engine Results over the next few days. The rest of the spam pages will drop out of the Search Engine Results as the owners of these sites that are using the CMS update their software.

All we can do now is wait till the next spamming onslaught from this piece of human garbage. You can bet that blood and his group of toads are already looking for the next exploit to take advantage of.

Playtech - you better wake the fuck up... your long term bottom line is not looking so good right now. Sticking your heads in the sand is not the way to deal with this.

lots0 · Sep 9, 2006

Google deserves a pat on the back!

Also, short note for all of you that wanted google to Take Action and bann all these spam sites (myself included).

As has been proven now, all of these sites that were showing in google and the other search engines as spam were owned and operated by people that had nothing to do with the spam or spammer. For the most part they were just innocent hard working Webmasters that had the misfortune to choose a CMS that had an undiscovered Exploit in it waiting to be found by a hacker/spammer.

If google would have banned all those sites that were displaying all that javascript redirect spam, google would have been punishing innocent hardworking people for something that they had nothing to do with and no control over... a hack on their websites.

Google banning all those websites would have been like the police arresting the owners of a house that had been burglarized, for no other reason than the homeowners made the unfortunate choice to buy the house that was going to be robbed.

In my opinion Google deserves a few pats on the back for not jumping to conclusions and doing the right thing. I know the folks at Google were under a LOT of pressure to just remove all those sites, but that would have just hurt a few more innocent victims of this scumbag spammer.

lots0 · Sep 10, 2006

Can you believe This?

I truly never fail to be amazed by the wanna be casino affiliate mentality.

Over at CAP there is a poster that goes by the name dhayman that has stolen the information that I posted on this forum about the spammer Alex Blood and then posted it at CAP without giving credit to me or a link to CM and claiming the work involved and information I discovered as his own... And people wonder why casino affiliates for the most part have such a bad reputation.

My original post is here
https://www.casinomeister.com/forum...nival-new-york-usa-casinos-and-cdpoker.13679/

The post by this dhayman at CAP

You do not have permission to view link Log in or register now.

Casino Affiliate Programs - Affiliate Community

I guess that the fact he is bitching about spammers and scrapers and then steals content (scraping) and does not give credit for the content is in my mind rather ironic, the word dumbass keeps coming to mind.

>>>ADDED
What really bugs me is that dhayman may have stolen the information from me and CM but he really does not understand what it is that he stole. If he had a clue what I did to get that information he would not be saying the things he is at CAP... Its kinda like the the little kid that steals the formula for a cure to cancer then uses it to line the bottom of a bird cage...

lots0 · Sep 14, 2006

You can bet that after getting the information I posted here at Casinomeister about Alex Blood stolen, that I will not be posting any more information about this or any other 'important' subject so it can be stolen by people that are all upset about content theft...

I guess being upset about someone stealing your content makes it OK to steal content from someone else.

These people at CAP are a joke, I am ashamed that I am in the same business as them.

You thevin asswipes are not any better than the spammer Alex Blood...

kwblue · Sep 15, 2006

I'm not quite sure I agree with you here, lots0.

I believe that Dhayman is just researching facts and presenting them. As I recall - on the CAP forum he brought to light information you had found. However, it was others that gave him credit for it. He should probably have said that he did not find the info himself.. but found it in a post at CM.

But that doesn't make all of CAP a bunch of idiots. I post there quite regularly and do not think of myself as a joke. Of course, maybe I am and just do not realize

I, like many others, just want to find a way to stop this crap from occuring and getting worse all over the internet.

winbig · Sep 15, 2006

Cpays Condoning Spam - BUSTED.

I was sending a copy of every piece of spam I recieved from this group (HI-R0LLER, etc) to nospam@ and manager@ cpays.com, and never getting a reply.

I wanted to make sure that they weren't filtering my address, so I sent them a copy from a NEW AND CLEAN gmail account that has never been used before.

Guess what? Shortly afterwards, I receved a TON of spam promoting 21magic.com, which continues to this day.

What does this prove?

CPAYS IS NOT ONLY CONDONING THIS SPAM, THEY ARE SUPPLYING EMAIL ADDRESSES TO THIS GROUP.

EDIT: Now I know you're asking yourself why they would do this. The way I see it is they're thinking if they don't directly spam, it can't be linked back to them. Problem is, we're not dumb.

Kudos to all those who blacklist/rogue this group, and I hope many more join your efforts.

X-Gmail-Received: 2a6e4349cc0760a726a57905f399d8120d70c896
Delivered-To: bbbbbs@gmail.com
Received: by 10.35.33.20 with SMTP id l20cs437458pyj;
Mon, 11 Sep 2006 12:18:59 -0700 (PDT)
Received: by 10.70.30.5 with SMTP id d5mr6720845wxd;
Mon, 11 Sep 2006 12:18:59 -0700 (PDT)
Return-Path: <hbramwyza@hab-software.de>
Received: from 89.241.70.240 ([89.241.70.240])
by mx.gmail.com with SMTP id 39si3214763wrl.2006.09.11.12.18.56;
Mon, 11 Sep 2006 12:18:59 -0700 (PDT)
Received-SPF: neutral (gmail.com: 89.241.70.240 is neither permitted nor denied by best guess record for domain of hbramwyza@hab-software.de)
Received: from mx.shuttle.de
by 89.241.70.240 (8.9.3/8.9.3) with ESMTP id AWG8LkQdMPKx
for <xxxxxx@gmail.com>; Mon, 11 Sep 2006 13:24:58 -0400
Received: from unknown (HELO vszphygg) (180.13.67.94)
by mx.shuttle.de with SMTP
for <master.shake72@gmail.com>; Mon, 11 Sep 2006 13:24:58 -0400
From: "Tommy Ray" <hbramwyza@hab-software.de>
Reply-To: "Tommy Ray" <hbramwyza@hab-software.de>
Message-ID: <8720994353.9364538655@hab-software.de>
Date: Mon, 11 Sep 2006 13:24:58 -0400
To: <xxxxxx@gmail.com>
Subject: Good Luck, xxxx!
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit

<HTML>
<BODY>

Just have a look! 

<a href="http://gahesseros.com/e/42">Click here...</a> 















 
timeThe secret of business is to know something that nobody else knows.chanceBe right, and then be easy to live with, if possible, but in that order.accessIf you can't get a compliment any other way, pay yourself one.
</body>
</html>

lots0 · Sep 15, 2006

kwblue said:
I'm not quite sure I agree with you here, lots0.

Thats cool.

kwblue said:
I believe that Dhayman is just researching facts and presenting them.

Yup, with out giving credit to the source... in other words stealing.

kwblue said:
He should probably have said that he did not find the info himself.. but found it in a post at CM.

If he/she would have done that I would not have a problem. But the fact is that this person did steal the content, by not giving a link back to CM or even mentioning the source.

kwblue said:
But that doesn't make all of CAP a bunch of idiots. I post there quite regularly and do not think of myself as a joke.

Point taken, I wish I could retract that statement. In my defense, I can only say that the irony (its over whelming youve got to admit) and my anger over this content theft overcame me and I made a statement that I should not have.

Now if I had stolen (copied and posted and not given credit) some of Dhaymans content I wonder how he/she would feel about it... Of course I would only use Dhaymans content for research, research on how to make myself more money...

**********

winbig - I figured out a while ago that Cpays is just laughing at all of us honest Webmasters. They are very very deceptive in all their dealings and seem willing to go to any lengths, including hiring gangsters and thugs to their dirty work.

There are a few prominent names in this business (Casino Super Affiliates) that are making a lot of money off of Cpays, these folks are willing to turn a blind eye and even help Cpays avoid a backlash from the online casino affiliate community as long as the money keeps coming. SO Cpays feels right now like they are bullet proof, that they can get away with anything.

Remember that the search engine spamming has not diminished because of anything that Cpays has done, it has diminished because the exploit that Alex Blood hacked was found and patched. I am afraid that the email spamming from these sub-humans will never end.

winbig · Sep 15, 2006

lots0 said:
I am afraid that the email spamming from these sub-humans will never end.

Actually, there are a few states here in the USA where if you spam their residents, it's viewed as a felony.

Now all we need to do is generate enough complaints from residents of those states and get them sent to the AG. MAYBE then action will be taken.

For instance:

The Virginia statute makes it illegal to send unsolicited bulk email containing falsified routing information, if the sender thereby violates a service provider’s policies, or to distribute software designed to falsify routing information. The Virginia provisions are novel in that they are among the first to permit felony prosecutions and seizure of the criminal’s assets. Legislators have argued that existing spam laws have been ineffective because many of the worst spammers are virtually judgment proof or the statutory penalties were not great enough to deter the spammers.

lots0 · Sep 15, 2006

United States law is not universal. What are the prosecutors from the US going to do in Kiev or Beijing?
Not much... Sorry just being realistic. As long as there is money to be made someone will find away.

A different approach, that won’t work either, is to try to teach users not to open spam or buy anything thru spam, you’d think people would have learned not to open spam by now... :what:

But all it takes is one moron in ten thousand to buy 'make my peepee bigger pills' from the nice spam email and the spammer has made a profit.

I have blacklisted Clubdice, Carnival, New York, USA Casinos and CDpoker

Dormant account

Banned User - troll posts - flaming

Banned User - troll posts - flaming

Dormant Account

Dormant Account

Banned User - troll posts - flaming

Banned User - troll posts - flaming

Banned User - troll posts - flaming

Dormant account

Banned User - troll posts - flaming

Keep winning this amount.

Dormant Account

Dormant account

Keep winning this amount.

Dormant Account

RIP Brian

Banned User - troll posts - flaming

Banned User - troll posts - flaming

Banned User - troll posts - flaming

Banned User - troll posts - flaming

Dormant Account

Keep winning this amount.

Banned User - troll posts - flaming

Keep winning this amount.

Banned User - troll posts - flaming

Similar threads

Users who are viewing this thread

Meister Ratings