Forum spammer not found?

[polonus]

See: http://hosts-file.net/?s=188.40.205.219  and  http://zulu.zscaler.com/submission/show/3441cce99a8ff2591d3ed660ced70dd1-1350849722
EXPLOIT-KIT URI possible Blackhole URL - main.php?page=
But IP has content spammers: http://mail.stopforumspam.com/ipcheck/188.40.205.219

polonus

[DavidR]

Some more information on your actual subject wouldn't go amiss as why, who and where are just as important as the IP address. This in isolation isn't an indication of an individual spammer or that the IP is only spam related.

Depending on where you look you are likely to get different information.

[polonus]

Hi DavidR,

Here we go, some more detailed information about that url being suspicious/malicious.

It is not only this IP, it is the hoster which is "high risk" one: http://www.abuseipdb.com/check/15chan.net   "commercial adware and e-mail spam"
High Risk so-called EMD classification: http://hosts-file.net/?s=jolts-online.net&wn=1
This is the initial url that was flagged by badmalware: 646312   2012-10-21   fedwireclearance dot com   188.40.205.219   24940   htxp://fedwireclearance.com/info/view/dir/content/check/default_files/   and a couple of other attack probes....
More instances of PHP malcode attacks there, see: htxp://bbrlplc.com/lot/show/conf/Duk/?MD (suspended domain)
see: etc/ transferringEXEtax.php, view/dir/content/check/uploadpic.php, see this Exploit being exploited Google Dork : inurl:uploadpic.php intext:Powered by phpBB, the particular exploit info was removed, bit the initial information could be retrieved via the Google cache, the exploit method is to perform a changed log with TamperData To shell.php, and  transferringEXEatc.php, transf8.jpg etc. (so the firefox add-on tamper data can also be used for malicious purposes).
I think this information is sufficient for marking these urls as suspicious, probably the attacks are to launch spam,

polonus

[polonus]

Hi forum friends,

Some additional info on the risk of the abuse of an add-on like Tamper Data in firefox. Yes it can be abused in the hands of informed miscreants.
This could not be achieve for instance with Google Chrome, the low level API to create such an add-on would not be given free to developers.
The dangers of handing out such a low level API for add-on developers for firefox is now obvious, as you can see from the above exploit example,

polonus

[DavidR]

Yes but the question I ask is directly related to the subject 'Forum spammer not found? '
e.g. who is the forum spammer, if you only have a user, where and when they were supposed to be spamming and the associated IP address to go on.

I don't see how anything said so far is related to the subject, 'Forum spammer not found?' which I read as an individual.

Where IP addresses are commonly used in spamming, it still requires a user, email address, etc. Those IP address may well be picked up by various sources:

One I often use is http://www.ipchecking.com/ if I don't find anything on an individual user name, email address, etc.

RBL (Realtime Block List) Lookup
The blocklist lookup allows you to find whether an IP address is listed in the following public blocking lists: SpamCop, SBL, XBL, CBL, NJABL and SORBS.