Twitter bot spamming spy harvesting website

Discussion in 'Help Iran Online' started by Unregistered, Jun 24, 2009.

  1. xyz305, xyz308 and such are spamming tweets (promising to tell about Tor/anonymous email/Neda) which redirect from to and

    Presumably, these are websites harvesting information about Iranian users.

    WHOIS information for :

    [Redirected to]
    William Freeman
    2 Savoy Crt
    Kingaroy, QLD 4610

    Domain name: IEVES.COM

    Administrative Contact:
    Freeman, William
    2 Savoy Crt
    Kingaroy, QLD 4610
    Technical Contact:
    Freeman, William
    2 Savoy Crt
    Kingaroy, Queensland 4610

    Registration Service Provider:
    Easy CGI,
    This company may be contacted for domain login/passwords,
    DNS/Nameserver changes, and general domain support questions.

    Registrar of Record: TUCOWS, INC.
    Record last updated on 13-May-2009.
    Record expires on 03-Sep-2009.
    Record created on 03-Sep-2006.

    Registrar Domain Name Help Center:
    Tucows Domain Name Help Center

    Domain servers in listed order:

    Domain status: clientTransferProhibited
  2. Jaymax Moderator

  3. someone tweet that Iranians are only click links from trusted sources and advise caution about irgov bots ASAP
  4. [MODEDIT: Thread spamming]
  5. Jaymax Moderator

    I really don't think it's related to Iran.

    eg: Scientology -

    The site is just pulling down any Wikipedia content and putting Google ads next to it - most likely just a money making scam.
  6. Hechicera Member

    New Bots qpr321

    qpr321: #IranElection Tehran Mousavi Iran #neda Neda - How to bypass Internet blocking ... -
  7. The Australian Fed Police have been contacted about this.
  8. Vee Member

    Hopefully there not busy with Utegate :p
  9. Srpska Member

    The authorities will take fucking ages to do anything, if they do it at all. In the meantime, please tweet warnings about these sites.
  10. links

    If you are not in Iran and you click on them does it just confuse the Iran government or does it still endanger?
  11. Web-Source of r.ieves

    The http result of doesn't give so much more details:

    HTTP/1.1 302 Found
    Date: Mon, 06 Jul 2009 13:14:12 GMT
    Server: Microsoft-IIS/6.0
    X-Powered-By: ASP.NET
    X-AspNet-Version: 2.0.50727
    Cache-Control: private
    Content-Type: text/html; charset=utf-8
    Content-Length: 188
    <html><head><title>Object moved</title></head><body>
    <h2>Object moved to <a href="
  12. The is-the-coolest site is registered to the same people as the

    Bogus info in the registration details - the phone numbers are not even complete.
    I know as I thought - hey why not give 'em a call...

    The street address is probably BS too - google map it and streetview - just someones house in Kingaroy QLD...
  13. Oh and the server is also the same according to the traceroute.
  14. ahh landline number not mobile - the registered owner of the domain has a whitepages listing in Australia - if they were bad guys - would they do that ?.. Are we sure there is something sinister going on beyond a simple spam bot ?
  15. It may not be a government agent, but at the very least it is someone using the blood of people fighting for their freedom to grease the wheels of their own enterprise. Really, worst case or best case, I have yet to see a good reason NOT to lambaste these people all to hell.

    Additionally, whoever this is goes a bit out of their way to cover the tracks of a simple spam bot operation, and so following the links seems anything but advisable for anyone inside Iran.
  16. i did a little poking around...

    it looks like .asp will also get the windows logon name from the client.

    mix that with geolocating from an IP address, and now you have a name and a city.

    scary stuff.
  17. all the twitter accounts mentioned have been closed

    well, one way or another, twitter shut these accounts down. something tells me the twitter founders have a favorite side here . . .
  18. Twitter shut them down as they were provided with the IP etc to block 'em.
    Sometimes the simplest things work best.

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins