# Who is intensenode?



## Ricky Spanish (Sep 1, 2015)

Are they a member here? I never did business with this company and I got a email from them.


----------



## drmike (Sep 1, 2015)

Intensenode is a spammer.

A spammer with now private WHOIS info that was just out there two days ago.  The data appears to be invalid (original).

You were emailed because you bought something / got on list of ChicagoVPS or 123Systems.

Some are pointing finger at Fabozzi for this.  Others are saying this Quadranet.

Still need to establish who got the email, when they can trace their interaction with CVPS/123Systems back to.  Appears this email list came from first half of 2014 or earlier.   

Not clear that it has anything to do with prior hacks of CVPS.  Easy to dismiss it as that, but zero proof of that relationship at this point.


----------



## MannDude (Sep 1, 2015)

This is why it's wise to sign up with company specific emails when ordering services. Very easy if you use Gmail.

Example with Gmail: [email protected] will still email all messages to your [email protected] address but will place these messages in a folder named 'hostingcompany' in your inbox. Neat little trick. The benefit of doing this is that if you receive email spam to a specific folder you can determine what company sold your information, was compromised with no notification to the user or is engaging in some other shady behavior.

With all the DB leaks that have occurred in the past, it could just be a company utilizing harvested emails. ChicagoVPS had their solus DB dumped a couple times a couple years ago. GVH had their stuff compromised more recently. 123Systems... I don't remember. Maybe. It's hard telling. Maybe someone who signed up with a company specific email can let us know if they received this same spam to it, then we can determine at least what company the email list came from.


----------



## MannDude (Sep 1, 2015)

Ah, looking over at LET I see that they've got a thread going about this too. Seems that people are saying they're getting them from addresses they've used only for specific companies. WeLoveServers, 123Systems, and ChicagoVPS seem to be the 3 companies people are saying they had signed up for in the past.


----------



## DomainBop (Sep 1, 2015)

IntenseNode WAS a provider until their host shut them down for spamming around noon yesterday.  After being shut down they switched their nameservers to their registrar's default servers, changed the WHOIS to private, and called it a day.  No A records or MX records so you don't need to worry about any more spam.  Bye, bye spammers. 

WHT thread: http://www.webhostingtalk.com/showthread.php?t=1509326



> With all the DB leaks that have occurred in the past, it could just be a company utilizing harvested emails.


Former employee with a copy of the NWNX/CVPS mailing list is more likely than someone harvesting emails from one of those DB leaks because many of those addresses that were spammed Sunday night (UGVPS customers, 123sys customers) weren't in the Solus/WHMCS DB leaks.  The email address I used for UGVPS was added to the CVPS mailing list when they acquired UGVPS but was never added to their WHMCS (or SolusVM).

On another note:



> Ah, looking over at LET I see .... ChicagoVPS


Looking over at LET I see that Chris's little puppy dog who for the past 2 years obediently locked and sunk CVPS related threads when Chris asked him to, and frequently went into attack mode against anyone who criticized CVPS,  quit as administrator and deleted all of his own posts.  Good riddance (he was a major reason I haven't posted there since December 2013).


----------



## drmike (Sep 1, 2015)

Quote said:


> Former employee with a copy of the NWNX/CVPS mailing list is more likely than someone harvesting emails from one of those DB leaks because many of those addresses that were spammed Sunday night (UGVPS customers, 123sys customers) weren't in the Solus/WHMCS DB leaks.  The email address I used for UGVPS was added to the CVPS mailing list when they acquired UGVPS but was never added to their WHMCS (or SolusVM).


123Systems never was hacked as far as we all know.

Clear that some folks were 123Sys customer and thus origin.  Others were CVPS customers, and clear their origin.

Question remains what emails were spammed.  I am going to dig the CVPS database back out and look for the email pile and do some comparisons.   With that data we can surely determine if this was from that or if it was a rogue employee.


----------



## HN-Matt (Sep 1, 2015)

> > Ah, looking over at LET I see .... ChicagoVPS
> 
> 
> Looking over at LET I see that Chris's little puppy dog who for the past 2 years obediently locked and sunk CVPS related threads when Chris asked him to, and frequently went into attack mode against anyone who criticized CVPS,  quit as administrator and deleted all of his own posts.  Good riddance (he was a major reason I haven't posted there since December 2013).



Really? I vaguely remember him being not-so-bad. Seemed relatively intelligent for his age without being irritatingly precocious. Guess I've never really followed any of the CPVS dramas at @drmike levels of scrutiny, though, so wouldn't know there. Nonetheless, lol if you've been holding some ~2 year grudge against a kid for being used to tow the party line.


----------



## HostPuma (Sep 1, 2015)

Its seem there are threads everywhere about this spammer, whether its here or LET or WHT!

He was with HostDime and it seems his server was taken down after this incident, and he switched his Whois to private!


----------



## drmike (Sep 2, 2015)

Well, there were other providers mucked up in the site / history / related.

We managed to scare whoever it was into closing shop with record quickness.

Someone knew their actions were ill and someone who reads these forums someone well versed in being a provider and the technical attributes of what was being offered.

May I encourage them to try again...


----------



## DomainBop (Sep 2, 2015)

drmike said:


> Quote said:
> 
> 
> > *CVPS_Chris said:* "It was not me or anyone currently associated with CVPS. If I had to take a stab in the dark it is just someone using old DB when we were unfortunately hacked twice a few years back."
> ...


Dillybob's statement eliminates the 2012/2013Solus/WHMCS DB hacks as the source, and the timing eliminates as suspects a pair of former employees who went to work for a competitor in mid 2014.

So either A. CVPS got hacked recently (i.e. in the past few months) and doesn't know it, B. a recent/current CVPS worker is selling the mailing list, and/or C. #winning is full of shit.


----------



## TheLinuxBug (Sep 2, 2015)

DomainBop said:


> drmike said:
> 
> 
> > Quote said:
> ...


#WINNING

http://www.lowendtalk.com/discussion/comment/1250759/#Comment_1250759

LOL.

Cheers!


----------



## Gary (Sep 2, 2015)

> This is why it's wise to sign up with company specific emails when ordering services. Very easy if you use Gmail.
> 
> Example with Gmail: [email protected] will still email all messages to your [email protected] address but will place these messages in a folder named 'hostingcompany' in your inbox. Neat little trick. The benefit of doing this is that if you receive email spam to a specific folder you can determine what company sold your information, was compromised with no notification to the user or is engaging in some other shady behavior.


I see this said a lot, but why wouldn't a company selling your data just pass it on without the +... part, to cover their tracks?


----------



## MannDude (Sep 3, 2015)

> > This is why it's wise to sign up with company specific emails when ordering services. Very easy if you use Gmail.
> >
> > Example with Gmail: [email protected] will still email all messages to your [email protected] address but will place these messages in a folder named 'hostingcompany' in your inbox. Neat little trick. The benefit of doing this is that if you receive email spam to a specific folder you can determine what company sold your information, was compromised with no notification to the user or is engaging in some other shady behavior.
> 
> ...


That's certainly possible too. But there are also people who also sign up for things with specific email addresses that are associated with what they're signing up for. There is several [email protected] type addresses used by members on this site that I've seen in passing, and working in the hosting industry have seen stuff like that as well from customers.

Of course if selling the data looking for things like that _would be_ wise, but not everyone has that level of forethought.


----------



## joepie91 (Sep 3, 2015)

I received them as well (and they went straight to spam). Only used CVPS in a fairly distant past (via UGVPS), not GVH/123Systems, and not Crissic or Quadranet either. So, seems it comes from CVPS.


----------

