Who is intensenode?

drmike

100% Tier-1 Gogent
Intensenode is a spammer.

A spammer with now private WHOIS info that was just out there two days ago.  The data appears to be invalid (original).

You were emailed because you bought something / got on list of ChicagoVPS or 123Systems.

Some are pointing finger at Fabozzi for this.  Others are saying this Quadranet.

Still need to establish who got the email, when they can trace their interaction with CVPS/123Systems back to.  Appears this email list came from first half of 2014 or earlier.   

Not clear that it has anything to do with prior hacks of CVPS.  Easy to dismiss it as that, but zero proof of that relationship at this point.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
This is why it's wise to sign up with company specific emails when ordering services. Very easy if you use Gmail.

Example with Gmail: [email protected] will still email all messages to your [email protected] address but will place these messages in a folder named 'hostingcompany' in your inbox. Neat little trick. The benefit of doing this is that if you receive email spam to a specific folder you can determine what company sold your information, was compromised with no notification to the user or is engaging in some other shady behavior.

With all the DB leaks that have occurred in the past, it could just be a company utilizing harvested emails. ChicagoVPS had their solus DB dumped a couple times a couple years ago. GVH had their stuff compromised more recently. 123Systems... I don't remember. Maybe. It's hard telling. Maybe someone who signed up with a company specific email can let us know if they received this same spam to it, then we can determine at least what company the email list came from.
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Ah, looking over at LET I see that they've got a thread going about this too. Seems that people are saying they're getting them from addresses they've used only for specific companies. WeLoveServers, 123Systems, and ChicagoVPS seem to be the 3 companies people are saying they had signed up for in the past.
 
Last edited by a moderator:

DomainBop

Dormant VPSB Pathogen
IntenseNode WAS a provider until their host shut them down for spamming around noon yesterday.  After being shut down they switched their nameservers to their registrar's default servers, changed the WHOIS to private, and called it a day.  No A records or MX records so you don't need to worry about any more spam.  Bye, bye spammers. 

WHT thread: http://www.webhostingtalk.com/showthread.php?t=1509326

With all the DB leaks that have occurred in the past, it could just be a company utilizing harvested emails.
Former employee with a copy of the NWNX/CVPS mailing list is more likely than someone harvesting emails from one of those DB leaks because many of those addresses that were spammed Sunday night (UGVPS customers, 123sys customers) weren't in the Solus/WHMCS DB leaks.  The email address I used for UGVPS was added to the CVPS mailing list when they acquired UGVPS but was never added to their WHMCS (or SolusVM).

On another note:

Ah, looking over at LET I see .... ChicagoVPS
Looking over at LET I see that Chris's little puppy dog who for the past 2 years obediently locked and sunk CVPS related threads when Chris asked him to, and frequently went into attack mode against anyone who criticized CVPS,  quit as administrator and deleted all of his own posts.  Good riddance (he was a major reason I haven't posted there since December 2013).
 
Last edited by a moderator:

drmike

100% Tier-1 Gogent
Quote said:
Former employee with a copy of the NWNX/CVPS mailing list is more likely than someone harvesting emails from one of those DB leaks because many of those addresses that were spammed Sunday night (UGVPS customers, 123sys customers) weren't in the Solus/WHMCS DB leaks.  The email address I used for UGVPS was added to the CVPS mailing list when they acquired UGVPS but was never added to their WHMCS (or SolusVM).
123Systems never was hacked as far as we all know.

Clear that some folks were 123Sys customer and thus origin.  Others were CVPS customers, and clear their origin.

Question remains what emails were spammed.  I am going to dig the CVPS database back out and look for the email pile and do some comparisons.   With that data we can surely determine if this was from that or if it was a rogue employee.  
 

HN-Matt

New Member
Verified Provider
Ah, looking over at LET I see .... ChicagoVPS
Looking over at LET I see that Chris's little puppy dog who for the past 2 years obediently locked and sunk CVPS related threads when Chris asked him to, and frequently went into attack mode against anyone who criticized CVPS,  quit as administrator and deleted all of his own posts.  Good riddance (he was a major reason I haven't posted there since December 2013).
Really? I vaguely remember him being not-so-bad. Seemed relatively intelligent for his age without being irritatingly precocious. Guess I've never really followed any of the CPVS dramas at @drmike levels of scrutiny, though, so wouldn't know there. Nonetheless, lol if you've been holding some ~2 year grudge against a kid for being used to tow the party line.
 
Last edited by a moderator:

HostPuma

New Member
Its seem there are threads everywhere about this spammer, whether its here or LET or WHT!

He was with HostDime and it seems his server was taken down after this incident, and he switched his Whois to private!
 

drmike

100% Tier-1 Gogent
Well, there were other providers mucked up in the site / history / related.

We managed to scare whoever it was into closing shop with record quickness.

Someone knew their actions were ill and someone who reads these forums someone well versed in being a provider and the technical attributes of what was being offered.

May I encourage them to try again... 
 

DomainBop

Dormant VPSB Pathogen
Quote said:
CVPS_Chris said: "It was not me or anyone currently associated with CVPS. If I had to take a stab in the dark it is just someone using old DB when we were unfortunately hacked twice a few years back."

Dillybob replied: "You're so far off.

My email / account was used to purchase the 75 cent package several months ago. And I only signed up with 1 VPS Provider with that email address (HINT: It was with CVPS), it couldn't of been years 'back'.

Make a better guess."

http://www.lowendtalk.com/discussion/comment/1250147/#Comment_1250147
Dillybob's statement eliminates the 2012/2013Solus/WHMCS DB hacks as the source, and the timing eliminates as suspects a pair of former employees who went to work for a competitor in mid 2014.

So either A. CVPS got hacked recently (i.e. in the past few months) and doesn't know it, B. a recent/current CVPS worker is selling the mailing list, and/or C. #winning is full of shit. 
 

TheLinuxBug

New Member
Quote said:
CVPS_Chris said: "It was not me or anyone currently associated with CVPS. If I had to take a stab in the dark it is just someone using old DB when we were unfortunately hacked twice a few years back."

Dillybob replied: "You're so far off.

My email / account was used to purchase the 75 cent package several months ago. And I only signed up with 1 VPS Provider with that email address (HINT: It was with CVPS), it couldn't of been years 'back'.

Make a better guess."

http://www.lowendtalk.com/discussion/comment/1250147/#Comment_1250147
Dillybob's statement eliminates the 2012/2013Solus/WHMCS DB hacks as the source, and the timing eliminates as suspects a pair of former employees who went to work for a competitor in mid 2014.

So either A. CVPS got hacked recently (i.e. in the past few months) and doesn't know it, B. a recent/current CVPS worker is selling the mailing list, and/or C. #winning is full of shit. 
#WINNING

http://www.lowendtalk.com/discussion/comment/1250759/#Comment_1250759

LOL.

Cheers!
 

Gary

Member
This is why it's wise to sign up with company specific emails when ordering services. Very easy if you use Gmail.

Example with Gmail: [email protected] will still email all messages to your [email protected] address but will place these messages in a folder named 'hostingcompany' in your inbox. Neat little trick. The benefit of doing this is that if you receive email spam to a specific folder you can determine what company sold your information, was compromised with no notification to the user or is engaging in some other shady behavior.
I see this said a lot, but why wouldn't a company selling your data just pass it on without the +... part, to cover their tracks?
 

MannDude

Just a dude
vpsBoard Founder
Moderator
This is why it's wise to sign up with company specific emails when ordering services. Very easy if you use Gmail.

Example with Gmail: [email protected] will still email all messages to your [email protected] address but will place these messages in a folder named 'hostingcompany' in your inbox. Neat little trick. The benefit of doing this is that if you receive email spam to a specific folder you can determine what company sold your information, was compromised with no notification to the user or is engaging in some other shady behavior.
I see this said a lot, but why wouldn't a company selling your data just pass it on without the +... part, to cover their tracks?
That's certainly possible too. But there are also people who also sign up for things with specific email addresses that are associated with what they're signing up for. There is several [email protected] type addresses used by members on this site that I've seen in passing, and working in the hosting industry have seen stuff like that as well from customers.

Of course if selling the data looking for things like that would be wise, but not everyone has that level of forethought.
 

joepie91

New Member
I received them as well (and they went straight to spam). Only used CVPS in a fairly distant past (via UGVPS), not GVH/123Systems, and not Crissic or Quadranet either. So, seems it comes from CVPS.
 
Top