That 1babe.biz spammer

Email
Comment *
File	Select/drop/paste files here
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

File: 1447876992154-0.png (1.07 MB, 1288x677, 1288:677, 1.png)

File: 1447876992155-1.png (1.4 MB, 1277x643, 1277:643, 2.png)

File: 1447876992155-2.png (34.5 KB, 703x212, 703:212, 3.png)

File: 1447876992155-3.png (78.29 KB, 675x483, 225:161, 4.png)

File: 1447876992155-4.png (45.58 KB, 1247x374, 1247:374, 5.png)

That 1babe.biz spammer Anonymous 11/18/15 (Wed) 20:03:11 No.103387

Given the nature of the site at the end of the redirect, and seeing as there are two or three different last names with the same address in Whitepages, I'm guessing this is just fake/cover info, but here it is regardless if anyone wants.

Domain Name: 1BABE.BIZ
Domain ID: D66594277-BIZ
Sponsoring Registrar: ENOM, INC.
Sponsoring Registrar IANA ID: 48
Registrar URL (registration services): whois.enom.com
Domain Status: clientTransferProhibited
Variant: 1BABE.BIZ
Registrant ID: B424E8B686626584
Registrant Name: Elian Jacobs
Registrant Address1: 6433 Fairest Dream Ln
Registrant City: Columbia
Registrant State/Province: MD
Registrant Postal Code: 21044
Registrant Country: United States
Registrant Country Code: US
Registrant Phone Number: +1.4435388127
Registrant Email: sterlingpfog@hotmail.com
Administrative Contact ID: B424E8B686626584
Administrative Contact Name: Elian Jacobs
Administrative Contact Address1: 6433 Fairest Dream Ln
Administrative Contact City: Columbia
Administrative Contact State/Province: MD
Administrative Contact Postal Code: 21044
Administrative Contact Country: United States
Administrative Contact Country Code: US
Administrative Contact Phone Number: +1.4435388127
Administrative Contact Email: sterlingpfog@hotmail.com
Billing Contact ID: A28BC7D70C3935AF
Billing Contact Name: Google Team
Billing Contact Organization: Google, Inc.
Billing Contact Address1: 1600 Amphitheatre Parkway
Billing Contact City: Mountain View
Billing Contact State/Province: CA
Billing Contact Postal Code: 94043
Billing Contact Country: United States
Billing Contact Country Code: US
Billing Contact Phone Number: +1.6501234567
Billing Contact Email: googleclients@enom.com
Technical Contact ID: B424E8B686626584
Technical Contact Name: Elian Jacobs
Technical Contact Address1: 6433 Fairest Dream Ln
Technical Contact City: Columbia
Technical Contact State/Province: MD
Technical Contact Postal Code: 21044
Technical Contact Country: United States
Technical Contact Country Code: US
Technical Contact Phone Number: +1.4435388127
Technical Contact Email: sterlingpfog@hotmail.com
Name Server: NS1.GBFREEHOSTING.COM
Name Server: NS2.GBFREEHOSTING.COM
Name Server: NS3.GBFREEHOSTING.COM
Name Server: NS4.GBFREEHOSTING.COM
Created by Registrar: ENOM, INC.
Last Updated by Registrar: ENOM, INC.
Domain Registration Date: Thu Nov 05 00:06:27 GMT 2015
Domain Expiration Date: Fri Nov 04 23:59:59 GMT 2016
Domain Last Updated Date: Thu Nov 05 09:16:09 GMT 2015
DNSSEC: false

Anonymous 01/18/16 (Mon) 01:27:51 No.107619

Is this the same CP site as 1babe.ph?

I've got some scan data coming in on that one right now.

Guy has a whole mess of ports open, and it appears to be hosted on an iPXE server.

Looks like it's something coming out of Vietnam.

Anonymous 01/18/16 (Mon) 01:44:11 No.107627

Know what's really sick?

Running a geolocation brings up a kindergarten.

https://www.google.com/maps/place/21%C2%B001'59.9%22N+105%C2%B051'00.0%22E/@21.0333014,105.8493916,184m/data=!3m2!1e3!4b1!4m2!3m1!1s0x0:0x0

Anonymous 01/18/16 (Mon) 01:55:45 No.107631

File: 1453082145998.jpg (16.07 KB, 313x313, 1:1, 1452114544192.jpg)

I have some more data on this:


Nmap scan report for 1babe.ph (14.177.207.175)
Host is up, received syn-ack ttl 19 (0.28s latency).
Scanned at 2016-01-17 20:06:13 Eastern Standard Time for 265s
PORT      STATE    SERVICE            REASON         VERSION
25/tcp    open     smtp               syn-ack ttl 19 Alt-N MDaemon mail server 14.5.0
|_smtp-commands: Couldn't establish connection on port 25
| ssl-date: 
|_  ERROR: Unable to obtain data from the target
80/tcp    open     http               syn-ack ttl 19
110/tcp   open     pop3               syn-ack ttl 19 MDaemon pop3d 14.5.0
| ssl-date: 
|_  ERROR: Unable to obtain data from the target
143/tcp   open     imap               syn-ack ttl 19 Alt-N MDaemon imapd 14.5.0
| imap-capabilities: 
|_  ERROR: Failed to connect to server
| ssl-date: 
|_  ERROR: Unable to obtain data from the target
443/tcp   open     ssl/http-proxy     syn-ack ttl 19 HAProxy http proxy
| http-cisco-anyconnect: 
|_  ERROR: Not a Cisco ASA or unsupported version
| ssl-date: 
|_  ERROR: Unable to obtain data from the target
465/tcp   open     ssl/smtp           syn-ack ttl 19 Alt-N MDaemon mail server 14.5.0
|_smtp-commands: Couldn't establish connection on port 465
| ssl-date: 
|_  ERROR: Unable to obtain data from the target
587/tcp   open     smtp               syn-ack ttl 19 MDaemon smtpd 14.5.0 (Unregistered)
|_smtp-commands: Couldn't establish connection on port 587
| ssl-date: 
|_  ERROR: Unable to obtain data from the target
993/tcp   open     ssl/imap           syn-ack ttl 19 Alt-N MDaemon imapd 14.5.0
| imap-capabilities: 
|_  ERROR: Failed to connect to server
| ssl-date: 
|_  ERROR: Unable to obtain data from the target
995/tcp   open     ssl/pop3           syn-ack ttl 19 MDaemon pop3d 14.5.0
| ssl-date: 
|_  ERROR: Unable to obtain data from the target
3389/tcp  open     ssl/ms-wbt-server? syn-ack ttl 19
| ssl-date: 
|_  ERROR: Unable to obtain data from the target

Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
Device type: specialized|WAP|phone
Running: iPXE 1.X, Linux 2.4.X|2.6.X, Sony Ericsson embedded
OS CPE: cpe:/o:ipxe:ipxe:1.0.0%2b cpe:/o:linux:linux_kernel:2.4.20 cpe:/o:linux:linux_kernel:2.6.22 cpe:/h:sonyericsson:u8i_vivaz
OS details: iPXE 1.0.0+, Tomato 1.28 (Linux 2.4.20), Tomato firmware (Linux 2.6.22), Sony Ericsson U8i Vivaz mobile phone
TCP/IP fingerprint:
OS:SCAN(V=7.01%E=4%D=1/17%OT=25%CT=%CU=%PV=N%G=N%TM=569C3B8E%P=i686-pc-wind
OS:ows-windows)ECN(R=N)T1(R=N)T2(R=N)T3(R=N)T4(R=N)U1(R=N)IE(R=N)
Service Info: Host: mail.oahay.com; OS: Windows; Device: load balancer; CPE: cpe:/o:microsoft:windows

Anonymous 01/18/16 (Mon) 15:07:59 No.107680

File: 1453129679282.png (7.59 KB, 100x184, 25:46, Pedobear.png)

lamo, this is the same guy thats posting the "t.o.pb.a.b.e.r.u" links. really BO and mods should just ban him. fucking pedo. did a lookup on "t.o.p.b.a.be.r.u" (spam filter) , it looks like its hosted in Vietnam too. though i really doubt that its the actual hosting location. also, clearnet CP? jfc this guy either wants to get V& or is a complete dumbass.

Anonymous 01/18/16 (Mon) 22:14:04 No.107719

File: 1453155244498.jpg (413.94 KB, 1594x1734, 797:867, 1448350274264.jpg)

>>107680

>this guy either wants to get V& or is a complete dumbass

Either that, or he's some organized crime figure and knows he's nigh-untouchable. Possibly out of Thailand, since that's practically the Singapore of international child trafficking.

I was able to temporarily knock the site down (on accident) yesterday by overwhelming the server with login attempts. The version of phpBB is pretty old, several years at least, and probably has some unpatched vulnerabilities.

DoSing it would be, pardon the sick pun, child's play, but the real coup would be to get a hold of the server logs, and track down every babyfucking bastard who wasn't smart enough to use proxies.

Anonymous 01/19/16 (Tue) 06:40:25 No.107737

>>107680

>fucking pedo

Go back to 4chan SJW scum. We don't want moralscum like you here.

Anonymous 01/19/16 (Tue) 15:38:43 No.107749

File: 1453217923327.png (206.08 KB, 525x525, 1:1, 90thDS.png)

>>107737

CP is pretty much beyond morality. It's not about social justice, it's about ensuring a future for our children. Even evil has its standards. If you don't, you're not a human, you're just an animal that needs to be put down.

Also, they spammed us. Pretty sure that means the gloves come off.

Anonymous 01/19/16 (Tue) 16:01:36 No.107751

>>107749

HAHA no,

Evil has no standards or masters. We do not give a shit about children.

Pedophilia, zoo faggotry among other depravities are EXCUSES to ruin someone completely.

Moralfags like you that rode on coat tails of operation missed the point by miles.

Cut the morality bullshit, we raid because we can and they spammed á la Kimmo Alm in early 4chins days.

Get your priorities right, poserfag

Anonymous 01/19/16 (Tue) 16:18:54 No.107752

File: 1453220334686.jpg (81.96 KB, 626x348, 313:174, 1451802342298.jpg)

>>107751

I don't exactly agree with you, but it's not like I care either. For you, the CP is an excuse to rek a spammer. For me, the spam is an excuse to go fuck some pedophiles' shit up. The goal is the same.

It's really tough to say whether 1babe.biz is part of the topbabe network. The traceroutes are completely different. The choice of domains though is certainly a very suspicious coincidence.

Anonymous 01/19/16 (Tue) 16:50:37 No.107754

>>107752

When was the last time when pedofags didn't rely on de-centralized networks?

Technically danknet /i/nsurgent bunkers or baph board hosted on overchan looks different on paper.

The spammers follow the exact same formula

>Create a thread

>Dump the thumbnail

>Insert the intended link in every field possible

>jump on different proxy/VPN

>Get B&

>Rinse and repeat.

Newfags get V& if they are stupid enough to look at recent bans list and find any given CP spambot. It's not possible to remove any names.

I could be wrong, since I had to deal with a lot IRL shit for two or three months or so.

Anonymous 01/19/16 (Tue) 16:57:47 No.107755

File: 1453222679156.png (48.53 KB, 252x142, 126:71, 1453129060894.png)

>>107754

I'm sure they do. That's why I don't just want to take a site down, I want to get in there and see if I can dig up any identifying information. The smart ones won't have left anything, but we can still get the stupid ones.

Anonymous 01/19/16 (Tue) 21:11:47 No.107759

Uh, if I were you, I wouldn't try to fuck with this guy. 90% of clearweb CP sites are government honeypots.

Regardless, interesting stuff.

Anonymous 01/19/16 (Tue) 21:54:06 No.107761

File: 1453240446401.jpg (108.18 KB, 500x500, 1:1, 1451594789407.jpg)

>>107759

A government honeypot that spams other clearnet sites and is based out of Vietnam? Nuh-uh, I don't think so.

Even if it is, it's not illegal for a private citizen to investigate potential crime. Highly discouraged, yes, but not illegal.

Anonymous 01/21/16 (Thu) 23:25:45 No.107828

File: 1453418745641.jpg (41.93 KB, 364x466, 182:233, BEHEAD THOSE WHO INSULT CU….jpg)

You guys checked tophatchan yet? they got a board named Dead Chans where they meet up and spam the same links onto dead chans, including here 8chan.

Anonymous 01/22/16 (Fri) 04:36:34 No.107832

File: 1453437394473.jpg (284.29 KB, 1034x821, 1034:821, 1452719621730.jpg)

>>107828

Is that just a codename for masterchan's /General/ board? Isn't that entire site just a honeypot for the Dutch police?

Anonymous 01/22/16 (Fri) 12:38:33 No.107841

>>107832

Definitely a honeypot, supposedly the servers were seized last year.

But no, theres a board called that, but they dont last long as its full of hidden threads that go on for 20+ pages

Anonymous 01/22/16 (Fri) 17:30:34 No.107845

File: 1453483834895.jpg (49.39 KB, 400x400, 1:1, 1363343983812.jpg)

>>107841

So it's a hidden service then? Can you spot me a link?

Anonymous 01/23/16 (Sat) 03:10:33 No.107864

>>107841

Wait, is it Masterchan or not? Don't leave me hanging.

Anonymous 01/23/16 (Sat) 05:48:24 No.107872

>>107841

>>107864

Yeah it is, i thought it was wordfiltered here too, sorry m8s.

some posts have disappeared on the board too

Anonymous 01/23/16 (Sat) 23:29:43 No.107897

>>107832

kmar here, tophatchan is not a honeypot

Anonymous 01/24/16 (Sun) 00:04:14 No.107899

File: 1453593858703.gif (258.58 KB, 450x450, 1:1, 1452384496369.gif)

>>107897

KMar as in the Dutch gendarmerie?

Well, I don't know if you really are one of them, and if so, that you're telling the truth. It doesn't matter either way. I'm already pretty convinced upon investigation that it's not, and only an official communique in my mailbox can convince me otherwise now.

Also, I'm trying to merge this discussion into >>107495 since it's the larger thread. Operational plans are detailed there.

Anonymous 01/24/16 (Sun) 18:49:59 No.107919

>>107899

kmar here again, go ahead and FOIA the Dutch government, or get a Dutch associate of yours to do so. A FOIA request in Holland is called a Wet Openbaarheid van Bestuur request or a WoB request, article 110 of the Dutch constitution allows citizens to request certain information from governmental institutions.

The following (Dutch) page has some additional information and may be of interest to you or your associates.

http://wob.nl/alles-over-de-wob/

Anonymous 01/25/16 (Mon) 00:27:13 No.107924

File: 1453681633146.gif (906.33 KB, 295x305, 59:61, 1452384382891.gif)