Saturday, 30 November 2013

Hunting down a spam host and it was Mattias Kaneteg CEO of Crystone AB (Sweden)

==================== Update ===================
5 Days after this post, and some direct follow ups with Crystone.se, no more spam was received.
20 days (19 Dec 2013) later crystone.se was seen to have vanished from the Spamhaus ISP bad boys list.  Thank you Crystone.se for the change in direction, Keep up the good work.
==================== ******** =================

In Reverse from the top ..

Mattias Kaneteg is CEO of Crystone AB (Sweden) Sends spam. Source Linked-in.

Crystone.se hosts spammers website and domains

Source 
Multiple Traceroutes to adriute.com and multiple other spammer domains

gannett$ traceroute adriute.com
traceroute to adriute.com (193.182.254.192), 64 hops max, 52 byte packets
 1  skyrouter.home (192.168.0.1)  1.544 ms  1.340 ms  0.871 ms
 2  * * *
 3  ip-84-38-37-16.easynet.co.uk (84.38.37.16)  21.820 ms  21.911 ms  22.029 ms
 4  ti9002b300.ti.telenor.net (195.66.237.107)  20.723 ms  20.606 ms  21.009 ms
 5  ti3003c400-ae3-0.ti.telenor.net (146.172.105.37)  62.745 ms  63.474 ms  62.462 ms
 6  ti3002c400-ae2-0.ti.telenor.net (146.172.100.69)  62.495 ms  62.093 ms  62.579 ms
 7  ti3002d400-ae0-0.ti.telenor.net (146.172.102.186)  62.145 ms  62.389 ms  62.576 ms
 8  ti3083a210-xe8-1.ti.telenor.net (146.172.107.206)  238.273 ms  170.280 ms  205.565 ms
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  60.298 ms  59.874 ms  59.797 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.240 ms  55.152 ms  55.127 ms

11  www.adriute.com (193.182.254.192)  54.996 ms !Z  54.934 ms !Z  54.741 ms !Z


Email and embedded link direct to domain adriute.com.
Source - My mail box



 This is just one of many similarly formed emails sent to the same private address from various domains hosted in the same way. Each one of these email comes from a different domain on the list below.


Luckily most of these emails are correctly recognised as junk mail, probably using internet based blacklists.

The well respected Spamhaus Agrees with this conclusion. Getting to number three on the worst ISPs in the world list does not happen overnight, that's a policy choice by Crystone. Either the CEO is in on the deal or is incompetent by not knowing how his company's reputation and therefore shareholder value is being trashed.


This particular operation is known as a "Snowshoe Spam" operation spreading out the evil across a large number of domains and IP address. Other ref.  A bit dumb/obvious to use the same hosting company.

And adriute.com is not the only domain with the same infrastructure leading directly back to crystone.se. List of bad poison spam domains:

xsmwkj.com
tmdti.com
livspan.com
jizbell.com
myilt.com
prkco.com
poszg.com
aemgt.com
urlpp.com
siinco.com
wzztq.com
ndzstzw.com
adfilmz.com
pzjdl.com
erqjgz.com
ctdserv.com
siinco.com
germanyideal.com
clickbebo.com
dealzez.com
tmacsdeal.com
tuclicka.net
marrge.com
laurabs.com
padilladeals.com
gozumuz.com
freesouzi.com
ctdserv.com
freeschin.com
cqrcity.com
gamezonefree.net
readtreefree.com
oyoob.com
ndzstzw.com
adriute.com

dommc.com

# The last couple of lines of trace routes to each of the domains above. See how the hop before the domain is se.crystone.net.

9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.938 ms  59.773 ms  60.001 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  55.242 ms  54.538 ms  54.193 ms
11  www.xsmwkj.com (192.36.142.156)  54.893 ms !Z  54.927 ms !Z  54.714 ms !Z
--
--
 5  195.66.224.243 (195.66.224.243)  19.762 ms  19.656 ms  18.724 ms
 6  crystone-hy-demarc0.cr1-r85.hy-sto.se.p80.net (83.140.244.62)  52.234 ms  52.283 ms  53.344 ms
 7  dr-8.hy-sth.se.crystone.net (83.168.243.156)  52.373 ms  52.808 ms  52.737 ms
 8  www.iyaadura.com (83.168.194.20)  52.663 ms !Z  52.856 ms !Z  52.392 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  60.007 ms  59.859 ms  59.779 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.284 ms  54.230 ms  54.971 ms
11  www.livspan.com (192.165.239.156)  54.994 ms !Z  54.860 ms !Z  55.214 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.737 ms  60.418 ms  60.507 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.324 ms  54.005 ms  54.594 ms
11  www.jizbell.com (192.165.241.236)  54.521 ms !Z  55.583 ms !Z  57.872 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.289 ms  59.946 ms  59.709 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.509 ms  54.840 ms  55.578 ms
11  www.myilt.com (192.176.207.195)  55.279 ms !Z  55.214 ms !Z  54.608 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.549 ms  59.600 ms  59.348 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  55.192 ms  54.132 ms  54.476 ms
11  www.prkco.com (193.180.252.202)  59.890 ms !Z  59.208 ms !Z  59.736 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.416 ms  59.694 ms  59.120 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.472 ms  54.137 ms  54.049 ms
11  www.poszg.com (192.71.169.205)  59.239 ms !Z  59.896 ms !Z  59.981 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.867 ms  60.153 ms  61.110 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.518 ms  54.594 ms  54.633 ms
11  www.aemgt.com (194.14.131.149)  54.495 ms !Z  54.621 ms !Z  55.185 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  58.929 ms  59.151 ms  59.249 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.759 ms  54.167 ms  54.162 ms
11  www.urlpp.com (192.176.207.194)  59.663 ms !Z  58.709 ms !Z  60.622 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.348 ms  59.144 ms  59.879 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  55.513 ms  55.052 ms  54.716 ms
11  www.siinco.com (192.36.6.139)  54.996 ms !Z  54.822 ms !Z  55.087 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.526 ms  59.423 ms  59.946 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.846 ms  54.218 ms  54.200 ms
11  www.wzztq.com (192.36.255.147)  59.913 ms !Z  59.531 ms !Z  59.834 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.765 ms  59.880 ms  59.692 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.548 ms  53.978 ms  54.033 ms
11  www.ndzstzw.com (192.36.0.158)  55.119 ms !Z  54.192 ms !Z  54.453 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  60.320 ms  59.976 ms  59.273 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.609 ms  54.403 ms  54.521 ms
11  www.adfilmz.com (192.165.1.207)  59.666 ms !Z  59.363 ms !Z  58.671 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.843 ms  59.128 ms  59.969 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  55.130 ms  54.133 ms  54.898 ms
11  www.pzjdl.com (193.182.146.177)  60.026 ms !Z  60.110 ms !Z  59.340 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.487 ms  60.069 ms  59.261 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  53.990 ms  54.784 ms  54.338 ms
11  www.erqjgz.com (193.235.158.152)  59.536 ms !Z  58.948 ms !Z  59.653 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.462 ms  58.891 ms  59.351 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.876 ms  53.835 ms  54.425 ms
11  www.ctdserv.com (193.180.122.181)  59.695 ms !Z  59.643 ms !Z  59.426 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.308 ms  59.587 ms  60.403 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  55.489 ms  55.207 ms  55.422 ms
11  www.siinco.com (192.36.6.139)  54.374 ms !Z  54.569 ms !Z  55.574 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.575 ms  60.202 ms  59.797 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.263 ms  54.152 ms  54.277 ms
11  www.germanyideal.com (193.182.118.131)  54.833 ms !Z  55.190 ms !Z  54.726 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.159 ms  59.682 ms  59.919 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  56.716 ms  54.940 ms  54.636 ms
11  www.clickbebo.com (193.234.239.143)  54.824 ms !Z  54.038 ms !Z  54.226 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.317 ms  59.761 ms  60.198 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.759 ms  54.642 ms  54.522 ms
11  www.dealzez.com (193.180.12.35)  55.268 ms !Z  55.842 ms !Z  54.634 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.464 ms  59.471 ms  59.698 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  55.286 ms  54.641 ms  54.965 ms
11  www.tmacsdeal.com (192.36.205.28)  54.647 ms !Z  54.832 ms !Z  54.307 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.997 ms  59.215 ms  59.942 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  55.138 ms  55.422 ms  54.875 ms
11  www.tuclicka.net (64.88.144.13)  60.363 ms !Z  59.824 ms !Z  59.515 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  95.477 ms  59.686 ms  60.840 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.989 ms  56.219 ms  54.925 ms
11  www.marrge.com (193.181.3.199)  55.003 ms !Z  54.725 ms !Z  54.784 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.504 ms  59.530 ms  59.129 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.260 ms  54.725 ms  55.408 ms
11  www.laurabs.com (193.235.96.178)  55.966 ms !Z  55.302 ms !Z  55.169 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  74.485 ms  59.173 ms  59.911 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.884 ms  62.431 ms  55.052 ms
11  www.padilladeals.com (64.88.140.14)  59.455 ms !Z  59.988 ms !Z  60.061 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.760 ms  59.477 ms  59.664 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.079 ms  55.013 ms  54.857 ms
11  www.gozumuz.com (193.182.163.129)  55.060 ms !Z  54.918 ms !Z  55.155 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.739 ms  59.915 ms  59.895 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.929 ms  54.641 ms  55.545 ms
11  www.freesouzi.com (209.152.170.14)  54.135 ms !Z  55.157 ms !Z  54.617 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.202 ms  59.153 ms  59.642 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.748 ms  53.843 ms  54.696 ms
11  www.ctdserv.com (193.180.122.181)  60.132 ms !Z  63.625 ms !Z  59.352 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.564 ms  59.489 ms  60.529 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.821 ms  55.380 ms  56.989 ms
11  www.freeschin.com (193.181.3.22)  59.340 ms !Z  59.794 ms !Z  59.790 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.004 ms  58.898 ms  58.860 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  55.750 ms  54.899 ms  54.764 ms
11  www.cqrcity.com (194.71.187.152)  59.678 ms !Z  60.438 ms !Z  59.383 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.361 ms  60.035 ms  59.802 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.947 ms  54.457 ms  54.142 ms
11  www.gamezonefree.net (209.152.161.14)  54.779 ms !Z  54.408 ms !Z  54.975 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.584 ms  59.536 ms  60.145 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.730 ms  54.272 ms  54.727 ms
11  www.readtreefree.com (192.165.34.72)  54.514 ms !Z  54.784 ms !Z  54.688 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.448 ms  60.417 ms  60.366 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.812 ms  54.940 ms  55.151 ms
11  www.oyoob.com (193.235.96.179)  59.646 ms !Z  58.652 ms !Z  59.216 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.437 ms  59.358 ms  58.978 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.739 ms  54.528 ms  54.172 ms
11  www.ndzstzw.com (192.36.0.158)  55.046 ms !Z  54.264 ms !Z  54.444 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.859 ms  59.425 ms  59.671 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.291 ms  54.262 ms  55.050 ms
11  www.adriute.com (193.182.254.192)  54.756 ms !Z  54.268 ms !Z  54.133 ms !Z
--
--
 9  static-213-115-123-44.sme.bredbandsbolaget.se (213.115.123.44)  59.812 ms  59.230 ms  62.396 ms
10  dr-8.hy-sth.se.crystone.net (83.168.243.156)  54.874 ms  54.886 ms  54.733 ms
11  www.dommc.com (192.165.53.200)  59.172 ms !Z  59.079 ms !Z  59.369 ms !Z

Thursday, 14 November 2013

Broken in Mavericks - scanning with HP scanners

Scanning in OSX Mavericks using HP scanners and all-in one printers has taken a turn for the worse after the install of Mavericks.

Main symptoms is that it all looks like it is working but the saved image comes out as black (or white) with horizontal lines on.

Hopefully the really anoying 1% power drain caused by the  HPScanJet manager button monitoring process will also be fixed.  As the scanner is only plugged in when I need to scan why TF would a scanner specific process be active when there is no scanner attached ?

Some folks have worked around using Preview or Image capture but some models of scanner are not supported by those applications. However other workarounds using the

HP Scan -> scan to print -> Save print as PDF
or
Using Adobe Acrobat full version -> Create PDF from scanner then Save image as JPG.

Software updates are being made available by HP in batches of scanner types. Check out here for new software for your scanner.

Wednesday, 13 November 2013

Broken in Mavericks - Major widespread Data loss situation - Mavericks + External Drives + WD Western Digital software

Please be aware that there are serious data loss issues ongoing with Mac OSX Mavericks and Western Digital drive sofware. Both the Apple support and WD forums have multiple customer reports of total external drive data loss.
The data loss is not limited to systems activly using the WD software and drives, other vendor external hard drives are being lost. 
Personally I just lost 1TB of Time machine backups on a Iomega external drive. I did have a WD myBook for a while about 2 years ago but was not aware the WD drive software was still active on this machine.
Current advice from Western Digital is to uninstall the WD drive software before going to Mavericks. Uninstaller is here 
This situation as already caused a lot of digital pain, loss of data and as a technical person makes me sad in so many ways.
This is the set of ugly messages from Disk Utility as it fails to repair the damage to


Only solution Erase, Repartition and make a new volume. The disk was stuck for in a not mounted state and not able to be erased saying disk could not be "Un mounted." Fix for that was to find the running fsck_hfs process and kill it. Pointed TimeMachine at the new volume and replaced the Old volume name.

To the data distruction digital hall of shame we add ....... Western Digital
and for lack of governance and oversight of vendors ... Apple
You really ought to do better.