The DDoS is still going on at a low level, so members with dynamic IP addresses may have difficulty getting access. Contact an admin through the forum email address (see below), or submit as a comment here if you don't get email notifications for forum posts.
For those of you who aren't members and are wondering what got the spammers so pissed off at us, the public areas of the site are still available via Google cache. Just do a search on
site:inboxrevenge.com
with or without additional search terms.
Areas of the forum only visible to registered members won't be available that way, but apparently even the public areas were good enough to earn the spammer seal of disapproval.
Thursday, November 19, 2009
Tuesday, November 17, 2009
InboxRevenge.com currently up with limited access
The attack on IBR has slackened, so the forum is available on a limited basis. Still, there is a high likelihood members will find themselves blocked or that the attack will ramp up again.
You can contact an administrator about problems with access by replying to the same email address your forum notifications come from. Otherwise, you can post a private comment to this blog to request assistance. (Comments are moderated and won't appear if you ask us not to post them.)
You can contact an administrator about problems with access by replying to the same email address your forum notifications come from. Otherwise, you can post a private comment to this blog to request assistance. (Comments are moderated and won't appear if you ask us not to post them.)
DDoS against InboxRevenge.com continuing
We obviously weren't surprised the DDoS would start up again. We've had plenty of experience with attacks, both against our forum and Castlecops.com. In those instances, they kept coming back, week after week, each time the forums reappeared.
But the intensity of this attack is a bit of a puzzle. They're conducting a much heavier attack this time. IBR just went off line the last time when hit with the smaller attack. So regardless of how much traffic they send, they're still not striking any target. They do allow us to collect more IP addresses during brief periods of data collection. But there's not much point going nuclear when we were perfectly happy to go off line and wait during the less intense attack.
On the other hand, I do hope law enforcement is noting that these attackers are a serious threat and should be addressed aggressively. Not all websites have the luxury of conducting their operations offline whenever needed. What would a bunch of criminals like these guys be doing with that botnet when they aren't attacking us? I'm sure they're not using it to sell Girl Scout Cookies.
But the intensity of this attack is a bit of a puzzle. They're conducting a much heavier attack this time. IBR just went off line the last time when hit with the smaller attack. So regardless of how much traffic they send, they're still not striking any target. They do allow us to collect more IP addresses during brief periods of data collection. But there's not much point going nuclear when we were perfectly happy to go off line and wait during the less intense attack.
On the other hand, I do hope law enforcement is noting that these attackers are a serious threat and should be addressed aggressively. Not all websites have the luxury of conducting their operations offline whenever needed. What would a bunch of criminals like these guys be doing with that botnet when they aren't attacking us? I'm sure they're not using it to sell Girl Scout Cookies.
Monday, November 16, 2009
InboxRevenge.com again under DDoS
InboxRevenge.com members who are trying to log in are getting time outs. Another DDoS has been going on for several hours now. Our server is off line for now, so they are attacking nothing.
As before, our strategy has not been to try to weather the attack head on. The reason we have accomplished so much in fighting internet crime is that we are patient and take the long view. We will can go off line and come back as often as necessary. Meanwhile this blatantly criminal attack exposes the attackers to greater scrutiny from law enforcement.
The best strategy for our members is to continue submitting reports on illegal websites to registrars, and to continue to get the word out about the fraudulent nature of spamvertised websites. As long as there is a person on the planet who thinks "Canadian Pharmacy" and "My Canadian Pharmacy" are in Canada, our work is not done.
Tell some friends about the following sources of information, put some links on your own websites, consider becoming a reviewer for SiteAdvisor or WebOfTrust to make sure anyone who tries to research a domain mentioned in a spam will find accurate information in the top search engine results:
The Spamwiki -- If possible, mention specific spamvertised brands and link to their spamwiki pages. This is an opportunity to educate people that buying from spammers means sharing your personal and credit card information with criminals:
http://www.spamtrackers.eu/wiki/index.php/Main_Page
Blogs and information sites including this blog. They can't shut them all down:
http://spamitmustfall.blogspot.com/
http://ikillspammers.blogspot.com/
http://garwarner.blogspot.com/
http://twitter.com/inboxrevenge
http://inboxrevenge.blogspot.com/
http://inboxrevenge.spaces.live.com/
http://inboxrevenge.wordpress.com/
http://spamtrackers.org/
SiteAdvisor and WebOfTrust-- many IBR members are highly rated reviewers for these:
http://www.siteadvisor.com/analysis/reviewercentral/
http://www.mywot.com/
Other antispam and security forums that many of our members participate in:
http://spywarehammer.com/simplemachinesforum/index.php
http://www.cybercrimeops.com/forums/index.php
Sites that accept forwarded spam/phish:
http://knujon.com/
http://www.spamcop.net/
Information on reporting active phishing sites, from IBR on Google cache:
http://bit.ly/238Ges
As before, our strategy has not been to try to weather the attack head on. The reason we have accomplished so much in fighting internet crime is that we are patient and take the long view. We will can go off line and come back as often as necessary. Meanwhile this blatantly criminal attack exposes the attackers to greater scrutiny from law enforcement.
The best strategy for our members is to continue submitting reports on illegal websites to registrars, and to continue to get the word out about the fraudulent nature of spamvertised websites. As long as there is a person on the planet who thinks "Canadian Pharmacy" and "My Canadian Pharmacy" are in Canada, our work is not done.
Tell some friends about the following sources of information, put some links on your own websites, consider becoming a reviewer for SiteAdvisor or WebOfTrust to make sure anyone who tries to research a domain mentioned in a spam will find accurate information in the top search engine results:
The Spamwiki -- If possible, mention specific spamvertised brands and link to their spamwiki pages. This is an opportunity to educate people that buying from spammers means sharing your personal and credit card information with criminals:
http://www.spamtrackers.eu/wiki/index.php/Main_Page
Blogs and information sites including this blog. They can't shut them all down:
http://spamitmustfall.blogspot.com/
http://ikillspammers.blogspot.com/
http://garwarner.blogspot.com/
http://twitter.com/inboxrevenge
http://inboxrevenge.blogspot.com/
http://inboxrevenge.spaces.live.com/
http://inboxrevenge.wordpress.com/
http://spamtrackers.org/
SiteAdvisor and WebOfTrust-- many IBR members are highly rated reviewers for these:
http://www.siteadvisor.com/analysis/reviewercentral/
http://www.mywot.com/
Other antispam and security forums that many of our members participate in:
http://spywarehammer.com/simplemachinesforum/index.php
http://www.cybercrimeops.com/forums/index.php
Sites that accept forwarded spam/phish:
http://knujon.com/
http://www.spamcop.net/
Information on reporting active phishing sites, from IBR on Google cache:
http://bit.ly/238Ges
Wednesday, November 4, 2009
Here are some more fresh spammer URL's to report:
ceyanfk.cn
bacydfhh.cn
www.danceraise.com
legacyback.com
rodriguezqan81.chat.ru
feedproxy.google.com/~r/CraigslistBolognaAllJobsSearch/~3/nlnRHliBpBY/
pearwatches.cn
rigojeb.cn
Still getting lots of spam for
awakehim.com and now danceraise.com
-- high value targets
domains already down:
hqasqwe1.me.uk
cegixbj.cn
ersd12wh.eu
doneswim.com
hanging by a thread:
pharmsstockmeant.com -- look at these nameservers:
ns3.whichdaring.com [59.63.157.207] 211.20.210.74 237ms
ns1.coolexcite.com [61.61.61.61] (Blackhole)
ns2.coolexcite.com [61.61.61.61] (Blackhole)
ns4.whichdaring.com [211.20.210.74] Timeout
And as for the whichdaring.com, anyone think this is a valid whois?
Domain Name.......... whichdaring.com
Creation Date........ 2009-08-03 03:30:42
Registration Date.... 2009-08-03 03:30:42
Expiry Date.......... 2010-08-03 03:30:42
Organisation Name.... Cheng sixixa
Organisation Address. Nan guang qu chong qing lu bai huo da lou B1 lou
Organisation Address.
Organisation Address. Nanguanqu
Organisation Address. 130025
Organisation Address. BJ
Organisation Address. CN
Admin Name........... Chengsixixa
Admin Address........ Nan guang qu chong qing lu bai huo da lou B1 lou
Admin Address........
Admin Address........ Nanguanqu
Admin Address........ 130025
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... chengyudanyuaner@163.com
Admin Phone.......... +86.4315685301-0
Admin Fax............ +86.4315685301
Tech Name............ zeng xiwu
Tech Address......... wanbaodadao
Tech Address.........
Tech Address......... Changsha
Tech Address......... 410000
Tech Address......... HN
Tech Address......... CN
Tech Email........... agent19535@agent.dns.com.cn
Tech Phone........... +86.7312259236
Tech Fax............. +86.7312259236
Bill Name............ zeng xiwu
Bill Address......... wanbaodadao
Bill Address.........
Bill Address......... Changsha
Bill Address......... 410000
Bill Address......... HN
Bill Address......... CN
Bill Email........... agent19535@agent.dns.com.cn
Bill Phone........... +86.7312259236
Bill Fax............. +86.7312259236
Name Server.......... ns4.whichdaring.com
Name Server.......... ns3.whichdaring.com
ceyanfk.cn
bacydfhh.cn
www.danceraise.com
legacyback.com
rodriguezqan81.chat.ru
feedproxy.google.com/~r/CraigslistBolognaAllJobsSearch/~3/nlnRHliBpBY/
pearwatches.cn
rigojeb.cn
Still getting lots of spam for
awakehim.com and now danceraise.com
-- high value targets
domains already down:
hqasqwe1.me.uk
cegixbj.cn
ersd12wh.eu
doneswim.com
hanging by a thread:
pharmsstockmeant.com -- look at these nameservers:
ns3.whichdaring.com [59.63.157.207] 211.20.210.74 237ms
ns1.coolexcite.com [61.61.61.61] (Blackhole)
ns2.coolexcite.com [61.61.61.61] (Blackhole)
ns4.whichdaring.com [211.20.210.74] Timeout
And as for the whichdaring.com, anyone think this is a valid whois?
Domain Name.......... whichdaring.com
Creation Date........ 2009-08-03 03:30:42
Registration Date.... 2009-08-03 03:30:42
Expiry Date.......... 2010-08-03 03:30:42
Organisation Name.... Cheng sixixa
Organisation Address. Nan guang qu chong qing lu bai huo da lou B1 lou
Organisation Address.
Organisation Address. Nanguanqu
Organisation Address. 130025
Organisation Address. BJ
Organisation Address. CN
Admin Name........... Chengsixixa
Admin Address........ Nan guang qu chong qing lu bai huo da lou B1 lou
Admin Address........
Admin Address........ Nanguanqu
Admin Address........ 130025
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... chengyudanyuaner@163.com
Admin Phone.......... +86.4315685301-0
Admin Fax............ +86.4315685301
Tech Name............ zeng xiwu
Tech Address......... wanbaodadao
Tech Address.........
Tech Address......... Changsha
Tech Address......... 410000
Tech Address......... HN
Tech Address......... CN
Tech Email........... agent19535@agent.dns.com.cn
Tech Phone........... +86.7312259236
Tech Fax............. +86.7312259236
Bill Name............ zeng xiwu
Bill Address......... wanbaodadao
Bill Address.........
Bill Address......... Changsha
Bill Address......... 410000
Bill Address......... HN
Bill Address......... CN
Bill Email........... agent19535@agent.dns.com.cn
Bill Phone........... +86.7312259236
Bill Fax............. +86.7312259236
Name Server.......... ns4.whichdaring.com
Name Server.......... ns3.whichdaring.com
Continued recognition of our anti-spam efforts
As of the current time we're back off line due to continued DDoS. We're definitely getting lots of attention from spammers. You rock, folks! We're small but get the job done.
Here are some domains to report while you're waiting. There are phishing sites, scam pharmacies, "replica" sites, etc. You know what to do :)
http://feedproxy.google.com/~r/Cr454rAndBear45utaii/~3/91kzfjex8tI/
http://pharmsstockmeant.com/?said=MED-22-3
http://rolexll.com
http://www.rxcomputing.cn
http://d55ad0.cegixbj.cn/
http://www.ifleads.com
http://www.facebook.com.hqasqwe1.me.uk/globaldirectory/LoginFacebook.php
http://ripuvat.cn
http://9ZTWIR.ittjbity.cn
http://PNQ.ittjasos.cn
http://awakehim.com
http://crowduntil.com
http://www.rxunimplemented.cn
Post a comment and let us know how you've made out with these.
Here are some domains to report while you're waiting. There are phishing sites, scam pharmacies, "replica" sites, etc. You know what to do :)
http://feedproxy.google.com/~r/Cr454rAndBear45utaii/~3/91kzfjex8tI/
http://pharmsstockmeant.com/?said=MED-22-3
http://rolexll.com
http://www.rxcomputing.cn
http://d55ad0.cegixbj.cn/
http://www.ifleads.com
http://www.facebook.com.hqasqwe1.me.uk/globaldirectory/LoginFacebook.php
http://ripuvat.cn
http://9ZTWIR.ittjbity.cn
http://PNQ.ittjasos.cn
http://awakehim.com
http://crowduntil.com
http://www.rxunimplemented.cn
Post a comment and let us know how you've made out with these.
Tuesday, November 3, 2009
Difficulty accessing the forum?
The forum is up and running normally. There has been continued attack activity, but most has been blocked. Our hosting service, Servint, has done an outstanding job blocking a lot of the traffic before it even hits our server. The remainder has not been enough of an issue to slow anything down.
If you are still unable to access the forum, your IP address may have been included in a block of troublesome addresses. Let us know, so we can try to troubleshoot the problem. You can reply to the administrative email address for the forum (the one where your forum notifications come from). Or you can post it as a comment to this blog.
If you are still unable to access the forum, your IP address may have been included in a block of troublesome addresses. Let us know, so we can try to troubleshoot the problem. You can reply to the administrative email address for the forum (the one where your forum notifications come from). Or you can post it as a comment to this blog.
Sunday, November 1, 2009
Continued DDoS attacks on InboxRevenge.com
The DDoS attack from yesterday continues. Blocking a few troublesome IPs brought the traffic down to a level that was not a serious inconvenience, so the site came back on line this morning. You can expect it to go up and down or be slow intermittently for now. The server will be up at times even during a heavy attack to collect IP addresses of attacking bots for evidence.
If you're a regular member and not able to get on at all, please email us to make sure your IP isn't blocked. The easiest way is to reply to one of the emails you have received notifying you of forum post replies.
If you're a regular member and not able to get on at all, please email us to make sure your IP isn't blocked. The easiest way is to reply to one of the emails you have received notifying you of forum post replies.
Good news -- DDoS attacks not over
Members may have noticed another recent outage for several hours. It was another confirmed DDoS, via a method called "syn flood." In the past, these sorts of attacks have gone on for weeks. We just roll with it.
Why is it good news? It lets us know our efforts are worthwhile, because making internet crime less profitable is exactly what we're trying to accomplish. If we weren't making criminals want to attack us, we'd have to wonder what we were doing wrong. We never expect to achieve the amazing level of spammer ire that Blue Security suffered in it's famous 2006 attack, but then we aren't planning to try to keep the site on line during the attacks. We just fall back to the alternate methods of spreading information. If our attackers would like to try to simultaneously take down Google, Microsoft, Twitter, Wordpress, and all the other sites we've established a presence on, they'll get themselves a lot more law enforcement attention than they're currently planning on.
Comments are open for this blog, though they have to be approved by a moderator. And if you have a comment that seems to merit its own "thread," we can repaste it as a blog post that can get its own comments.
Remember that SiL also has his two blogs, which also accept moderated comments:
http://ikillspammers.blogspot.com/
http://spamitmustfall.blogspot.com/
And we have our other sites for announcements:
http://twitter.com/inboxrevenge
http://inboxrevenge.wordpress.com/
http://inboxrevenge.webs.com/
http://spamtrackers.org
http://inboxrevenge.spaces.live.com/
As always, the best response to retaliation is to continue to do the reporting you were doing before -- but to do more of it.
Why is it good news? It lets us know our efforts are worthwhile, because making internet crime less profitable is exactly what we're trying to accomplish. If we weren't making criminals want to attack us, we'd have to wonder what we were doing wrong. We never expect to achieve the amazing level of spammer ire that Blue Security suffered in it's famous 2006 attack, but then we aren't planning to try to keep the site on line during the attacks. We just fall back to the alternate methods of spreading information. If our attackers would like to try to simultaneously take down Google, Microsoft, Twitter, Wordpress, and all the other sites we've established a presence on, they'll get themselves a lot more law enforcement attention than they're currently planning on.
Comments are open for this blog, though they have to be approved by a moderator. And if you have a comment that seems to merit its own "thread," we can repaste it as a blog post that can get its own comments.
Remember that SiL also has his two blogs, which also accept moderated comments:
http://ikillspammers.blogspot.com/
http://spamitmustfall.blogspot.com/
And we have our other sites for announcements:
http://twitter.com/inboxrevenge
http://inboxrevenge.wordpress.com/
http://inboxrevenge.webs.com/
http://spamtrackers.org
http://inboxrevenge.spaces.live.com/
As always, the best response to retaliation is to continue to do the reporting you were doing before -- but to do more of it.
Friday, October 30, 2009
InboxRevenge forum is back up
Apologies for the forum being unavailable a few days. The DDoS has subsided for now. Our policy is to just go off line as needed rather than to expend energy fighting such attacks.
Our time is much better spent continuing to investigate and report the internet criminals behind your spam and all the illegal activity that goes with it. Notifications on blogs like this one are part of the layers of redundancy we've set up to make it possible to continue our usual activities when the forum is unavailable. If anything, having the effectiveness of our activities acknowledged by spammers has been a shot in the arm to motivate our members, who primarily are busy professionals doing this as a volunteer effort outside of their usual jobs.
The forum thread for more information about this DDoS is at
http://ksforum.inboxrevenge.com/viewtopic.php?f=1&p=42237#p42237
Our time is much better spent continuing to investigate and report the internet criminals behind your spam and all the illegal activity that goes with it. Notifications on blogs like this one are part of the layers of redundancy we've set up to make it possible to continue our usual activities when the forum is unavailable. If anything, having the effectiveness of our activities acknowledged by spammers has been a shot in the arm to motivate our members, who primarily are busy professionals doing this as a volunteer effort outside of their usual jobs.
The forum thread for more information about this DDoS is at
http://ksforum.inboxrevenge.com/viewtopic.php?f=1&p=42237#p42237
Wednesday, October 28, 2009
Google Feedproxy Abuse
Well, just as the Yahoo Groups Spam becomes less overwhelming, along comes a new abuse: feedproxy.google.com URLs that redirect to the following Canadian Pharmacy domains:
pharmsstockmeant.com
caringbread.com
As InboxRevenge.com members know well, "Canadian Pharmacy" (CPh) is a scam.
The site has nothing to do with Canada. The phone number they list, +1(650)452-6975, has a Texas area code but is a voice-over-internet number which connects to an overseas operator -- if it gets answered at all. The address listed on their sites belongs to a legitimate Canadian pharmacists' organization that denies any relationship to CPh. Why doesn't that organization make them stop? Because CPh sites are part of an affiliate program run by criminals in Russia, out of reach of Canadian or US law enforcement.
The pills they sell are counterfeit generic versions of drugs that aren't legally available in generic version. A drug can't be sold generically until its patent has expired -- but again, they're out of reach of law enforcement.
CPh markets them like some late night infomercial for Ginzu Knives, throwing in free tabs of their counterfeit "Viagra" with every order -- even when that would be a potentially fatal combination. So either people are dying or the drugs are completely fake. Clearly no pharmacist has had any input into the operation, either way. And they're out of reach of law enforcement
It's extremely stupid to give the operators of CPh your name, address, phone number, and/or credit card number. It's extremely stupid to wait however long they tell you to wait for delivery, allowing the time limit to file a complaint with your credit card company to expire. And it's even more stupid to swallow pills of unknown makeup from an unknown country made under unknown conditions of sanitation, should anything actually show up in your mailbox.
That, and the fact that smuggling drugs is a federal crime. And you're not out of reach of law enforcement.
There's more information on the spamwiki:
http://spamtrackers.eu/wiki/index.php/Canadian_Pharmacy
pharmsstockmeant.com
caringbread.com
As InboxRevenge.com members know well, "Canadian Pharmacy" (CPh) is a scam.
The site has nothing to do with Canada. The phone number they list, +1(650)452-6975, has a Texas area code but is a voice-over-internet number which connects to an overseas operator -- if it gets answered at all. The address listed on their sites belongs to a legitimate Canadian pharmacists' organization that denies any relationship to CPh. Why doesn't that organization make them stop? Because CPh sites are part of an affiliate program run by criminals in Russia, out of reach of Canadian or US law enforcement.
The pills they sell are counterfeit generic versions of drugs that aren't legally available in generic version. A drug can't be sold generically until its patent has expired -- but again, they're out of reach of law enforcement.
CPh markets them like some late night infomercial for Ginzu Knives, throwing in free tabs of their counterfeit "Viagra" with every order -- even when that would be a potentially fatal combination. So either people are dying or the drugs are completely fake. Clearly no pharmacist has had any input into the operation, either way. And they're out of reach of law enforcement
It's extremely stupid to give the operators of CPh your name, address, phone number, and/or credit card number. It's extremely stupid to wait however long they tell you to wait for delivery, allowing the time limit to file a complaint with your credit card company to expire. And it's even more stupid to swallow pills of unknown makeup from an unknown country made under unknown conditions of sanitation, should anything actually show up in your mailbox.
That, and the fact that smuggling drugs is a federal crime. And you're not out of reach of law enforcement.
There's more information on the spamwiki:
http://spamtrackers.eu/wiki/index.php/Canadian_Pharmacy
Inboxrevenge.com, the little forum that creates big headaches for internet criminals, is under another distributed denial of service (DDoS) attack. That means hundreds or thousands of zombie computers -- computers like yours that have been infected by malware and put under the control of criminals -- are all trying to access the site simultaneously. Websites can only handle a certain amount of traffic, so having so many requests going on continuously shuts out legitimate visitors.
Frankly, we were wondering what took them so long. We've been through this before. We've got lots of backup means for forum admins and mods to communicate with each other and with the other members. We are prepared to just let the site be off line while these guys spend their money attacking. We'll just chill and spend the extra time reporting their domains and bots. The difference is they don't get to read about it.
What the rest of our members can do is take extra time reporting. Report your spam emails to spamcop.net, so more of their IP's are blocklisted and more of their bots are disinfected. Fire up Complainterator and report domains and their nameservers to registrars. We are not some discrete target that can be shut down with a DDoS. We are our members, all over the world, and we're in it for the long term.
http://twitter.com/inboxrevenge
http://inboxrevenge.wordpress.com/
http://inboxrevenge.webs.com/
http://spamtrackers.org
http://inboxrevenge.spaces.live.com/
Frankly, we were wondering what took them so long. We've been through this before. We've got lots of backup means for forum admins and mods to communicate with each other and with the other members. We are prepared to just let the site be off line while these guys spend their money attacking. We'll just chill and spend the extra time reporting their domains and bots. The difference is they don't get to read about it.
What the rest of our members can do is take extra time reporting. Report your spam emails to spamcop.net, so more of their IP's are blocklisted and more of their bots are disinfected. Fire up Complainterator and report domains and their nameservers to registrars. We are not some discrete target that can be shut down with a DDoS. We are our members, all over the world, and we're in it for the long term.
http://twitter.com/inboxrevenge
http://inboxrevenge.wordpress.com/
http://inboxrevenge.webs.com/
http://spamtrackers.org
http://inboxrevenge.spaces.live.com/
Thursday, April 9, 2009
We have posted an open letter to the new FTC Chairman, Jon Leibowitz, at http://ksforum.inboxrevenge.com/viewtopic.php?f=9&t=2574
It's about how the spam/internet fraud economy is interlaced with the less overt types of cyber crime that constitute a threat to national security. We think if the overt criminal activity like spam were pursued, it would rein in the types that are harder to detect, too.
Please drop by, read the letter, comment, and recommend it to others, including your local media or US congresspersons.
It's about how the spam/internet fraud economy is interlaced with the less overt types of cyber crime that constitute a threat to national security. We think if the overt criminal activity like spam were pursued, it would rein in the types that are harder to detect, too.
Please drop by, read the letter, comment, and recommend it to others, including your local media or US congresspersons.
Tuesday, March 24, 2009
Tuesday, February 17, 2009
Sunday, January 25, 2009
Monday, January 19, 2009
InBoxRevenge Forums are at ksforum.inboxrevenge.com. The forum was created for exposing and shutting down illegal spammers. Please join us. In the event the main site is unavailable, information will be posted here about how to continue the fight again internet criminals. They can attack a website, but they cannot stop our efforts. |
Subscribe to:
Posts (Atom)