[an error occurred while processing this directive]
The report for this spam can be found at: SYS Edition.
Return-Path: <emmet52@yahoo.com>
Received: from denmark.it.earthlink.net ([204.119.177.22])
by santaclara01.pop.internex.net (Post.Office MTA v3.1.2
release (PO203-101c) ID# 0-34792U7500L7500S0) with ESMTP
id AAA6774 for <info@lanets.com>; Tue, 21 Apr 1998 08:17:10 -0700
Received: from earthlink.net (1Cust11.tnt2.everett2.wa.da.uu.net [153.35.254.11])
by denmark.it.earthlink.net (8.8.7/8.8.5) with SMTP id IAA23026;
Tue, 21 Apr 1998 08:08:28 -0700 (PDT)
From: emmet52@yahoo.com
Date: Tue, 21 Apr 98 07:56:07 EST
To: Friend@public.com
Subject: 16-M Clean E-mail Addresses
Message-ID: <>
>nslookup 204.119.177.22
Server: ns.mediacity.com
Address: 205.216.172.10
Name: denmark-c.it.earthlink.net
Address: 204.119.177.22
Relaying server identified. Seems Earthlink refuses to secure this server.
>nslookup 153.35.254.11
Server: ns.mediacity.com
Address: 205.216.172.10
Name: 1Cust11.tnt2.everett2.wa.da.uu.net
Address: 153.35.254.11
Point of origination identified.
OK, now onto the web site:
>nslookup www.gaura.com
Server: ns.mediacity.com
Address: 205.216.172.10
Name: www.gaura.com
Address: 209.211.38.35
Let's trace this:
>traceroute www.gaura.com
traceroute to www.gaura.com (209.211.38.35), 30 hops max, 40 byte packets
1 grfge002 (205.216.172.1) 0.348 ms 0.294 ms 0.297 ms
2 bordercore2-hssi0-0.SanFrancisco.mci.net (166.48.15.249) 164.806 ms * 273.529 ms
3 core2.SanFrancisco.mci.net (204.70.4.201) 186.213 ms 339.047 ms 19.128 ms
4 mae-west2-nap.SanFrancisco.mci.net (204.70.10.254) 326.741 ms 341.808 ms19.655 ms
5 sjc2-core1-fddi-3-0-0.atlas.digex.net (198.32.136.60) 27.806 ms 20.144 ms 24.778 ms
6 sjc4-cpe2-h1-0-0.atlas.digex.net (165.117.52.106) 34.746 ms 13.169 ms 14.692 ms
7 sjc4-core2-fa6-0-0.atlas.digex.net (165.117.244.2) 15.120 ms 28.026 ms 38.753 ms
8 lax1-core1-h9-0-0.atlas.digex.net (165.117.53.73) 39.040 ms 37.391 ms 38.147 ms
9 dfw2-core2-poet9-0-0.atlas.digex.net (165.117.50.26) 75.501 ms 70.544 ms50.865 ms
10 dfw2-core1-fa3-0-0.atlas.digex.net (165.117.52.101) 74.200 ms 70.209 ms 72.862 ms
11 iah1-core1-h0-0.atlas.digex.net (165.117.50.30) 91.360 ms 64.991 ms 65.794 ms
12 atl2-core1-h8-0.atlas.digex.net (165.117.50.34) 91.433 ms * 76.045 ms
13 atl2-cpe1-fa2-0.atlas.digex.net (165.117.55.19) 70.164 ms 70.291 ms 85.986 ms
14 209.49.169.98 (209.49.169.98) 106.120 ms 107.251 ms 87.541 ms
15 209.211.39.250 (209.211.39.250) 115.022 ms 112.815 ms 92.053 ms
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
Apparently ICMP packets are disabled, thus attempting to protect this vermin from being
traced accurately. No matter, it is clear where this site exists. Here is further proof:
>whois -h whois.arin.net 209.211.38.0
LCI International (NETBLK-NETBLK-LCI-NET-2) NETBLK-LCI-NET-2
209.211.0.0 - 209.211.127.255
Oltronics (NETBLK-OLTRONICS2-COM) OLTRONICS2-COM 209.211.38.0 - 209.211.38.255
Seems like this is an sub-provider under Digex, which as you know is completely blocked from
my website.
>whois -h whois.arin.net OLTRONICS2-COM
Oltronics (NETBLK-OLTRONICS2-COM)
4401 VINELAND ROAD SUITE A-2
ORLANDO, FL 32811
US
Netname: OLTRONICS2-COM
Netblock: 209.211.38.0 - 209.211.38.255
Maintainer: OLTR
Coordinator:
Oliver, Bob (BO8-ARIN) nomailbox@NOWHERE
(407) 566-1660
Record last updated on 01-Apr-98.
Database last updated on 20-Apr-98 16:09:05 EDT.
They obviously don't want to be found. I will find them anyways.
>whois OLTRONICS.COM
Oltronics (OLTRONICS-DOM)
129 West Trade Street, Suite 721
Charlotte, NC 28202
Domain Name: OLTRONICS.COM
Administrative Contact:
Aldridge, Ed (EA730) eda@OLTRONICS.COM
800-401-1789
Technical Contact, Zone Contact:
Oltronics Systems Engineering (OS52-ORG) admin@OLTRONICS.NET
(704) 370-0027
Fax- (407) 566-1665
Billing Contact:
Oltronics Accounts Payable (OA63-ORG) info@OLTRONICS.COM
800-434-6661
Fax- 407-566-1665
Record last updated on 04-Nov-97.
Record created on 07-Oct-96.
Database last updated on 21-Apr-98 04:03:25 EDT.
Domain servers in listed order:
NS.OLTRONICS.NET 209.45.207.3
AVIANO.OLTRONICS.NET 209.140.1.11
>nslookup oltronics.com
Server: ns.mediacity.com
Address: 205.216.172.10
Name: oltronics.com
Address: 209.45.207.68
The web site is certainly in their netblock.
Let me move in for the kill:
>whois gaura.com
Online Presence (GAURA-DOM)
Saviciaus 6-3
Vilnius, n/a 2001
LT
Domain Name: GAURA.COM
Administrative Contact, Technical Contact, Zone Contact:
Budriene, Zilvinas (ZB186) ausrab@MLMALL.COM
+370 2312306 (FAX) +370 2262717
Billing Contact:
Budriene, Zilvinas (ZB186) ausrab@MLMALL.COM
+370 2312306 (FAX) +370 2262717
Record last updated on 01-Apr-98.
Record created on 01-Apr-98.
Database last updated on 21-Apr-98 04:03:25 EDT.
Domain servers in listed order:
NS1.GAURA.COM 209.211.38.3
NS2.GAURA.COM 209.211.38.4
Hmm, illegal whois entry, but then again, they don't want to get caught quickly.
Let's check those drop boxes:
>whois mlmall.com
Sekmes Sistemos (MLMALL-DOM)
Raugyklos 23-1
Vilnius, - 2001
LT
Domain Name: MLMALL.COM
Administrative Contact:
Budra, Zilvinas (ZB88) jana@POST.OMNITEL.NET
+370 9920809 (FAX) +370 2262717
Technical Contact, Zone Contact:
Bennett, Robert (RB1043) hostmaster@ADGRAFIX.COM
978-440-9988 (FAX) 978-440-9514
Billing Contact:
Budra, Zilvinas (ZB88) jana@POST.OMNITEL.NET
+370 9920809 (FAX) +370 2262717
Record last updated on 16-May-97.
Record created on 12-Mar-97.
Database last updated on 21-Apr-98 04:03:25 EDT.
Domain servers in listed order:
NS1.ADGRAFIX.COM 208.230.130.254
NS2.ADGRAFIX.COM 151.196.77.253
NS3.ADGRAFIX.COM 208.28.6.254
Another spam shop.
