[an error occurred while processing this directive]
The report for this spam can be found at: 2007 Danny Lee Penis Spam Edition.
Return-Path: <hayakawa@gilbertstuart2005.com>
Received: from [58.244.87.142] (58.244.87.142) by studio42.com with
ESMTP (Eudora Internet Mail Server 3.2.10) for <webmaster@studio42.com>; Sat, 30 Jun 2007 15:15:22 -0700
Received: from [58.244.87.142] by mxmail.register.com;
Sat, 30 Jun 2007 22:15:53 -0800
Message-ID: <01c7bb64$39263f00$8e57f43a@hayakawa>
From: "Winfred Hendrickson" <hayakawa@gilbertstuart2005.com>
To: <webmaster@studio42.com>
Subject: We don't save your credit card information and can't even view it.
Date: Sat, 30 Jun 2007 22:15:53 -0800
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset="Windows-1252"; reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.3790.2663
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.2663
After taking our MegaDik penis enlargement pills you will feel much better and more secure about yourself.
http://boyxz.com
[studio42@flatus studio42]$ host 58.244.87.142
Host 142.87.244.58.in-addr.arpa not found: 3(NXDOMAIN)
[studio42@flatus studio42]$ whois 58.244.87.142@whois.arin.net
[whois.arin.net]
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
ReferralServer: whois://whois.apnic.net
NetRange: 58.0.0.0 - 58.255.255.255
CIDR: 58.0.0.0/8
NetName: APNIC-58
NetHandle: NET-58-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS4.APNIC.NET
NameServer: TINNIE.ARIN.NET
NameServer: NS.LACNIC.NET
NameServer: NS-SEC.RIPE.NET
Comment: This IP address range is not registered in the ARIN database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
RegDate: 2004-05-04
Updated: 2005-05-20
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: search-apnic-not-arin@apnic.net
# ARIN WHOIS database, last updated 2007-06-29 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
[studio42@flatus studio42]$ whois 58.244.87.142@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 58.244.0.0 - 58.245.255.255
netname: CNCGROUP-JL
descr: CNCGROUP Jilin province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: WT92-AP
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-JL
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-changed@apnic.net 20050803
changed: hm-changed@apnic.net 20050906
source: APNIC
route: 58.244.0.0/15
descr: CNC Group CHINA169 Jilin Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: abuse@cnc-noc.net 20060118
source: APNIC
role: CNCGroup Hostmaster
e-mail: abuse@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: abuse@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: Wang Tiegang
nic-hdl: WT92-AP
e-mail: jhli_jl@mail.jl.cn
address: NO.3535,Renmin Street, ChangChun ,
address: Jilin province , 130021 , P.R. China
phone: +86-431-5560792
fax-no: +86-431-5560816
country: CN
changed: jhli_jl@mail.jl.cn 20060626
mnt-by: MAINT-CNCGROUP-JL
source: APNIC
A small mistake, but I can see I should open up the blacklisting quite a bit.
ONto the scammer site:
[studio42@flatus studio42]$ host boyxz.com
boyxz.com has address 220.113.9.4
[studio42@flatus studio42]$ whois 220.113.9.4@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 220.113.9.0 - 220.113.9.255
netname: GWBN-BEIJING-NET10
country: CN
descr: FOR GREAT WALL BROADBAND NETWORK SERVICE ACCESS IN BEIJING NET10
admin-c: JM108-AP
tech-c: JM108-AP
status: ASSIGNED NON-PORTABLE
changed: cat1433@163.com 20040320
mnt-by: MAINT-CN-CNNIC-GWBN
source: APNIC
person: JIAN MENG
nic-hdl: JM108-AP
e-mail: mengjian@gwbn.net.cn
address: 2nd Floor, Building A
address: #9 Donghuan Plaza, Dong Zhong Street
address: East District, Beijing, China (100027)
phone: +86-10-58841188
fax-no: +86-10-58841166
country: CN
changed: ipas@cnnic.net.cn 20050727
mnt-by: MAINT-GWBN-CNNIC-AP
source: APNIC
inetnum: 220.113.9.0 - 220.113.9.255
netname: GWBN-BEIJING-NET10
country: CN
descr: FOR GREAT WALL BROADBAND NETWORK SERVICE ACCESS IN BEIJING NET10
admin-c: JM108-CN
tech-c: JM108-CN
status: ASSIGNED NON-PORTABLE
changed: cat1433@163.com 20040320
mnt-by: MAINT-CN-CNNIC-GWBN
source: CNNIC
person: JIAN MENG
nic-hdl: JM108-CN
e-mail: mengjian@gwbn.net.cn
address: 2nd Floor, Building A
address: #9 Donghuan Plaza, Dong Zhong Street
address: East District, Beijing, China (100027)
phone: +86-10-58841188
fax-no: +86-10-58841166
country: CN
changed: ipas@cnnic.net.cn 20050727
mnt-by: MAINT-GWBN-CNNIC-AP
source: CNNIC
[studio42@flatus studio42]$ whois boyxz.com
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: BOYXZ.COM
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com
Name Server: NS1.JBARDNS.COM
Name Server: NS2.JBARDNS.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 27-jun-2007
Creation Date: 27-jun-2007
Expiration Date: 27-jun-2008
>>> Last update of whois database: Sat, 30 Jun 2007 23:58:29 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.joker.com]
domain: boyxz.com
owner: - -
organization: Pump It Productions
email: admin@pumpitproductions.com
address: Rua Dona Antonia, 762
city: Guarulhos
state: --
postal-code: 09030-310
country: BR
phone: +55.2788243657
admin-c: CCOM-983139 admin@pumpitproductions.com
tech-c: CCOM-983139 admin@pumpitproductions.com
billing-c: CCOM-983139 admin@pumpitproductions.com
nserver: ns1.jbardns.com 220.113.9.4
nserver: ns2.jbardns.com 220.113.9.4
status: lock
created: 2007-06-27 20:32:26 UTC
modified: 2007-06-27 20:32:26 UTC
expires: 2008-06-27 20:32:26 UTC
contact-hdl: CCOM-983139
person: - -
organization: Pump It Productions
email: admin@pumpitproductions.com
address: Rua Dona Antonia, 762
city: Guarulhos
state: --
postal-code: 09030-310
country: BR
phone: +55.2788243657
source: joker.com live whois service
query-time: 0.044629
db-updated: 2007-06-30 23:58:26
NOTE: By submitting a WHOIS query, you agree to abide by the following
NOTE: terms of use: You agree that you may use this data only for lawful
NOTE: purposes and that under no circumstances will you use this data to:
NOTE: (1) allow, enable, or otherwise support the transmission of mass
NOTE: unsolicited, commercial advertising or solicitations via direct mail,
NOTE: e-mail, telephone, or facsimile; or (2) enable high volume, automated,
NOTE: electronic processes that apply to Joker.com (or its computer systems).
NOTE: The compilation, repackaging, dissemination or other use of this data
NOTE: is expressly prohibited without the prior written consent of Joker.com.
UPDATE: August 24, 2007:
[studio42@flatus studio42]$ host boyxz.com
Host boyxz.com not found: 3(NXDOMAIN)
So, the site is down. Doesn't count as a kill. But what about the DNS?
[studio42@flatus studio42]$ host ns1.jbardns.com
ns1.jbardns.com has address 220.113.9.5
[studio42@flatus studio42]$ host ns2.jbardns.com
ns2.jbardns.com has address 220.113.9.5
Moved a tad, but still valid.
[studio42@flatus studio42]$ whois jbardns.com
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: JBARDNS.COM
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com
Name Server: NS1.TOASTEDDNS.COM
Name Server: NS2.TOASTEDDNS.COM
Status: clientDeleteProhibited
Status: clientHold
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 06-aug-2007
Creation Date: 29-may-2007
Expiration Date: 29-may-2008
>>> Last update of whois database: Sat, 25 Aug 2007 04:08:14 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.joker.com]
domain: jbardns.com
owner: Sammy Lee
organization: Liquid Ventures Inc
email: admin@liquidventuresinc.com
address: 44/E ENTERPRISE SQUARE
city: KOWLOON
state: --
postal-code: 0000
country: HK
phone: +852.94528422
admin-c: CCOM-1028986 admin@liquidventuresinc.com
tech-c: CCOM-1028986 admin@liquidventuresinc.com
billing-c: CCOM-1028986 admin@liquidventuresinc.com
nserver: ns1.toasteddns.com 80.112.6.14
nserver: ns2.toasteddns.com 80.112.6.14
status: hold,infringe-3rd-parties
created: 2007-05-29 08:04:29 UTC
modified: 2007-08-06 12:29:45 UTC
expires: 2008-05-29 08:04:29 UTC
contact-hdl: CCOM-1028986
person: Sammy Lee
organization: Liquid Ventures Inc
email: admin@liquidventuresinc.com
address: 44/E ENTERPRISE SQUARE
city: KOWLOON
state: --
postal-code: 0000
country: HK
phone: +852.94528422
source: joker.com live whois service
query-time: 0.028146
db-updated: 2007-08-25 04:08:12
NOTE: By submitting a WHOIS query, you agree to abide by the following
NOTE: terms of use: You agree that you may use this data only for lawful
NOTE: purposes and that under no circumstances will you use this data to:
NOTE: (1) allow, enable, or otherwise support the transmission of mass
NOTE: unsolicited, commercial advertising or solicitations via direct mail,
NOTE: e-mail, telephone, or facsimile; or (2) enable high volume, automated,
NOTE: electronic processes that apply to Joker.com (or its computer systems).
NOTE: The compilation, repackaging, dissemination or other use of this data
NOTE: is expressly prohibited without the prior written consent of Joker.com.
Onto that DNS:
[studio42@flatus studio42]$ host TOASTEDDNS.COM
Host TOASTEDDNS.COM not found: 3(NXDOMAIN)
[studio42@flatus studio42]$ host ns1.TOASTEDDNS.COM
ns1.TOASTEDDNS.COM has address 80.112.6.14
[studio42@flatus studio42]$ host ns2.TOASTEDDNS.COM
ns2.TOASTEDDNS.COM has address 80.112.6.14
[studio42@flatus studio42]$ host 80.112.6.16
16.6.112.80.in-addr.arpa domain name pointer sc-16.r-80-112-6.schoolconnect.nu.
[studio42@flatus studio42]$ whois 80.112.6.16@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '80.112.0.0 - 80.112.191.255'
inetnum: 80.112.0.0 - 80.112.191.255
org: ORG-CI4-RIPE
netname: NL-CASTELNET-20010725
descr: Essent Kabelcom B.V.
country: NL
admin-c: EKIO1-RIPE
tech-c: ER248-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: CASTEL-MNT
mnt-routes: CASTEL-MNT
source: RIPE # Filtered
organisation: ORG-CI4-RIPE
org-name: Essent Kabelcom B.V.
org-type: LIR
address: Afdeling Inkoop & Logistiek
Postbus 9501
address: 9703 LM
address: Groningen
address: Netherlands
phone: +31 50 8534477
fax-no: +31 50 8534444
admin-c: EKIO1-RIPE
admin-c: ER248-RIPE
mnt-ref: CASTEL-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
role: Essent KabelCom Internet Operations
address: Dr. van Deenweg 120
address: 8025 BN Zwolle
admin-c: FH6901-RIPE
tech-c: CvM4-RIPE
phone: +31 38 8507650
fax-no: +31 38 8507200
mnt-by: CASTEL-MNT
nic-hdl: EKIO1-RIPE
source: RIPE # Filtered
role: ESSENTKABELCOM ROLE
address: Role Object Essent Kabelcom formerly known as CasTel
address: Essent Kabelcom
address: Winschoterdiep 60
address: 9723 AB Groningen
address: The Netherlands
phone: +31 50 8533333
fax-no: +31 50 8534444
remarks: trouble: ##################################################
remarks: trouble: Routing and peering issues: peering@castel.nl
remarks: trouble: SPAM issues: abuse@castel.nl
remarks: trouble: Mail and News issues: postmaster@castel.nl
remarks: trouble: Customer support: helpdesk@castel.nl
remarks: trouble: Hosting information: info@castel.nl
remarks: trouble: ##################################################
admin-c: CvM4-RIPE
tech-c: DM1718-RIPE
tech-c: CvM4-RIPE
nic-hdl: ER248-RIPE
mnt-by: CASTEL-MNT
source: RIPE # Filtered
abuse-mailbox: abuse@castel.nl
% Information related to '80.112.0.0/17AS9143'
route: 80.112.0.0/17
descr: Essent Kabelcom SchoolConnect
origin: AS9143
mnt-by: CASTEL-MNT
source: RIPE # Filtered
[studio42@flatus studio42]$ whois TOASTEDDNS.COM
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: TOASTEDDNS.COM
Registrar: COMPUTER SERVICES LANGENBACH GMBH DBA JOKER.COM
Whois Server: whois.joker.com
Referral URL: http://www.joker.com
Name Server: NS1.TOASTEDDNS.COM
Name Server: NS2.TOASTEDDNS.COM
Status: clientDeleteProhibited
Status: clientHold
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 06-aug-2007
Creation Date: 27-may-2007
Expiration Date: 27-may-2009
>>> Last update of whois database: Sat, 25 Aug 2007 03:52:23 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.joker.com]
domain: toasteddns.com
owner: Sammy Lee
organization: Liquid Ventures Inc
email: admin@liquidventuresinc.com
address: 44/E ENTERPRISE SQUARE
city: KOWLOON
state: --
postal-code: 0000
country: HK
phone: +852.94528422
admin-c: CCOM-1028986 admin@liquidventuresinc.com
tech-c: CCOM-1028986 admin@liquidventuresinc.com
billing-c: CCOM-1028986 admin@liquidventuresinc.com
nserver: ns1.toasteddns.com 80.112.6.14
nserver: ns2.toasteddns.com 80.112.6.14
status: hold,infringe-3rd-parties
created: 2007-05-27 20:43:14 UTC
modified: 2007-08-06 12:31:45 UTC
expires: 2009-05-27 20:43:14 UTC
contact-hdl: CCOM-1028986
person: Sammy Lee
organization: Liquid Ventures Inc
email: admin@liquidventuresinc.com
address: 44/E ENTERPRISE SQUARE
city: KOWLOON
state: --
postal-code: 0000
country: HK
phone: +852.94528422
source: joker.com live whois service
query-time: 0.02829
db-updated: 2007-08-25 03:52:09
NOTE: By submitting a WHOIS query, you agree to abide by the following
NOTE: terms of use: You agree that you may use this data only for lawful
NOTE: purposes and that under no circumstances will you use this data to:
NOTE: (1) allow, enable, or otherwise support the transmission of mass
NOTE: unsolicited, commercial advertising or solicitations via direct mail,
NOTE: e-mail, telephone, or facsimile; or (2) enable high volume, automated,
NOTE: electronic processes that apply to Joker.com (or its computer systems).
NOTE: The compilation, repackaging, dissemination or other use of this data
NOTE: is expressly prohibited without the prior written consent of Joker.com.
I was over this earlier today. Still ties to Danny Lee though.
[an error occurred while processing this directive]