Subject: Merry Christmas Jerry Renfro. How will you spend the money you stole?

[an error occurred while processing this directive] The report for this spam can be found at: 2007 Deadbeats Page 05.

[studio42@flatus studio42]$ host 66.150.243.13 13.243.150.66.in-addr.arpa domain name pointer mxo6s.craigslist.org. WE can see Craigslist being abused. But by who? [studio42@flatus studio42]$ host 207.69.195.66 66.195.69.207.in-addr.arpa domain name pointer pop-canoe.atl.sa.earthlink.net. [studio42@flatus studio42]$ whois 207.69.195.66@whois.arin.net [whois.arin.net] EarthLink, Inc. EARTHLINK2000-D (NET-207-69-0-0-1) 207.69.0.0 - 207.69.255.255 ITC Deltacom MINDSPRING-DEDA-C300 (NET-207-69-195-0-1) 207.69.195.0 - 207.69.195.255 # ARIN WHOIS database, last updated 2007-12-21 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. [studio42@flatus studio42]$ whois NET-207-69-0-0-1@whois.arin.net [whois.arin.net] OrgName: EarthLink, Inc. OrgID: ERMS Address: 1375 PEACHTREE ST, LEVEL A City: ATLANTA StateProv: GA PostalCode: 30309 Country: US NetRange: 207.69.0.0 - 207.69.255.255 CIDR: 207.69.0.0/16 NetName: EARTHLINK2000-D NetHandle: NET-207-69-0-0-1 Parent: NET-207-0-0-0-0 NetType: Direct Allocation NameServer: ITCHY.EARTHLINK.NET NameServer: SCRATCHY.EARTHLINK.NET Comment: RegDate: 1998-10-20 Updated: 2007-03-30 RTechHandle: DAE4-ARIN RTechName: Domain Administrator, Administrator RTechPhone: +1-404-815-0770 RTechEmail: arinpoc@corp.earthlink.net OrgAbuseHandle: ABUSE60-ARIN OrgAbuseName: ABUSE TEAM OrgAbusePhone: +1-404-815-0770 OrgAbuseEmail: abuse@abuse.earthlink.net OrgTechHandle: ELNK-ORG-ARIN OrgTechName: EarthLink, Inc. OrgTechPhone: +1-404-815-0770 OrgTechEmail: arin_tech@lists.corp.earthlink.net # ARIN WHOIS database, last updated 2007-12-21 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. WE can see where the abuse is coming from since Craigslist uses redirectors for email, which go through the user's local server(in theory, the local server). Where is the spammer? [studio42@flatus studio42]$ host 69.86.118.125 125.118.86.69.in-addr.arpa domain name pointer user-12lctjt.cable.mindspring.com . [studio42@flatus studio42]$ whois 69.86.118.125@whois.arin.net [whois.arin.net] EarthLink, Inc. ERLK-CBL-TW-NYC (NET-69-86-0-0-1) 69.86.0.0 - 69.86.255.255 EARTHLINK, INC ERLK-TW-NYC40 (NET-69-86-96-0-1) 69.86.96.0 - 69.86.127.255 Right here, on scummy Earthlink. And onto the scammer site: [studio42@flatus studio42]$ host ENERGYSAVINGS.COM ENERGYSAVINGS.COM has address 206.223.165.78 [studio42@flatus studio42]$ whois 206.223.165.78@whois.arin.net [whois.arin.net] Beanfield Technologies Inc. BEANFIELD (NET-206-223-160-0-1) 206.223.160.0 - 206.223.191.255 Moveable Inc NETBLK-MOVEABLETINC-005-C (NET-206-223-165-0-1) 206.223.165.0 - 206.223.165.255 # ARIN WHOIS database, last updated 2007-12-21 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. [studio42@flatus studio42]$ whois NET-206-223-160-0-1@whois.arin.net [whois.arin.net] OrgName: Beanfield Technologies Inc. OrgID: BNFD Address: 77 Mowat Ave. #506 City: Toronto StateProv: ON PostalCode: M6K-3E3 Country: CA NetRange: 206.223.160.0 - 206.223.191.255 CIDR: 206.223.160.0/19 NetName: BEANFIELD NetHandle: NET-206-223-160-0-1 Parent: NET-206-0-0-0-0 NetType: Direct Allocation NameServer: DNS1.BTCONNEX.NET NameServer: DNS2.BTCONNEX.NET Comment: RegDate: 2004-04-27 Updated: 2005-12-23 OrgTechHandle: BEANF1-ARIN OrgTechName: Beanfield Technologies Inc OrgTechPhone: +1-416-532-1555 OrgTechEmail: ip-admin@beanfield.com # ARIN WHOIS database, last updated 2007-12-21 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. [studio42@flatus studio42]$ dig -mx NET-206-223-160-0-1 ; <<>> DiG 9.2.1 <<>> -mx NET-206-223-160-0-1 ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51169 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;NET-206-223-160-0-1. IN A ;; AUTHORITY SECTION: . 10800 IN SOA A.ROOT-SERVERS.NET. NSTLD.VERISIGN-GRS.COM. 2007122200 1800 900 604800 86400 ;; Query time: 30 msec ;; SERVER: 10.1.42.11#53(10.1.42.11) ;; WHEN: Sat Dec 22 11:47:05 2007 ;; MSG SIZE rcvd: 112 [studio42@flatus studio42]$ dig mx ENERGYSAVINGS.COM ; <<>> DiG 9.2.1 <<>> mx ENERGYSAVINGS.COM ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53280 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;ENERGYSAVINGS.COM. IN MX ;; ANSWER SECTION: ENERGYSAVINGS.COM. 875 IN MX 10 mail.oesc.ca. ENERGYSAVINGS.COM. 875 IN MX 20 mxpool3.ilap.COM. ENERGYSAVINGS.COM. 875 IN MX 30 mxpool4.ilap.COM. ;; ADDITIONAL SECTION: mail.oesc.ca. 891 IN A 216.223.155.74 ;; Query time: 86 msec ;; SERVER: 10.1.42.11#53(10.1.42.11) ;; WHEN: Sat Dec 22 11:47:59 2007 ;; MSG SIZE rcvd: 132 [studio42@flatus studio42]$ host 216.223.155.74 74.155.223.216.in-addr.arpa domain name pointer mail.oesc.ca. [studio42@flatus studio42]$ whois 216.223.155.74@whois.arin.net [whois.arin.net] Internet Light and Power Inc. ILAP-NET1 (NET-216-223-128-0-1) 216.223.128.0 - 216.223.159.255 Ontario Energy Savings L.P. ILAP-NETBLK-216-223-155-64-240 (NET-216-223-155-64-1 ) 216.223.155.64 - 216.223.155.79 # ARIN WHOIS database, last updated 2007-12-21 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. [studio42@flatus studio42]$ whois NET-216-223-128-0-1@whois.arin.net [whois.arin.net] OrgName: Internet Light and Power Inc. OrgID: ILAP Address: 210 Sheppard Avenue East City: Toronto StateProv: ON PostalCode: M2N-3A9 Country: CA NetRange: 216.223.128.0 - 216.223.159.255 CIDR: 216.223.128.0/19 NetName: ILAP-NET1 NetHandle: NET-216-223-128-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation NameServer: NS1.ILAP.COM NameServer: NS2.ILAP.COM NameServer: NS3.ILAP.COM Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 1999-04-28 Updated: 2002-04-09 RTechHandle: BD213-ARIN RTechName: Dykstra, Bill RTechPhone: +1-416-250-0451 RTechEmail: bill@ilap.com OrgTechHandle: STAFF3-ARIN OrgTechName: Staff OrgTechPhone: +1-416-250-5600 OrgTechEmail: staff@ilap.com # ARIN WHOIS database, last updated 2007-12-21 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. [studio42@flatus studio42]$ whois ENERGYSAVINGS.COM [whois.crsnic.net] Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: ENERGYSAVINGS.COM Registrar: NETWORK SOLUTIONS, LLC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com Name Server: NS1.ILAP.COM Name Server: NS2.ILAP.COM Name Server: NS3.ILAP.COM Status: clientTransferProhibited Updated Date: 11-oct-2006 Creation Date: 03-oct-1995 Expiration Date: 02-oct-2016 >>> Last update of whois database: Sat, 22 Dec 2007 19:44:27 UTC <<< NOTICE: The expiration date displayed in this record is the date the registrar's sponsorship of the domain name registration in the registry is currently set to expire. This date does not necessarily reflect the expiration date of the domain name registrant's agreement with the sponsoring registrar. Users may consult the sponsoring registrar's Whois database to view the registrar's reported date of expiration for this registration. TERMS OF USE: You are not authorized to access or query our Whois database through the use of electronic processes that are high-volume and automated except as reasonably necessary to register domain names or modify existing registrations; the Data in VeriSign Global Registry Services' ("VeriSign") Whois database is provided by VeriSign for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. VeriSign does not guarantee its accuracy. By submitting a Whois query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to VeriSign (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of VeriSign. You agree not to use electronic processes that are automated and high-volume to access or query the Whois database except as reasonably necessary to register domain names or modify existing registrations. VeriSign reserves the right to restrict your access to the Whois database in its sole discretion to ensure operational stability. VeriSign may restrict or terminate your access to the Whois database for failure to abide by these terms of use. VeriSign reserves the right to modify these terms at any time. The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. [whois.networksolutions.com] NOTICE AND TERMS OF USE: You are not authorized to access or query our WHOIS database through the use of high-volume, automated, electronic processes. The Data in Network Solutions' WHOIS database is provided by Network Solutions for i nformation purposes only, and to assist persons in obtaining information about or related to a domain name registration record. Network Solutions does not guarantee its a ccuracy. By submitting a WHOIS query, you agree to abide by the following terms of use: You agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or solicitations via e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to Network Solutions (or its computer systems). The compilation, repackaging, dissemination or other use of this Data is expressly prohibited without the prior written consent of Network Solutions. You agree not to use high-volume, automated, electronic processes to access or query the WHOIS database. Network Solutions reserves the right to terminate your access to the W HOIS database in its sole discretion, including without limitation, for excessive querying of the WHOIS database or for failure to otherwise abide by this policy. Network Solutions reserves the right to modify these terms at any time. Get a FREE domain name registration, transfer, or renewal with any annual hostin g package - or just $8.95 with monthly packages. http://www.networksolutions.com Visit AboutUs.org for more information about ENERGYSAVINGS.COM <a href="http://www.aboutus.org/ENERGYSAVINGS.COM">AboutUs: ENERGYSAVINGS.COM </ a> Registrant: U.S Energy Savings Corp 6345 Dixie Rd Mississauga, ON l5t 2e6 CA Domain Name: ENERGYSAVINGS.COM ------------------------------------------------------------------------ Promote your business to millions of viewers for only $1 a month Learn how you can get an Enhanced Business Listing here for your domain name. Learn more at http://www.NetworkSolutions.com/ ------------------------------------------------------------------------ Administrative Contact, Technical Contact: U.S Energy Savings Corp aschneider@oesc.ca 6345 Dixie Rd Mississauga, ON l5t 2e6 CA 905-795-4505 Record expires on 02-Oct-2016. Record created on 06-Jan-2004. Database last updated on 22-Dec-2007 14:45:02 EST. Domain servers in listed order: NS1.ILAP.COM 216.223.130.151 NS2.ILAP.COM 216.223.130.152 NS3.ILAP.COM 216.223.130.153

[an error occurred while processing this directive]