[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Deadbeats Page 01.
Return-Path: <danh_benderjm@parisot-mvm.com>
Received: from 089-101-009178.ntlworld.ie (89.101.9.178) by studio42.com
with SMTP (Eudora Internet Mail Server 3.2.10) for <webmaster@studio42.com>;
Thu, 17 Jan 2008 13:13:19 -0800
Received: (qmail 29536 invoked from network); Thu, 17 Jan 2008 21:13:58 +0000
Received: from unknown (HELO pqrqh) (93.82.37.229) by 089-101-009178.ntlworld.ie
with SMTP; Thu, 17 Jan 2008 21:13:58 +0000
Message-ID: <478FC516.5080203@parisot-mvm.com>
Date: Thu, 17 Jan 2008 21:13:58 +0000
From: <danh_benderjm@parisot-mvm.com>
User-Agent: Thunderbird 2.0.0.6 (Windows/20070728)
MIME-Version: 1.0
To: webmaster@studio42.com
Subject: The Dance of Love
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
I am Complete http://74.135.99.197/
[studio42@flatus studio42]$ host 89.101.9.178
178.9.101.89.in-addr.arpa domain name pointer 089-101-009178.ntlworld.ie.
[studio42@flatus studio42]$ whois 89.101.9.178@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '89.100.0.0 - 89.101.127.255'
inetnum: 89.100.0.0 - 89.101.127.255
netname: UPC-IE
descr: Customers IE
country: IE
admin-c: HMCB1-RIPE
tech-c: HMCB1-RIPE
remarks: Contact abuse@chello.ie concerning criminal
remarks: activities like spam, hacks, portscans
status: ASSIGNED PA
mnt-by: CHELLO-MNT
source: RIPE # Filtered
role: Hostmaster Chello Broadband
address: UPC Broadband
address: Internet Services
address: Erlachgasse 116
address: A-1100 Vienna
address: Austria
phone: +43 1 96068 5000
fax-no: +43 1 96068 5666
e-mail: hostmaster@chello.at
admin-c: AK991-RIPE
tech-c: SB666-RIPE
tech-c: MG111
tech-c: MS2509-RIPE
tech-c: AK991-RIPE
nic-hdl: HMCB1-RIPE
mnt-by: CHELLO-MNT
source: RIPE # Filtered
% Information related to '89.100.0.0/15AS6830'
route: 89.100.0.0/15
descr: NTL Ireland
origin: AS6830
mnt-by: AS6830-MNT
source: RIPE # Filtered
% Information related to '89.101.0.0/16AS6830'
route: 89.101.0.0/16
descr: NTL Ireland
origin: AS6830
mnt-by: AS6830-MNT
source: RIPE # Filtered
Sounds like a complete spammer so far.
Onto scammer site, which looks to be a trojan loader.
[studio42@flatus studio42]$ host 74.135.99.197
197.99.135.74.in-addr.arpa domain name pointer 74-135-99-197.dhcp.insightbb.com.
[studio42@flatus studio42]$ whois 74.135.99.197@whois.arin.net
[whois.arin.net]
OrgName: INSIGHT COMMUNICATIONS COMPANY, L.P.
OrgID: INSIG-7
Address: 10200 Linn Station Road
Address: Suite 125
City: Louisville
StateProv: KY
PostalCode: 40223
Country: US
ReferralServer: rwhois://rwhois.insightns.com:4321/
NetRange: 74.128.0.0 - 74.143.255.255
CIDR: 74.128.0.0/12
NetName: INSIGHT-COMMUNCATIONS-CORP
NetHandle: NET-74-128-0-0-1
Parent: NET-74-0-0-0-0
NetType: Direct Allocation
NameServer: NS0.INSIGHTNS.COM
NameServer: NS1.INSIGHTNS.COM
Comment:
RegDate: 2006-04-07
Updated: 2006-05-17
RNOCHandle: JGS2-ARIN
RNOCName: Shea, John G
RNOCPhone: +1-502-410-7140
RNOCEmail: shea.j@insightcom.com
RTechHandle: RJW40-ARIN
RTechName: Walker, Richard James
RTechPhone: +1-502-410-7180
RTechEmail: walker.rj@insightcom.com
OrgNOCHandle: NOC2077-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-800-771-9124
OrgNOCEmail: nocabuse@insightcom.com
OrgTechHandle: JGS2-ARIN
OrgTechName: Shea, John G
OrgTechPhone: +1-502-410-7140
OrgTechEmail: shea.j@insightcom.com
# ARIN WHOIS database, last updated 2008-01-16 19:07
# Enter ? for additional hints on searching ARIN's WHOIS database.
