[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Deadbeats Page 01.
Received: from n9b.bullet.ukl.yahoo.com (217.146.182.219) by studio42.com
with SMTP (Eudora Internet Mail Server 3.2.10) for <chris@studio42.com>;
Tue, 19 Feb 2008 08:41:27 -0800
Received: from [217.12.4.214] by n9.bullet.ukl.yahoo.com with NNFMP; 19 Feb 2008 10:48:06 -0000
Received: from [216.252.122.216] by t1.bullet.ukl.yahoo.com with NNFMP; 19 Feb 2008 10:48:06 -0000
Received: from [69.147.65.182] by t1.bullet.sp1.yahoo.com with NNFMP; 19 Feb 2008 10:48:06 -0000
Received: from [127.0.0.1] by omp301.mail.sp1.yahoo.com with NNFMP; 19 Feb 2008 10:48:06 -0000
X-Yahoo-Newman-Property: ymail-5
X-Yahoo-Newman-Id: 306356.54687.bm@omp301.mail.sp1.yahoo.com
Received: (qmail 77931 invoked by uid 60001); 19 Feb 2008 10:48:05 -0000
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:Date:From:Subject:To:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-ID;
b=s87e7zOCh49lVOBbyYSAjTdVjOVBACtY5igfbCTsNK6isbNzrsHvC3p7CP15UsS+Es4Wvdud173oscPA9T/Abw321WdyePlr/Sxz3bRs6zMa+aF9cqkxUgi07Id+zSyvP5sj9pDJtcx/F3Vxqstg1Pw8oNxsdGJHhQFw/PHmCz8=;
X-YMail-OSG: fdrr.UcVM1mousCA6TFOPQRRbr4QFNcIBrheVmD7
Received: from [72.52.130.242] by web46004.mail.sp1.yahoo.com via HTTP; Tue, 19 Feb 2008 02:48:05 PST
Date: Tue, 19 Feb 2008 02:48:05 -0800 (PST)
From: Ann Simmons <annsimmons87026@yahoo.com>
Subject: Hi
To: X <gomiejetpevf@hotmail.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="0-973206380-1203418085=:69580"
Content-Transfer-Encoding: 8bit
Message-ID: <406811.69580.qm@web46004.mail.sp1.yahoo.com>
--0-973206380-1203418085=:69580
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
www.catherine.filesdouble.com
Unsubscribe
---------------------------------
Looking for last minute shopping deals? Find them fast with Yahoo! Search.
--0-973206380-1203418085=:69580
Content-Type: text/html; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
<a href=http://www.msn.com/><b></b></a> <a href=http://www.microsoft.com/billgates/><b></b></a><a href=http://www.catherine.filesdouble.com/><b>www.catherine.filesdouble.com</b></a><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><a href=http://www.msn.com/><b></b></a> <a href=http://get.live.com/nl-nl/wl/all><b></b></a><a href=http://www.catherine.filesdouble.com/u/>Unsubscribe</a><p>
<hr size=1>Looking for last minute shopping deals? <a href="http://us.rd.yahoo.com/evt=51734/*http://tools.search.yahoo.com/newsearch/category.php?category=shopping">
Find them fast with Yahoo! Search.</a>
--0-973206380-1203418085=:69580--
[studio42@flatus studio42]$ host 217.146.182.219
219.182.146.217.in-addr.arpa domain name pointer n9b.bullet.ukl.yahoo.com.
[studio42@flatus studio42]$ whois 217.146.182.219@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '217.146.182.0 - 217.146.183.255'
inetnum: 217.146.182.0 - 217.146.183.255
netname: YAHOONET
descr: Yahoo! Europe
country: GB
admin-c: YEU-RIPE
tech-c: YEU-RIPE
status: ASSIGNED PA
mnt-by: YAHOO-MNT
mnt-lower: YAHOO-MNT
mnt-routes: YAHOO-MNT
source: RIPE # Filtered
role: Yahoo Europe Operations Department
address: Yahoo Europe Operations
address: 125 Shaftesbury Avenue
address: London
address: WC2H 8AD
remarks: trouble: uk-abuse@cc.yahoo-inc.com
admin-c: KW3969-RIPE
admin-c: NA1231-RIPE
tech-c: KW3969-RIPE
tech-c: SCY3-RIPE
tech-c: NA1231-RIPE
tech-c: NW503-RIPE
tech-c: IG1154-RIPE
tech-c: DR2790-RIPE
tech-c: CJO3-RIPE
nic-hdl: YEU-RIPE
source: RIPE # Filtered
abuse-mailbox: uk-abuse@cc.yahoo-inc.com
% Information related to '217.146.176.0/21AS15635'
route: 217.146.176.0/21
descr: Yahoo-EU-NET
origin: AS15635
mnt-by: YAHOO-MNT
source: RIPE # Filtered
I bet blacklisting is the best way to deal with this.
Onto the spammer:
[studio42@flatus studio42]$ host 72.52.130.242
Host 242.130.52.72.in-addr.arpa not found: 3(NXDOMAIN)
[studio42@flatus studio42]$ whois 72.52.130.242@whois.arin.net
[whois.arin.net]
OrgName: Liquid Web, Inc.
OrgID: LQWB
Address: 4210 Creyts Rd.
City: Lansing
StateProv: MI
PostalCode: 48917
Country: US
ReferralServer: rwhois://rwhois.liquidweb.com:4321/
NetRange: 72.52.128.0 - 72.52.255.255
CIDR: 72.52.128.0/17
NetName: LIQUIDWEB-6
NetHandle: NET-72-52-128-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
NameServer: NS.LIQUIDWEB.COM
NameServer: NS1.LIQUIDWEB.COM
Comment:
RegDate: 2006-08-03
Updated: 2007-03-26
OrgAbuseHandle: ABUSE551-ARIN
OrgAbuseName: Abuse
OrgAbusePhone: +1-800-580-4985
OrgAbuseEmail: abuse@liquidweb.com
OrgTechHandle: IPADM47-ARIN
OrgTechName: IP Administrator
OrgTechPhone: +1-800-580-4985
OrgTechEmail: ipadmin@liquidweb.com
# ARIN WHOIS database, last updated 2008-02-18 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
Probably an open proxy or zombie.
Onto scammer site:
[studio42@flatus studio42]$ host www.catherine.filesdouble.com
www.catherine.filesdouble.com has address 195.209.41.201
[studio42@flatus studio42]$ whois 195.209.41.201@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '195.209.32.0 - 195.209.63.255'
inetnum: 195.209.32.0 - 195.209.63.255
netname: GARNET-2
descr: Garant-Park-Telecom
descr: Russia, Moscow, Leninskie Gory, 1,
descr: building 75 G, block 6 Science Park of MSU
descr: Moscow 119992, Russia
country: RU
admin-c: PAN-RIPE
tech-c: PAN-RIPE
status: ASSIGNED PA
mnt-by: ROSNIIROS-MNT
mnt-lower: ROSNIIROS-MNT
source: RIPE # Filtered
person: Alexander V Panov
address: MSU, Science Park, Garant-Park-Telecom
address: Moscow
address: Russia
remarks: phone: +7 095 7898207
phone: +7 495 7898207
remarks: fax-no: +7 095 9308800
fax-no: +7 495 9308800
e-mail: panov@parkline.ru
nic-hdl: PAN-RIPE
mnt-by: PAN1-RIPE-MNT
source: RIPE # Filtered
remarks: modified for Russian phone area changes
% Information related to '195.209.32.0/19AS5537'
route: 195.209.32.0/19
descr: Garant-Park Delegated Block 2
descr: Science Park, Moscow State University
descr: Lenin's Hills, Moscow, Russia
origin: AS5537
mnt-by: AS5537-MNT
source: RIPE # Filtered
[studio42@flatus studio42]$ whois filesdouble.com
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: FILESDOUBLE.COM
Registrar: GODADDY.COM, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: NS1.TUTBY.COM
Name Server: NS2.TUTBY.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 08-feb-2008
Creation Date: 08-feb-2008
Expiration Date: 08-feb-2009
>>> Last update of whois database: Tue, 19 Feb 2008 16:59:25 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.godaddy.com]
The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the pr
ior written
permission of GoDaddy.com, Inc. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.
Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, GoDaddy.com, Inc.
is not the registrant of domain names listed in this database.
Registrant:
Sergey Pelotkin
11, Nezavisimosti st.
Minsk, 220030
Belarus
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: FILESDOUBLE.COM
Created on: 08-Feb-08
Expires on: 08-Feb-09
Last Updated on: 08-Feb-08
Administrative Contact:
Pelotkin, Sergey postmaster@pelotki.com
11, Nezavisimosti st.
Minsk, 220030
Belarus
+375172891343222 Fax --
Technical Contact:
Pelotkin, Sergey postmaster@pelotki.com
11, Nezavisimosti st.
Minsk, 220030
Belarus
+37517289234432 Fax --
Domain servers in listed order:
NS1.TUTBY.COM
NS2.TUTBY.COM
I bet the DNS is scummy too
[studio42@flatus studio42]$ host ns1.tutby.com
ns1.tutby.com has address 195.137.160.3
[studio42@flatus studio42]$ host 195.137.160.3
3.160.137.195.in-addr.arpa domain name pointer ns1.tutby.com.
[studio42@flatus studio42]$ whois 195.137.160.3@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '195.137.160.0 - 195.137.160.255'
inetnum: 195.137.160.0 - 195.137.160.255
netname: TUTBY-NET
descr: Tut.By
country: BY
org: ORG-UNP1-RIPE
admin-c: YZ69-RIPE
admin-c: PAN-RIPE
tech-c: DO616-RIPE
tech-c: PAN-RIPE
status: ASSIGNED PI
mnt-by: MEREZHA-MNT
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: MEREZHA-MNT
mnt-domains: MEREZHA-MNT
source: RIPE # Filtered
organisation: ORG-UNP1-RIPE
org-name: Reliable Software
org-type: OTHER
descr: Tut.By
address: office 216, pr.Skoriny 11 Building 2
address: Minsk, Belarus, 220050
phone: +375 17 2004180
fax-no: +375 17 2099292
e-mail: info@tutby.com
admin-c: YZ69-RIPE
tech-c: DO616-RIPE
mnt-ref: AS5537-MNT
mnt-by: AS5537-MNT
source: RIPE # Filtered
person: Alexander V Panov
address: MSU, Science Park, Garant-Park-Telecom
address: Moscow
address: Russia
remarks: phone: +7 095 7898207
phone: +7 495 7898207
remarks: fax-no: +7 095 9308800
fax-no: +7 495 9308800
e-mail: panov@parkline.ru
nic-hdl: PAN-RIPE
mnt-by: PAN1-RIPE-MNT
source: RIPE # Filtered
remarks: modified for Russian phone area changes
person: Yury Zisser
address: 11/2, Nezalejnosti pr., 216
address: Minsk, Belarus, 220050
phone: +375 17 2891875
fax-no: +375 17 2099292
e-mail: zisser@tutby.com
nic-hdl: YZ69-RIPE
mnt-by: AS5537-MNT
source: RIPE # Filtered
person: Denis Otvalko
address: office 216, pr.Skoriny 11 Building 2
address: Minsk, Belarus, 220050
phone: +375 17 2004180
fax-no: +375 17 2099292
e-mail: dis@tutby.com
nic-hdl: DO616-RIPE
mnt-by: AS5537-MNT
source: RIPE # Filtered
% Information related to '195.137.160.0/24AS35594'
route: 195.137.160.0/24
descr: Tut.By route object
origin: AS35594
mnt-by: MEREZHA-MNT
source: RIPE # Filtered
Other DNS:
[studio42@flatus studio42]$ host ns2.tutby.com
ns2.tutby.com has address 86.57.250.3
[studio42@flatus studio42]$ host 86.57.250.3
Host 3.250.57.86.in-addr.arpa not found: 3(NXDOMAIN)
[studio42@flatus studio42]$ whois 86.57.250.3@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #1.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '86.57.250.0 - 86.57.251.255'
inetnum: 86.57.250.0 - 86.57.251.255
netname: BELTELECOM-DATACENTER
descr: Minsk, Belarus
country: BY
admin-c: DK2210-RIPE
tech-c: IS2093-RIPE
status: ASSIGNED PA
mnt-by: AS6697-MNT
source: RIPE # Filtered
person: Dmitry Komarov
address: 220088, Minsk
address: 55, Zaharova str.,
address: RUE Beltelecom
phone: +375 17 2171799
fax-no: +375 17 2100259
e-mail: dimon@mck.beltelecom.by
nic-hdl: DK2210-RIPE
mnt-by: AS6697-MNT
source: RIPE # Filtered
person: Ivan Semernik
address: 220088, Minsk
address: 55, Zaharova str.,
address: RUE Beltelecom
phone: +375 17 2171799
fax-no: +375 17 2100259
e-mail: ivan.semernik@dc.beltelecom.by
nic-hdl: IS2093-RIPE
mnt-by: AS6697-MNT
source: RIPE # Filtered
% Information related to '86.57.128.0/17AS6697'
route: 86.57.128.0/17
descr: DELEGATED FROM BELPAK
origin: AS6697
mnt-by: AS6697-MNT
source: RIPE # Filtered
[studio42@flatus studio42]$ whois TUTBY.COM
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: TUTBY.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.TUTBY.COM
Name Server: NS2.TUTBY.COM
Status: clientTransferProhibited
Updated Date: 06-dec-2007
Creation Date: 04-jan-2002
Expiration Date: 04-jan-2009
>>> Last update of whois database: Tue, 19 Feb 2008 17:01:43 UTC <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.enom.com]
=-=-=-=
Registration Service Provided By: Enom, Inc
Contact: CustomerSupport@enom.com
Visit: www.enom.com
Domain name: TUTBY.COM
Registrant Contact:
TUT.BY Hosting (hosting@tutby.com)
+375.172891226
Fax: +375.172891226
Nezavisimosti st. 11
Minsk, 220004
BY
Administrative Contact:
TUT.BY Hosting (hosting@tutby.com)
+375.172891226
Fax: +375.172891226
Nezavisimosti st. 11
Minsk, 220004
BY
Technical Contact:
TUT.BY Hosting (hosting@tutby.com)
+375.172891226
Fax: +375.172891226
Nezavisimosti st. 11
Minsk, 220004
BY
Status: Locked
Name Servers:
ns1.tutby.com
ns2.tutby.com
Creation date: 04 Jan 2002 15:55:43
Expiration date: 04 Jan 2009 15:55:43
=-=-=-=
The data in this whois database is provided to you for information
purposes only, that is, to assist you in obtaining information about or
related to a domain name registration record. We make this information
available "as is," and do not guarantee its accuracy. By submitting a
whois query, you agree that you will use this data only for lawful
purposes and that, under no circumstances will you use this data to: (1)
enable high volume, automated, electronic processes that stress or load
this whois database system providing you this information; or (2) allow,
enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic
mail, or by telephone. The compilation, repackaging, dissemination or
other use of this data is expressly prohibited without prior written
consent from us.
We reserve the right to modify these terms at any time. By submitting
this query, you agree to abide by these terms.
Version 6.3 4/3/2002
