[an error occurred while processing this directive]
The report for this spam can be found at: 2008 Penis Spam Edition.
Received: from [203.123.34.91] (203.123.34.91) by studio42.com with ESMTP
(Eudora Internet Mail Server 3.2.10) for <spam-hater@studio42.com>;
Sun, 8 Jun 2008 21:32:21 -0700
Received: from [203.123.34.91] by mx1.bt.mail.yahoo.com; Mon, 9 Jun 2008 10:02:20 +0530
From: "David Kerr" <tequila798@btopenworld.com>
To: <spam-hater@studio42.com>
Subject: Blue sexy pill - $0.{_2SYMBCHAR}
Date: Mon, 9 Jun 2008 10:02:20 +0530
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0006_01C8CA17.E7AD1E00"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: Aca6Q9BBJP0N02S468ZTUM3C59JKJP==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180
Message-ID: <01c8ca17$e7ad1e00$5b227bcb@tequila798>
This is a multi-part message in MIME format.
------=_NextPart_000_0006_01C8CA17.E7AD1E00
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 7bit
Blue sexy pill - $0.{_2SYMBCHAR}Visit our shop
------=_NextPart_000_0006_01C8CA17.E7AD1E00
Content-Type: text/html;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office" xmlns:w=3D"urn:=
schemas-microsoft-com:office:word" xmlns=3D"http://www.w3.org/TR/REC-html=
40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-885=
9-2">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered medium)">
</head>
<body>
<html>
<head>
<meta http-equiv=3DContent-Type content=3D"text/html; charset=3Dwindows-1=
252">
<meta name=3DGenerator content=3D"Microsoft Word 12 (filtered)">
<style>
<!--
/* Font Definitions */
@font-face
{font-family:"Cambria Math";
panose-1:0 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin-top:0in;
margin-right:0in;
margin-bottom:10.0pt;
margin-left:0in;
line-height:115%;
font-size:15.0pt;
font-family:"Calibri","sans-serif";}
a:link, span.MsoHyperlink
{color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{color:purple;
text-decoration:underline;}
MsoPapDefault
{margin-bottom:10.0pt;
line-height:115%;}
@page Section1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.Section1
{page:Section1;}
-->
</style>
</head>
<body lang=3DEN-US link=3Dblue vlink=3Dpurple>
<div class=3DSection1>
<p class=3DMsoNormal>Blue sexy pill - $0.{_2SYMBCHAR}</p>
<p class=3DMsoNormal><a href=3D"http://yersaarots.com/">Visit our shop</a=
></p>
</body>
</html>
</body>
</html>
------=_NextPart_000_0006_01C8CA17.E7AD1E00--
[studio42@flatus counter]$ host 203.123.34.91
Host 91.34.123.203.in-addr.arpa not found: 3(NXDOMAIN)
[studio42@flatus counter]$ whois 203.123.34.91@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 203.123.32.0 - 203.123.47.255
netname: Spectranet
descr: Broadband ISP, India.
country: IN
admin-c: PS272-AP
tech-c: JG131-AP
tech-c: AB41-AP
status: ALLOCATED PORTABLE
remarks: **********************************************************
remarks: This object can only be modified by APNIC hostmaster
remarks: If you wish to modify this object details please
remarks: send email to hostmaster@apnic.net with your organisation
remarks: account name in the subject line.
remarks: **********************************************************
changed: hm-changed@apnic.net 20030923
mnt-by: APNIC-HM
mnt-lower: MAINT-IN-SPECTRA-NET-LTD
mnt-routes: MAINT-IN-SPECTRANET
mnt-routes: MAINT-IN-SPECTRA-NET-LTD
changed: hm-changed@apnic.net 20041215
changed: hm-changed@apnic.net 20050718
changed: hm-changed@apnic.net 20070918
source: APNIC
route: 203.123.34.0/24
descr: Spectranet Ltd.
origin: AS10029
country: IN
mnt-by: MAINT-IN-SPECTRA-NET-LTD
changed: hm-changed@apnic.net 20041111
source: APNIC
person: Pawan Pratap Singh
address: 42-Okhla Industrial Estate
address: Phase - III
address: New Delhi
country: IN
phone: +91-11-6200872
fax-no: +91-11-6200805
e-mail: pawan.singh@in.spectranet.com
nic-hdl: PS272-AP
mnt-by: MAINT-IN-SPECTRANET
changed: sanjeev.sharma@in.spectranet.com 20020703
source: APNIC
person: J S Grewal
nic-hdl: JG131-AP
e-mail: j.grewal@in.spectranet.com
address: 42-Okhla Industrial Estate
address: Phase - III
address: New Delhi
phone: +91-11-26200876
fax-no: +91-11-26200805
country: IN
changed: harpreet.singh@in.spectranet.com 20041021
mnt-by: MAINT-IN-SPECTRANET
source: APNIC
person: Ajay Bhardwaj
nic-hdl: AB41-AP
e-mail: ajay.bhardwaj@in.spectranet.com
address: 42-Okhla Industrial Estate-III
address: N. Delhi - 110020
phone: +91-11-26200800
fax-no: +91-11-26200805
country: IN
changed: sanjeev.sharma@in.spectranet.com 20040209
mnt-by: MAINT-IN-SPECTRA-NET-LTD
source: APNIC
That's about wraps up this part. Zombie rape.
Onto the scammer site:
[studio42@flatus counter]$ host yersaarots.com
yersaarots.com has address 210.201.138.28
[studio42@flatus counter]$ whois 210.201.138.28@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 210.200.0.0 - 210.201.255.255
netname: APOL
descr: Asia Pacific On-line Services Inc.
descr: Internet Service Provider
descr: Taipei, Taiwan
country: TW
admin-c: AA91-AP
tech-c: AA91-AP
mnt-by: MAINT-TW-TWNIC
mnt-lower: MAINT-TW-TWNIC
status: ALLOCATED PORTABLE
changed: hm-changed@apnic.net 20050420
source: APNIC
person: Admin APOL
nic-hdl: AA91-AP
e-mail: adm@aptg.com.tw
address: 8F,No19-5,Sanchong Rd.,Nankang Dist.,Taipei,Taiwan,R.O.C.
phone: +886-2-55813300
fax-no: +886-2-26551515
country: TW
changed: chen@aptg.com.tw 20050421
mnt-by: MAINT-TW-TWNIC
source: APNIC
[studio42@flatus counter]$ whois yersaarots.com
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: YERSAAROTS.COM
Registrar: FORTUNE INTERNET, INC.
Whois Server: whois.0101domain.com
Referral URL: http://www.0101domain.com
Name Server: NS1.GANJAZUC.COM
Name Server: NS2.SYAPREDICATORY.RU
Status: clientTransferProhibited
Updated Date: 21-may-2008
Creation Date: 21-may-2008
Expiration Date: 21-may-2009
>>> Last update of whois database: Mon, 09 Jun 2008 00:41:20 EDT <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.0101domain.com]
Registration Service Provided By: 0101DOMAIN
Contact: +852.29180101
Domain Name: YERSAAROTS.COM
Registrant:
N/A
Laurie Demrow (coin@couple.com)
202 Mason road
West topsham
Vermont,05086
US
Tel. +1.8024396773
Creation Date: 21-May-2008
Expiration Date: 21-May-2009
Domain servers in listed order:
ns2.syapredicatory.ru
ns1.ganjazuc.com
Administrative Contact:
N/A
Laurie Demrow (coin@couple.com)
202 Mason road
West topsham
Vermont,05086
US
Tel. +1.8024396773
Technical Contact:
N/A
Laurie Demrow (coin@couple.com)
202 Mason road
West topsham
Vermont,05086
US
Tel. +1.8024396773
Billing Contact:
N/A
Laurie Demrow (coin@couple.com)
202 Mason road
West topsham
Vermont,05086
US
Tel. +1.8024396773
Status:ACTIVE
The data in this whois database is provided to you for information purposes only
,
that is, to assist you in obtaining information about or related
to a domain name registration record. We make this information available "as is"
,
and do not guarantee its accuracy. By submitting a whois query, you agree that y
ou will
use this data only for lawful purposes and that, under no circumstances will you
use this data to:
(1) enable high volume, automated, electronic processes that stress
or load this whois database system providing you this information; or
(2) allow, enable, or otherwise support the transmission of mass unsolicited,
commercial advertising or solicitations via direct mail, electronic mail, or by
telephone.
The compilation, repackaging, dissemination or other use of this data is express
ly prohibited without
prior written consent from us. The Registrar of record is Friends Marketing,Inc.
(0101Host.com).
We reserve the right to modify these terms at any time.
By submitting this query, you agree to abide by these terms.
Interesting. Onto DNS:
[studio42@flatus counter]$ host NS1.GANJAZUC.COM
NS1.GANJAZUC.COM has address 83.15.82.74
[studio42@flatus counter]$ whois 83.15.82.74@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '83.15.82.72 - 83.15.82.79'
inetnum: 83.15.82.72 - 83.15.82.79
netname: CUSTOMER-IDSL-071095
descr: static IP
descr: KARPACZ
descr: POLAND
country: PL
admin-c: TPHT
tech-c: TPHT
status: ASSIGNED PA
mnt-by: TPNET
source: RIPE # Filtered
role: TP S.A. Hostmaster
address: TP S.A.
address: ul. Nowogrodzka 47A
address: 00-695 Warszawa
address: Poland
phone: +48 22 6225182
fax-no: +48 22 6225182
remarks: Network problems -> hostmaster@telekomunikacja.pl
remarks: Abuse and spam notification -> abuse@telekomunikacja.pl
remarks: DNS problems -> dns@telekomunikacja.pl
remarks: Routing problems -> registry@tpnet.pl
admin-c: TK569-RIPE
tech-c: TK569-RIPE
tech-c: JS1838-RIPE
nic-hdl: TPHT
remarks: ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
remarks: Please send spam and abuse notification only
remarks: to abuse@telekomunikacja.pl
remarks: phone: +48 22 8871788
remarks: ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
mnt-by: TPNET
abuse-mailbox: abuse@telekomunikacja.pl
source: RIPE # Filtered
% Information related to '83.0.0.0/11AS5617'
route: 83.0.0.0/11
descr: TPNET
descr: for abuse: abuse@tpnet.pl
origin: AS5617
mnt-by: AS5617-MNT
source: RIPE # Filtered
% Information related to '83.8.0.0/13AS5617'
route: 83.8.0.0/13
descr: TPNET
descr: for abuse: abuse@tpnet.pl
origin: AS5617
mnt-by: AS5617-MNT
source: RIPE # Filtered
[studio42@flatus counter]$ whois GANJAZUC.COM
[whois.crsnic.net]
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: GANJAZUC.COM
Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
Whois Server: whois.dns.com.cn
Referral URL: http://www.dns.com.cn
Name Server: NS1.GANJAZUC.COM
Name Server: NS2.GANJAZUC.COM
Status: clientTransferProhibited
Updated Date: 14-may-2008
Creation Date: 07-mar-2008
Expiration Date: 07-mar-2009
>>> Last update of whois database: Mon, 09 Jun 2008 00:43:38 EDT <<<
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.
TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
[whois.dns.com.cn]
Domain Name.......... GANJAZUC.COM
Creation Date........ 2008-03-07 21:56:04
Registration Date.... 2008-03-07 21:56:04
Expiry Date.......... 2009-03-07 21:56:04
Organisation Name.... liu qingwu
Organisation Address. NO.403 99 HUAYIHENG ROAD HAIKOU HAINAN CITY
Organisation Address.
Organisation Address. Haikou
Organisation Address. 570203
Organisation Address. HI
Organisation Address. CN
Admin Name........... liu qingwu
Admin Address........ NO.403 99 HUAYIHENG ROAD HAIKOU HAINAN CITY
Admin Address........
Admin Address........ Haikou
Admin Address........ 570203
Admin Address........ HI
Admin Address........ CN
Admin Email.......... yzlink@sina.com
Admin Phone.......... +86.89866663188
Admin Fax............ +86.89866663199
Tech Name............ liu qingwu
Tech Address......... NO.403 99 HUAYIHENG ROAD HAIKOU HAINAN CITY
Tech Address.........
Tech Address......... Haikou
Tech Address......... 570203
Tech Address......... HI
Tech Address......... CN
Tech Email........... yzlink@sina.com
Tech Phone........... +86.89866663188
Tech Fax............. +86.89866663199
Bill Name............ liu qingwu
Bill Address......... NO.403 99 HUAYIHENG ROAD HAIKOU HAINAN CITY
Bill Address.........
Bill Address......... Haikou
Bill Address......... 570203
Bill Address......... HI
Bill Address......... CN
Bill Email........... yzlink@sina.com
Bill Phone........... +86.89866663188
Bill Fax............. +86.89866663199
Name Server.......... ns2.ganjazuc.com
Name Server.......... ns1.ganjazuc.com
Our Chinese connection?
Onto the other DNS:
[studio42@flatus counter]$ host NS2.SYAPREDICATORY.RU
NS2.SYAPREDICATORY.RU has address 222.190.111.100
[studio42@flatus counter]$ whois 222.190.111.100@whois.apnic.net
[whois.apnic.net]
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 222.190.111.96 - 222.190.111.103
netname: NANJING-FENGHANG-ELECTRONIC-CORP
descr: FengHuang Micro-electronic Co.Ltd
descr: Nanjing City
descr: Jiangsu Province
country: CN
admin-c: CH481-AP
tech-c: ZS586-AP
changed: ip@jsinfo.net 20061109
status: ASSIGNED NON-PORTABLE
mnt-by: MAINT-CHINANET-JS
mnt-lower: MAINT-CHINANET-JS-NJ
source: APNIC
person: CHINANET-JS-NJ Hostmaster
address: No.1,Runnan Road,Nanjing 210008
country: CN
phone: +86-25-3315464
fax-no: +86-25-3289583
e-mail: ipnj@jlonline.com
nic-hdl: CH481-AP
remarks: send anti-spam or abuse reports to abuse@public1.ptt.js.cn
remarks: or abuse@jlonline.com
remarks: times in GMT+8
mnt-by: MAINT-CHINANET-JS-NJ
changed: ip@jsinfo.net 20030429
source: APNIC
person: Zhao Sen
nic-hdl: ZS586-AP
e-mail: ipnj@jlonline.com
address: Floor 2th,No.191 GuangZhou Rd.
phone: +86-13776625002
country: CN
changed: ip@jsinfo.net 20061109
mnt-by: MAINT-CHINANET-JS
source: APNIC
[studio42@flatus counter]$ whois SYAPREDICATORY.RU@whois.geektools.com
[whois.geektools.com]
GeekTools Whois Proxy v5.0.4 Ready.
Checking access for 69.85.141.229... ok.
Checking server [whois.ripn.net]
Results:
% By submitting a query to RIPN's Whois Service
% you agree to abide by the following terms of use:
% http://www.ripn.net/about/servpol.html#3.2 (in Russian)
% http://www.ripn.net/about/en/servpol.html#3.2 (in English).
domain: SYAPREDICATORY.RU
type: CORPORATE
nserver: ns1.syapredicatory.ru. 60.249.77.35
nserver: ns2.syapredicatory.ru. 60.249.77.35
state: REGISTERED, DELEGATED
person: Private Person
phone: +7 495 9982143
fax-no: +7 495 9982143
e-mail: krasnov_2005@mail.ru
registrar: NAUNET-REG-RIPN
created: 2008.03.13
paid-till: 2009.03.13
source: TC-RIPN
Last updated on 2008.06.09 08:39:26 MSK/MSD
Results brought to you by the GeekTools WHOIS Proxy
Server results may be copyrighted and are used with permission.
Your host (69.85.141.229) has visited 1 times today.
Definately scummy and with a Chinese connection. Dirtball scammer.
