[an error occurred while processing this directive]
The report for this spam can be found at: Deadbeats Page 16.
Return-Path: <HotStock@earth.spearhead.net>
Received: from mailgate22 (mailgate22-hme0.a001.sprintmail.com [205.137.196.54])
by tomcat.ns.net (8.8.5/8.8.5) with SMTP id HAA07422;
Thu, 11 Dec 1997 07:34:34 -0800 (PST)
From: HotStock@earth.spearhead.net
Received: by mailgate22 (SMI-8.6/SMI-SVR4) id HAA16261;
Thu, 11 Dec 1997 07:34:02 -0800
Received: from sdn-ts-003iadmoip07.dialsprint.net(206.133.167.58)
by mailfep4-hme1 via smap (KC5.24) id Q_10.1.1.10/Q_18395_19_349007e3;
Thu Dec 11 07:33:55 1997
Date: Tue, 09 Dec 97 20:21:02 EST
To: InternetUser@OnThe.Net
Subject: HOT STOCKS - EVENTEMP (OTC BB: ETMP) Heats Up!!!
Message-ID: <>
X-UIDL: 62d38d7d9da269170cda1837871f994c
It appears this garbage came out of Sprint and was relayed via Sprint. I would assume
this is because complaints about this "earth.spearhead.net" could have gotten it shut
down.
(mailgate22-hme0.a001.sprintmail.com [205.137.196.54] does in fact resolve. This shows
Sprint being abused for relaying.
sdn-ts-003iadmoip07.dialsprint.net(206.133.167.58) also reserves, showing the point of
origination.
I'm all done. I am going to try and do a lookup on the other domains now.
Brace yourself for this one:
>whois onthe.net
Adamation, Inc. (ONTHE3-DOM) ONTHE.NET
OnThe.Net LLC. (NETBLK-GETONTHENET1) GETONTHENET1206.29.101.0 - 206.29.101.255
OnThe.Net LLC. (NETBLK-GETONTHENET2) GETONTHENET2
206.29.100.64 - 206.29.100.127
OnThe.Net LLC. (NETBLK-GETONTHENET3) GETONTHENET3
206.29.100.128 - 206.29.100.191
OnThe.Net LLC. (NETBLK-GETONTHENET4) GETONTHENET4 204.71.96.64 - 204.71.96.127
OnThe.Net LLC. (NETBLK-GETONTHENET5) GETONTHENET5204.71.96.128 - 204.71.96.191
OnThe.Net LLC. (NETBLK-GETONTHENET6) GETONTHENET6 204.71.97.32 - 204.71.97.63
OnThe.Net LLC. (NETBLK-GETONTHENET7) GETONTHENET7 204.71.97.64 - 204.71.97.95
OnThe.Net LLC. (NETBLK-GETONTHENET8) GETONTHENET8 204.71.97.96 - 204.71.97.127
OnThe.Net LLC. (NETBLK-GETONTHENET9) GETONTHENET9204.71.97.128 - 204.71.97.159
OnThe.Net LLC. (NETBLK-GETONTHENET10) GETONTHENET10
204.71.97.160 - 204.71.97.191
OnThe.Net LLC. (NETBLK-GETONTHENET11) GETONTHENET11
204.71.97.192 - 204.71.97.223
OnThe.Net LLC. (NETBLK-GETONTHENET12) GETONTHENET12
207.50.162.64 - 207.50.162.127
OnThe.Net LLC. (NETBLK-GETONTHENET13) GETONTHENET13
207.50.162.128 - 207.50.162.191
OnThe.Net LLC. (NETBLK-GETONTHENET15) GETONTHENET15
207.50.163.32 - 207.50.163.63
OnThe.Net LLC. (NETBLK-GETONTHENET16) GETONTHENET16
207.50.163.64 - 207.50.163.95
OnThe.Net LLC. (NETBLK-GETONTHENET17) GETONTHENET17
207.50.163.96 - 207.50.163.127
OnThe.Net LLC. (NETBLK-GETONTHENET18) GETONTHENET18
207.50.163.128 - 207.50.163.159
OnThe.Net LLC. (NETBLK-GETONTHENET19) GETONTHENET19
207.50.163.160 - 207.50.163.191
OnThe.Net LLC. (NETBLK-GETONTHENET20) GETONTHENET20
207.50.163.192 - 207.50.163.223
OnThe.Net LLC. (NETBLK-GETONTHENET21) GETONTHENET21
207.50.164.64 - 207.50.164.127
OnThe.Net LLC. (NETBLK-GETONTHENET22) GETONTHENET22
207.50.164.128 - 207.50.164.191
OnThe.Net LLC. (NETBLK-GETONTHENET23) GETONTHENET23
207.50.165.32 - 207.50.165.63
OnThe.Net LLC. (NETBLK-GETONTHENET24) GETONTHENET24
207.50.165.64 - 207.50.165.95
OnThe.Net LLC. (NETBLK-GETONTHENET25) GETONTHENET25
207.50.165.96 - 207.50.165.127
OnThe.Net LLC. (NETBLK-GETONTHENET26) GETONTHENET26
207.50.165.128 - 207.50.165.159
OnThe.Net LLC. (NETBLK-GETONTHENET27) GETONTHENET27
207.50.165.160 - 207.50.165.191
OnThe.Net LLC. (NETBLK-GETONTHENET28) GETONTHENET28
207.50.165.192 - 207.50.165.224
OnThe.Net LLC. (NETBLK-GETONTHENET29) GETONTHENET29
207.50.166.64 - 207.50.166.127
OnThe.Net LLC. (NETBLK-GETONTHENET30) GETONTHENET30
207.50.166.128 - 207.50.166.191
OnThe.Net LLC. (NETBLK-GETONTHENET31) GETONTHENET31
207.50.167.0 - 207.50.167.255
OnThe.Net LLC. (NETBLK-GETONTHENET32) GETONTHENET32
207.50.168.8 - 207.50.168.15
OnThe.Net LLC. (NETBLK-GETONTHENET33) GETONTHENET33
207.50.168.16 - 207.50.168.23
OnThe.Net LLC. (NETBLK-GETONTHENET34) GETONTHENET34
207.50.168.24 - 207.50.168.31
OnThe.Net LLC. (NETBLK-GETONTHENET35) GETONTHENET35
207.50.169.64 - 207.50.169.127
OnThe.Net LLC. (NETBLK-GETONTHENET36) GETONTHENET36
207.50.169.128 - 207.50.169.191
OnThe.Net LLC. (NETBLK-GETONTHENET38) GETONTHENET38
207.50.171.16 - 207.50.171.31
OnThe.Net LLC. (NETBLK-GETONTHENET39) GETONTHENET39
207.50.171.32 - 207.50.171.47
OnThe.Net LLC. (NETBLK-GETONTHENET40) GETONTHENET40
207.50.171.48 - 207.50.171.63
OnThe.Net LLC. (NETBLK-GETONTHENET41) GETONTHENET41
207.50.171.64 - 207.50.171.79
OnThe.Net LLC. (NETBLK-GETONTHENET42) GETONTHENET42
207.50.172.0 - 207.50.172.255
OnThe.Net LLC. (NETBLK-GETONTHENET46) GETONTHENET46
207.50.161.32 - 207.50.161.63
OnThe.Net LLC. (NETBLK-GETONTHENET37) GETONTHENET37
207.50.170.0 - 207.50.170.255
OnThe.Net, Inc. (ASN-GETONTHENET) GETONTHENET 6213
I am strongly suspecting I may have found a new spamming organization. If you look,
you'll see they are secyreding as much as possible consecutive ranges of addresses.
I'm not sure if they are all using the same netmasks, but I don't think so. What a
router mess!
OK, let's look into the "return address":
earth.spearhead.net resolves to: 209.136.73.164
>whois spearhead.net
SpearHead Communications (SPEARHEAD2-DOM)
1919 Powell Drive
Dallas, TX 75240
Domain Name: SPEARHEAD.NET
Administrative Contact, Technical Contact, Zone Contact:
Watson, Todd (TW2907) tw@SPEARHEAD.NET
972-323-8089
Billing Contact:
Watson, Todd (TW2907) tw@SPEARHEAD.NET
972-323-8089
Record last updated on 26-Nov-97.
Record created on 21-Nov-97.
Database last updated on 11-Dec-97 05:52:27 EDT.
Domain servers in listed order:
NS2.EOM.NET 207.239.91.2
NS.EOM.NET 207.239.91.3
Now onto the web site:
>whois cyber-market.net
A.J. Industries (CYBER-MARKET3-DOM)
P.O. Box 130544
St Paul, MN 55113
Domain Name: CYBER-MARKET.NET
Administrative Contact:
Indistries, AJ (AI383) ajind@CYBER-MARKET.NET
612-646-8174 (FAX) 612-646-8174
Technical Contact, Zone Contact:
Industries, AJ (AI384) ajind@CYBER-MARKET.NET
612-646-8174 (FAX) 612-646-8174
Billing Contact:
Indistries, AJ (AI383) ajind@CYBER-MARKET.NET
612-646-8174 (FAX) 612-646-8174
Record last updated on 08-Dec-97.
Record created on 16-Nov-97.
Database last updated on 11-Dec-97 05:52:27 EDT.
Domain servers in listed order:
NS2.EOM.NET 207.239.91.2
NS.EOM.NET 207.239.91.3
Hmm, I'm seeing a pattern here.
