nanog mailing list archives
Re: contact for the world etc (nanog)
From: David A.Ulevitch <davidu () everydns net>
Date: Tue, 14 Dec 2004 11:29:20 -0800
The text the guy cites isn't from our staff, we don't even have an auto-ack system. Maybe it's from some customer or maybe entirely forged, he doesn't include any headers and seems to just want to vent.
Barry, we can follow up offlist. Here's the full text of the email (one of a quite a few just yesterday).I'm unsure how abuse desks are supposed to even deal with things like this. We've plonked the user but we have no way to let you know. We also have no way of getting you to actually email abuse () everydns net instead of my personal email address.
-davidu ---EOF--- Received: (qmail 25489 invoked by uid 114); 14 Dec 2004 06:15:37 -0000Received: from 192.74.137.144 by fiona (envelope-from <roky () TheWorld com>, uid 106) with qmail-scanner-1.24
(clamdscan: 0.80/614. spamassassin: 3.0.1. Clear:RC:0(192.74.137.144):SA:0(4.4/5.0):. Processed in 3.873291 secs); 14 Dec 2004 06:15:37 -0000 X-Spam-Status: No, hits=4.4 required=5.0 X-Spam-Level: ++++ Received: from pcls4-e.std.com (HELO TheWorld.com) (192.74.137.144) by secure.perfectemail.net with SMTP; 14 Dec 2004 06:15:33 -0000 Received: (from roky@localhost) by TheWorld.com (8.12.8p1/8.12.8) id iBE6ACu2008864; Tue, 14 Dec 2004 01:10:12 -0500 Date: Tue, 14 Dec 2004 01:10:12 -0500 Message-Id: <200412140610.iBE6ACu2008864 () TheWorld com> To: lkioexiomixfu () beograd every1 net References: <7972491103005094 () CPE-65-27-11-91 kc rr com> In-Reply-To: <7972491103005094 () CPE-65-27-11-91 kc rr com> From: MAILER-DAEMON () theworld com (Mail Delivery Subsystem) Subject: EVERYDNS piracy spams not allowed X-Mailer: SpamStopper Cc: uce () ftc gov, security () level3 net, davidu () everydns net This is an automated mailing in response to your spamvertisement forpirated software - and porn websites purporting to depict images of rape.
If you are receiving this message it is likely because you are a spammer.
Perhaps you host the site of the spammer, last seen at 147.45.35.145 (APPZPLANET.COM; APPZPLA.NET). Then, you are a spammer.DNS for this netblock is owned by free.net/run.net, administered by hobot.ru, and zone-transferred by hobot.ru (possibly illegally) to EV1.NET's spammer-
service subsidiary "EVERYDNS.NET" - also known as freelooklist.com, perfectemail.net, stayoff.org, etc. domain: HOBOT.RU type: CORPORATE nserver: ns1.everydns.net. nserver: ns2.everydns.net. nserver: ns3.everydns.net. nserver: ns4.everydns.net. state: REGISTERED, DELEGATED person: MAXIM N PONIZOVTSEV phone: +7 095 7967750 e-mail: ripn () hobot ru registrar: RUCENTER-REG-RIPN created: 2000.04.03 paid-till: 2005.05.01 source: TC-RIPN ns1.everydns.net has address 64.158.219.3 ns2.everydns.net has address 216.218.240.206 ns3.everydns.net has address 80.84.249.169 ns4.everydns.net has address 63.219.183.200EVERYDNS.NET however is currently aliased to fiona.everybox.com at 64.158.219.9.
64.158.219.0/24 is the responsible party for these and a huge number of other recent spams that tout illegal and fraudulent products, services and content.
OrgName: Co-Location.com Inc. OrgID: COLOC-1 Address: 333 S. Beverly Drive Address: Suite 207 City: Beverly Hills StateProv: CA PostalCode: 90212 Country: US NetRange: 64.158.219.0 - 64.158.219.255 CIDR: 64.158.219.0/24 NetName: COLOC1-LVLT-64-158-219 NetHandle: NET-64-158-219-0-1 Parent: NET-64-152-0-0-1 NetType: Reassigned Comment: RegDate: 2004-05-24 Updated: 2004-05-24 OrgTechHandle: TECHN143-ARIN OrgTechName: Technical OrgTechPhone: +1-310-286-1107 OrgTechEmail: Support () co-location com This spammer has been scanning networks worldwide in order to exploit any found "open SMTP proxies". He is also documented to have broken into zombied machines to use their DSL connections for spam transmission and, as previously stated, transferring DNS zones to mask the origins of both his spams and websites. Thus a spammer, a software pirate AND a burglar. A criminal, in any event. The unread message which you just sent to an unassigned address on our network, and which follows, has already been sent to law enforcement authorities. Hopefully you will be sent to them as well, shortly. [Administrators and legal/investigative officials reading this: We urge you to consider a course of action which will result in termination of all services to the above-referenced hosts and netblocks as soon as administratively possible - a more permanent solution pending completion of any additional investigation. Regarding those investigations we may be counted upon to furnish any additional documentation we can offer to assist in prosecution, and to ensure civil liability.] ----- Original message follows, unread ----- From lkioexiomixfu () beograd every1 net Tue Dec 14 01:10:11 2004Received: from CPE-65-27-11-91.kc.rr.com (CPE-65-27-11-91.kc.rr.com [65.27.11.91])
by TheWorld.com (8.12.8p1/8.12.8) with ESMTP id iBE69kja005923 for <roky () world std com>; Tue, 14 Dec 2004 01:09:47 -0500 Received: from unknown (HELO localhost) (127.0.0.1) by localhost.edit.com with SMTP; Tue, 14 Dec 2004 06:18:14 +0000 Received: from 149.55.161.220 (149.55.161.220[149.55.161.220]) by CPE-65-27-11-91.kc.rr.com (IMP) with HTTP for <roky () world std com>; Tue, 14 Dec 2004 06:18:14 +0000 Message-ID: <7972491103005094 () CPE-65-27-11-91 kc rr com> From: "Mike" <lkioexiomixfu () beograd every1 net> To: "Benny" <roky () world std com> Subject: Any software backups for lowest pricest. Date: Tue, 14 Dec 2004 06:18:14 +0000 MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.2 X-Originating-IP: 149.55.161.220 <HTML><html> <body><P>2005 is just a few days away. Start the new year with a much needed software
upgrade:</P><P>Tired of your old Windows system? Get XP Professional here for only $33 ($170 cheaper than stores):<BR><A href="http://down.cd/">http://down.cd/</A></P> <P>Your old Office program no longer state of the art? Get the superb Office
2003 here for $38 less than retail:<BR><A href="http://down.cd/">http://down.cd/</A></P><P>View our full software selection. Whether you need new virus software, art and graphical software or anything else,<BR>we have it - and so much cheaper
than the stores. =)</P> <P><A href="http://down.cd/">http://down.cd/</A> or <A href="http://backups.cd/">http://backups.cd/</A></P> </body> </html> </HTML> !DSPAM:41be850e33244928411552!
Current thread:
- fwd: contact for the world etc (nanog) Eric Brunner-Williams in Portland Maine (Dec 14)
- Re: contact for the world etc (nanog) David A . Ulevitch (Dec 14)