Spam report. ID: 030503-0035
Theft: Spammer is stealing resources from improperly configured mail servers
Forgery: Spammer is falsely claiming to be relay.Verizon.net in his HELO/EHLO
______________________________________________________________________
Spam Source: 163.179.159.68
163.179.159.68 has no rDNS configured
whois ARIN 163.179.159.68
OrgName: ICG NetAhead, Inc.
OrgID: ICGN
Address: 161 Inverness Drive West
City: Englewood
StateProv: CO
PostalCode: 80112
Country: US
NetRange: 163.179.0.0 - 163.179.255.255
CIDR: 163.179.0.0/16
NetName: ICG-BLK-BLK1
NetHandle: NET-163-179-0-0-1
Parent: NET-163-0-0-0-0
NetType: Direct Allocation
NameServer: AS1.ICG.NET
NameServer: AS2.ICG.NET
Comment: Addresses within this block are non-portable
RegDate: 2000-07-19
Updated: 2000-12-14
Found: ab...@icgcom.com
______________________________________________________________________
Open relay: 193.96.198.50
193.96.198.50 is a confirmed open relay
--------------------------------------------------------------------------- --------
Relay Test Headers
--------------------------------------------------------------------------- --------
Received: (qmail 27356 invoked by uid 501); 5 Mar 2003 14:14:35 -0000
Received: from smtp01ffm.de.uu.net (HELO smtp01ffm.de.uu.net)
(192.76.144.150)by mail.sneakemail.com with SMTP; 5 Mar 2003
14:14:35 -0000
Received: from dsw2k1.dsgroup.de (PFEIFE.tps.de [193.96.198.50]
(may be forged))by smtp01ffm.de.uu.net (8.9.3/5.5.5) with ESMTP id
PAA10142for <x>; Wed, 5 Mar 2003 15:14:32 +0100 (MET)
Received: from www.abuse.net ([208.31.42.77]) by dsw2k1.dsgroup.de
with Microsoft SMTPSVC(5.0.2195.5329);Wed, 5 Mar 2003 15:14:17
+0100
To: <x>
From: relayt...@abuse.net
Subject: Test for susceptibility of [193.96.198.50] to third-party mail relay
Date: Wed, 05 Mar 2003 14:13:04 GMT
Message-Id: <rlytest-1046873584-19706@abuse.net>
Sender: <x>
X-Envelope: <spamt...@abuse.net> -> <x>
X-OriginalArrivalTime: 05 Mar 2003 14:14:17.0968 (UTC) FILETIME=[8252B700:01C2E321]
X-Mozilla-Status: 8001
X-Mozilla-Status2: 00000000
X-UIDL: <rlytest-1046873584-19...@abuse.net>
--------------------------------------------------------------------------- --------
End Relay Test Headers
--------------------------------------------------------------------------- --------
193.96.198.50 has a rDNS configured as PFEIFE.tps.de
whois RIPE 193.96.198.50
inetnum: 193.96.198.48 - 193.96.198.63
netname: DSDRUCKEREI
descr: DS Druckerei-Service GmbH
descr: Siemensstr. 46
descr: D-72766 Reutlingen
country: DE
admin-c: AN4587-RIPE
tech-c: AN4587-RIPE
status: ASSIGNED PA
mnt-by: UUNETDE-I
changed: hostmas...@de.uu.net 20010209
source: RIPE
[...]
person: Alexandra Neumann
address: DS Druckerei-Service GmbH
address: Siemensstr. 46
address: D-72766 Reutlingen
phone: +49 7121 48150
e-mail: a.neum...@dsgroup.de
nic-hdl: AN4587-RIPE
mnt-by: UUNET-P
changed: s...@de.uu.net 20010209
source: RIPE
Found: ab...@de.uu.net, a.neum...@dsgroup.de
______________________________________________________________________
Spamvertised URL: http://www.millionairetrader.com/ebook2.asp
www.millionairetrader.com resolves to 66.221.36.193
66.221.36.193 has no rDNS configured.
whois ARIN 66.221.36.193
OrgName: C I Host
OrgID: CIHS
Address: 1851 Central Drive
Address: #110
City: Bedford
StateProv: TX
PostalCode: 76112
Country: US
NetRange: 66.221.0.0 - 66.221.255.255
CIDR: 66.221.0.0/16
NetName: CIHOST7
NetHandle: NET-66-221-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS.CIHOST.COM
NameServer: NS2.CIHOST.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-01-17
Updated: 2002-06-17
Found: ab...@cihost.com
______________________________________________________________________
Spamvertised URL:
http://mysite.verizon.net/web2437a/service.htm
http://mysite.verizon.net/web2437a/registerform.htm','popup','height=...
mysite.verizon.net resolves to 206.46.189.90
206.46.189.90 has a rDNS configured as mysite.verizon.net
Abuse reporting address on record at abuse.net
Found: ab...@verizon.net
______________________________________________________________________
Spammer information:
whois -h whois.godaddy.com millionairetrader.com ...
[...]
Registrant:
Rich Swannell
Elliott Wave Research PL
9 Central Ave
Mt Pleasant, 6153
Australia
Registered through: Go Daddy Software (http://www.godaddy.com)
Domain Name: MILLIONAIRETRADER.COM
Created on: 29-Jan-03
Expires on: 29-Jan-05
Last Updated on: 29-Jan-03
Administrative Contact:
Swannell, Rich r...@swannell.net
Elliott Wave Research PL
9 Central Ave
Mt Pleasant, 6153
Australia
893153830 Fax -- 893153831
Technical Contact:
Swannell, Rich r...@swannell.net
Elliott Wave Research PL
9 Central Ave
Mt Pleasant, 6153
Australia
893153830 Fax -- 893153831
Domain servers in listed order:
NS.CIHOST.COM
NS2.CIHOST.COM
Found: ab...@godaddy.com
______________________________________________________________________
****************************
* Additional information *
****************************
This report is being submitted to nanas-...@cybernothing.org the email
address for the moderated newsgroup news.admin.net-abuse.sightings to
create a record for public inspection and archival purposes.
I did not request any commercial or bulk emails from this individual or
organization and did NOT opt in to any mailing list focused on getting
material of this type. Any claims of opt-in are totally ficticious.
-------------------------- Spam Message -----------------------------
Received: (qmail 4678 invoked by uid 501); 5 Mar 2003 12:54:16 -0000
Received: from smtp02do.de.uu.net (HELO smtp02do.de.uu.net) (192.76.144.69)
by mail.sneakemail.com with SMTP; 5 Mar 2003 12:54:16 -0000
Received: from dsw2k1.dsgroup.de (PFEIFE.tps.de [193.96.198.50] (may be forged))
by smtp02do.de.uu.net (8.9.3/5.5.5) with ESMTP id NAA14588;
Wed, 5 Mar 2003 13:51:18 +0100 (MET)
Received: from relay.Verizon.net ([163.179.159.68]) by dsw2k1.dsgroup.de with
Microsoft SMTPSVC(5.0.2195.5329); Wed, 5 Mar 2003 13:52:22 +0100
Message-ID: <00003194167a$00005b42$00004...@relay.Verizon.net>
To: <x>
From: Millionaire Traders <Millionaire.Tra...@Verizon.net>
Subject: We Want to make YOU a MILLIONAIRE TRADER.
Date: Sun, 02 Mar 2003 07:13:09 -1500
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Reply-To: Millionaire Traders <Millionaire.Tra...@Verizon.net>
X-Priority: 5
X-MSMail-Priority: Low
MIME-Version: 1.0
X-Mailer: The Bat! (v1.52f) Business
Sensitivity: Private
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
X-Sneakemail-Label: Usenet
X-Sneakemail-Address: <x>
X-Sneakemail-Rcpt: <x>
X-Sneakemail-Keyword: 1.0-Trash
X-Sneakemail-Return-Path: Millionaire.Tra...@Verizon.net
X-Sneakemail-From: Millionaire Traders <Millionaire.Tra...@Verizon.net>
X-Sneakemail-Is-Sneakemail: yes
X-Sneakemail-Folder-Path: Newsgroups/SC-nanae
X-Mozilla-Status: 4001
X-Mozilla-Status2: 00000000
X-UIDL: <00003194167a$00005b42$00004...@relay.Verizon.net>
<html><head><title>Untitled Document</title><meta http-equiv=3D"Content-Typ=
e" content=3D"text/html; charset=3Diso-8859-1"></head><body onload=3D"windo=
w.open('http://www.millionairetrader.com/ebook2.asp?tag=3DSH'); self.focus(=
);" vlink=3D"#DCD9B6" alink=3D"#DCD9B6"><body bgcolor=3D"#000000" link=3D"#=
DCD9B6" vlink=3D"#DCD9B6" alink=3D"#DCD9B6"><table width=3D"559" border=3D"=
1" align=3D"center" cellpadding=3D"0" cellspacing=3D"0" bordercolor=3D"#000=
000"><tr><td><table width=3D"520" border=3D"0" cellpadding=3D"0" cellspacin=
g=3D"0" bgcolor=3D"#DCD9B6"><tr><td valign=3D"top"><img src=3D"http://mysit=
e.verizon.net/web2437a/Top$Graphic.gif" alt=3D"" width=3D"559" height=3D"12=
4"></td></tr><tr><td valign=3D"top"><ul><li><font size=3D"2" face=3D"Verdan=
a, Arial, Helvetica, sans-serif">We front the money-You take all the profit=
s!</font><font size=3D"2" face=3D"Verdana, Arial, Helvetica, sans-serif"><f=
ont color=3D"#FFFFFF"><strong><br> <br> </strong></font></font></li><li><fo=
nt size=3D"2" face=3D"Verdana, Arial, Helvetica, sans-serif">We’ll tr=
ain and educate you at <strong>OUR EXPENSE</strong>, if you agree to donate=
10% of your revenue to a charity of YOUR choice.</font><font size=3D"2" fa=
ce=3D"Verdana, Arial, Helvetica, sans-serif"></font><font size=3D"2" face=
=3D"Verdana, Arial, Helvetica, sans-serif"><br> <br> </font></li><li><font =
size=3D"2" face=3D"Verdana, Arial, Helvetica, sans-serif">If you qualify yo=
u will receive free use of a $20,000 trading account of ours, and free ment=
oring from our head trader until you have at least doubled your money.<br> =
<br> </font></li><li><font size=3D"2" face=3D"Verdana, Arial, Helvetica, sa=
ns-serif">Apart from generating significant wealth for our clients, the amo=
unt pledged to charities is growing towards our goal of $100 million per ye=
ar<strong> </strong>– helping to make the world a better place.</font=
></li></ul></td></tr><tr><td valign=3D"top"><br> <img src=3D"
http://mysite.= verizon.net/web2437a/TextStrip.gif" alt=3D"" width=3D"559" height=3D"24"></=
td></tr><tr><td valign=3D"top"><div align=3D"right"><A HREF=3D"#" ONCLICK=
=3D"window.open('
http://mysite.verizon.net/web2437a/RegisterForm.htm','popu=
...
read more »
