The following junk E-mail was sent to me by your customer. Please deal
with him. Thank you. I am sending this both to the domains shown in the
header data and to their upstream providers, as listed in WHOIS.
h8h8.COM: ad...@h8h8.COM, the contact for barbarian spam domain
THISONLINESHOE.COM, is yours.
AG, FTC: this fraudulent spam, with forged header data, violates S877, the
you CAN-SPAM act of 2003.
bora.net: barbarian spam site http://www.thisonlineshoe.com/ is at
www.thisonlineshoe.com [118.129.65.66] in your IP space.
China Network Communications Group Corporation: the barbarian spam was
sent from [117.11.24.15] in your IP space.
CNC Group Tianjin province network: the barbarian spam was sent from
[117.11.24.15] in your IP space.
LG DACOM Corporation: barbarian spam site http://www.thisonlineshoe.com/
is at www.thisonlineshoe.com [118.129.65.66] in your IP space.
Patriot.net: please block 117.11.24/24; please consider blocking a wider
range.
paycenter.com.cn: you are the registry for barbarian spam domain
THISONLINESHOE.COM and your whois server provides no contact data.
TALKNS.COM: you provide DNS for barbarian spam domain THISONLINESHOE.COM
THISONLINESHOE.COM: barbarian spam site http://www.thisonlineshoe.com/ is
at WWW.THISONLINESHOE.COM.
If the header or INTERNIC information identifying you was a forgery, I
recommend that you take appropriate steps to prevent that misuse of your
domain name. Likewise if someone was bouncing their message traffic off of
your port 25 without authorization. IANAL, but several court cases suggest
that you may have good cause for legal action. Should you decide to pursue
litigation against the sender, I will be willing to sign an affidavit that
I did in fact receive the message that I am forwarding.
If you were the victim of relay rape, you may want to take a look at
www.sendmail.org, http://relays.osirusoft.com/mtafix/,
hexadecimal.uoregon.edu/antirelay/ and anti-relay.unicom.com/anti-relay/
for information on blocking spam relays.
If you are the customer, your bulk E-mail constitutes postage-due
advertising, which is unethical and not a good way to earn customer good
will. In several court cases, judges have held it to constitute theft of
service and trespass. I demand that you remove me from all present and
future mailing lists, and will take appropriate steps if I receive any
further junk E-mail from you.
Deobfuscation analysis of I:\COMM\MAIL\MR2ICE\MAIL\47C80555.RCV
e-mail and URL list for host WWW.THISONLINESHOE.COM:
URL: http://www.thisonlineshoe.com/
e-mail and URL list for host [117.11.24.15]:
SMTP: [117.11.24.15]
WWW.THISONLINESHOE.COM:
: spam site http://www.thisonlineshoe.com/ is at WWW.THISONLINESHOE.COM.
BWwhois --shift 1 --stripdisclaimer THISONLINESHOE.COM 2>&1
BW whois 5.0 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2006 William E. Weinman
Request: THISONLINESHOE.COM
whois server for *.com is whois.crsnic.net ...
connected to whois.crsnic.net [199.7.55.74:43] ...
connected to whois.paycenter.com.cn [202.10.67.6:43] ...
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.
Domain Name: THISONLINESHOE.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS1.TALKNS.COM
Name Server: NS2.TALKNS.COM
Name Server: NS3.TALKNS.COM
Status: ok
Updated Date: 28-feb-2008
Creation Date: 28-feb-2008
Expiration Date: 28-feb-2009
>>> Last update of whois database: Sun, 02 Mar 2008 02:17:33 UTC <<<
nslookup -type=any WWW.THISONLINESHOE.COM 2>&1
Server: monroe.patriot.net
Address: 209.249.176.5
Non-authoritative answer:
WWW.THISONLINESHOE.COM internet address = 118.129.65.66
Authoritative answers can be found from:
THISONLINESHOE.COM nameserver = ns1.talkns.COM
THISONLINESHOE.COM nameserver = ns2.talkns.COM
THISONLINESHOE.COM nameserver = ns3.talkns.COM
ns1.talkns.COM internet address = 116.199.136.61
ns2.talkns.COM internet address = 58.253.71.79
ns3.talkns.COM internet address = 116.199.135.191
[117.11.24.15]:
Abuse contacts: ab...@cnc-noc.net
: the spam was sent from [117.11.24.15] in your IP space.
BWwhois --shift 1 --stripdisclaimer 117.11.24.15 2>&1
BW whois 5.0 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2006 William E. Weinman
Request: 117.11.24.15
connected to whois.arin.net [192.149.252.44:43] ...
connected to whois.apnic.net [202.12.29.13:43] ...
% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 117.8.0.0 - 117.15.255.255
netname: CNCGROUP-TJ
descr: CNC Group Tianjin province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
admin-c: CH455-AP
tech-c: HZ19-AP
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-CNCGROUP-TJ
mnt-routes: MAINT-CNCGROUP-RR
status: ALLOCATED PORTABLE
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: hm-ch...@apnic.net 20070525
source: APNIC
route: 117.8.0.0/13
descr: CNC Group CHINA169 Tianjin Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
changed: ab...@cnc-noc.net 20070525
source: APNIC
role: CNCGroup Hostmaster
e-mail: ab...@cnc-noc.net
address: No.156,Fu-Xing-Men-Nei Street,
address: Beijing,100031,P.R.China
nic-hdl: CH455-AP
phone: +86-10-82993155
fax-no: +86-10-82993102
country: CN
admin-c: CH444-AP
tech-c: CH444-AP
changed: ab...@cnc-noc.net 20041119
mnt-by: MAINT-CNCGROUP
source: APNIC
person: huang zheng
nic-hdl: HZ19-AP
e-mail: ipa...@ywb.online.tj.cn
address: 76 NO, ShiZiLin Street ,HeBei district of Tianjin,China
phone: +86-22-24459190
fax-no: +86-22-24454499
country: CN
changed: ipa...@ywb.online.tj.cn 20050721
mnt-by: MAINT-CNCGROUP-TJ
source: APNIC
nslookup -type=any 15.24.11.117.in-addr.arpa 2>&1
*** monroe.patriot.net can't find 15.24.11.117.in-addr.arpa: Non-existent
host/domain
Server: monroe.patriot.net
Address: 209.249.176.5
[118.129.65.66]:
Abuse contacts: ab...@bora.net
: spam site http://www.thisonlineshoe.com/ is at www.thisonlineshoe.com
[118.129.65.66] in your IP space.
BWwhois --shift 1 --stripdisclaimer 118.129.65.66 2>&1
BW whois 5.0 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2006 William E. Weinman
Request: 118.129.65.66
connected to whois.arin.net [199.43.0.144:43] ...
connected to whois.apnic.net [202.12.29.13:43] ...
% [whois.apnic.net node-2]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 118.128.0.0 - 118.131.255.255
netname: BORANET
descr: LG DACOM Corporation
descr: 65-228,DACOM Bldg ,Hangangro 1ga Yongsangu, Seoul
descr: *************************************
descr: Allocated to KRNIC Member.
descr: If you would like to find assignment
descr: information in detail please refer to
descr: the KRNIC Whois Database at:
descr: http://whois.nic.or.kr/english/index.htm
descr: *************************************
country: KR
admin-c: DB50-AP
tech-c: DB50-AP
status: Allocated Portable
remarks: www.dacom.net
mnt-by: MNT-KRNIC-AP
mnt-lower: MNT-KRNIC-AP
changed: hm-ch...@apnic.net 20070912
source: APNIC
role: DACOM BORANET
address: DACOM Bldg., 706-1, Yoeksam-dong, Kangnam-ku
address: Seoul
country: KR
phone: +82-2-2089-7755
fax-no: +82-2-2089-0706
e-mail: ip...@nic.bora.net
e-mail: ab...@bora.net
e-mail: secu...@bora.net
admin-c: PE32-AP
tech-c: PE32-AP
nic-hdl: DB50-AP
mnt-by: MNT-KRNIC-AP
notify: hostm...@nic.or.kr
remarks: IP address administrator group of NIC team, DACOM Corp.
remarks: If related with spam, send mail to ab...@bora.net
remarks: If related with security, send mail to secu...@bora.net
remarks: Only for whois information correction, send mail to
ip...@nic.bora.net
changed: jeo...@bora.net 20041105
changed: hm-ch...@apnic.net 20060428
source: APNIC
inetnum: 118.128.0.0 - 118.131.255.255
netname: BORANET-KR
descr: LG DACOM Corporation
country: KR
admin-c: IA5-KR
tech-c: IA5-KR
status: ALLOCATED PORTABLE
mnt-by: MNT-KRNIC-AP
remarks: This information has been partially mirrored by APNIC from
remarks: KRNIC. To obtain more specific information, please use the
remarks: KRNIC whois server at whois.krnic.net.
changed: hostm...@nic.or.kr
source: KRNIC
nslookup -type=any 66.65.129.118.in-addr.arpa 2>&1
*** monroe.patriot.net can't find 66.65.129.118.in-addr.arpa:
Non-existent host/domain
Server: monroe.patriot.net
Address: 209.249.176.5
--
-----------------------------------------------------------
Shmuel (Seymour J.) Metz <shmue...@patriot.net>
-----------------------------------------------------------
-----------------------------------------------------
-- Beginning of forwarded message
-----------------------------------------------------
Return-Path: <eo...@adelphia.com>
Received: from 117.11.24.15 ([117.11.24.15])
by jefferson.patriot.net (8.13.4/8.13.4/Debian-3sarge3) with ESMTP id m1TDCWfk019483
for <shm...@patriot.net>; Fri, 29 Feb 2008 08:13:09 -0500
Message-ID: <000601c87ad4$033267b2$6f8f3c8e@ggntan>
From: "cortie ajai" <eo...@adelphia.com>
To: "Sondra Clay" <shm...@patriot.net>
Subject: Top Designer Shoes 60% OFF Gucci
Date: Fri, 29 Feb 2008 11:25:04 +0000
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Status: O
X-UID: 18212
Content-Length: 120
X-Keywords:
Hot New Shoe Styles: From Flirty to Glam and Everything in Between. Order Online Today!
http://www.thisonlineshoe.com/
-----------------------------------------------------
-- End of forwarded message
-----------------------------------------------------
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/