Theft: Spammer is stealing resources from improperly configured mail servers
Forgery: Spammer is falsely claiming to be relay.Verizon.net in his HELO/EHLO
______________________________________________________________________
Spam Source: 163.179.159.68
163.179.159.68 has no rDNS configured
whois ARIN 163.179.159.68
OrgName: ICG NetAhead, Inc.
OrgID: ICGN
Address: 161 Inverness Drive West
City: Englewood
StateProv: CO
PostalCode: 80112
Country: US
NetRange: 163.179.0.0 - 163.179.255.255
CIDR: 163.179.0.0/16
NetName: ICG-BLK-BLK1
NetHandle: NET-163-179-0-0-1
Parent: NET-163-0-0-0-0
NetType: Direct Allocation
NameServer: AS1.ICG.NET
NameServer: AS2.ICG.NET
Comment: Addresses within this block are non-portable
RegDate: 2000-07-19
Updated: 2000-12-14
Found: ab...@icgcom.com
______________________________________________________________________
Open relay: 193.96.198.50
193.96.198.50 is a confirmed open relay
-----------------------------------------------------------------------------------
Relay Test Headers
-----------------------------------------------------------------------------------
Received: (qmail 27356 invoked by uid 501); 5 Mar 2003 14:14:35 -0000
Received: from smtp01ffm.de.uu.net (HELO smtp01ffm.de.uu.net)
(192.76.144.150)by mail.sneakemail.com with SMTP; 5 Mar 2003
14:14:35 -0000
Received: from dsw2k1.dsgroup.de (PFEIFE.tps.de [193.96.198.50]
(may be forged))by smtp01ffm.de.uu.net (8.9.3/5.5.5) with ESMTP id
PAA10142for <x>; Wed, 5 Mar 2003 15:14:32 +0100 (MET)
Received: from www.abuse.net ([208.31.42.77]) by dsw2k1.dsgroup.de
with Microsoft SMTPSVC(5.0.2195.5329);Wed, 5 Mar 2003 15:14:17
+0100
To: <x>
From: rela...@abuse.net
Subject: Test for susceptibility of [193.96.198.50] to third-party mail relay
Date: Wed, 05 Mar 2003 14:13:04 GMT
Message-Id: <rlytest-1046...@abuse.net>
Sender: <x>
X-Envelope: <spam...@abuse.net> -> <x>
X-OriginalArrivalTime: 05 Mar 2003 14:14:17.0968 (UTC) FILETIME=[8252B700:01C2E321]
X-Mozilla-Status: 8001
X-Mozilla-Status2: 00000000
X-UIDL: <rlytest-1046...@abuse.net>
-----------------------------------------------------------------------------------
End Relay Test Headers
-----------------------------------------------------------------------------------
193.96.198.50 has a rDNS configured as PFEIFE.tps.de
whois RIPE 193.96.198.50
inetnum: 193.96.198.48 - 193.96.198.63
netname: DSDRUCKEREI
descr: DS Druckerei-Service GmbH
descr: Siemensstr. 46
descr: D-72766 Reutlingen
country: DE
admin-c: AN4587-RIPE
tech-c: AN4587-RIPE
status: ASSIGNED PA
mnt-by: UUNETDE-I
changed: hostm...@de.uu.net 20010209
source: RIPE
[...]
person: Alexandra Neumann
address: DS Druckerei-Service GmbH
address: Siemensstr. 46
address: D-72766 Reutlingen
phone: +49 7121 48150
e-mail: a.ne...@dsgroup.de
nic-hdl: AN4587-RIPE
mnt-by: UUNET-P
changed: s...@de.uu.net 20010209
source: RIPE
Found: ab...@de.uu.net, a.ne...@dsgroup.de
______________________________________________________________________
Spamvertised URL: http://www.millionairetrader.com/ebook2.asp
www.millionairetrader.com resolves to 66.221.36.193
66.221.36.193 has no rDNS configured.
whois ARIN 66.221.36.193
OrgName: C I Host
OrgID: CIHS
Address: 1851 Central Drive
Address: #110
City: Bedford
StateProv: TX
PostalCode: 76112
Country: US
NetRange: 66.221.0.0 - 66.221.255.255
CIDR: 66.221.0.0/16
NetName: CIHOST7
NetHandle: NET-66-221-0-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
NameServer: NS.CIHOST.COM
NameServer: NS2.CIHOST.COM
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 2002-01-17
Updated: 2002-06-17
Found: ab...@cihost.com
______________________________________________________________________
Spamvertised URL:
http://mysite.verizon.net/web2437a/service.htm
http://mysite.verizon.net/web2437a/registerform.htm','popup','height=450,width=320,scrollbars=no
mysite.verizon.net resolves to 206.46.189.90
206.46.189.90 has a rDNS configured as mysite.verizon.net
Abuse reporting address on record at abuse.net
Found: ab...@verizon.net
______________________________________________________________________
Spammer information:
whois -h whois.godaddy.com millionairetrader.com ...
[...]
Registrant:
Rich Swannell
Elliott Wave Research PL
9 Central Ave
Mt Pleasant, 6153
Australia
Registered through: Go Daddy Software (http://www.godaddy.com)
Domain Name: MILLIONAIRETRADER.COM
Created on: 29-Jan-03
Expires on: 29-Jan-05
Last Updated on: 29-Jan-03
Administrative Contact:
Swannell, Rich ri...@swannell.net
Elliott Wave Research PL
9 Central Ave
Mt Pleasant, 6153
Australia
893153830 Fax -- 893153831
Technical Contact:
Swannell, Rich ri...@swannell.net
Elliott Wave Research PL
9 Central Ave
Mt Pleasant, 6153
Australia
893153830 Fax -- 893153831
Domain servers in listed order:
Found: ab...@godaddy.com
______________________________________________________________________
****************************
* Additional information *
****************************
This report is being submitted to nana...@cybernothing.org the email
address for the moderated newsgroup news.admin.net-abuse.sightings to
create a record for public inspection and archival purposes.
I did not request any commercial or bulk emails from this individual or
organization and did NOT opt in to any mailing list focused on getting
material of this type. Any claims of opt-in are totally ficticious.
-------------------------- Spam Message -----------------------------
Received: (qmail 4678 invoked by uid 501); 5 Mar 2003 12:54:16 -0000
Received: from smtp02do.de.uu.net (HELO smtp02do.de.uu.net) (192.76.144.69)
by mail.sneakemail.com with SMTP; 5 Mar 2003 12:54:16 -0000
Received: from dsw2k1.dsgroup.de (PFEIFE.tps.de [193.96.198.50] (may be forged))
by smtp02do.de.uu.net (8.9.3/5.5.5) with ESMTP id NAA14588;
Wed, 5 Mar 2003 13:51:18 +0100 (MET)
Received: from relay.Verizon.net ([163.179.159.68]) by dsw2k1.dsgroup.de with
Microsoft SMTPSVC(5.0.2195.5329); Wed, 5 Mar 2003 13:52:22 +0100
Message-ID: <00003194167a$00005b42$0000...@relay.Verizon.net>
To: <x>
From: Millionaire Traders <Millionai...@Verizon.net>
Subject: We Want to make YOU a MILLIONAIRE TRADER.
Date: Sun, 02 Mar 2003 07:13:09 -1500
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Reply-To: Millionaire Traders <Millionai...@Verizon.net>
X-Priority: 5
X-MSMail-Priority: Low
MIME-Version: 1.0
X-Mailer: The Bat! (v1.52f) Business
Sensitivity: Private
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
X-Sneakemail-Label: Usenet
X-Sneakemail-Address: <x>
X-Sneakemail-Rcpt: <x>
X-Sneakemail-Keyword: 1.0-Trash
X-Sneakemail-Return-Path: Millionai...@Verizon.net
X-Sneakemail-From: Millionaire Traders <Millionai...@Verizon.net>
X-Sneakemail-Is-Sneakemail: yes
X-Sneakemail-Folder-Path: Newsgroups/SC-nanae
X-Mozilla-Status: 4001
X-Mozilla-Status2: 00000000
X-UIDL: <00003194167a$00005b42$0000...@relay.Verizon.net>
<html><head><title>Untitled Document</title><meta http-equiv=3D"Content-Typ=
e" content=3D"text/html; charset=3Diso-8859-1"></head><body onload=3D"windo=
w.open('http://www.millionairetrader.com/ebook2.asp?tag=3DSH'); self.focus(=
);" vlink=3D"#DCD9B6" alink=3D"#DCD9B6"><body bgcolor=3D"#000000" link=3D"#=
DCD9B6" vlink=3D"#DCD9B6" alink=3D"#DCD9B6"><table width=3D"559" border=3D"=
1" align=3D"center" cellpadding=3D"0" cellspacing=3D"0" bordercolor=3D"#000=
000"><tr><td><table width=3D"520" border=3D"0" cellpadding=3D"0" cellspacin=
g=3D"0" bgcolor=3D"#DCD9B6"><tr><td valign=3D"top"><img src=3D"http://mysit=
e.verizon.net/web2437a/Top$Graphic.gif" alt=3D"" width=3D"559" height=3D"12=
4"></td></tr><tr><td valign=3D"top"><ul><li><font size=3D"2" face=3D"Verdan=
a, Arial, Helvetica, sans-serif">We front the money-You take all the profit=
s!</font><font size=3D"2" face=3D"Verdana, Arial, Helvetica, sans-serif"><f=
ont color=3D"#FFFFFF"><strong><br> <br> </strong></font></font></li><li><fo=
nt size=3D"2" face=3D"Verdana, Arial, Helvetica, sans-serif">We’ll tr=
ain and educate you at <strong>OUR EXPENSE</strong>, if you agree to donate=
10% of your revenue to a charity of YOUR choice.</font><font size=3D"2" fa=
ce=3D"Verdana, Arial, Helvetica, sans-serif"></font><font size=3D"2" face=
=3D"Verdana, Arial, Helvetica, sans-serif"><br> <br> </font></li><li><font =
size=3D"2" face=3D"Verdana, Arial, Helvetica, sans-serif">If you qualify yo=
u will receive free use of a $20,000 trading account of ours, and free ment=
oring from our head trader until you have at least doubled your money.<br> =
<br> </font></li><li><font size=3D"2" face=3D"Verdana, Arial, Helvetica, sa=
ns-serif">Apart from generating significant wealth for our clients, the amo=
unt pledged to charities is growing towards our goal of $100 million per ye=
ar<strong> </strong>– helping to make the world a better place.</font=
></li></ul></td></tr><tr><td valign=3D"top"><br> <img src=3D"http://mysite.=
verizon.net/web2437a/TextStrip.gif" alt=3D"" width=3D"559" height=3D"24"></=
td></tr><tr><td valign=3D"top"><div align=3D"right"><A HREF=3D"#" ONCLICK=
=3D"window.open('http://mysite.verizon.net/web2437a/RegisterForm.htm','popu=
p','height=3D450,width=3D320,scrollbars=3Dno')"><img src=3D"http://mysite.v=
erizon.net/web2437a/RegisterNow.gif" alt=3D"" width=3D"155" height=3D"31"><=
/div></td></tr></table></td></tr></table><p><font color=3D"#C0C0C0"><span s=
tyle=3D"FONT-FAMILY: Times New Roman"><font style=3D"FONT-SIZE: 8pt">* You =
chose to be an Administrator Notices, Newsletter or Developer Announcement =
recipient. We=FFFFFF92re excited to bring you exclusive access to great con=
tent and specials plus other convenient tools and services. </font></span><=
font style=3D"FONT-SIZE: 8pt" face=3D"Times New Roman">We also respect your=
right to privacy, If you feel that this service is no longer of benefit to=
you, and you do not want to be notified along with the executives on this =
list, </font></font><span style=3D"FONT-FAMILY: Times New Roman"><font styl=
e=3D"FONT-SIZE: 8pt"><font color=3D"#C0C0C0">Simply </font><a href=3D"http:=
//mysite.verizon.net/web2437a/service.htm"><font color=3D"#C0C0C0">CLICK HE=
RE</font></a><font color=3D"#C0C0C0"> and you will be blocked from the reci=
pients. Before you do, however please remember we are providing you with se=
rvices for financial success and valuable information about opportunities o=
n an absolutely free basis.</font></font></span></p></body></html>
--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.
For a copy of the guidelines to this group, see:
<URL:http://www.killfile.org/~tskirvin/nana/>
--
E-mail address is right now valid, but timelimited.
Probably for a *very* short period.
http://mysite.verizon.net/web2437a/registerform.htm','popup','height=450,width=320,scrollbars=no
is 206.46.189.90; Wed, 05 Mar 2003 21:05:18 GMT
ab...@verizon.net
http://mysite.verizon.net/web2437a/service.htm is 206.46.189.90; Wed,
05 Mar 2003 21:05:18 GMT
ab...@verizon.net
http://www.millionairetrader.com/ebook2.asp is 66.221.36.193; Wed, 05
Mar 2003 21:05:18 GMT
ab...@cihost.com
-----------------------
Received: from mail.ssoft.lan (unknown [207.170.28.246])
by imta12.mta.everyone.net (Postfix) with ESMTP id 60020A8329
for <x>; Tue, 4 Mar 2003 23:27:53 -0800 (PST)
Received: from relay.Verizon.net (msfc03-dai-tx-45-68.rasserver.net
[163.179.159.68]) by schedulesoft.com
(Rockliffe SMTPRA 5.2.5) with SMTP id <B0000...@mail.ssoft.lan>;
Wed, 5 Mar 2003 01:27:40 -0600
Message-ID: <0000___________...@relay.Verizon.net>
To: <x>
From: "Millionaire Traders" <Millionai...@Verizon.net>
Subject: We Want to make YOU a MILLIONAIRE TRADER.
Date: Sun, 02 Mar 2003 01:25:11 -1800
MIME-Version: 1.0
Content-Type: text/html;
charset="iso-8859-1"
Reply-To: Millionai...@Verizon.net
X-Priority: 5
X-MSMail-Priority: Low
MIME-Version: 1.0
X-Mailer: Microsoft Outlook Express 5.50.4522.1200
Sensitivity: Confidential
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300
<x-html>
ONCLICK="window.open('http://mysite.verizon.net/web2437a/RegisterForm.htm','popup','height=450,width=320,scrollbars=no')"><img
src="http://mysite.verizon.net/web2437a/RegisterNow.gif" alt=""
width="155"
height="31"></div></td></tr></table></td></tr></table><p><font
color="#C0C0C0"><span style="FONT-FAMILY: Times New Roman"><font
style="FONT-SIZE: 8pt">* You chose to be an Administrator Notices,
Newsletter or Developer Announcement recipient. WeÿFFFF92re excited to
bring you exclusive access to great content and specials plus other
convenient tools and services. </font></span><font style="FONT-SIZE:
8pt" face="Times New Roman">We also respect your right to privacy, If
you feel that this service is no longer of benefit to you, and you do
not want to be notified along with the executives on this list,
</font></font><span style="FONT-FAMILY: Times New Roman"><font
style="FONT-SIZE: 8pt"><font color="#C0C0C0">Simply </font><a
href="http://mysite.verizon.net/web2437a/service.htm"><font
color="#C0C0C0">CLICK HERE</font></a><font color="#C0C0C0"> and you
will be blocked from the recipients. Before you do, however please
remember we are providing you with services for financial success and
valuable information about opportunities on an absolutely free
basis.</font></font></span></p></body></html>
</x-html>
--