"Williams" moving to Netcom! / Re: chancellor.stockpick.com / moneyworld.com email spam
Zoli Fekete, keeper of hungarian-faq
-----BEGIN PGP SIGNED MESSAGE-----
Executive summary: the good news is that most of our wandering spammer's
domains seem to be down; the bad news is that the spamvertised
chancellor.stockpick.com found a new good home at NETCOM.NET - that's the
only machine directly involved in this abuse scheme that ping sees online
right now!
On 23 Jul 1996, Catherine Hampton wrote:
> He isn't on Best -- he is (or was) on uncommon.net
That was a couple of days and two or more providers ;-) ago, very briefly.
> "stockpick.com" is on U.S. West.
I'm told that they have already been terminated there, and the InterNIC
record is outdated. (Incidentally, I found this strange phenomenon -
perhaps due to the sudden changes in their IP registration - querying from
different machines nslookup returns different IP addresses!) Traceroute
sees them connected via fconnections.bbnplanet.net.
> "chancellor.stockpick.com" is hooked up to uncommon.net.
Not any more, see above. The most recent connection seems to be via
Netcom.NET, although very strangely traceroute finishes at a different IP:
:traceroute to chancellor.stockpick.com (199.182.213.205),
[...]
7 sjx-ca-gw33.netcom.net (163.179.200.202) 25.749 ms 33.431 ms 23.472 ms
8 199.182.213.1 (199.182.213.1) 53.836 ms 26.004 ms 28.989 ms
9 infob.infoboard.com (199.182.213.122) 42.728 ms * 29.416 ms
> I don't know how this happened, but that's what traceroute says.
If you mean the oddity of chancellor.stockpick.com being fed from a
different provider than the main domain - that's how "Williams" set it up
from the start, probably as a part of their scheme with multiple redundant
connections, meant to be more resistant against abuse complaints no doubt.
- --
Zoli fek...@bc.edu, keeper of <http://www.hix.com/hungarian-faq/>
*SELLERS BEWARE: I will never buy anything from companies associated
*with inappropriate online advertising (unsolicited commercial email,
*excessive multiposting etc), and discourage others from doing so too!
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
iQBVAwUBMfbW/cQ/4s87M5ohAQERIwH9GDAeUaG429rSu2XY3EZ2L251Uhaw+Z7z
U6XFeGrfipxcZmec+C2xHyWfsdgF1V+WR6O+UV8EQFm8588KwrYd+Q==
=55p0
-----END PGP SIGNATURE-----
Leigh Armstrong
In article <Pine.SGI.3.91.960724...@chi3.bc.edu>,
fek...@bc.edu wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
>
> Executive summary: the good news is that most of our wandering spammer's
> domains seem to be down; the bad news is that the spamvertised
> chancellor.stockpick.com found a new good home at NETCOM.NET - that's the
> only machine directly involved in this abuse scheme that ping sees online
> right now!
>
> > "chancellor.stockpick.com" is hooked up to uncommon.net.
> Not any more, see above. The most recent connection seems to be via
> Netcom.NET, although very strangely traceroute finishes at a different IP:
> :traceroute to chancellor.stockpick.com (199.182.213.205),
> [...]
> 7 sjx-ca-gw33.netcom.net (163.179.200.202) 25.749 ms 33.431 ms 23.472 ms
> 8 199.182.213.1 (199.182.213.1) 53.836 ms 26.004 ms 28.989 ms
> 9 infob.infoboard.com (199.182.213.122) 42.728 ms * 29.416 ms
>
> > I don't know how this happened, but that's what traceroute says.
>
> If you mean the oddity of chancellor.stockpick.com being fed from a
> different provider than the main domain - that's how "Williams" set it up
> from the start, probably as a part of their scheme with multiple redundant
> connections, meant to be more resistant against abuse complaints no doubt.
Run at 10:46 am MDT 7/25/96:
[~]:nova% whois stockpick.com
Fischer Ltd (STOCKPICK-DOM)
2508 5th Avenue
Suite 104
Seattle, WA 98121
us
Domain Name: STOCKPICK.COM
Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
Williams, Bob (BW747) wil...@MONEYWORLD.COM
206 269 0846
Record last updated on 08-Jul-96.
Record created on 11-Oct-95.
Domain servers in listed order:
NS1.HELPNET.NET 38.243.232.5
NSH.HELPNET.NET 206.81.217.16
[~]:nova% nslookup
Default Server: blackhole.dimensional.com
Address: 206.27.158.10
> server 38.243.232.5
Default Server: [38.243.232.5]
Address: 38.243.232.5
> chancellor.stockpick.com
Server: [38.243.232.5]
Address: 38.243.232.5
Name: chancellor.stockpick.com
Address: 205.227.174.19
> exit
[~]:nova% traceroute 205.227.174.19
traceroute to 205.227.174.19 (205.227.174.19), 30 hops max, 40 byte packets
1 blasto.dimensional.com (206.27.158.1) 2 ms 2 ms 2 ms
2 border3-serial4-5.Denver.mci.net (204.70.30.93) 7 ms 18 ms 5 ms
3 core1-fddi-0.Denver.mci.net (204.70.2.113) 18 ms 9 ms 7 ms
4 core2.SanFrancisco.mci.net (204.70.4.201) 36 ms 38 ms 38 ms
5 borderx1-fddi-1.SanFrancisco.mci.net (204.70.158.52) 38 ms 30 ms 30 ms
6 barrnet.SanFrancisco.mci.net (204.70.158.102) 32 ms 33 ms 33 ms
7 paloalto-cr8.bbnplanet.net (131.119.0.208) 32 ms 98 ms 138 ms
8 fconnections.bbnplanet.net (131.119.35.90) 57 ms 49 ms 52 ms
9 205.227.174.19 (205.227.174.19) 52 ms 52 ms 63 ms
-----
[~]:nova% whois moneyworld.com
Financial Connections, Inc (MONEYWORLD-DOM)
2508 5th Ave, #104
Seattle, WA 98121
Domain Name: MONEYWORLD.COM
Administrative Contact, Technical Contact, Zone Contact, Billing Contact:
Williams, Bob (BW747) wil...@MONEYWORLD.COM
206 269 0846
Record last updated on 09-Jul-96.
Record created on 26-Oct-95.
Domain servers in listed order:
NS.MONEYWORLD.COM 205.227.174.6
NSS.MONEYWORLD.COM 205.227.174.9
NSU.MONEYWORLD.COM 208.129.19.96
[~]:nova% traceroute 205.227.174.6
traceroute to 205.227.174.6 (205.227.174.6), 30 hops max, 40 byte packets
1 blasto.dimensional.com (206.27.158.1) 2 ms 1 ms 1 ms
2 border3-serial4-5.Denver.mci.net (204.70.30.93) 5 ms 14 ms 41 ms
3 core1-fddi-0.Denver.mci.net (204.70.2.113) 9 ms 7 ms 7 ms
4 core1.SanFrancisco.mci.net (204.70.4.169) 35 ms 75 ms 62 ms
5 borderx1-fddi0-0.SanFrancisco.mci.net (204.70.2.164) 37 ms 41 ms 37 ms
6 barrnet.SanFrancisco.mci.net (204.70.158.102) 39 ms 40 ms 39 ms
7 paloalto-cr8.bbnplanet.net (131.119.0.208) 38 ms 37 ms 38 ms
8 fconnections.bbnplanet.net (131.119.35.90) 61 ms 60 ms *
9 205.227.174.6 (205.227.174.6) 60 ms 55 ms *
--
s...@webmojo.com * http://rintintin.colorado.edu/~armstros/
Interdisciplinary Telecom Program, U. of Colorado @ Boulder
Unsolicited commercial e-mail including surveys will be charged $100 for
proofreading services. Sending me such constitutes acceptance of this policy.
Leigh Armstrong
We ran the other IP addresses kicked back by the whois...
In article <sla-250796...@webmojo.com>, s...@webmojo.com (Leigh
Armstrong) wrote:
It does appear that they have name servers, if not connections, through
a variety of ISPs-- I tried and found whois can give the owner of a netblock:
>> NS1.HELPNET.NET 38.243.232.5
> whois 38
Performance Systems International (NET-PSINETA) PSINETA 38.0.0.0
>> NSH.HELPNET.NET 206.81.217.16
This is through US West:
> whois 206.81.217
U S WEST Internet Services (NETBLK-USW-INTERACT6)
3rd Avenue Building
1133 3rd Ave
Seattle, WA 98101
Netname: USW-INTERACT6
Netblock: 206.81.192.0 - 206.81.223.0
Coordinator:
Lundgren, Paul (PL84) pa...@USWEST.NET
(612) 672-8532 (FAX) (612) 672-8537 (FAX) (612) 672-8537
>> NS.MONEYWORLD.COM 205.227.174.6
>> NSS.MONEYWORLD.COM 205.227.174.9
These are through BBN planet:
> whois 205.227.174
BBN Planet Western Region (formerly BARRNET) (NETBLK-NETBLK-BARRNET5) NETBLK-BAR
RNET5
205.224.0.0 - 205.227.255.0
Financial Connections (NETBLK-FCONNECTIONS-174) FCONNECTIONS-174
205.227.174.0 - 205.227.175.0
>> NSU.MONEYWORLD.COM 208.129.19.96
> whois 208.129.19
MCI FRACTIONALY ASSIGNED CLASS C (NET-MCI-NETBK-208-129-19)
7000 Weston Parkway
Cary, NC 27513
US
Netname: MCI-NETBK-208-129-19
Netnumber: 208.129.19.0
Coordinator:
MCI Internet Services (MCI-IS) hostm...@mci.net
800-977-iNOC
--
s...@webmojo.com * http://rintintin.colorado.edu/~armstros/
Interdisciplinary Telecom Program, U. of Colorado @ Boulder
"But... 'off' buttons are illegal!" --Max Headroom