[email / icrm.com] [email] Get virtually any degree, online! Quickly, easily and

0 views
Skip to first unread message

Kurtis Rader

unread,
Aug 11, 2006, 11:00:16 PM8/11/06
to
Spam received from a locally blackholed IP address:

128.121.64.66 => 128.121.0.0/16 (US) United States of America
mail14d.g14.rapidsite.net

Domains in the spam include:

icrm.com

Valid account names have been replaced with 'valid_user'.
Other recipient addresses are unchanged.
No other munging of the data has occurred.


==========================================================================
| whois icrm.com |
--------------------------------------------------------------------------
[Querying whois.internic.net]
[whois.internic.net]

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: ICRM.COM
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS.NAMESERVERS.NET
Name Server: NS2.NAMESERVERS.NET
Status: REGISTRAR-LOCK
Updated Date: 15-jun-2006
Creation Date: 31-oct-1995
Expiration Date: 30-oct-2008

>>> Last update of whois database: Fri, 11 Aug 2006 15:07:02 EDT <<<

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.


==========================================================================
| dig -t any icrm.com |
--------------------------------------------------------------------------

; <<>> DiG 9.2.3rc4 <<>> -t any icrm.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44801
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;icrm.com. IN ANY

;; ANSWER SECTION:
icrm.com. 86400 IN NS ns14b.nameservers.net.
icrm.com. 86400 IN NS ns14a.nameservers.net.

;; AUTHORITY SECTION:
icrm.com. 86400 IN NS ns14a.nameservers.net.
icrm.com. 86400 IN NS ns14b.nameservers.net.


==========================================================================
| hostname/whois for 207.57.5.10 (IP address of advertised domain) |
--------------------------------------------------------------------------
207.57.5.10 => www.icrm.com

==========================================================================
| First 25 lines of WhoIs for the sending IP address |
--------------------------------------------------------------------------


==========================================================================
| SMTP commands received from spammer (timestamps UTC-7) |
--------------------------------------------------------------------------
2006-08-11 10:53:20 HELO mail14d.g14.rapidsite.net
2006-08-11 10:53:22 MAIL <icr...@icrm.com>
2006-08-11 10:53:24 RCPT <fo...@skepticism.us>
2006-08-11 10:53:26 DATA
2006-08-11 10:53:28 QUIT


==========================================================================
| Message as received from spammer (no locally added headers) |
--------------------------------------------------------------------------
Received: from mx03.mlpsca01.us.mxservers.net (128.121.64.162)
by mail14d.g14.rapidsite.net (RS ver 1.0.95vs) with SMTP id 1-0949958796;
Fri, 11 Aug 2006 13:53:18 -0400 (EDT)
Received: from www.icrm.com [207.57.5.10] (EHLO icrm.com)
by mx03.mlpsca01.us.mxservers.net (mxl_mta-1.3.8-10p4) with ESMTP id
d04ccd44.18391.037.mx03.mlpsca01.us.mxservers.net;
Fri, 11 Aug 2006 13:53:17 -0400 (EDT)
Received: (from icrmco@localhost)
by icrm.com (8.12.11/8.12.9/Submit) id k7BHr69U093341;
Fri, 11 Aug 2006 13:53:06 -0400 (EDT)
(envelope-from icrmco)
Date: Fri, 11 Aug 2006 13:53:06 -0400 (EDT)
Message-Id: <200608111753....@icrm.com>
From: in...@ircm.com
To:
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain
Subject: Get virtually any degree, online! Quickly, easily and
confidentially.. Masters, Ph.D, Bachelors, and more
X-Spam-Flag: YES
X-Spam: [F=0.9984078189; heur=0.991(7600); stat=0.381; spamtraq-heur=0.894(2006081017)]
X-MAIL-FROM: <icr...@icrm.com>
X-SOURCE-IP: [207.57.5.10]
X-Loop-Detect:1
X-DistLoop-Detect:1

Virtually all high paying jobs require a degree. If you don't have the degr=
ee you feel you deserve, or have a degree you feel no longer suits your cho=
sen career path, let us help!

Simply call the number below (at no cost to you), and leave your contact in=
fo (your name and full phone number, and what time is most convenient for y=
ou for us to return your call), and we'll get back to you promptly with ful=
l information about the types of accredited degrees we offer, and the proce=
ss required to obtain them.

Take a solid step to improve your life, and drastically improve your income=
.=2E
Call: 1(314)219-2907
Call 24/7, including Sundays and Holidays (system is automated, be sure to =
leave your phone number so that we can get back to you!)

--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

Reply all
Reply to author
Forward
0 new messages