Search Again: Re: puzzling registrar From: Men & Mice Support Date: Friday, May 23, 2003 Time: 2:31:56 pm Spam quantity has jumped recently. Anyone know why? The domain registration looks legitimate. The purpose of the gibberish name is to obfuscate. The Yahoo email address is probably no longer valid. Joker, the registrar, doesn't appear to require any mailing address information. I sent a query to one of the listed servers: ;; QUESTION SECTION: ;fjwi39jsdfniw3hrijh.com. IN ANY ;; ANSWER SECTION: fjwi39jsdfniw3hrijh.com. 180 IN SOA ns1.somewhere.com.ee. hostmaster.somewhere.com.ee. 305231432 20 30 1200 180 fjwi39jsdfniw3hrijh.com. 180 IN A 65.129.25.204 fjwi39jsdfniw3hrijh.com. 180 IN MX 10 mail.fjwi39jsdfniw3hrijh.com. fjwi39jsdfniw3hrijh.com. 180 IN NS ns1.vnethosting.net. fjwi39jsdfniw3hrijh.com. 180 IN NS ns2.vnethosting.net. ;; ADDITIONAL SECTION: mail.fjwi39jsdfniw3hrijh.com. 180 IN A 151.197.169.196 ns1.vnethosting.net. 900 IN A 141.158.57.246 ns2.vnethosting.net. 900 IN A 141.158.57.246 So the hostmaster's email address is here purported to be @somewhere.com.ee. The PTR record for the web server's IP address is: 204.25.129.65.in-addr.arpa. 3600 IN PTR 0-1pool25-204.nas32.philadelphia1.pa.us.da.qwest.net. It's delegated through ARIN, so it's most likely in the Americas somewhere. The mail server, on the other hand, appears to be in Europe, since its PTR record goes through RIPE. 196.169.197.151.in-addr.arpa. 86400 IN PTR pool-151-197-169-196.phil.east.verizon.net. ____________________________________________________________________ Chris Buxton Men & Mice support@menandmice.com Making DNS Easy At 4:57 PM -0400 5/23/03, andrew kagan wrote: >I've getting a lot of "make your wife happy" spam, and I noticed a URL like: > >http://www.fjwi39jsdfniw3hrijh.com/hv/a2.php > >And on NetSol the whois for this domain is: > >domain: fjwi39jsdfniw3hrijh.com >status: production >origin-c: whynotgohomenow@yahoo.com#0 >owner: Ronald Walters >email: whynotgohomenow@yahoo.com#0 >address: 12422 Halewood Avenue >city: Golborne >state: Warrington >postal-code: WA3 3RQ >country: GB >admin-c: whynotgohomenow@yahoo.com#0 >tech-c: whynotgohomenow@yahoo.com#0 >billing-c: whynotgohomenow@yahoo.com#0 >nserver: ns1.vnethosting.net >nserver: ns2.vnethosting.net >registrar: JORE-1 >created: 2003-05-13 00:15:48 UTC JORE-1 >modified: 2003-05-13 01:31:47 UTC JORE-1 >expires: 2004-05-12 18:15:27 UTC >source: joker.com > >Is this for registrar for real? Is this registration for real?

Messages In This Thread: puzzling registrar by andrew kagan on May 23, 2003 at 1:58:17 pm Re: puzzling registrar by Men & Mice Support on May 23, 2003 at 2:31:56 pm Re: puzzling registrar by andrew kagan on May 23, 2003 at 3:08:46 pm Re: puzzling registrar by Mia''s Virtual Post Office on May 23, 2003 at 3:13:53 pm Re: puzzling registrar by andrew kagan on May 23, 2003 at 3:22:28 pm Re: puzzling registrar by Gregory Scott on May 23, 2003 at 5:30:40 pm Re: puzzling registrar by Global Homes Webmaster on May 23, 2003 at 10:33:12 pm Re: puzzling registrar by Paul Willis on Jun 5, 2003 at 5:25:23 am Re: puzzling registrar by aklist on Jun 5, 2003 at 5:37:36 am Re: puzzling registrar by Sean Stephens on Jun 5, 2003 at 6:06:12 am Re: puzzling registrar by Paul Willis on Jun 5, 2003 at 6:10:38 am Re: puzzling registrar by Paul Willis on Jun 5, 2003 at 6:26:15 am Re: puzzling registrar by andrew kagan on Jun 5, 2003 at 7:54:54 am Re: puzzling registrar by Paul Willis on Jun 5, 2003 at 8:30:01 am Re: puzzling registrar by Michael Wise on Jun 5, 2003 at 9:13:20 am Re: puzzling registrar by andrew kagan on Jun 5, 2003 at 9:16:53 am Re: puzzling registrar by Michael Wise on Jun 5, 2003 at 9:21:36 am Re: puzzling registrar by Sean Stephens on Jun 5, 2003 at 10:20:51 am Re: puzzling registrar by Paul Willis on Jun 6, 2003 at 12:12:30 am Re: puzzling registrar by Paul Willis on Jun 6, 2003 at 12:59:48 am Re: puzzling registrar by Michael Wise on Jun 6, 2003 at 7:23:01 am