 |  |
Hmmm...
Re: puzzling registrar
From: andrew kagan
Date: Friday, May 23, 2003
Time: 3:08:46 pm
makes sense I guess because vnethosting is also in Philadelphia...but the
PTR record for the webserver looks like it's pointing at a dialup pool...or
maybe it's a dsl account.
The MX record's probably an open relay? Or this guy's scamming with someone
in UK?
I feel like I'm being sucked into the Matrix, Agent Smith.
----- Original Message -----
From: "Men & Mice Support" <cbuxton@menandmice.com>
To: "QuickDNS Talk" <quickdns-talk@lists.menandmice.com>
Sent: Friday, May 23, 2003 5:30 PM
Subject: Re: puzzling registrar
> Spam quantity has jumped recently. Anyone know why?
>
> The domain registration looks legitimate. The purpose of the
> gibberish name is to obfuscate. The Yahoo email address is probably
> no longer valid. Joker, the registrar, doesn't appear to require any
> mailing address information.
>
> I sent a query to one of the listed servers:
>
> ;; QUESTION SECTION:
> ;fjwi39jsdfniw3hrijh.com. IN ANY
>
> ;; ANSWER SECTION:
> fjwi39jsdfniw3hrijh.com. 180 IN SOA ns1.somewhere.com.ee.
> hostmaster.somewhere.com.ee. 305231432 20 30 1200 180
> fjwi39jsdfniw3hrijh.com. 180 IN A 65.129.25.204
> fjwi39jsdfniw3hrijh.com. 180 IN MX 10
> mail.fjwi39jsdfniw3hrijh.com.
> fjwi39jsdfniw3hrijh.com. 180 IN NS ns1.vnethosting.net.
> fjwi39jsdfniw3hrijh.com. 180 IN NS ns2.vnethosting.net.
>
> ;; ADDITIONAL SECTION:
> mail.fjwi39jsdfniw3hrijh.com. 180 IN A 151.197.169.196
> ns1.vnethosting.net. 900 IN A 141.158.57.246
> ns2.vnethosting.net. 900 IN A 141.158.57.246
>
> So the hostmaster's email address is here purported to be
> @somewhere.com.ee. The PTR record for the web server's IP address is:
>
> 204.25.129.65.in-addr.arpa. 3600 IN PTR
> 0-1pool25-204.nas32.philadelphia1.pa.us.da.qwest.net.
>
> It's delegated through ARIN, so it's most likely in the Americas
> somewhere. The mail server, on the other hand, appears to be in
> Europe, since its PTR record goes through RIPE.
>
> 196.169.197.151.in-addr.arpa. 86400 IN PTR
> pool-151-197-169-196.phil.east.verizon.net.
> ____________________________________________________________________
> Chris Buxton Men & Mice
> support@menandmice.com Making DNS Easy
>
> At 4:57 PM -0400 5/23/03, andrew kagan wrote:
> >I've getting a lot of "make your wife happy" spam, and I noticed a URL
like:
> >
> >http://www.fjwi39jsdfniw3hrijh.com/hv/a2.php
> >
> >And on NetSol the whois for this domain is:
> >
> >domain: fjwi39jsdfniw3hrijh.com
> >status: production
> >origin-c: whynotgohomenow@yahoo.com#0
> >owner: Ronald Walters
> >email: whynotgohomenow@yahoo.com#0
> >address: 12422 Halewood Avenue
> >city: Golborne
> >state: Warrington
> >postal-code: WA3 3RQ
> >country: GB
> >admin-c: whynotgohomenow@yahoo.com#0
> >tech-c: whynotgohomenow@yahoo.com#0
> >billing-c: whynotgohomenow@yahoo.com#0
> >nserver: ns1.vnethosting.net
> >nserver: ns2.vnethosting.net
> >registrar: JORE-1
> >created: 2003-05-13 00:15:48 UTC JORE-1
> >modified: 2003-05-13 01:31:47 UTC JORE-1
> >expires: 2004-05-12 18:15:27 UTC
> >source: joker.com
> >
> >Is this for registrar for real? Is this registration for real?
>
>
>
Messages In This Thread:
Return to Digital Point Solutions' Home Page
| home | |
| products | |
| services | |
| support | |
| email lists |
| optigold isp | |
| optigold isp news | |
| home inspection | |
| inspectrix | |
| java companion | |
| oracle | |
| quickdns pro | |
| search engine | |
| veterinary |
| tips | |
| employees | |
| free tools | |
| portfolio | |
| jobs | |
| contact |
888/4-DPOINTSupport:
858/452-3696