Sunday, December 10, 2006

Alex Rodrigez aka xsalsa@gmail.com - leave me alone

Delivered-To: [my email]
Received: by 10.64.185.8 with SMTP id i8cs380024qbf;
Sun, 10 Dec 2006 00:12:11 -0800 (PST)
Received: by 10.48.254.1 with SMTP id b1mr2922416nfi.1165738330674;
Sun, 10 Dec 2006 00:12:10 -0800 (PST)
Return-Path:
Received: from mail.garyzobb.com ([195.114.9.119])
by mx.google.com with ESMTP id k9si5975398nfc.2006.12.10.00.12.09;
Sun, 10 Dec 2006 00:12:10 -0800 (PST)
Received-SPF: neutral (google.com: 195.114.9.119 is neither permitted nor denied by domain of bc@garyzobc.com)
DomainKey-Status: bad
Received: (qmail 47846 invoked from network); 10 Dec 2006 08:09:09 -0000
Comment: DomainKeys? See http://antispam.yahoo.com/domainkeys
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=default; d=garyzobc.com;
b=LjMxnD1eif9y5Yn0S+TYaPbuOxnlnaPfvCECjVGdtXpWrsfieOczodYN8bMiGEBmom/bt5mQBTDOqLqMKIozk4+m0pWDF/CG8N/+WYP5W7YygulXWo/5I+LIYayh2FH3ZHW8SqBOI6S24XZZyMLmVEPkU5r4+yej0UCG0CQXqas= ;
Received: from localhost (HELO localhost.localdomain) (127.0.0.1)
by localhost with SMTP; 10 Dec 2006 08:09:06 -0000
Received: (qmail 8933 invoked by uid 80); 10 Dec 2006 06:26:43 -0000
Date: 10 Dec 2006 06:26:43 -0000
From: DS Team special offers
To: [my email]
Reply-To: DS Team special offers
X-Priority: 3
List: DST
List-Archive:
List-ID:
List-Owner:
List-Subscribe:
List-Unsubscribe:
List-URL:
Message-ID: <20061210074153.91246766@garyzobc.com>
X-Mailer: Dada Mail 2.10.9
Content-type: multipart/alternative; boundary="----------=_1165725713-69542-0"; charset=iso-8859-1
MIME-Version: 1.0
Subject: VIP gift prices on Adobe CS, Macromedia, Adobe Photoshop, Acrobat, Roxio, MS Office web bundles

This is a multi-part message in MIME format...

------------=_1165725713-69542-0
Content-Type: text/plain
Content-Disposition: inline
Content-Transfer-Encoding: binary
MIME-Version: 1.0
X-Mailer: MIME-tools 5.420 (Entity 5.420)
Content-Length: 4011

(Mailing list information, including unsubscription instructions,
is located at the end of this message.)

�Dear customers and
friends of DS Team,

Please let us represent our new special discount deals created especially for
you. In accordance to these deals you'll be able to order some products from our
online software store saving up to 80% off on each purchase. Watch for our
weekly special discount offers to get what you really need at discount prices
and to receive your free-of-charge bonuses as well. We're always working on this
issue to make our cooperation more interesting and useful for both of us. Your
satisfaction is very important, therefore please feel free to contact us in case
you're in need of some specific software which isn't in our store at the moment.
We'll try to make it available in a short time period for your satisfaction.
Make your choice, don't miss a chance, work with us, enjoy.� OnDemand
Software Group is always at your service.
[snip] same kind of list than in this post

The following information is a reminder of your current mailing
list subscription:
You are subscribed to the following list:
DS Team special offers
using the following email: [my email] (and no, I have NOT).
You may automatically unsubscribe from this list at any time by visiting the following URL:
If the above URL is inoperable, make sure that you have copied the entire address. Some mail readers will wrap a long URL and thus break this automatic unsubscribe mechanism.
You may also change your subscription by visiting this list's main screen:
If you're still having trouble, please contact the list owner at:

The following physical address is associated with this mailing list:
PO Box U342 Woods Centre
St. Johns, Antigua
Ahem - no you have not. You have still the same invalid address associated with your domain than in that other post:

Domain name: okunsoft.com (this time these scam software were linked to be sold at gifts.okunsoft.com/something...
Domain name: OKUNSOFT.COM
Registrar: PacNames
Referral URL: http://www.pacnames.com/
Domain Registrant: TOTALNIC-128733 (XSALSA@GMAIL.COM) (for other his business you can also find (XSALSA@ETN.ORG) as registrant email)
Alex Rodrigez
Alex Rodrigez
PO box 109 WP 1432
Lappeenranta NA 53101
FI
Telephone: +358.207818027
Fax: +358.207818027
Administrative, Technical Contact: TOTALNIC-128733 (XSALSA@GMAIL.COM)
Alex Rodrigez
Alex Rodrigez
PO box 109 WP 1432
Lappeenranta NA 53101
FI
Telephone: +358.207818027
Fax: +358.207818027
Name Server: NS1.ZOPUSINFINITUS.COM
Name Server: NS2.ZOPUSINFINITUS.COM
Domain creaton date: 2006-12-05 22:14:27.0
Domain expiration date: 2007-12-06 03:31:14.0

Again, this domain registrant address is invalid. If you search more about thi Alex Rodrigez in Lappeenranta, you'll find a lot of interesting posts out there.

4 comments:

Anonymous said...

I have been chasing "Alex Rodrigez" for some time now. I used to get spam from this person's domains (is Alex a he or a she? I don't know) when their registered email address was "xsalsa@etn.org" rather than "xsalsa@gmail.com".
One thing that has stayed the same, however, is the registrar used. It has always been pacnames.com. Rodrigez has registered dozens of different domains through pacnames.com that I have recieved spam from. Rodrigez's email address and mailing address changes periodically, but the registrar is always the same. I have a suspicion that Rodrigez likely operates the registrar itself.
Two other things to consider as well:
Pacnames itself has bad WHOIS data. I contacted the authorities in North Shore City, NZ, where pacnames is allegedly located. They confirmed that the physical address exists, but it is not zoned for commerce. Also, no business called "pacnames" is registered with the ministry of commerce anywhere in New Zealand.
More recently, pacnames has launched another service - "sheildedwhois.com". The purpose of that domain is to obfuscate the registration identity behind a domain. For example, one of the newest spamming domains registered through pacnames is "pinaple-oem.com". A whois lookup on that shows it was registered through pacnames but the identity is masked by sheildedwhois.com. A whois lookup on sheildedwhois.com gives the same result.

anna said...

Wow. That's some good digging... the next time I bother to check how many emails .. I mean spams, I have in gmail, I might make another entry about him with adding those details. :)

Anonymous said...

A recent spam I recieved has lead me to good ol' a-rod's newest email address:
domains@locu.st
I found this when I checked out the WHOIS record of a new spamming domain of his:
nu1odinoem.com
I guess now he's hiding out in St. Thomas. or at least his email address is.

Hmmm. I was going to show his new contact information, but I see it has since been obfuscated by our good friends at shieldedwhois.com. IIRC, the rest of his contact data was still pointing to Finland.

anna said...

His ICQ points that he's in Russia.
If Icq.com wanted to co-operate, they could tell where he logs in chat and he could be caught that way ..

His addresses in Finland are invalid. However I would love to find out what is his connection to that country .. .maybe he lived there at some point?
If he was in Finland, he would be very easy to catch.