Friday, May 12, 2006

All these software spam sites seem to be registered as bulk sites via bookmyname.com

So, a typical software spammer and scammer ... that keeps going on and on and on and on and on. I wonder how long it will be before http://www.bookmyname.com would have to care? According ot the website, they don't. No anti-spamming policies on the domains registered via them. Too bad.
But what could you expect from a domain that allows bulk domain registrations? Would desk@BookMyName.com really care?

So would a compilation of the previous spam spam spammety spam by the people registered their bulk of spam and scam domains using bookmyname.com as registrar service, with regular enough updates do? Let's see - at least as long as gmail doesn't completely block these e@##@%$^ spams even out of my spam folders.

Thus updating ...

Mail, today:

X-Gmail-Received: eb71238aebe7e1fdf0bf5427c28ef3fb5b4e419d
Delivered-To: [my email]
Received: by 10.70.71.13 with SMTP id t13cs97601wxa;
Fri, 12 May 2006 01:29:14 -0700 (PDT)
Received: by 10.36.108.5 with SMTP id g5mr88809nzc;
Fri, 12 May 2006 01:29:14 -0700 (PDT)
Return-Path:
Received: from -1212939104 (vsg94-1-82-234-116-246.fbx.proxad.net [82.234.116.246])
by mx.gmail.com with SMTP id c12si11401602nzc.2006.05.12.01.29.13;
Fri, 12 May 2006 01:29:14 -0700 (PDT)
Received-SPF: neutral (gmail.com: 82.234.116.246 is neither permitted nor denied by best guess record for domain of settle@globalmedtech.com)
Received: from globalmedtech.com (-1210574040 [-1211124016])
by vsg94-1-82-234-116-246.fbx.proxad.net (Qmailv1) with ESMTP id FAB147FAE7
for ; Fri, 12 May 2006 17:30:33 -0400
Date: Fri, 12 May 2006 17:30:33 -0400
From: "Mastodon O. Masqueraders"
X-Mailer: The Bat! (v2.00.3) Personal
X-Priority: 3
Message-ID:
To: [my name and email]
Subject: Software
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-AntiVirus: Checked by Dr.Web (http://www.drweb.net)

some software u need!
75% Off for All New Software. microsoft, adobe, macromedia!

New software on our site:

Creative Suite Premium (5 CD) - $149.95
Office XP Professional - $79.95
Encarta Encyclopedia Delux 2004 (3CD) - $89.95
Office 2003 Professional (1 CD Edition) - $89.95
Flash MX 2004 - $69.95
InDesign CS - $69.95
Photo Painter 8 - $59.95
Acrobat 6 Professional - $79.95
Photoshop 7 - $69.95
Quark Xpress 6 Passport Multilanguage - $69.95
Windows 98 Second Edition - $49.95
Premiere 7 - $69.95
InDesign CS - $69.95
Premiere 7 - $69.95

Our site:
http://6duvb0u7udcj7oo1b66jbooo.unstaidda.com/


Of which whois run:

Domain Name: UNSTAIDDA.COM
Registrar: ONLINE SAS
Whois Server: whois.bookmyname.com
Referral URL: http://www.bookmyname.com
Name Server: FF.GENOSMG.COM
Name Server: DD.GENOSMG.COM
Status: ACTIVE
Updated Date: 10-may-2006
Creation Date: 10-may-2006
Expiration Date: 10-may-2007
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

DOMAIN
Domain Name : unstaidda.com (UNSTAI2-BMN-DOM)
Registrar : BookMyName
Whois Server : whois.bookmyname.com
Referral URL : https://www.bookmyname.com

Registrant / Admin Contact :
PERSON
Slumminas SLUMMINAS (SLUMMI2-BMN-PE)
417 Schepps Blvd
88101-8381 Clovis
UNITED STATES
phone : (505) 769-2811
fax :
e-mail : slumminas@yahoo.com

Billing Contact :
PERSON
Slumminas SLUMMINAS (SLUMMI2-BMN-PE)
417 Schepps Blvd
88101-8381 Clovis
UNITED STATES
phone : (505) 769-2811
fax :
e-mail : slumminas@yahoo.com

Technical Contact :
PERSON
Slumminas SLUMMINAS (SLUMMI2-BMN-PE)

417 Schepps Blvd
88101-8381 Clovis
UNITED STATES
phone : (505) 769-2811
fax :
e-mail : slumminas@yahoo.com

Domain servers :
ff.genosmg.com (FGC2-BMN-HST)
dd.genosmg.com (DGC14-BMN-HST)

Created on 05/10/2006 11:11:28
Updated on 05/10/2006 12:15:01
Expires on 05/10/2007 07:11:28


Of which you know what? I don't believe Slumminas SLUMMINAS or Tram TELPIL are real names.
I don't think phone numbers with inexistent region codes, and with registrar mailing addresses being in USA while their phone numbers are in Poland and other countries, are anywhere near valid argument for registrant details.
Well, time to like Rick's spam digest for best howto.

As a minimum, still totally ignoring the no-spam and no scam-sites hosting policies mentioned, at least I can say the whois data for the domains registered via bookmyname, is suspect.

And this based only on a sample of spams that I have received, and whois run on the domains the spams were for.

Thursday, May 11, 2006

A typical software scammer

X-Gmail-Received: 9f2a37f63e8ea5e9c7b9d541d3c5812c8d5e5556
Delivered-To: [my email]
Received: by 10.70.71.13 with SMTP id t13cs286502wxa;
Wed, 3 May 2006 21:42:31 -0700 (PDT)
Received: by 10.49.36.20 with SMTP id o20mr346861nfj;
Wed, 03 May 2006 21:42:30 -0700 (PDT)
Return-Path:
Received: from -1212146352 ([220.74.2.100])
by mx.gmail.com with SMTP id d2si2212133nfe.2006.05.03.21.42.28;
Wed, 03 May 2006 21:42:30 -0700 (PDT)
Received-SPF: neutral (gmail.com: 220.74.2.100 is neither permitted nor denied by best guess record for domain of heksterb@gijonmotorclub.com)
Received: from gijonmotorclub.com (-1208692080 [-1208674456])
by greenleafforestry.com (Qmailv1) with ESMTP id A281C243B7
for ; Thu, 04 May 2006 00:53:41 -0400
Date: Thu, 04 May 2006 00:53:41 -0400
From: "Stereotypes V. Loudmouths"
X-Mailer: The Bat! (v2.00.4) Personal
X-Priority: 3
Message-ID:
To: [my name and email]
Subject: Software
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: by Ameriserv.net Anti-Virus E-Gateway

All best software!
some software u need!

New software on our site:

Creative Suite Standard (3 CD) - $129.95
Windows NT 4.0 Server - $49.95
FileMaker 7.0 Professional - $69.95
Photoshop CS with ImageReady CS - $99.95
InDesign CS PageMaker Edition (2CD) - $69.95
Flash MX 2004 - $69.95
Windows 98 Second Edition - $49.95
Studio MX 2004 with Director MX 2004 - $139.95
Photoshop CS with ImageReady CS - $99.95
Acrobat 6 Professional - $79.95
SQL Server 2000 Enterprise Edition - $69.95
Money 2004 - $69.95
Fireworks MX 2004 - $69.95
Windows 98 - $49.95

Our site:
http://im6b6vncoqnd10id5iiv50ii.energydd.com/

####

Great. What is it with these software sites that they NEVER ever publish the address of where they themselves are located? Maybe because what they claim to be doing, would not be legal in USA, or in any western world country.

Know what? You can't buy this OEM software legally, no matter if it was claimed to be sold and manufactured to you by Adobe, Dell, Apple, HP, Sony, or Macromedia. It's not legal.

So, if these sites never want to announce who they really are, whois your friend...

####

Domain Name: ENERGYDD.COM
Registrar: ONLINE SAS
Whois Server: whois.bookmyname.com
Referral URL: http://www.bookmyname.com
Name Server: WE.REDAMAGEDG.COM
Name Server: ST.REDAMAGEDG.COM
Status: ACTIVE
Updated Date: 02-may-2006
Creation Date: 02-may-2006
Expiration Date: 02-may-2007
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

DOMAIN
Domain Name : energydd.com (ENERGY4-BMN-DOM)
Registrar : BookMyName
Whois Server : whois.bookmyname.com
Referral URL : https://www.bookmyname.com

Registrant / Admin Contact :
PERSON
Joan-Ploem MILLER (MILLER14-BMN-PE)

527 SE BASELINE SUITE B

97123 HILLSBORO
UNITED STATES OR
phone : +48 22 3895469
fax :
e-mail : MILLERPLOEM@yahoo.com


Billing Contact :
PERSON
Joan-Ploem MILLER (MILLER14-BMN-PE)

527 SE BASELINE SUITE B

97123 HILLSBORO
UNITED STATES OR
phone : +48 22 3895469
fax :
e-mail : MILLERPLOEM@yahoo.com


Technical Contact :
PERSON
Joan-Ploem MILLER (MILLER14-BMN-PE)

527 SE BASELINE SUITE B

97123 HILLSBORO
UNITED STATES OR
phone : +48 22 3895469
fax :
e-mail : MILLERPLOEM@yahoo.com


Domain servers :
we.redamagedg.com (WRC5-BMN-HST)

st.redamagedg.com (SRC6-BMN-HST)


Created on 05/02/2006 14:48:38
Updated on 05/02/2006 17:41:27
Expires on 05/02/2007 10:48:38

Interesting. USA and Oregon as a state, so why do these "Americans" have a phone number listed and located in Poland?

If you buy pirated software from an "American" company located in Poland or whoever knows where, why would that be less illegal than buying just "regular" illegal software?

At leaast get some more sympathy points from me, and list the location (mailing address) in the next software scamming site.

... and guess what? Checking some other recent spams, I found this

Domain Name: PALAITECE.COM
Registrar: ONLINE SAS
Whois Server: whois.bookmyname.com
Referral URL: http://www.bookmyname.com
Name Server: QO.NEEDINGEI.COM
Name Server: MO.NEEDINGEI.COM
Status: ACTIVE
Updated Date: 27-apr-2006
Creation Date: 27-apr-2006
Expiration Date: 27-apr-2007
NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

Domain Name : palaitece.com (PALAIT2-BMN-DOM)
Registrar : BookMyName
Whois Server : whois.bookmyname.com
Referral URL : https://www.bookmyname.com

Registrant / Admin Contact :
PERSON
Tram TELPIL (TELPIL2-BMN-PE)

795 Farmers Lane, Suite 23

95405 Santa Rosa
UNITED STATES
phone : (707) 575 1468
fax :
e-mail : tramtelpil@yahoo.com

Billing Contact :
PERSON
Tram TELPIL (TELPIL2-BMN-PE)

795 Farmers Lane, Suite 23

95405 Santa Rosa
UNITED STATES
phone : (707) 575 1468
fax :
e-mail : tramtelpil@yahoo.com

Technical Contact :
PERSON
Tram TELPIL (TELPIL2-BMN-PE)

795 Farmers Lane, Suite 23

95405 Santa Rosa
UNITED STATES
phone : (707) 575 1468
fax :
e-mail : tramtelpil@yahoo.com

Domain servers :
qo.needingei.com (QNC2-BMN-HST)

mo.needingei.com (MNC5-BMN-HST)

Created on 04/27/2006 16:39:24
Updated on 04/27/2006 18:00:39
Expires on 04/27/2007 12:39:24

Tram Telpil? What the heck of name is that? That sounds like a name for a tram driver in a Polish c-category movie from the 1930s. At least the billing address and phone number of this guy this time aren't in Poland.


####

Hmm... so all this data such as

ENERGY4-BMN-DOM
MILLER14-BMN-PE
PALAIT2-BMN-DOM
TELPIL2-BMN-PE
QNC2-BMN-HST
MNC5-BMN-HST
PTISAN2-BMN-DOM
BENZLE2-BMN-PE
QNC2-BMN-HST

Comes to interesting stuff. Indeed.
And wide spamming by can be googled easy by the same person or society already last year. The same people here, here, here, here... so I would be too late to suggest this spammer to try something new such as trying to sell other than software. He's been already a Nigerian, "paying" via private persons bank accounts, and sending normal cialis and viagra spam.

Really, I should bother to hunt down this guy, and sue him for $ 1,000 for each spam I have ever received from him.

It would be easier if http://www.bookmyname.com would have an antispam policy - according ot the website, they don't. Too bad. But what could you expect from a domain that allows bulk domain registrations? Would desk@BookMyName.com really care?