CYBER PROMOTIONS, INC. |
|
SPAMED to the net using our domain CYBER.NET: |
These messages were created on a system which has been configured as "mailhost.cyber.net" (207.133.254.6) yet they had the reverse lookup entry in their DNS server set to alt1.cyber.net. In fact, a DNS PTR lookup on 6.254.133.207.in-addr.arpa does not return any records, yet a WHOIS lookup on 207.133.254.0 show that this class C block is assigned to DEFENSE FINANCE AND ACCOUNTING SERVICE by way of the DOD Network Information Center.
They must have created a user "success" on this system and sent mail to a mailing list configured under the user name "Joe_P" on that same system. This system then placed a dialup connection RMCI.NET. At the time of connection they had their system name set to "desen.com". Note the line in the headers that reads:
Received: from desen.com (pm2-boi-32.rmci.net [208.14.164.35]) by relay7.of.52 (8.7.4/8.7.3) for ; Sun, 16 Mar 1997 20:34:45 -0500 (EST)
Shows that the configured system name does not match the reverse
name lookup on the IP address (208.14.164.35) that was setup for the dialup
connection. A WHOIS lookup on 208.14.164.0 does confirm that this IP address
is owned by Rocky Mountain Communications Inc (RMCI.NET). A DNS PTR lookup
on 35.164.14.208.in-addr.arpa also confirm the name pm2-boi-32.rmci.net
which is probably a Portmaster used for dial-in connections at RMCI.NET.
The e-mail was delivered to the SMTP server relay7.of.52 [205.199.212.30].
Note relay7.of.52 is not a valid host name. Also a DNS PTR lookup on 30.212.199.205.in-addr.arpa
does not return any valid records. Yet a WHOIS lookup on 205.199.212.0
shows this IP address block assigned to AGIS/Net99 which in turn has assigned
this class C block to Cyber Promotions, Inc. Also a WHOIS lookup on DESEN.COM
shows that it is owned by Cyber Promotions, Inc.
These messages were created on a system which has been configured as "on-line.cyber.net" (208.9.77.65) yet they had the reverse lookup entry in their DNS server set to alt1.cyber.net. In fact, a DNS PTR lookup on 65.77.9.208.in-addr.arpa does not return any records, yet a WHOIS lookup on 208.9.77.0 shows that this class C block is assigned to Sprint.
They must have created a user "kgb" on this system and sent mail to a mailing list configured under the user name "on-line" on that same system. This system then placed a dialup connection to UUNET Technologies, Inc. (ALTERNET) At the time of connection they had their system name set to "mail.globalnet.co.uk". Note the line in the headers that reads:
Received: from mail.globalnet.co.uk (Cust9.Max16.Miami.FL.MS.UU.NET [153.34.131.9]) by chiswick.globalnet.co.uk (8.8.5/8.8.5) with SMTP id VAA09738; Mon, 21 Apr 1997 21:30:18 +0100 (BST)
Shows that the configured system name does not match the reverse name lookup on the IP address (153.34.131.9) that was setup for the dialup connection. A WHOIS lookup on 153.34.0.0 does confirm that this IP address is owned by UUNET Technologies, Inc. A DNS PTR lookup on 9.131.34.153.in-addr.arpa also confirm the name Cust9.Max16.Miami.FL.MS.UU.NET which is probably an Ascend MAX used for dial-in connections at UUNET. The e-mail was delivered to the SMTP server chiswick.globalnet.co.uk [194.126.80.105]. A DNS PTR lookup on 105.80.126.194.in-addr.arpa does in fact return chiswick.globalnet.co.uk. A WHOIS lookup on 205.199.212.0 shows this IP address block assigned to European Regional Internet Registry/RIPE NCC.
A WHOIS lookup on ANSWERME.COM, contained in the body of the message,
shows that it is owned by Cyber Promotions, Inc.
These messages were created on a system using some type of list manager and queued to be sent to the Internet via a faked host using a dialup connection.
They configured a mail client with the senders address of mailman@gateway.com and sent the message to a mailing list configured under a fake user name "on-line@cyber.net".
This system then placed a dialup connection to UUNET Technologies, Inc. (ALTERNET) At the time of connection they had their system name set to "mail.tiac.net". Note the line in the headers that reads:
Received: from mail.tiac.net (Cust94.Max2.Miami.FL.MS.UU.NET [153.34.143.222]) by mailrelay.tiac.net (8.8.5/) with SMTP id NAA19111; Thu, 24 Apr 1997 13:22:08 -0400 (EDT)
Shows that the configured system name does not match the reverse name lookup on the IP address (153.34.143.222) that was setup for the dialup connection. A WHOIS lookup on 153.34.0.0 does confirm that this IP address is owned by UUNET Technologies, Inc. A DNS PTR lookup on 222.143.34.153.in-addr.arpa also confirms the name Cust94.Max2.Miami.FL.MS.UU.NET which is probably an Ascend MAX used for dial-in connections at UUNET. The e-mail was delivered to the SMTP server mailrelay.tiac.net [199.0.65.237]. A DNS PTR lookup on 237.65.0.199.in-addr.arpa does in fact return mailrelay.tiac.net. A WHOIS lookup on 199.0.65.0 shows this IP address block assigned to The Internet Access Company (NET-TIAC) SPRINT. This SMTP server must be setup to accept mail from anyone without checking the IP addresses of the sender.
A WHOIS lookup on ANSWERME.COM, contained in the body of the message,
shows that it is owned by Cyber Promotions, Inc.
These messages were created on a system using some type of list manager and queued to be sent to the Internet via a faked host using a dialup connection.
They configured a mail client with the senders address of host@gateway.com and sent the message to a mailing list configured under a fake user name "on-line@cyber.net".
This system then placed a dialup connection to UUNET Technologies, Inc. (ALTERNET) At the time of connection they had their system name set to "mail.enterprise.net". Note the line in the headers that reads:
Received: from mail.enterprise.net (Cust119.Max5.Miami.FL.MS.UU.NET [153.34.119.247]) by mail.enterprise.net (8.8.5/8.7.3) with SMTP id SAA12458; Fri, 25 Apr 1997 18:08:04 +0100 (BST)
Shows that the configured system name does not match the reverse name lookup on the IP address (153.34.119.247) that was setup for the dialup connection. A WHOIS lookup on 153.34.0.0 does confirm that this IP address is owned by UUNET Technologies, Inc. A DNS PTR lookup on 247.119.34.153.in-addr.arpa also confirms the name Cust119.Max5.Miami.FL.MS.UU.NET which is probably an Ascend MAX used for dial-in connections at UUNET. The e-mail was delivered to the SMTP server mail.enterprise.net [194.72.192.20]. A DNS PTR lookup on 20.192.72.194.in-addr.arpa does in fact return mail.enterprise.net. A WHOIS lookup on 194.72.192.0 shows this IP address block assigned to European Regional Internet Registry/RIPE NCC. This SMTP server must be setup to accept mail from anyone without checking the IP addresses of the sender.
A WHOIS lookup on ANSWERME.COM, contained in the body of the message,
shows that it is owned by Cyber Promotions, Inc.
They configured a mail client with the senders address of master@compuserve.com and sent the message to a mailing list configured under a fake user name "on-line@cyber.net".
This system then placed a dialup connection to UUNET Technologies, Inc. (ALTERNET) At the time of connection they had their system name set to "telepath.com". Note the line in the headers that reads:
Received: from mail.telepath.com (Cust87.Max2.Miami.FL.MS.UU.NET [153.34.143.215]) by telepath.com (8.8.5/8.7.3) with SMTP id PAA15363; Tue, 22 Apr 1997 15:34:35 -0500 (CDT)pr> Shows that the configured system name does not match the reverse name lookup on the IP address (153.34.143.215) that was setup for the dialup connection. A WHOIS lookup on 153.34.0.0 does confirm that this IP address is owned by UUNET Technologies, Inc. A DNS PTR lookup on 215.143.34.153.in-addr.arpa also confirms the name Cust87.Max2.Miami.FL.MS.UU.NET which is probably an Ascend MAX used for dial-in connections at UUNET. The e-mail was delivered to the SMTP server mail.telepath.com [205.228.200.20]. A DNS PTR lookup on 20.200.228.205.in-addr.arpa does in fact return zoom1.TELEPATH.com. A WHOIS lookup on 205.228.200.0 shows this IP address block assigned to Telepath Systems, Inc. This SMTP server must be setup to accept mail from anyone without checking the IP addresses of the sender.
A WHOIS lookup on NASHVILLE.NET, contained in the body of the
message, shows that it is owned by TELALINK CORPORATION. Connecting to
the Website in the body of the message shows that Global 1 Communications
is trying to sell long distance service.
|
message sent including the original headers: |
>
> Thank You
> ======================================
>
> If you would like a FREE COPY of a just
> released internet business kit called:
>
> "The Complete Internet Business Starter Kit"
>
> Please read this short message. As a test
> promotion the publisher is giving away the
> electronic version of the kit! But...
>
> "ONLY FOR THE NEXT 5 DAYS"
>
> The free kit reveals all of the on line
> money making secrets of the internet
> professionals.
>
> For your copy e.mail my robot at:
>
> detailsnow@answerme.com
>
> A typical day for an On Line Entrepreneur.
>
> Wake up 9:00A.M., warm up a pot of coffee...
> You push a few buttons... and your computer
> makes that familiar sreeek sound... the
> connection is made. You check your e.mail,
> good news: you have 16 new orders since you
> went to bed last night. There is no need to
> rush... your morning commute only takes 15
> seconds.
>
> If you want to make money from the Internet
> you must get this free kit.
>
> "The Complete Internet Business Starter Kit'
>
> This kit was designed to reveal the inner
> most marketing secrets of the on line world.
> The only tools required are a computer and a
> modem. Here are just a few of the benefits
> you will discover in this kit:
>
> *The income potential of this internet
> marketing opportunity will exceed your
> current take home pay
>
> *You can start part-time from home in less
> than 24 hours
>
> *It's a turn key on line cash generating
> system
>
> *No personal contacts are necessary
>
> *Learn how to get 300+ prospects to e.mail
> you each and every week.
>
> *This is a researched,proven,legitimate
> money making opportunity
>
> For instant delivery of your kit
> e.mail my robot at:
>
> detailsnow@answerme.com
>
> Then simply print out the kit and you will be
> on your way to financial independence and
> free to life live.
mailman@gateway.com spake thusly:
>Hello,
>
>Our research has shown that this free report may be of interest to
you. If not please accept our >apology. By not replying you will be permanently
>removed from any future mailings.
>
>Thank You
>============================================
>
>ATTENTION ON LINE MEMBER, LEARN HOW >TO USE E.MAIL FOR AMAZING PROFITS!
>
>If you are want to make money from >home using the internet please
read
>this short message.
>
>Our Free Report called:
>
>"THE SECRETS OF DIRECT E.MAIL MARKETING"
>
>reveals the insiders money making secrets.
>
>For your free electronic report simply >e.mail my robot at:
>
>hitme@answerme.com
>
>A typical day for an On Line Entrepreneur...
>
>Wake up 9:00A.M., warm up a pot of coffee... You >push a few buttons...
and your computer makes >that familiar sreeek sound... the connection is
>made. You check your e.mail, good news: you have >16 new orders since
you went to bed last night. >There is no need to rush... your morning commute
>only takes 15 seconds.
>
>If you want to make money from the Internet you >must get this free
report called:
>
>"THE SECRETS OF DIRECT E.MAIL MARKETING"
>
>This Report was designed to reveal the inner >most marketing secrets
of
the on line world. The >only tools required are a computer and a modem.
>In it, you will learn the following techniques >used by the
Professional On Line Marketers.
>
>*The insiders tips on safe Bulk E.Mailing
>
>*Where to get the best software to kill the > competition (FREE)
>
>*How to get Free Classified Advertising On Line
>
>*How to use Mail Bot's to respond to your >potential customers while
you are sleeping >or on vacation.
>
>*How to capture 10,000 leads an hour.
>
>E.Mail my mail bot at:
>
>hitme@answerme.com
>
>for your FREE REPORT and FREE Internet >Market Research Study. Thank
you for your >time.
>
Hello,
Our research has shown that this free report may be of interest to
you. If not please accept our apology. By not replying you will be permanently
removed from any future mailings.
Thank You
============================================
ATTENTION ON LINE MEMBER, LEARN HOW TO USE E.MAIL FOR AMAZING
PROFITS!
If you are want to make money from home using the internet please read
this short message.
Our Free Report called:
"THE SECRETS OF DIRECT E.MAIL MARKETING"
reveals the insiders money making secrets.
For your free electronic report simply
e.mail my robot at:
hitme@answerme.com
A typical day for an On Line Entrepreneur...
Wake up 9:00A.M., warm up a pot of coffee... You push a few buttons...
and your computer makes that familiar sreeek sound... the connection
is
made. You check your e.mail, good news: you have 16 new orders since
you
went to bed last night. There is no need to rush... your morning
commute only takes 15 seconds.
If you want to make money from the Internet you must get this free
report called:
"THE SECRETS OF DIRECT E.MAIL MARKETING"
This Report was designed to reveal the inner most marketing secrets
of
the on line world. The only tools required are a computer and a modem.
In it, you will learn the following techniques
used by the Professional On Line Marketers.
*The insiders tips on safe Bulk E.Mailing
*Where to get the best software to kill the competition (FREE)
*How to get Free Classified Advertising On Line
*How to use Mail Bot's to respond to your potential customers while
you are sleeping or on vacation.
*How to capture 10,000 leads an hour.
E.Mail my mail bot at:
hitme@answerme.com
for your FREE REPORT and FREE Internet Market Research Study. Thank
you for your time.
Hello,
Research has shown that this message may be of interest to you. If
not please accept our apology. By not replying you will be permanently
removed from ALL future mailings.
Thank You
----------------------------------------------------------------
Prepaid flat rate long distance pricing
Our rates are the lowest for any carrier for domestic US calling
**9.8 cents per minute
**Anytime
**Anywhere in the US
**AT&T,MCI,& SPRINT won't match this rate!!
**You don't have to switch from your existing long distance carrier!
**Choose from using $25 or $50 per month
** You are guaranteed the same rate month after month with no minimum
calling
**Purchase more than one account if you need more time on average for
each month
**It's easy to sign up
Go to our web site at:
www.nashville.net/~after5/globalone.html
Or call us at 615-889-3998
**You get 20 free minutes just for signing up
Choose automatic credit card billing and get 1 month free
SPECIAL SPECIAL SPECIAL SPECIAL
**1st 1000 new customers pay no signup fee!
There is no need to ask to be removed from this email database you
will not receive any other email advertising from our company.
BACK TO JUNK EMAIL