|
Home > Archive > Email Abuse and Spam > January 2005 > hotpop blackhat or just clueless
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
hotpop blackhat or just clueless
|
|
| Shmuel (Seymour J.) Metz 2005-01-09, 2:46 am |
| Does anybody know anything about theses clowns? They've been showing
up on my radar lately, and bouncing all complaints. Are they a
spamhaus or just clueless?
NSLOOKUP HOTPOP.COM
Server: monroe.patriot.net
Address: 209.249.176.5
Non-authoritative answer:
Name: HOTPOP.COM
Address: 38.113.3.122
BWwhois --shift 1 --stripdisclaimer 38.113.3.122
BW whois 3.4 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2003 William E. Weinman
Request: 38.113.3.122
connected to whois.arin.net [192.149.252.44:43] ...
Performance Systems International Inc. PSINETA (NET-38-0-0-0-1)
38.0.0.0 - 38.255.255.255
Performance Systems International Inc. COGENT-NB-0002
(NET-38-112-0-0-1)
38.112.0.0 - 38.119.255.255
BWwhois --shift 1 --stripdisclaimer HOTPOP.COM
BW whois 3.4 by Bill Weinman (http://whois.bw.org/)
Copyright 1999-2003 William E. Weinman
Request: HOTPOP.COM
whois server for *.com is whois.crsnic.net ...
connected to whois.crsnic.net [198.41.3.54:43] ...
connected to whois.opensrs.net [216.40.33.170:43] ...
Registrant:
HotPOP LLC
PO BOX 508
Newton, MA 02460
US
Domain name: HOTPOP.COM
Administrative Contact:
Master, Host hostmaster-74929@alias.HotPOP.com
PO BOX 508
Newton, MA 02460
US
+1.5187131719
Technical Contact:
Master, Host hostmaster-74929@alias.HotPOP.com
PO BOX 508
Newton, MA 02460
US
+1.5187131719
Registration Service Provider:
Domain Direct, dnstech@domaindirect.com
1-416-531-2084
http://www.domaindirect.com
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.
Registrar of Record: TUCOWS, INC.
Record last updated on 15-Sep-2004.
Record expires on 07-May-2006.
Record created on 08-May-1998.
Domain servers in listed order:
NS1.JERKY.NET 38.113.2.100
NS6.JERKY.NET 199.166.26.101
Domain status: REGISTRAR-LOCK
--
Shmuel (Seymour J.) Metz, truly insane Spews puppet
<http://patriot.net/~shmuel>
Unsolicited bulk E-mail will be subject to legal action. I reserve
the right to publicly post or ridicule any abusive E-mail. Reply to
domain Patriot dot net user shmuel+news to contact me. Do not
reply to spamtrap@library.lspace.org
| |
|
| Hi Shmuel -
On Sat, 08 Jan 2005 23:41:47 -0500, "Shmuel (Seymour J.) Metz"
<spamtrap@library.lspace.org.invalid> wrote:
>Does anybody know anything about theses clowns? They've been showing
>up on my radar lately, and bouncing all complaints. Are they a
>spamhaus or just clueless?
I had a [paid] email account there for a while as a backup in case my
regular email was down. I canceled the account because they are
clueless on how to run mail servers, so I wouldn't be surprised if
they are clueless in general.
--
Ken
http://www.ke9nr.net/
| |
| Robert Moir 2005-01-09, 5:55 pm |
| Shmuel (Seymour J.) Metz wrote:
> Does anybody know anything about theses clowns? They've been showing
> up on my radar lately, and bouncing all complaints. Are they a
> spamhaus or just clueless?
I'd say that bouncing complaints in this day and age has to be an example of
"wilful cluelessness" at best. People have to work at it to be that dumb and
in the comms business these days, even the smart spammers(yeah I know,
"Quirk") know to accept complaints and let that famous and busy abuse
employee, Dev Null, handle the issue..
Rob
| |
| Steve Marlow 2005-01-10, 5:55 pm |
| > Does anybody know anything about theses clowns? They've been showing
> up on my radar lately, and bouncing all complaints. Are they a
> spamhaus or just clueless?
I think clueless and being used/abuse by some spammers as well.
They're going on my blacklist ...
HOTPOP.COM (domain direct registrar)
HotPOP LLC
PO BOX 508
Newton MA 02460
US
hostmaster-74929@alias.HotPOP.com
+1 518-713-1719
created: 08 May 1998
updated: 15 Sep 2004
NS1.JERKY.NET [38.113.2.100]
NS6.JERKY.NET [199.166.26.101]
JERKY.NET (Named beyond registrar)
Name Administration Inc. (BVI)
Domain Administrator
Box 10518 APO
Grand Cayman GC BWI
Cayman Islands
admin@nameadmininc.com
+1 345-946-5517
created: 24 Oct 2004
updated: 28 Oct 2004
NS1.15X.NET [216.187.118.218]
NS2.15X.NET [216.187.118.219]
15X.NET (Domain Name Sales Corp registrar)
created: 30 Oct 2000
updated: 08 Dec 2004
NS1.15X.NET [216.187.118.218]
NS2.15X.NET [216.187.118.219]
Something doesn't seem right here ...
Domain Name Sales Corp says that they are a ICANN
registrar but they don't have a web based whois page.
Instead they redirect to TuCows.
Digging around we get the registrant:
15X Hosting Corporation
c/o Name Admin Inc.
Box 10518 APO
Grand Cayman GC BWI
hostmaster@15x.net
+1 345-946-6879
This 15X.NET / Name Admin Inc has been recently
implicated in the ORANGEBILL.COM child porn
spammer (see NANAE posting by glgxg 3 Sep 2004).
Going back to HotPOP ... back in 1998 David Ramalho's
research provided the info to tie these together.
hotpop.com and bonbon.net had the same address at
the time:
[vbcol=seagreen]
And they had authoritative name servers as follows:
[vbcol=seagreen]
Interestingly - the jerky.net had the same address:
[vbcol=seagreen]
Although there are a number of "white hat" references
to Jerk Net and HotPOP ... there are also other mentions
to Rines & GTMI ...
Spam has also been recently noted from the bonbon.net domain ...
and kubrick.hotpop.com [38.113.3.103]
Back in July 2004 the jerky.net name servers were:
[vbcol=seagreen]
There's a number of ROKSO spammers that use registration
addresses in HotPOP.COM
Latvian spammer Elmar Brunenieks (ROK 2867) uses
authoritative DNS servers 15X.NET for DEADRATS.COM
PUNKASS.COM is another HotPOP domain name ...
back in 2003 it had this registration information:
[vbcol=seagreen]
For a bit of amusement you can visit:
http://www.icann.org/yokohama/eoi27.htm
Which is a 14 Jul 2000 proposal from one Andrew Shoemaker
(DBA Jerky Networking Services) to run three new gTLDs.
Here it indicates Shoemaker's primary location to be the
aforementioned Prescott St address - but Newton vs Newtonville.
(The TLD's proposed were .IRC, .SUX [like "sucks"], and .CASINO).
These addresses in Massachusetts seem to be apartments
and possibly all near universities.
The most recent HotPOP phone number is not even in
Massachusetts: 518-713-1719
Area code 518 = Albany NY area
Exchange 713 = Choice One Communications serving Colonie NY
216.187.118.219 - 15X name servers and other resources:
Peer1
38.113.2.100 - various jerky resources:
PSI / Cogent
199.166.26.101 - various jerky resources:
VRx Network Services (NYC) 199.166.24.0/21
Here's some other related information:
JNS.NET (TuCows registrar)
JNS
PO Box 552 <-- different PO Box
Newton MA 02460 US
+1 617-555-1212 <-- bogus phone number: director info
created: 30 Jan 1998
updated: 23 Aug 2004 <-- recent update - so intentional bogus!
NS1.JERKY.NET [38.113.2.100]
NS6.JERKY.NET [199.166.26.101]
TWATSHOP.COM (TuCows registrar)
JNS
PO Box 552
Newton MA 02460 US
+1 617-555-1212 <-- same bogus phone number
created: 30 Jan 1998
updated: 23 Aug 2004
NS1.JERKY.NET [38.113.2.100]
NS6.JERKY.NET [199.166.26.101]
SPRINTPCSSUX.COM (TuCows)<-- must have had a problem with ...
JNS
PO Box 552
Newton MA 02460 US
+1 617-555-1212 <-- same bogus phone number
created: 01 May 2000
updated: 23 Aug 2004
NS1.JERKY.NET [38.113.2.100]
NS6.JERKY.NET [199.166.26.101]
HotPOP LLC
Massachusetts Domestic LLC organised 02/01/2001
Andrew Shoemaker
61 Prescott St
Newton MA 02640 US
Although the LLC is active there are no annual reports on file.
There are no entities that start with JERKY in Massachusetts.
(Jerky Network Services doesn't exist in Massachusetts records.)
There was a JNS, Inc. in Massachusetts, from 11/01/1983
to when it changed its name to Blaha Software, Inc on 6/7/1984.
That company was involuntary dissolved on 12/31/1990.
Another JNS, Inc. existed in Cheshire MA from 7/12/1994
though 8/31/1998. (JNS does not exist in Massachusetts.)
|
|
|
|
|