![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List] Help needed on connecting Ralsky to Pump'n Dump spam
Brian (SnSR)
SCNews.5.myspamgobbler at spamgourmet.com
Wed Mar 9 23:19:42 EST 2005
I'm thinking that spammy messed up, but the possibility of a joe-job is
also there. Or is this actually legal? I doubt it because all of my
pump'n dump spam uses forged headers and open proxies.
Unfortunately, I am in the middle of a major project that needs my
attention more than this does. I'm also extremely tired, so I may not be
thinking clearly.
It would be great if someone(s) has the time and gumption to look into
this further. I've larted enforcement at sec dot gov, but who knows if
human eyes ever see it.
Here's what I see.
www.spamcop.net/sc?id=z740531242za69846a29b493fe732132e54b2eef4e1z
Received: from deltacup.info ([207.244.55.233])
207.244.0.0/18 is listed on the Register Of Known Spam Operations
(ROKSO) database as being assigned to, under the control of, or
providing service to a known professional spam operation run by Andrew
Westmoreland.
Address lookup
lookup failed 207.244.55.233
Could not find a domain name corresponding to this IP address.
Network Whois record
Queried whois.arin.net with "!NET-207-244-52-0-1"...
OrgName: Web Presence, Inc.
OrgID: WEBPR-2
Address: 7065 West ann road
Address: Suite 130-125
City: Las Vegas
Web Presence Ralsky or Westmorland?
Message body shows (other than invisible font)an image only,
http://www.deltacup.info/grant/tomb.gif - The pump and dump spam.
canonical name deltacup.info.
aliases
addresses 207.244.57.120
Domain ID:D9832894-LRMS
Domain Name:DELTACUP.INFO
Created On:08-Mar-2005 18:39:21 UTC
Last Updated On:08-Mar-2005 21:44:58 UTC
Expiration Date:08-Mar-2006 18:39:21 UTC
Sponsoring Registrar:R126-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C9160459-LRMS
Registrant Name:Raymond Sebastian
Registrant Organization:creative marketing zone inc
Registrant Street1:2484 A11 East Ave.
Registrant City:Quezon City
Registrant State/Province:QC
Registrant Postal Code:10235
Registrant Country:PH
Registrant Email:rsebastian2004 at yahoo.com
Name Server:NS1.WEBPLACEDNS.INFO
Name Server:NS2.WEBPLACEDNS.INFO
Network Whois record
Queried whois.arin.net with "!NET-207-244-52-0-1"...
OrgName: Web Presence, Inc.
OrgID: WEBPR-2
Address: 7065 West ann road
Address: Suite 130-125
City: Las Vegas
StateProv: NV
PostalCode: 89130
Country: US
NetRange: 207.244.52.0 - 207.244.59.255
CIDR: 207.244.52.0/22, 207.244.56.0/22
NetName: WEB4PR-2-NET
NetHandle: NET-207-244-52-0-1
Parent: NET-207-244-0-0-1
NetType: Reassigned
NameServer: NS1.WEBPLACEDNS.INFO
NameServer: NS2.WEBPLACEDNS.INFO
Comment:
RegDate: 2004-12-17
Updated: 2005-01-28
OrgTechHandle: VAL-ARIN
OrgTechName: Allan, Victor
OrgTechPhone: +1-877-935-1974
OrgTechEmail: victorallan at web4presence.com
-------------------------------------
Address lookup
canonical name NS1.WEBPLACEDNS.INFO.
aliases
addresses 207.244.52.254
Domain ID:D9494002-LRMS
Domain Name:WEBPLACEDNS.INFO
Created On:28-Jan-2005 01:36:05 UTC
Last Updated On:28-Jan-2005 06:02:59 UTC
Expiration Date:28-Jan-2006 01:36:05 UTC
Sponsoring Registrar:R126-LRMS
Status:ACTIVE
Status:OK
Registrant ID:C8707784-LRMS
Registrant Name:Raymond Sebastian
Registrant Organization:creative marketing zone inc
Registrant Street1:2484 A11 East Ave.
Registrant City:Quezon City
Registrant State/Province:QC
Registrant Postal Code:10235
Registrant Country:PH
Registrant Email:rsebastian2004 at yahoo.com
-----------------
So the WEBPLACEDNS.INFO had the same domain registration data as
DELTACUP.INFO, the pump'n dump spammers, which is being used by Web
Presence, Inc. which controls a block of about 1800 with a physical
address in Las Vegas.
Did I miss something or did he screw up?
Any suggestions?
Brian
More information about the SpamCop-List
mailing list