Wednesday, August 15, 2001

More Yahoo! Personals SPAM?

First off, I haven't decided whether or not this is bogus (this is more of a blog about how to dig into the background behind something)... Here's a copy of the e-mail that I got.

---

Date: Wed, 15 Aug 2001 11:19:53 -0400
From: Brittany323@hotmail.com
Subject: Your personal ad

Hey,
I just moved into the area so I figured I would respond to your ad.
I am trying to meet new people and find some nice places to go on the
weekends.
I have met some guys off the internet before, but they turned out to be
crazy or completely wrong for me. I won't let that get me down though,
I know there are some quality people out there. Well, I dont mean to
bore
you with my past bad experiences. I would really like to talk to you!
You can check out my ad with my picture at the web address below, hope
you like it.
Anyway,I hope to hear from you.
-Brittany

http://www.one-on-onechat.com/3822.html

---

The web page lists some information about her, with a grainy photo and a 900 number that costs $3.50/min (ouch!). However, I couldn't find any other profiles (I tried changing the end of the URL by +1/-1 to see if I could find any other profiles) and there are zero links off of the home page of the site. Her occupation is listed as "masseuse", um, okay... maybe true, maybe not (but it does sound too good to be true). I think what makes me wonder the most is that she's available for "live chat"...

First off, let's find out more about the DNS record for "www.one-on-onechat.com" via Dig II at freesoft.org.

---

$ dig @localhost one-on-onechat.com ANY ANY

;; query(one-on-onechat.com, ANY, ANY)
;; send_udp(127.0.0.1:53)
;; send_udp(127.0.0.1:53)
;; answer from 127.0.0.1:53 : 237 bytes
;; HEADER SECTION
;; id = 44939
;; qr = 1 opcode = QUERY aa = 0 tc = 0 rd = 1
;; ra = 1 rcode = NOERROR
;; qdcount = 1 ancount = 5 nscount = 2 arcount = 3

;; QUESTION SECTION (1 record)
;; one-on-onechat.com. ANY ANY

;; ANSWER SECTION (5 records)
one-on-onechat.com. 86400 IN MX 10 one-on-onechat.com.
one-on-onechat.com. 86400 IN A 128.121.114.184
one-on-onechat.com. 86400 IN SOA ns1.secure.net. hostmaster.secure.net. (
2001071101 ; Serial
86400 ; Refresh
7200 ; Retry
2592000 ; Expire
86400 ) ; Minimum TTL
one-on-onechat.com. 86400 IN NS ns1.secure.net.
one-on-onechat.com. 86400 IN NS ns2.secure.net.

;; AUTHORITY SECTION (2 records)
one-on-onechat.com. 86400 IN NS ns2.secure.net.
one-on-onechat.com. 86400 IN NS ns1.secure.net.

;; ADDITIONAL SECTION (3 records)
one-on-onechat.com. 86400 IN A 128.121.114.184
ns1.secure.net. 172757 IN A 192.41.1.10
ns2.secure.net. 172757 IN A 161.58.9.10
;; query status: NOERROR

---

This gives us a couple of targets to search for, first is to find out who registered the domain. For that we slip on over to Internet Sleuthing Resources and do a whois lookup using Network Solutions.

---

Organization:
v
d s
6506
B, MD 21237
US
Phone: 4
Email: revangst@excite.com

Registrar Name....: Register.com
Registrar Whois...: whois.register.com
Registrar Homepage: http://www.register.com

Domain Name: ONE-ON-ONECHAT.COM

Created on..............: Wed, Jul 11, 2001
Expires on..............: Fri, Jul 11, 2003
Record last updated on..: Thu, Aug 02, 2001

Administrative Contact:
v
d s
6506
B, MD 21237
US
Phone: 4
Email: revangst@excite.com

Technical Contact, Zone Contact:
Register.Com
Domain Registrar
575 8th Avenue - 11th Floor
New York, NY 10018
US
Phone: 212-798-9200
Fax..: 212-629-9305
Email: domain-registrar@register.com

Domain servers in listed order:

NS1.SECURE.NET 192.41.1.10
NS2.SECURE.NET 161.58.9.10

Register your domain name at http://www.register.com

The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than Network Solutions.
Network Solutions, therefore, does not guarantee its accuracy or
completeness.

---

Looks pretty bogus doesn't it. Well about about the other domain listed in the DNS record...

---

Domain Name.......... secure.net
Creation Date........ 1995-01-25
Registration Date.... 2000-05-10
Expiry Date.......... 2002-01-26
Organisation Name.... Secure Network Systems L.L.C
Organisation Address. 715 East 300 North
Organisation Address.
Organisation Address. Lindon
Organisation Address. 84042
Organisation Address. UT
Organisation Address. UNITED STATES

Admin Name........... Secure Network Systems L.L.C
Admin Address........ 715 East 300 North
Admin Address........
Admin Address........ Lindon
Admin Address........ 84042
Admin Address........ UT
Admin Address........ UNITED STATES
Admin Email.......... hostmaster@secure.net
Admin Phone.......... 801-437-0220
Admin Fax............ .

Tech Name............ Secure Network Systems L.L.C
Tech Address......... 715 East 300 North
Tech Address.........
Tech Address......... Lindon
Tech Address......... 84042
Tech Address......... UT
Tech Address......... UNITED STATES
Tech Email........... hostmaster@secure.net
Tech Phone........... 801-437-0220
Tech Fax............. .
Name Server.......... NS1.SECURE.NET
Name Server.......... NS2.SECURE.NET

The previous information has been obtained either directly from the
registrant or a registrar of the domain name other than Network Solutions.
Network Solutions, therefore, does not guarantee its accuracy or
completeness.

---

Okay, what about the IP address of the web site? Again, slide on over to ARIN's whois and do a lookup on 128.121.114.184.

---

Verio, Inc. (NET-VRIO-128-121)
8005 South Chester Street
Englewood, CO 80112
US

Netname: VRIO-128-121
Netblock: 128.121.0.0 - 128.121.255.255
Maintainer: VRIO

Coordinator:
Verio, Inc. (VIA4-ORG-ARIN) vipar@verio.net
303.645.1900

Domain System inverse mapping provided by:

NS0.VERIO.NET 129.250.15.61
NS1.VERIO.NET 204.91.99.140
NS2.VERIO.NET 129.250.31.190

********************************************
Reassignment information for this block is
available at rwhois.verio.net port 4321
********************************************

Record last updated on 11-Jul-2000.
Database last updated on 14-Aug-2001 23:06:24 EDT.

---

So we have a domain with bogus registration information (although it sort of looks like a Baltimore MD address), a web site with no links off of the home page, and a META tag that claims the author is "Rev.Vincent'Angst'Chewbacca-for Genius Meanderings", and a single link to US Web Personals who is using a invalid SSL certificate.

Um, I'm not going to be calling or responding to this one.

Labels: Spam

posted by Wuphon's at 4:36 PM