Results 1 to 1 of 1
-
01-22-2006, 06:31 PM #1Junior Guru
- Join Date
- Oct 2004
- Location
- Portland, OR
- Posts
- 187
Spammer: Arthur Ware/First Geneva
Just a heads up. This person paid for a server using very legitimate looking information that got through all levels of fraud screening.
After his server was setup (Windows 2000/2003 Server was the requested OS) he installed a proxy server, CCProxy, and used it to send about 1GB worth of spam worms/viruses. He denies it, but the spam started minutes after the log shows him installing CCProxy (which was limited to certain IP addresses, it was not an open proxy).
Server at Servepath from which he signed up: 69.59.173.44
Server at Rackspace hosting his email: 64.39.18.147
IP Addresses listed in the Proxy software (probably the originating spam hosts):
24.234.124.226 (Cox Cable in Las Vegas - could be users home computer)
217.75.7.2 (Ireland)
71.32.40.193 (Arizona)
209.34.233.116 (Florida)
Tarpon Coast Technology P10-D122-E970-28 (NET-209-34-233-112-1)
209.34.233.112 - 209.34.233.127
(Possibly a hacked server or a front for the spam operation)
Domain hosting his email:
Domain Name: FIRST-GENEVA.COM
Created on..............: Mon, Feb 04, 2002
Expires on..............: Fri, Feb 04, 2011
Record last updated on..: Tue, Mar 22, 2005
Administrative Contact:
First Geneva Limited
Edviges Correia
Siemens House, 4F
Cork,
IE
Phone: +353214861415
Fax..: +353214861336
Email: info@first-geneva.com
His information:
arthur@first-geneva.com
415-244-3484
Arthur Ware
Address: 18 clipper st
San Francisco, CA 94114
Example spam:
Code:You can now get $325,000 for as little as $705 a month! We realize many homeowners struggle and that makes it difficult to maintain good crrreeedit. But we specialize in poor crrreeeeedit cases- helping you to refiance even with poor crrrreeeedit, helping you lower your monthly burden and build back your credit. You will receive the lowest rate possible in your special circumstance You can fill out this quick form and be approved within 24 hours: http://save-monthlyz.org/1093 Alright.., Patrick Deleon From Patrick.Del...@proaxis.net Sun Jan 22 01:20:50 2006 Received: from ****************** (****************** [***************]) by **********.********* (8.11.3/***/8.11.2) with ESMTP id k0M1Ko414803 for <*****************************>; Sun, 22 Jan 2006 01:20:50 GMT X-Envelope-From: Patrick.Del...@proaxis.net Received: from proaxis.net (la04-41.proaxis.net [198.145.252.41] (may be forged)) by ****************** (8.13.4/***/8.13.4) with ESMTP id k0M1Gqec016665; Sun, 22 Jan 2006 01:17:39 GMT Date: Sat, 21 Jan 2006 20:17:41 -0500 Subject: Top Notch Opportunity with ease Reply-To: Patrick Deleon <Patrick.Del...@proaxis.net> X-Mailer: Danger Service X-Danger-Send-Id: AAASayPCrxEAAYan Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="iso-8859-1"; format="flowed" To: "Larry" <garyt@*******************>, <wallm@*******************>, <isaaca@*******************>, <arkon@*******************>, <**************************>, <crownwoods@*******************>, <ada@*******************>, <skap@*******************>, <scampbell@*******************>, <christopher@*******************>, <nburgoyne@*******************>, <gwilliamsh@*******************>, <eggpie@*******************> Mime-Version: 1.0 From: Patrick Deleon <Patrick.Del...@proaxis.net> Message-Id: <1132215864.1015708U@dy11.dngr.org> Apparently-To: ************************** <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=Content-Type content="text/html; charset=iso-8859-1"> <META content="MSHTML 6.00.2900.2802" name=GENERATOR> <STYLE></STYLE> </HEAD> <BODY bgColor=#ffffff> <DIV><FONT face=Arial size=2>Hello,<P><BR> You can now get $325,000 for as little as $705 a month!<P> We realize many homeowners struggle and that makes it difficult<P> to maintain good crrreeedit. But we specialize in poor crrreeeeedit cases- = helping you<P> to refiance even with poor crrrreeeedit, helping you lower your monthly<P> = burden and build back your credit.<P> You will receive the lowest rate possible in your special = circumstance<BR><P> You can fill out this quick form and be approved within 24 hours:<BR><P> <a = href=3D"http://save-monthlyz.org/1093">http://save-monthlyz.org/1093</a><BR= ><P> Alright..,<P> Patrick Deleon</BR></P> </FONT></DIV> <DIV> </DIV></BODY></HTML>
Code:*** ENVELOPE RECORDS ./5ACD8FA7A *** message_size: 3412 846 14 arrival_time: Sun Jan 22 07:07:13 2006 sender: bdadoyamb@hotmail.com named attribute: client_name=unknown named attribute: client_address=198.145.252.41 named attribute: message_origin=unknown[198.145.252.41] named attribute: helo_name=proaxis.net named attribute: protocol_name=ESMTP original recipient: connellyerin@aol.com recipient: connellyerin@aol.com original recipient: connellyethel@aol.com recipient: connellyethel@aol.com original recipient: connellyfam6@aol.com recipient: connellyfam6@aol.com original recipient: connellyfam@aol.com recipient: connellyfam@aol.com original recipient: connellyfc1@aol.com recipient: connellyfc1@aol.com original recipient: connellyg@aol.com recipient: connellyg@aol.com original recipient: connellygardens@aol.com recipient: connellygardens@aol.com original recipient: connellyggrm@aol.com recipient: connellyggrm@aol.com original recipient: connellyhmc@aol.com recipient: connellyhmc@aol.com original recipient: connellyhn@aol.com recipient: connellyhn@aol.com original recipient: connellyhp@aol.com recipient: connellyhp@aol.com original recipient: connellyi@aol.com recipient: connellyi@aol.com original recipient: connellyin@aol.com recipient: connellyin@aol.com original recipient: connellyinc@aol.com recipient: connellyinc@aol.com defer_warn_time: Mon Jan 23 07:07:13 2006 *** MESSAGE CONTENTS ./5ACD8FA7A *** Received: from proaxis.net (unknown [198.145.252.41]) by mx12.pacifier.net (Postfix) with ESMTP id 5ACD8FA7A; Sun, 22 Jan 2006 07:07:13 -0800 (PST) Received: from unknown (HELO qnx.mdrost.com) (118.157.101.237) by rsmail.alkoholic.net with ASMTP; Sun, 22 Jan 2006 08:48:20 +0600 Received: from unknown (119.137.171.156) by relay-x.misswldrs.com with SMTP; Sun, 22 Jan 2006 02:39:48 +1200 Received: from mail.naihautsui.co.kr ([11.28.74.119]) by qnx.mdrost.com with LOCAL; Sun, 22 Jan 2006 19:21:06 -0500 Received: from [123.120.244.90] by smtp.doneohx.com with SMTP; Mon, 23 Jan 2006 00:09:09 -1000 Message-ID: <6155FE72.89ED95A@hotmail.com> Date: Mon, 23 Jan 2006 00:06:21 -1000 From: <bdadoyamb@hotmail.com> User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.5) Gecko/20031013 Thunderbird/0.3 MIME-Version: 1.0 To: "cc" <connellyerin@aol.com> Cc: <connellyethel@aol.com>, <connellyfam6@aol.com>, <connellyfam@aol.com>, <connellyfc1@aol.com>, <connellyg@aol.com>, <connellygardens@aol.com>, <connellyggrm@aol.com>, <connellyhmc@aol.com>, <connellyhn@aol.com>, <connellyhp@aol.com>, <connellyi@aol.com>, <connellyin@aol.com>, <connellyinc@aol.com> Subject: Impact Equ-ity Report Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: base64 SGVsbG8gSW52ZXN0b3IsDQoNCkNCSU8sIGlzIG91ciBuZXh0IEhPVCBQSUNLIGluIHRoZSBlbmVy Z3kgc2VjdG9yLiAgQSBicmFuZCBuZXcgaXNzdWUsIENCSU8gaXMgcG9pc2VkIHRvIG91dHBlcmZv cm0gaXRzIGNvbXBldGl0b3JzIGluIHRoZSBuZWFyIHRlcm0uICBUaGUgcmV2ZW51ZSBwb3RlbnRp YWwgb24gdGhlIHByb2R1Y3Rpb24gYW5kIG1hcmtldGluZyBvZiBpdHMgcHJpbWFyeSBwcm9kdWN0 LCBiaW9kaWVzZWwgaXMgb3V0c3RhbmRpbmcgYW5kIHN1cHBsZW1lbnRlZCBieSAyMCUgdGF4IGlu Y2VudGl2ZSBieSB0aGUgVVMgR09WVCENCg0KQ29uc29saWRhdGVkIEJpb2Z1ZWxzKENCSU8pDQpD dXJyZW50IFByaWNlICAkMC4yNQ0KU2hvcnQgVGVybSBUYXJnZXQgICAkMS4yNQ0KTG9uZyBUZXJt IFRhcmdldCAgICAkMy41MA0KDQo0MDAlIFNob3J0IFRlcm0gUHJvZml0IFBvdGVudGlhbCEhIQ0K DQpNb3JlIGluZm8gQDogIGh0dHA6Ly9maW5hbmNlLnlhaG9vLmNvbS9xP3M9Q0JJTy5waw0KDQpB Ym91dCBDb25zb2xpZGF0ZWQgQmlvZnVlbHMgSW5jOg0KQ29uc29saWRhdGVkIEJpb2Z1ZWxzIGlz IHBsYW5uaW5nIHRvIGNvbnN0cnVjdCBhbmQgb3BlcmF0ZSBzaXggMzAgbWlsbGlvbiBnYWxsb24g cHJvZHVjdGlvbiBmYWNpbGl0aWVzIGFuZCBpcyBkZWRpY2F0ZWQgdG8gYSBjbGVhbmVyIEFtZXJp Y2EgYnkgaW5jcmVhc2luZyB0aGUgYXZhaWxhYmlsaXR5IG9mIGJpb2RpZXNlbCBmdWVsIG5hdGlv bndpZGUgYW5kIGV4cGFuZGluZyB0aGUgZWZmb3J0IHRvIHJlZHVjZSBwb2xsdXRpb24gY2F1c2Vk IGJ5IHBldHJvbGV1bSBkaWVzZWwgZnVlbHMuIFRocm91Z2ggdGFjdGljYWwgcmVsYXRpb25zaGlw cyBhbmQgZXhwZXJpZW5jZWQgbWFuYWdlbWVudCwgKENCSU8pIHdpbGwgYW1hbGdhbWF0ZSBpdHMg cmVzb3VyY2VzIHRvIGdyZWF0bHkgZW5oYW5jZSB0aGUgZmFjaWxpdGllcycgY2FwYWJpbGl0aWVz LCBhbGxvd2luZyB0aGUgQ29tcGFueSB0byByZWFsaXplIGVjb25vbWllcyBvZiBzY2FsZSBhZHZh bnRhZ2VzLiBBZGRpdGlvbmFsIGFkdmFudGFnZXMgZW5jb21wYXNzIGltcHJvdmVkIG1hbmFnZW1l bnQgc3lzdGVtcyBhbmQgYWR2YW5jZWQgdGVjaG5pY2FsIHNvbHV0aW9ucy4NCg0KU2VuaW9yIElu dmVzdG1lbnQgQWR2aXNvciBEZXNrDQpUUkFERSBHcm91cA0KDQoNCkRpc2NsYWltZXINClRoaXMg cHJlc3MgcmVsZWFzZSBjb250YWlucyBzb21lIGZvcndhcmQtbG9va2luZyBzdGF0ZW1lbnRzLiBX ZSB1bmRlcnRha2Ugbm8gb2JsaWdhdGlvbiB0byBwdWJsaWNseSB1cGRhdGUgYW55IGZvcndhcmQt DQpsb29raW5nIHN0YXRlbWVudCwgd2hldGhlciBhcyBhIHJlc3VsdCBvZiBuZXcgaW5mb3JtYXRp b24sIGZ1dHVyZSBldmVudHMsIG9yIG90aGVyd2lzZS4gRm9yd2FyZC1sb29raW5nIHN0YXRlbWVu dHMgaW4gdGhpcyANCmRvY3VtZW50IHNob3VsZCBiZSBldmFsdWF0ZWQgdG9nZXRoZXIgd2l0aCB0 aGUgbWFueSB1bmNlcnRhaW50aWVzIHRoYXQgYWZmZWN0IG91ciBidXNpbmVzcy4= *** HEADER EXTRACTED ./5ACD8FA7A *** return_receipt: errors_to: bdadoyamb@hotmail.com *** MESSAGE FILE END ./5ACD8FA7A ***
-JonFork Networking - 1995-2020+
Colocation & Dedicated Hosting
West Coast, 99.999% uptime.
<www.forked.net>