[CLUE-Tech] spam issues continued
Jed S. Baer
thag at frii.com
Wed Jul 16 18:04:37 MDT 2003
On Wed, 16 Jul 2003 17:00:18 -0600
Mike Staver <staver at fimble.com> wrote:
> Administrative Contact:
> Products, Health (JKTSYMZQYI)
> help at healthproductsnow.net Health Products
> POBOX 440033
> Aurora, CO 80044
> US
> (866) 292-4101
A google search on the phone number turned up this for ihealth.bz, another
spamming domain.
"4/30/03 - Whois shows registered to [Admin] Justin Smith
(help at ihealth.bz); [Tech] Health Products (help at betterhealth.bz); POBOX
440033, Aurora, CO, 80044, USA; phone (866) 292-4101; domain servers
NS11.NSHOST.BZ (200.206.184.69), NS9.NSHOST.BZ (66.252.31.51),
NS10.NSHOST.BZ (210.21.114.9)
5/21/03 - same IP address destination as for www.incredibleoffer.tv"
Unsurprisingly:
$ whois 200.168.14.44 at whois.arin.net
[whois.arin.net]
OrgName: Latin American and Caribbean IP address Regional Registry
OrgID: LACNIC
Address: Potosi 1517
City: Montevideo
StateProv:
PostalCode: 11500
Country: UY
I dunno whether you can get the name for the Postal Mail Box (PMB). Read
this:
http://www.junkfax.org/fax/misc/pobox.htm
You could, I suppose, go to the physical post office where that box is
located (the USPS can tell you this based on zip code), and hang out
watching the box.
The other idea would be try and scam the spammer. Send something to the PO
box which will cause him to reveal himself to you. Think of "social
engineering" as described by Mitnick in his book "The Art of Deception".
jed
--
... it is poor civic hygiene to install technologies that could someday
facilitate a police state. -- Bruce Schneier
More information about the clue-tech
mailing list