North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Cleaning up (was: NANOG Spam)?

  • From: Allen Parker
  • Date: Sun Jul 09 14:20:26 2006
  • Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=CLpK+Jd2CyPZHCNFpxq/Vb3Q5JwrsvdHDYRHAQL0d+7Y6nFIinLOua8SVrDCaBNnVm5220jVT4F4P95jYZrOL4DswB0TxMOkoj4ljTbuHvrxMPrOxKXdTT1cVT6NRHkM7AsT4jVdOxFOFzP5K6gfE4xN1UvlC8XC8jhXEaLVYaM=


On 7/9/06, William Allen Simpson <[email protected]> wrote: <snip>
> The spam beneficiary was, of course, a US entity pretending to be from
> Germany, with a throwaway obscured Yahoo address:
>
> Domain Name:OARWIND.INFO
> ...
> Tech Name:Audrey Pokela
> Tech Organization:Audrey Pokela
> Tech Street1:2940 115 Ave NW
> Tech Street2:
> Tech Street3:
> Tech City:COON RAPIDS
> Tech State/Province:MN
> Tech Postal Code:55433
> Tech Country:US
> Tech Phone:+1.7634272392
> Tech Phone Ext.:
> Tech FAX:
> Tech FAX Ext.:
> Tech Email:[email protected]
> Name Server:NS1.RENTSHELL.INFO
> Name Server:NS2.FORTWALK.INFO
> Name Server:NS1.BUSITEEN.INFO
> Name Server:NS2.SPOLF.INFO

I actually telephoned this number after googling it and getting a hit in her local phonebook, it's an elderly woman with a MN accent who is completely unaware of how the internet works on any level who says she's currently involved in a case of identity theft that is unrelated to the ownership of this domain name.

I'll probably end up chasing down directnic via telephone on monday to
see if that can give us any leads.

The nameservers listed resolve to 2 ips, both brazilian, NS1.* owned
by AS27699, NS2.* owned by AS8167.

Hope that helps.