I received a rather surprising e-mail earlier. Surprising because it was sent to an e-mail address I used specifically for registering on the ukbusinessforums.co.uk website a few years ago, and not an address I'd published anywhere (and nope, I'd not given them permission to give it to anyone else).
This particular e-mail is shown to the left, but in short, advertises pdf-adobe.org, which leads to pdfnewdownload.com and secure.signup-way.com (SSL certificate for signup-way.com is provided by GoDaddy). These sites are all not surprisingly, involved in fraud.
The people and sites responsible for this are;
touchcampaign.com (lives at 220.127.116.11, AS18403
FPT-AS-AP FPT Telecom Company 66-68 Vo Van Tan Ho Chi Minh City Vietnam)
v2mailservice.com (lives at 18.104.22.168, FastHosts)
Oh and yes, the WhoIs details are fake (for starters, 0645 isn't a valid UK dialing code, it was changed to 0845 years ago)
The phone number listed here is valid, and belongs to an Orange Telecom customer (I'd have called it if it weren't 04:00).
A lovely little list of domains they are also the owners of are;
These are all hosted at 22.214.171.124. And who owns this IP? Why, our old friends Netelligent of course.
Other connected domains include;
126.96.36.199 (AS14280 NETNATION Communications Inc.)
IWEB-AS iWeb Technologies Inc.)
FASTHOSTS-INTERNET Fasthosts Internet Ltd. Gloucester, UK.)
What's funny of course, is Netelligent recently wanted to convince us they were simply victims, and they'd killed off the criminals on their network. Wonder how they're going to explain this one huh? Especially given the history of the particular /24 in question (previously used by US based XLMarketing, who weren't exactly known for legit marketing methods)
/update 14:28 20-01-2010
I called the mobile number for v2mailservice.com, and not surprisingly, the number no longer exists.