Wednesday, March 29, 2006

The first mail was from

The first IP address I was sent this scam from was That resolves to :
Asking for PTR record: says to go to (zone:
Asking for PTR record: [] says to go to (zone:
Asking for PTR record: Reports [from]

Answer: PTR record: [TTL 172800s] [A=]
So this is a German server, probably an open relay SMTP mail server.

Whois comes back with:

 This is the RIPE Whois query server #2.

% Information related to ' -'

inetnum: -
netname: COSYMED-AG
descr: cosymed AG
country: DE
admin-c: AH4498-RIPE
tech-c: AH4498-RIPE
mnt-by: DTAG-NIC
notify: *******
changed: ******* 20021008
source: RIPE

person: Anton Hoffmann
address: Cosymed GmbH
address: Hopfenstr. 10
address: 85098 Grossmehring
address: Germany
phone: +49 8407 8041
e-mail: **********
nic-hdl: AH4498-RIPE
notify: ***********
notify: ***
mnt-by: DTAG-NIC
changed: ************ 19990719
source: RIPE

% Information related to ''

descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
mnt-by: DTAG-RR
changed: **@NIC.DTAG.DE 19980825

Deutsche Telekom
Resource: RIPE


Post a Comment

<< Home