Eejit email spammers

I got a spam email today. Its title looked scary at first glance, all this stuff about PayPal and warning notifications, ya know… But I know better than that so I looked at the full headers and what do I see but:

From: PayPal Security Center
MIME-Version: 1.0
Message-ID:
Received:

* from [62.139.102.34] (helo=62.139.102.34) by *** with smtp (Exim 4.52) id 1FBXDI-00025a-Vc for irishwonder@***.com; Tue, 21 Feb 2006 08:05:57 -0500
* from 42.0.202.114 by ; Tue, 21 Feb 2006 11:05:38 -0200

Reply-To: PayPal
Return-path:
Subject: Warning Notification issued for your account
To: irishwonder@***.com
X-MSMail-Priority: High
X-Mailer: MIME-tools 5.503 (Entity 5.501)
Priority: High Priority 1

I remembered Greg Boser’s (a.k.a. Web Guerilla) post about comment spammers and thought I’d try and see  who the spammer  was and what I can find out using the full headers of this spam message. This is what I digged out in Whois:

The first IP mentioned in the headers:

62.139.102.34

Blacklist Status: Listed (details)
Record Type: IP Address
IP Location: Egypt Egypt – Al Qahirah – Cairo – Egynet
Reverse IP: Web server hosts 1 websites

The blacklist for this IP has two entries, dated today and 2006-02-18. The site hosted on that IP is :

Domain Name:LRCEGYPT.ORG
Created On:10-Dec-2003 13:03:37 UTC
Last Updated On:22-Nov-2005 17:23:33 UTC
Expiration Date:10-Dec-2007 13:03:37 UTC

Blacklist Status: Listed – Cached Today

****
Registrant City:Cairo
Registrant State/Province:Cairo
Registrant Postal Code:12411
Registrant Country:EG

Now, there is no way for me to tell whether it’s these Egyptians spamming me or somebody uses their server as a proxy – but if it was somebody else it still got the Egyptians effectively blacklisted for spam.

Oh yea, and the link in the phishing email (yes that’s what it was of course) was poining at a Korean server… What a collection!

Comments are closed.