Feedback and Hints, April 2003

Feedback: April 2003, Published: May 2003

Once again the spammers have been busy. I have received eight spam e-mails for the month of April. However, three of them were identical. This makes for five seperate instances of spam. Samples are shown below. Brian reports that he has noticed an increase in the amount spam at his site (see below).

In Australia there has been a great fanfare about lesgislation against spamming. We are yet to see any details. I am sure that the result will be ineffectual, beauracratic and a waste of time (not to mention taxpayers' money).

Feedback:

User Agent String "Mozilla/4.01 [en](Win95;I)"
SPAM is certainly increasing

Spam Diaries:

Work from home -- Just send spam and ask for money!
Paul Thomas, topsites-us.com again -- give it a rest Paul, you'll go Blind!
Spam from Peter Kurz (Germany)
Jane Brooks -- pdhost.com again

User Agent String "Mozilla/4.01 [en](Win95;I)"

Date: Sun, 20 Apr 2003 09:21:35 -0500
From: John Van Essen

Hi,

That's a very impressive list of user agent strings you have!

But this entry in the browser agent strings:

Netscape        4.01    Mozilla/4.01 [en](Win95;I)

is not a normal Netscape string.  Compare it with others.  The [en]
and Win95; should both be followed by a space.

It's from some download-type program or plug-in and I'm trying to figure out
what it is before I block it.
--
    John Van Essen

Ed: John,

Yes, it does appear to be a process that is associated with a browser. I
have only been visited by this process once. That occured last year at
08-Aug-2002:12:17:13 (GMT+1000), I got a visit from 196.2.56.5. He came
from Google (searching for humour+download). His agent string claimed to
be MSIE 5.5 on Windows ME. Or at least that is how I think this string
should be interpreted:

Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; Win 9x 4.90; MWC 196.30.178.17)

After hitting my humour page (http://www.pgts.com.au/download/humour/),
this new agent started up about thirty seconds after the page had
loaded. It then hit http://www.pgts.com.au/download/humour/KISS.txt four
times in as many seconds starting at 08-Aug-2002:12:17:53. It then
vanished, never to be seen again.

Gerry,

That's one of the patterns that I see at 3D Gamers (normal browser,
fires this other thing up, hits a file 4 times, then quits). It's like a
download manager trying to use 4 channels to get a file.

Ed: It seems that the CIDR of my visitor is South African in origin (the
netblock is owned by M-Web in Capetown).

I have no idea what it is. Any suggestions?

None yet.  Google isn't too helpful on a search for this agent string...

At the end of this message, I'm pasting in yesterday's log entries
for this agent (it's combined log format but without the referer).
So you can see what we get on a regular basis amongst 4-5,000,000
requests per day (only 400-500,000 for pages, though :D).

It was the fellow from dhcp024-210-146-066.woh.rr.com that got my
attention since he triggered so many 404's and appeared on my
"Most hosts with 404's" list for that day.  Hence my investigation
into this broken POS.  :)

Ed: John included a list of entries with his email. By the looks of
those entries the process exhibited robot-like behaviour. I only had the
one visit, and that was seven months ago. So the process might have
evolved a little since then. I expect that if he had the referer string
he would seen an empty referer for the robot portion of the process. At
the PGTS site, the browser entries from the same IP address exhibited
normal behaviour. So it's not possible to be certain whether the process
was kicked off as a background process within the MSIE browser, or it
was operated by human familiar, who released the robot after checking
the site.

Anyway whatever it was, it did not appear to be very smart. The PGTS
site has mainly text info, so downloading with four channels is a rather
like using a chainsaw to cut butter.

I promoted this agent string to the suspicious agents file at
http://www.pgts.com.au/cgi-bin/pgtsj?file=pgtsj0304b. Agents in this list are
not necessarily up to no good. However the behaviour is a bit strange,
or they try to disguise themselves.

Back To Index

SPAM is certainly increasing

Date: Mon, 21 Apr 2003 13:39:33 +1000 (EST)
From: Brian Robson

Hi there Gerry,

Approximate counts for SPAM rec'd to my personal email address are
below.

There is no doubt there has been a sudden escalation this year, although
it climbed steadily during last two years. Counts are very approximate,
to the nearest 20 (10 for 2001).

If you do a mental average for each six month block, it's taking off.
IMHO, a free "bogofilter" spam filter on every windows PC is the only
answer, although Senator Alston thinks leglislation will help.

Jan 2001 - 120
Feb 2001 - 70
Mar 2001 - 120
Apr 2001 - 70
May 2001 - 50
Jun 2001 - 50

Jul 2001 - 90
Aug 2001 - 110
Sep 2001 - 120
Oct 2001 - 190
Nov 2001 - 240
Dec 2001 - 280

Jan 2002 - 260
Feb 2002 - 220
Mar 2002 - 260
Apr 2002 - 360
May 2002 - 400
Jun 2002 - 320

Jul 2002 - 300
Aug 2002 - 340
Sep 2002 - 340
Oct 2002 - 400
Nov 2002 - 380
Dec 2002 - 380

Jan 2003 - 380
Feb 2003 - 500
Mar 2003 - 720
Apr 2003 - 570 up to 21/4
May 2003 -
Jun 2003 -

Cheers,

Brian

==============================================================
PS: Bloody hell! This very instant some spammer has just sent me an email..

Subject: No More Spam for Brianr!

They want me to buy Spam Remedy!

Ed: Now that's what I call serious spam ... A spamer who wants to sell
you a spam filter! This raises some obvious questions: Will "Spam Remedy"
filter spam about "Spam Remedy"? I wonder if the spammer has a sense of
irony? Or does he actually believe that this is the way to sell spam
filters?

I know that we haven't seen the details of the legislation yet. But I
have to express my deep and profound scepticism. The previous attempt at
legislation to eliminate pornography was ludicrous and ineffective. I
would be most surprised if Alston's anti-spam legislation went against
current trends of legislation from his office. If it requires provisions
for ISPs to block spam, it will be unworkable and largely unenforceable.
On the other hand if the focus is on prosecuting spammers in the
Australian jurisdiction, I am just as sceptical. If spamming is illegal
in Oz, then Aussie spammers can go offshore, so to speak. They don't
even have to leave their desk.

Back To Index

SPAM: Work from home -- Just send spam and ask for money!

Do these guys actually make money out of this?

From HomeWorkersAssociation359@yahoo.com Wed Apr  2 19:17:36 2003
Return-Path: <HomeWorkersAssociation359@yahoo.com>
Received: from mindje1 ([211.239.121.18])
	by pgts04.xxxx.com.au (8.11.6/8.11.6) with ESMTP id h329HYb18350
	for <gerry@xxxx.com.au>; Wed, 2 Apr 2003 19:17:35 +1000 (EST)
	(envelope-from HomeWorkersAssociation359@yahoo.com)
Received: from smtp0147.mail.yahoo.com ([200.204.78.250]) by mindje1 with Microsoft SMTPSVC(5.0.2195.5329);
	 Wed, 2 Apr 2003 18:18:41 +0900
Date: Wed, 2 Apr 2003 09:16:38 GMT
From: "Ernest William"<HomeWorkersAssociation359@yahoo.com>
X-Priority: 3
To: gerry@xxxx.com.au
Subject: >>>WORK AT HOME...START TODAY...MAKE BIG $$$
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Message-ID: <MINDJE1YibKb4SRXXTh0000df2b@mindje1>
X-OriginalArrivalTime: 02 Apr 2003 09:18:45.0984 (UTC) FILETIME=[DCCDAE00:01C2F8F8]
Status: RO
Content-Length: 6889
Lines: 189

GET STARTED WORKING FROM HOME TODAY!

This message contains valuable information about our
organization and qualified specialists who have
extensive knowledge and experience in WORKING
FROM HOME.

We have spent the last decade researching home employment options
available to the public. After spending thousands of hours in research, we can
confidently promise you that NO ONE has better information on this subject.

---WORK IN THE COMFORT OF YOUR OWN HOME---

    ***WIDE SELECTION OF JOBS...TOP PAY***

       --REAL JOBS WITH REAL COMPANIES--

Plus receive your very own "Computer Cash Disk" FREE!

Every day thousands of people just like you are getting
started working at home in fields of computer work, sewing,
assembling products, crafts, typing, transcribing, mystery shopping,
getting paid for their opinion, telephone work and much more!

          WHO ARE HOME WORKERS?

They are regular, ordinary people who earn an excellent
living working at their own pace and make their own hours.
They are fortunate people who have found an easier way
to make a living. They had absolutely no prior experience
in this field. They earn a good weekly income in the comfort
of their own home and you can be next!

Companies all over the United States want to hire you as an
independent home-worker. You are a valuable person to
these companies because you will actually be saving them
a great amount of money.

These companies want to expand their business, but do not
want to hire more office people. If they hired more office
employees, they would have to supervise them, rent more
office space, pay more taxes and insurance, all involving
more paperwork. It is much easier for them to set it up so
you can earn an excellent income working in the comfort of
your own home.

    -------------------LIVE ANYWHERE--------------------

You can live anywhere and work for most of these companies.
The companies themselves can be located anywhere.
For computer work, the companies provide you with
assignments, usually data entry or similar tasks. You
then complete the project and get paid for each task.
You receive step by step instructions to make it easier
for you and to insure you successfully complete the job.

After you're finished, you ship the completed assignments
back to the company at no charge to yourself. Upon receiving
your assignments, the company will then mail you a check
along with more assignments. It's that easy!

All the other home-based work (sewing, merchandising, surveys,
product assembly, typing, telephone work, transcribing, and mystery shopping)
are  done in a similar way. After contacting the companies you will
be given step by step instructions and information on what you
need to do. Upon completion of the task, they mail you a check.

You have the potential to work for nearly every company in our
guide. The only jobs that require equipment is computer work
(computer needed), typing (typewriter or computer). All other
work requires no equipment of your own.

          $$$EARN EXTRA INCOME AT HOME$$$

All business can be done by mail , phone, or online. You can START
THE SAME DAY you receive "The Guide to Genuine Home
Employment."

     *****ONLY REAL COMPANIES OFFERING REAL JOBS!*****

The companies in our guide are legitimate and really need
home workers. There is over two hundred of the top companies
included in our guide offering an opportunity for you to make
extra income at home. Unlike other insulting booklets or lists you
may see, our guide only includes up to date information of
companies who pay top dollar for your services and will hire you.
WITHOUT CHARGING YOU FEES TO WORK FOR THEM,
GUARANTEED!

**UPDATE.....Now our guide explains and goes into detail
about each company and what they have to offer you!
You are guaranteed to find home based work in our guide.
No problem!

**UPDATE.....Our new edition offers an entirely new category
of work. It reveals a new, unique way to get paid for your opinion
online. Just surf to the proper website and get paid to fill out opinion
surveys! What could be easier!

We urge you to consider this extraordinary opportunity. Don't delay
or you could miss out! This is like no other offer you've ever seen.

$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$

This is an opportunity to become an independent
HOME WORKER. Remember, this is NOT a get-rich-
quick-scheme. It is an easy way for you to earn money
while filling the needs of a company who needs
you. This makes it easy to work at your OWN
PACE and in the comfort of YOUR HOME.

***HERE'S HOW TO GET STARTED IMMEDIATELY***

Print the form below, fill in your information and mail it to us,
along with the small one time fee for the guide. We will ship
the "Guide To Genuine Home Employment" out the same
day we receive your reply form!

Order within 15 days and the complete, updated, sure-fire,
Genuine Home Employment Guide is yours for the special low
price of just $29.95! That's over 27% off our normal price of
$39.95.

**Don't delay one more minute, START NOW!!!**

**FREE BONUS....."COMPUTER CASH DISK" (MAC & IBM
compatible) 167 business reports. Tips, tricks and secrets on starting
and operating a successful home based business and how to avoid
dishonest marketing offers. Comes with full reproduction rights!
READ THEM, SELL THEM AND BANK THE MONEY. Never pay
us any royalties. Sells for $69.00, but it's worth a whole lot more than
that. Get yours today...FREE!

>>>FULL 60 DAY RISK FREE MONEY-BACK GUARANTEE!

Test our material out for a free trial period and if it isn't everything
we said it is, just send it back and we will gladly refund your
money. We've helped thousands of people like yourself get started
working at home over the last eight years. You can be the next!

THINK WHAT AN EXTRA INCOME COULD DO FOR YOU!

LET US HEAR FROM YOU TODAY!

THIS COULD EASILY CHANGE YOUR LIFE FOREVER!

DON'T LET THIS EXTRAORDINARY OPPORTUNITY
PASS!!

THESE OPPORTUNITIES ARE PROFITABLE
AND EASY.

ACT NOW!!!

HERE'S HOW TO GET STARTED......

Send Check or Money Order for $29.95 and the
completed order form below to us at:

Cybernet HWA
PO Box 914
North Branford, CT 06471
-----------------------------------------------------------------------------

EZ ORDER FORM

_____  Yes! I am interested in a REAL home job. I
am ordering within 15 days. Here is my $29.95. Please
rush me my package today including "The Guide to
Genuine Home Employment" and your "Free Computer
Cash Disk"!!

(Please PRINT all information CLEARLY)

NAME___________________________________________

ADDRESS _______________________________________

CITY __________________________________________

STATE ____________________  ZIP _______________

EMAIL ______________________@__________________

PHONE  (      )   _____________________________

Back To Index

SPAM: Paul Thomas, topsites-us.com again -- give it a rest Paul, you'll go Blind!

I don't know if anyone is sending these guys money. But if anyone is, I wish they would stop. It's a scam. They are just stealing your money!

From postmaster@topsites-us.com Fri Apr 11 13:45:37 2003
Return-Path: <postmaster@topsites-us.com>
Received: from topsites2 (12-235-89-216.client.attbi.com [12.235.89.216])
	by pgts04.xxxx.com.au (8.11.6/8.11.6) with ESMTP id h3B3ixP10410;
	Fri, 11 Apr 2003 13:45:01 +1000 (EST)
	(envelope-from postmaster@topsites-us.com)
Message-Id: <200304110345.h3B3ixP10410@pgts04.xxxx.com.au>
Received: from topsites2 (localhost) by topsites2 (LSMTP for Windows NT v1.1b) with SMTP id <0.0030CC79@topsites2>; Thu, 10 Apr 2003 10:19:24 -0700
Date: Thu, 10 Apr 2003 10:19:15 -0700
From: "Paul Thomas" <postmaster@topsites-us.com>
Subject: PGTS Pty Ltd - Programing to support Oracle, Linux, Unix and Perl. System Administration. Surrey Hills, Victoria.  http://www.pgts.com.au/
To:
Reply-To: <sales@topsites-us.com>
Organization: topsitez.us MIME-Version: 1.0
Content-Type: multipart/alternative;
	boundary="----=_NextPart_000_000B_01C238C5.A7241DF0"
X-Priority: 1 (Highest)
X-MSMail-Priority: High
Importance: High
Precedence: bulk
Status: RO
Content-Length: 8567
Lines: 200

This is a multi-part message in MIME format.

------=_NextPart_000_000B_01C238C5.A7241DF0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: 8bit

Could you please be so kind as to renew your TopSites-us directory
listing by Thursday, April 17 so we can continue to show it to our
millions of users? For information on renewing please go to:
http://topsites-us.com/renew-tab.htm?id=611582&d=pgts.com.au

If you cannot access our site, just let me know you want to renew by
email. Your listing only cost $5 a month.

If you have a question, please go to:
http://topsites-us.com/faq/index.htm?id=611582&d=pgts.com.au&op=cat&c=1

If you cannot find your answer there, please let me know. I will be
happy to help in any way I can. If you do not want to renew, there is no
need to write; we will cancel your listing automatically.

Kind Regards,

Paul Thomas

To remove your address from our mailing list and cancel your listing in
the directory please UNSUBSCRIBE at:
http://topsites-us.com/cancel.htm?id=611582&d=pgts.com.au

YOUR LISTING
PGTS Pty Ltd
Programing to support Oracle, Linux, Unix and Perl. System
Administration. Surrey Hills, Victoria.

http://www.pgts.com.au/
Your category: http://topsites-us.com/category-tab.htm?id=611582&d=pgts.com.au

REACH A HALF MILLION
Here is what you get:
1. We will display your listing more than a half million times a year on
   the TopSites Internet Explorer search tool.

2. We will also display your listing whenever the Internet Explorer tool
   users search for your keywords at Yahoo, MSN, Google, AOL, Lycos, and
   Altavista.

3. We will even display your listing on your competitors� sites whenever
   the Internet Explorer tool users click on a hyperlink containing your
   keywords.

4. We will continue to list your website in the TopSites directory at no
   extra charge.

Let us introduce you (a half million times!)
People often ask, "How can you guarantee to show my listing a half
million times? What if I am in an unpopular category?" It does not
matter! Why? Internet Explorer tool--our patent pending
tool--continually displays renewed TopSites-us listings on our users PCs
24 hours a day, seven days a week. We display TopSites-us listings more
than 42 million times in an hour. That is why we can guarantee to show
your listing more than a million times a year.

Save $20,000 in advertising
It would cost you up to $20,000 to display your listing a half million
times at sites like MSN and Altavista. Googles charges up to $100,000
depending on your category. At TopSites we charge $5 a month!

You are on top at Yahoo, MSN, Google, AOL, Lycos, and Altavista
Whenever our Internet Explorer tool users search for one of your
keywords at any major search engine, you will appear on top. How? A
special window opens that only displays renewed TopSites listings. Want
to see this marketing magic for yourself? For pictures and download
instructions go to:
http://topsites-us.com/guarantee-tab.htm?id=611582&amp;d=pgts.com.au

Even your competitors promote you
When our Internet Explorer tool users click on a hyperlink at any
website in the world, we display relevant TopSites listings. You can
expect to see your company advertised even on your competitors websites!

Save $100 re-listing fee Please do not let your listing expire. Our
editors listed you as one of the top websites in your category without
charge. If your listing expires, however, you may need to pay a $100
editorial review fee to get listed again. It can take a month for our
editors to authorize a listing. And they may not re-list you if there
are too many listings in your category.

Only TopSites-us gives you:
* Massive Reach: We display our listings billions of times a year. We
  guarantee to show your listing more than a half million times a year.

* Cost-Effectiveness: This is the least expensive advertising you will
  ever buy. You want to bring lots of potential customers to your site in
  a cost-effective way. TopSites-us does exactly that!

* Highly Targeted Leads: TopSites-us reaches customers when they are
  searching for what you are selling. That means high sales and low costs.
  More visitors become customers!

* Highest Return on Investment: Independent research confirms that you
  get the highest ROI from online listings like TopSites-us. E-mail,
  banners and other forms of online advertising all have a lower ROI. And
  unlike direct mail, you pay nothing for mailing lists, printing or
  postage. No media buy returns better results than TopSites-us.

* No-Risk: Cancel your listing any time for any reason--no questions
  asked!

* Hassle-Free: Change your listing anytime or even move it to a
  different category--for free--and your changes will instantly appear in
  the directory

�
FREQUENTLY ASKED QUESTIONS
�
Can I change my listing?
You can change your listing now or later. You can rewrite the headline
and description before renewing. You can change the URL too�even to
another website. Once we receive payment, we will send you instructions
on how to change your listing whenever you like. (There is no charge to
do this.)

Can I change my category?
Can I list my site in additional categories?
Can I list other sites too?
You can list as many sites in as many categories as you like. Each
listing costs only $5 per month per category. Just go to
www.topsites-us.com. Click on the category links until you find the one
you want (or search on your keywords). Click on the Add My Site link.
Then type your listing. If your old listing was in the wrong category,
you can click unsubscribe to cancel it.

How much does a listing cost?
Can I renew for free?
It costs $5 a month to list your site in TopSites. We no longer offer
any free listings. We will bill you $60 for 12 months. There are no
additional costs. You can change your listing as often as you like for
free. You can cancel your listing anytime and we will refund your
remaining money.

How do I pay?
You can pay with a U.S. check, money order or bank draft. Or you can pay
by Visa, MasterCard, American Express and Discover Card. Simply select
the option you prefer on the renewal form. (Unfortunately, we cannot
cash overseas checks at this time.)

How much did we pay to be listed?
Originally you could not buy a listing--you had to wait for our editors
to select you as one of the top sites in your category.

Do we have a contract with you?
We do not ask our customers to sign contracts for a $5 a month service.

Can you call me and tell me more?
We are happy to answer all your questions by email but we do not contact
our customer by phone at this time. Sorry.

Can I still renew after your deadline?
We give our customers a month to renew so do not worry too much about the deadline.

How do I see my listing? I could not find it when I searched.
You can go to www.topsites-us.com and click on the categories until you
get to /Top/Computers/Consultants/Unix_Systems/Linux/Oceania.

You can also see it at www.topsites-us.com by entering two or more
keywords from your listing into our search form. Since we have more than
three million listings, you probably will not find your listing by
searching on only one word. And you definitely will not find it if you
search on words that are not in your listing.

What keywords display my listing?
How do I change them?
Every word in your listing is a keyword. Anytime someone searches on two
or more words in your listing, we will display it. The only way to
change your keywords is to change the headline or description of your
listing.

How many search engines will we be listed at?
You listing will appear at all search engines in Internet Explorers
Search window whenever the Internet Explorer tool users do a search.

How much traffic did you send us last year? We do not know. Sorry. We
are working on adding this feature.

..for more answers go to:
http://topsites-us.com/faq/index.htm?id=611582&d=pgts.com.au&op=cat&c=1

Ed: According to whois, Paul Thomas is the technical contact for
topsites-us.com. His address is supposedly:
	1300 Evans Avenue
	PO Box 7334 - 101591
	San Francisco, CA 94120-7334

If anyone is foolish enough to send him money. I urge you to stop doing
it. Send it to me! In return I'll give you the benefit of some very good
advice (e.g. don't send money to spammers!).

For a previous sample of Paul's work see Last Month's Feedback.

Back To Index

SPAM: Spam from Peter Kurz (Germany)

This spam is similar to the spam which purported to be from mannis@firemail.de. There is a domain called firemail.de, however this e-mail was sent from a dial-in address owned by Deutsche Telekom AG.

From theyellow@firemail.de Thu Apr 17 18:25:53 2003
Return-Path: <theyellow@firemail.de>
Received: from server1 (pD953068E.dip.t-dialin.net [217.83.6.142])
	by pgts04.xxxx.com.au (8.11.6/8.11.6) with ESMTP id h3H8PpP23178
	for <info@xxxx.com.au>; Thu, 17 Apr 2003 18:25:52 +1000 (EST)
	(envelope-from theyellow@firemail.de)
Received: from mail pickup service by server1 with Microsoft SMTPSVC;
	 Thu, 17 Apr 2003 09:54:22 +0200
From: theyellow@firemail.de
To: info@xxxx.com.au
Subject: Submit to YELLOW PAGES
Date: Fri, 11 Apr 2003 12:14:15 +0200
MIME-Version: 1.0
Content-Type: text/plain;
	charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Unsent: 1
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <021d32254071143SERVER1@server1>
Status: RO
Content-Length: 2326
Lines: 75

We have changed our address.
We invite you to submit your Company to YELLOW PAGES INTERNATIONAL
To place your datas in our BUSINESS YELLOW PAGES

Click on link:

http://%32%312.184.71.244:345/register.php

To place your datas in our TRAVEL YELLOW PAGES

Click on link:

http://%32%312.184.71.246:345/register.php

Regards
YELLOW PAGES

If someone has misused our programm or to unsubscribe click on link below

http://%32%312.184.71.244:345/email/delete.asp?mode=pgts.com.au

Ed: The HTML portion of this message has not been included. Note that
the URL has been obsfuscated with the string %32%312.184.71.246. I
presume that many GUI browsers (e.g. MSIE) will translate this into
212.184.71.246. There is a page at the specified URL of 212.184.71.246.
This page is very large and has a considerable amount of JavaScript. It
seems to be intended for collecting details to purchase a yellow pages
type directory listing. Details are as follows:

Title: Register Page - TRAVEL Yellow - TRAVEL Yellow Pages - TRAVEL YELLOW - Peter Kurz
Server: Microsoft-IIS/4.0
X-Powered-By: PHP/4.2.2

Peter Kurz appears to be a customer of Deutsche Telekom AG, or a third
party that is their customer. He has rented a twenty-nine bit CIDR from
the Deutsche Telekom netblock starting at 212.184.71.240. Kurz' address
is listed in whois as:

	Schlossberg 19
	75175 Pforzheim
	GERMANY

His email address is listed as newcomer@firemail.de. Although there is
no evidence to show that he is the originator, it appears that he has
commissioned and/or instigated this spam. I sent an abuse notification
to Deutsche Telekom AG.

On 07-May-2003, I received a communication from Deutsche Telekom:
________________________________________

- English Version -
Dear Sir or Madam

We received and analysed your e-mail.
The causer is a customer of  T-Online.
Therefore we sent your complaint to

T-Online International AG
mailto:abuse (at) t-online.de
Tel.: 06151/680-0
abuse-Team

       Kind regards
Deutsche Telekom AG
   Security Team Ulm

________________________________________

The site at 212.184.71.246 no longer appears to be operating.

Back To Index

SPAM: Jane Brooks -- pdhost.com again

From sender@cs-stats.com Wed Apr 30 13:26:22 2003
Return-Path: <sender@cs-stats.com>
Received: from localhost.localdomain ([218.246.33.39])
	by pgts04.xxxx.com.au (8.11.6/8.11.6) with ESMTP id h3U3QKP50386
	for <sales@xxxx.com.au>; Wed, 30 Apr 2003 13:26:21 +1000 (EST)
	(envelope-from sender@cs-stats.com)
Received: from  ()
	by  (8.12.5/8.12.5) with ESMTP id h3U3DLFv007778
	for <sales@xxxx.com.au>; Wed, 30 Apr 2003 11:29:27 +0800
Message-ID: <2243CR1000000226@p1j2m3a4.pdhost.com>
Date: Wed, 30 Apr 2003 11:17:58 +0800 (CST)
From: Jane Brooks <sender@cs-stats.com>
Reply-To: Jane Brooks <jane_brooks@coolstats.com>
To: sales@xxxx.com.au
Subject: www.pgts.com.au
Mime-Version: 1.0
Content-Type: multipart/alternative; boundary=2069543397.1051672678968.JavaMail.SYSTEM.emaserver2
X-EMA-CID: 10450268
X-EMA-LID:
X-EMA-PC: 0f4dc69ed2700
Status: O
Content-Length: 2682
Lines: 77

--2069543397.1051672678968.JavaMail.SYSTEM.emaserver2
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit

Hi,

I thought you might be interested in getting in-depth knowledge about
your web audience and web traffic patterns in a reliable and
cost-effective way.

Stop Guessing - Start Knowing!
- CoolStats measures web site traffic and online behavior of your visitors.
- CoolStats will help you understand how to optimize your site to meet
  the needs of your visitors.
- You get access to detailed, real-time statistical analysis of your web
  pages - 24 hours a day.
  Click at http://www.coolstats.com/viewdemo/index.html to view Online Demo.
- CoolStats is the ultimate real-time tracking solution for small and
  mid-sized businesses.
- 100% accuracy by measuring activity at the client, not via server based
  log files.
- The fee of $19.95 is minimal compared to what it would cost you to run
  a tracking service yourself!

Why CoolStats?
- no programming to do
- no servers to maintain
- no software applications to install

Special Offer! Now Only $19.95/month (Usual Price/$29.95).

Click at
http://p1j2m3a4.pdhost.com/pdsvr/www/r?1000000226.2243.15.PvM+$k6BhgFmTu
to Sign Up now!

Promotion Code: JB5430
Submit this promotion code in the sign up form, and enjoy this special offer!

"We needed to make business sense out of our web visitor behavior -
CoolStats delivers first-class graphical reports that help us continuously
improve and optimize our website to match the requirements of our target
audience." BRYAN KASHILIN, BOSTON

Click at http://www.coolstats.com/product/customerref.html to check what
other customers say about us!

For more information about our website tracking services, please visit our
website or contact me directly at the below email. I look forward to
hearing from you soon.

Best regards,
Jane Brooks
CoolStats Support
Email: jane_brooks@coolstats.com
http://www.coolstats.com

Don't be the last one to know!


-----------------------------------------------------------------------
This message has been brought to sales@xxxx.com.au.
If you do not wish to receive anymore emails, please follow
the opt-out instruction below. We apologize for any inconvenience.
http://p1j2m3a4.pdhost.com/pdsvr/www/r?1000000226.2243.3.CuAjiRZDxReYGX
--2069543397.1051672678968.JavaMail.SYSTEM.emaserver2
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: 7bit

Ed: The host p1j2m3a4.pdhost.com is once again mentioned in an e-mail.
Whois lists the following entry:
      PD Host Inc
      Domain Admin
      Vanterpool Plaza, 2nd Floor, Wickhams CAY I
      Road Town,
      VG
T

Back To Index