--- Begin Message ---
Ya, I used to work at rackshack, which got renamed to ev1servers.net.
Basically, they have something like 15,000 to 20,000 nodes on the
network, each a server. Some are gaming server, hosting, etc. It's your
basic server leasing setup, but cheap.
On that note, I would not take any kind of connotations from the fact
that the domain name has ev1servers.net in it's whois as contact
information. This is a very poor way of finding out what is actually
going on here. So instead, I did some investigating:
/*********Start whois info
Domain Name: ELIZABETHRICHSON.COM
Registrar: TUCOWS, INC.
Whois Server: whois.opensrs.net
Referral URL: http://domainhelp.tucows.com
Name Server: NS1.INTERCOM.COM.CN
Name Server: NS.INTERCOM.COM.CN
Status: ACTIVE
Updated Date: 18-dec-2003
Creation Date: 18-dec-2003
Expiration Date: 18-dec-2004
Registration Service Provider:
Everyones Internet, [EMAIL PROTECTED]
http://www.ev1servers.net
Registrars.
Registrant:
apple
2198 Apple dr.
Columbus, OH 43212
US
Domain name: ELIZABETHRICHSON.COM
Administrative Contact:
Johnson, Muliya [EMAIL PROTECTED]
2198 Apple dr.
Columbus, OH 43212
US
410-678-8768
Technical Contact:
Customer Service, EV1 Servers [EMAIL PROTECTED]
2600 SW Freeway
Suite 500
Houston, Texas 77098
US
+1.7133337873 Fax: +1.7139429332
Registrar of Record: TUCOWS, INC.
Record last updated on 18-Dec-2003.
Record expires on 18-Dec-2004.
Record created on 18-Dec-2003.
Domain servers in listed order:
NS.INTERCOM.COM.CN
NS1.INTERCOM.COM.CN
**********Stop whois info******/
I usually wouldn't bore you with details, but I am going to assume here
that you may forward this to other individuals, so this needs to be
explained. There are multiple portions to a whois. There is the contact
information, which can be forged, and then there is everything else.
This whois is not forged. The only reason ev1servers is even in this,
is because they were where this domain was registered (ev1servers would
be called a registrar in this situation). Customer service is far from
a technical contact, by the way.
On to the good and juicy information. We have the legit dns server
information, and the expiration date, registration date, etc. It just
so happens that I follow what happens with my past employer, so I can
tell you they had a rather cheap domain registration sale going on,
something like 5 bucks a domain, This attracts unmentionables, and also
good people, etc.
Anyhow, on to the next portion of the investigation:
/***********ip address information
kermit:~ chris$ ping ELIZABETHRICHSON.COM
PING elizabethrichson.com (211.152.14.68): 56 data bytes
64 bytes from 211.152.14.68: icmp_seq=0 ttl=103 time=542.901 ms
^C
--- elizabethrichson.com ping statistics ---
3 packets transmitted, 1 packets received, 66% packet loss
round-trip min/avg/max = 542.901/542.901/542.901 ms
kermit:~ chris$ whois -h whois.arin.net 211.152.14.68
OrgName: Asia Pacific Network Information Centre
OrgID: APNIC
Address: PO Box 2131
City: Milton
StateProv: QLD
PostalCode: 4064
Country: AU
ReferralServer: whois://whois.apnic.net
NetRange: 210.0.0.0 - 211.255.255.255
CIDR: 210.0.0.0/7
NetName: APNIC-CIDR-BLK2
NetHandle: NET-210-0-0-0-1
Parent:
NetType: Allocated to APNIC
NameServer: NS1.APNIC.NET
NameServer: NS3.APNIC.NET
NameServer: NS.RIPE.NET
NameServer: TINNIE.ARIN.NET
NameServer: DNS1.TELSTRA.NET
Comment: This IP address range is not registered in the ARIN
database.
Comment: For details, refer to the APNIC Whois Database via
Comment: WHOIS.APNIC.NET or http://www.apnic.net/apnic-bin/whois2.pl
Comment: ** IMPORTANT NOTE: APNIC is the Regional Internet Registry
Comment: for the Asia Pacific region. APNIC does not operate networks
Comment: using this IP address range and is not able to investigate
Comment: spam or abuse reports relating to these addresses. For more
Comment: help, refer to http://www.apnic.net/info/faq/abuse
Comment:
RegDate: 1996-07-01
Updated: 2004-01-21
OrgTechHandle: AWC12-ARIN
OrgTechName: APNIC Whois Contact
OrgTechPhone: +61 7 3858 3100
OrgTechEmail: [EMAIL PROTECTED]
# ARIN WHOIS database, last updated 2004-02-04 19:15
# Enter ? for additional hints on searching ARIN's WHOIS database.
kermit:~ chris$
*********end ip address information*******/
So here I have found out the ip address of the domain, and also found
out the information about the ip address. It seems that we have someone
from the asia pacific area, at least on ip address assignment.
/*******Dig information******
kermit:~ chris$ dig @ns1.ev1servers.net ELIZABETHRICHSON.COM any
; <<>> DiG 9.2.2 <<>> @ns1.ev1servers.net ELIZABETHRICHSON.COM any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57358
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;ELIZABETHRICHSON.COM. IN ANY
;; ANSWER SECTION:
ELIZABETHRICHSON.COM. 172800 IN NS ns.intercom.com.cn.
ELIZABETHRICHSON.COM. 172800 IN NS ns1.intercom.com.cn.
;; AUTHORITY SECTION:
ELIZABETHRICHSON.COM. 172800 IN NS ns.intercom.com.cn.
ELIZABETHRICHSON.COM. 172800 IN NS ns1.intercom.com.cn.
;; Query time: 79 msec
;; SERVER: 207.218.245.135#53(ns1.ev1servers.net)
;; WHEN: Wed Feb 4 23:11:24 2004
;; MSG SIZE rcvd: 116
kermit:~ chris$ dig @ns1.intercom.com.cn ELIZABETHRICHSON.COM any
; <<>> DiG 9.2.2 <<>> @ns1.intercom.com.cn ELIZABETHRICHSON.COM any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61885
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 0
;; QUESTION SECTION:
;ELIZABETHRICHSON.COM. IN ANY
;; ANSWER SECTION:
ELIZABETHRICHSON.COM. 172800 IN NS ns.intercom.com.cn.
ELIZABETHRICHSON.COM. 172800 IN NS ns1.intercom.com.cn.
;; AUTHORITY SECTION:
ELIZABETHRICHSON.COM. 172800 IN NS ns.intercom.com.cn.
ELIZABETHRICHSON.COM. 172800 IN NS ns1.intercom.com.cn.
;; Query time: 63 msec
;; SERVER: 211.152.53.3#53(ns1.intercom.com.cn)
;; WHEN: Wed Feb 4 23:11:56 2004
;; MSG SIZE rcvd: 116
kermit:~ chris$ dig @ns1.intercom.com.cn ELIZABETHRICHSON.COM any
; <<>> DiG 9.2.2 <<>> @ns1.intercom.com.cn ELIZABETHRICHSON.COM any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23949
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;ELIZABETHRICHSON.COM. IN ANY
;; ANSWER SECTION:
ELIZABETHRICHSON.COM. 172800 IN NS ns1.intercom.com.cn.
ELIZABETHRICHSON.COM. 172800 IN NS ns.intercom.com.cn.
;; AUTHORITY SECTION:
ELIZABETHRICHSON.COM. 172800 IN NS ns1.intercom.com.cn.
ELIZABETHRICHSON.COM. 172800 IN NS ns.intercom.com.cn.
;; ADDITIONAL SECTION:
ns.intercom.com.cn. 85269 IN A 211.99.207.229
ns1.intercom.com.cn. 77546 IN A 211.152.53.3
;; Query time: 64 msec
;; SERVER: 211.152.53.3#53(ns1.intercom.com.cn)
;; WHEN: Wed Feb 4 23:25:38 2004
;; MSG SIZE rcvd: 148
kermit:~ chris$ dig @ns1.intercom.com.cn ELIZABETHRICHSON.COM mx
; <<>> DiG 9.2.2 <<>> @ns1.intercom.com.cn ELIZABETHRICHSON.COM mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 51494
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;ELIZABETHRICHSON.COM. IN MX
;; AUTHORITY SECTION:
ELIZABETHRICHSON.COM. 86400 IN SOA
ns.ELIZABETHRICHSON.COM. root.ns.ELIZABETHRICHSON.COM. 2001100102 28800
7200 604800 86400
;; Query time: 521 msec
;; SERVER: 211.152.53.3#53(ns1.intercom.com.cn)
;; WHEN: Wed Feb 4 23:25:53 2004
;; MSG SIZE rcvd: 82
kermit:~ chris$
kermit:~ chris$ dig @elizabethrichson.com elizabethrichson.com any
; <<>> DiG 9.2.2 <<>> @elizabethrichson.com elizabethrichson.com any
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34788
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 2, ADDITIONAL: 2
;; QUESTION SECTION:
;elizabethrichson.com. IN ANY
;; ANSWER SECTION:
elizabethrichson.com. 164159 IN NS ns.intercom.com.cn.
elizabethrichson.com. 164159 IN NS ns1.intercom.com.cn.
elizabethrichson.com. 86399 IN A 211.152.14.68
;; AUTHORITY SECTION:
elizabethrichson.com. 164159 IN NS ns.intercom.com.cn.
elizabethrichson.com. 164159 IN NS ns1.intercom.com.cn.
;; ADDITIONAL SECTION:
ns.intercom.com.cn. 16099 IN A 211.99.207.229
ns1.intercom.com.cn. 21810 IN A 211.152.53.3
;; Query time: 22 msec
;; SERVER: 211.152.14.68#53(elizabethrichson.com)
;; WHEN: Wed Feb 4 23:27:25 2004
;; MSG SIZE rcvd: 164
kermit:~ chris$ dig @elizabethrichson.com elizabethrichson.com mx
; <<>> DiG 9.2.2 <<>> @elizabethrichson.com elizabethrichson.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2982
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;elizabethrichson.com. IN MX
;; AUTHORITY SECTION:
elizabethrichson.com. 10800 IN SOA
ns.elizabethrichson.com. root.ns.elizabethrichson.com. 2001100102 28800
7200 604800 86400
;; Query time: 353 msec
;; SERVER: 211.152.14.68#53(elizabethrichson.com)
;; WHEN: Wed Feb 4 23:27:35 2004
;; MSG SIZE rcvd: 82
kermit:~ chris$
********end dig stuff********/
/*******Port scan info
[EMAIL PROTECTED]:~$ nmap -P0 elizabethrichson.com
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2004-02-04
23:35 CST
Interesting ports on echeckservice.com (211.152.14.68):
(The 1646 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
25/tcp open smtp
110/tcp open pop-3
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
1025/tcp open NFS-or-IIS
1026/tcp open LSA-or-nterm
1027/tcp open IIS
3372/tcp open msdtc
3389/tcp open ms-term-serv
4899/tcp open radmin
Nmap run completed -- 1 IP address (1 host up) scanned in 261.092
seconds
[EMAIL PROTECTED]:~$
***********End port scan info*******/
The only thing ev1servers has to do with this is that it is the
registrar. Obviously the other contact info is not legit either. You
can report domains on that, but I fail to remember where. And if it is
legit, well.. you guys can figure out what to do to someone who spams a
linux user groups email addy :D.
Christopher Forsythe
On Feb 4, 2004, at 10:11 AM, T. Joseph Carter wrote:
Didn't you say your domain was hosted by ev1?
From: Ben Barrett <[EMAIL PROTECTED]>
Date: February 4, 2004 2:29:57 AM CST
To: "The Eugene Unix and GNU/Linux User Group's mail list"
<[EMAIL PROTECTED]>
Subject: Re: [eug-lug]euglug.org ranked # 40 in Google for linux
training window
Reply-To: "The Eugene Unix and GNU/Linux User Group's mail list"
<[EMAIL PROTECTED]>
Ya! Egg on face. This has been going on for a while; google on her
name
gave these examples of similar situations:
old:
http://www.rcuniverse.com/forum/
Weird_spam_RCU_guys_with_website_should_look_out_for%25/m_1449911/
tm.htm
(RC hobbyists? ~2 years ago!)
just recent:
http://www.rb21.com/news/index.php/t/31489/0/ (tiki dev)
http://sourceforge.net/mailarchive/forum.php?
thread_id=3768760&forum_id=1471
(sax users)
The whois record shows this:
Registrant:
apple
2198 Apple dr.
Columbus, OH 43212
US
Domain name: ELIZABETHRICHSON.COM
Administrative Contact:
Johnson, Muliya [EMAIL PROTECTED]
2198 Apple dr.
Columbus, OH 43212
US
410-678-8768
Technical Contact:
Customer Service, EV1 Servers [EMAIL PROTECTED]
2600 SW Freeway
Suite 500
Houston, Texas 77098
US
+1.7133337873 Fax: +1.7139429332
isn't there some law...?
(d'oh)
but HEY, we're still cool. Yeah, we rock!
(d'oh)
On Tue, 3 Feb 2004 18:45:28 -0800
Ben Barrett <[EMAIL PROTECTED]> wrote:
| Cool news, but time for some sort of consensus here. I'd like to
know if
| she's running her site for-profit, or what ?? I don't want to see
our
| group become link-mavens for sites that get advert-based funding or
| otherwise are commercial. Does she know about LUGE, or the other LUG
| directory? Cool we R0X0R !!! #40 AO AO $) 40!
|
| congrats, people
|
|
| On Tue, 3 Feb 2004 15:46:45 -0800 (PST)
| Elizabeth Richson <[EMAIL PROTECTED]> wrote:
|
| | I'm a web master, and I was just searching Google for linux
training
| | window. I found your domain, euglug.org ranked 40, which is pretty
cool.
| |
| |
| | My site is all about Computers - Software, too . Maybe we should
link
| | up? I wouldn't be stealing any of your sales, because all I do is
write
| | informational articles...not selling anything on my site at all.
And
| | most of my visitors write back to say that they love the fact that
I
| | only write good, quality info. As a matter of fact, I've got a
pretty
| | loyal following of people that come back over and over again (they
use
| | the site as a reference), so if you link to me, you should get some
| | pretty good traffic from it -- which is always nice.
| |
| | Anyway, let me know if you'd like to swap links. I've already
linked to
| | you, and will keep it up there for a few days until I hear back.
Hope to
| | hear from you soon!
| |
| | Elizabeth Richson
| | RAC IM: 391574.
| |
| | _______________________________________________
| | EuG-LUG mailing list
| | [EMAIL PROTECTED]
| | http://mailman.efn.org/cgi-bin/listinfo/eug-lug
|
|
| --
| _______________________________________________
| EuG-LUG mailing list
| [EMAIL PROTECTED]
| http://mailman.efn.org/cgi-bin/listinfo/eug-lug
--
_______________________________________________
EuG-LUG mailing list
[EMAIL PROTECTED]
http://mailman.efn.org/cgi-bin/listinfo/eug-lug
--- End Message ---
