>...
>From: David B Funk <[EMAIL PROTECTED]>
>To: [EMAIL PROTECTED], [email protected]
>Subject: New redirector: www.nate.com
>...
>
>Ugg, just ran across another open redirector abused in spam
>
> www.nate.com/r/XY12/target.domain
>
>where XY12 seems to be any combination of 4 letters and digits.
>Looks like some Korean ISP thingie.
>
>--
>Dave Funk University of Iowa
><dbfunk (at) engineering.uiowa.edu> College of Engineering
>319/335-5751 FAX: 319/384-0549 1256 Seamans Center
>Sys_admin/Postmaster/cell_admin Iowa City, IA 52242-1527
>#include <std_disclaimer.h>
>Better is not better, 'standard' is better. B{
>
The domains:
nate.com-munged
gambia.com-munged (and actual ICANN listed registrar)
sktelecom.com-munged
KPPN.COM-munged
and KPPINC.COM-munged
all seem to be part of a group of spam support services run from
Korea. The true owner is hidden behind a set of legal shells. There do
not appear to be an legitimate customers (but for Jeff C.), but I have
not done a thorough enough investigation to say they for sure. I can
say they have been "seen" before and have listings against them.
Paul Shupak
[EMAIL PROTECTED]
P.S. The rfci whois listing for gambia.com-munged is one of my favorites,
because it is the only time I have seem that particular violation.
