posted on June 17, 2001 10:31:33 AM
Hello guys. This is going to be a long one.
The important part of this email is this section which shows the address of the sender: Received: from sx2 206.190.224.12 by sx2.paid4survey.net with Microsoft SMTPSVC(5.0.2195.1600);
Here is the traceroute for 206.190.224.12:
1 206.117.161.1 (206.117.161.1) 0.556 ms 0.790 ms
2 isi-acg.ln.net (130.152.136.1) 2.297 ms 2.90 ms
3 usc-isi-atm.ln.net (130.152.128.2) 3.348 ms 3.52 ms
4 fa-0-0-0.a01.lsanca01.us.ra.verio.net (209.189.66.65) 3.649 ms 3.672 ms
5 ge-6-2-0.r00.lsanca01.us.bb.verio.net (129.250.29.126) 3.750 ms 3.407 ms
6 p4-1-3-0.r01.snjsca03.us.bb.verio.net (129.250.2.113) 10.969 ms 11.213 ms
7 p16-3-0-0.r04.snjsca03.us.bb.verio.net (129.250.2.62) 10.819 ms 11.1 ms
8 p4-0-1-0.r00.scrmca01.us.bb.verio.net (129.250.3.34) 15.316 ms 15.291 ms
9 uunet.r00.scrmca01.us.bb.verio.net (129.250.9.98) 16.398 ms 15.744 ms
10 0.so-2-0-0.XL1.SAC1.ALTER.NET (152.63.52.250) 15.568 ms 15.521 ms
11 0.so-4-0-0.XR1.SAC1.ALTER.NET (152.63.53.242) 18.354 ms 17.707 ms
12 0.so-0-0-0.TR1.SAC1.ALTER.NET (146.188.144.146) 15.434 ms 15.731 ms
13 127.ATM4-0.IR1.SAC1.ALTER.NET (152.63.11.66) 16.756 ms 16.475 ms
14 POS2-0.IR1.SAC2.ALTER.NET (137.39.31.189) 16.349 ms 16.486 ms
15 335.ATM8-0-0.TR1.HKG2.Alter.net (210.80.48.65) 168.434 ms 0.T3-4-0-0.XR2.SYD2.Alter.net (210.80.48.93) 171.689 ms
16 POS1-0-0.XR1.HKG2.Alter.Net (210.80.48.22) 177.717 ms 164.989 ms
17 311.ATM0-0-0.GW3.HKG2.Alter.Net (210.80.3.186) 185.559 ms 185.16 ms
18 202.130.160.10 (202.130.160.10) 173.376 ms 175.665 ms
19 202.64.106.66 (202.64.106.66) 180.504 ms 178.213 ms
20 rsm2-vl1.pacific.net.hk (202.64.33.4) 174.797 ms 166.375 ms
21 sx2.paid4survey.net (206.190.224.12) 171.362 ms 178.772 ms
This end is where the people you're tracerouting to live
These are the two addresses used by sx2.paid4survey.net:
206.190.224.12 (sx2.paid4survey.net
206.190.224.11
WHOIS : sx2.paid4survey.net
Addresses: 206.190.224.12
Official name: sx2.paid4survey.net
Metropolitan Internet Backbone Exchange Inc. (NETBLK-MIBX)
31 N. Second St., ste 100
San Jose, CA 95113
US
Registrant:
You No-Nonsense Network, Inc (YNNMAIL-DOM)
31 N. Second St., Ste 100
San Jose, CA 95113
US
Domain Name: YNNMAIL.COM
Administrative Contact, Technical Contact:
YNN Support (YS5-ORG) [email protected]
YNN
31 N. Second St., Ste 300
San Jose, CA 95113
US
408-280-2011
Fax: 408-280-2066
Billing Contact:
Account Payable (AP198-ORG) [email protected]
YNN
31 N. Second St., Ste 300
San Jose, CA 95113
US
408-280-2011
Fax: 408-280-2066
Record last updated on 04-Apr-2001.
Record expires on 01-Aug-2001.
Record created on 31-Jul-1997.
Database last updated on 16-Jun-2001 08:05:00 EDT.
Record last updated on 23-Mar-2001.
Database last updated on 15-Jun-2001 22:59:59 EDT.
YNNMAIL.COM is registered to Simon Chan and is located in San Jose, California I think that's a strange coincidence.
I traced the #10 through #20 addresses from the original traceroute and they all originate from a Hong Kong service provider named Hong Kong Supernet LTD. and registered to Charles Liu. All of the addresses are registered to the same ISP. UUNET, MBIX and YYNMAIL are all known as Spam offenders. As a matter of fact, I have blocked UUNET totally from accessing my email account.
Whois Search results for ' 202.64.106.66'...
Links to other registries are highlighted.
% Rights restricted by copyright. See http://www.apnic.net/db/dbcopyright.html
inetnum: 202.64.0.0 - 202.64.255.255
netname: PI-HK
descr: Hong Kong Supernet Ltd
descr: Clear Water Bay, Kowloon
country: HK
admin-c: CL192-AP
tech-c: CL192-AP
remarks: service provider
mnt-by: APNIC-HM
mnt-lower: MAINT-HKSUPER-AP
changed: [email protected] 19971128
changed: [email protected] 20000619
source: APNIC
SEARCH RESULTS FOR CL192-AP
person: Charles Liu
address: Unit 573, HITEC
address: 1 Trademart Drive
address: Kowloon Bay
address: Hong Kong.
phone: +852 2335 3624
fax-no: +852 2335 4520
e-mail: [email protected]
nic-hdl: CL192-AP
notify: [email protected]
mnt-by: MAINT-HKSUPER-AP
changed: [email protected] 20000619
source: APNIC
person: Charles Liu
address: Unit 573, HITEC
address: 1 Trademart Drive
address: Kowloon Bay
address: Hong Kong.
phone: +852 2335 3624
fax-no: +852 2335 4520
e-mail: [email protected]
nic-hdl: CL192-AP
notify: [email protected]
mnt-by: MAINT-HKSUPER-AP
changed: [email protected] 20000619
source: APNIC
The email appears to have originated in Hong Kong and then was routed through yynmail.com which is located in San Jose. The odd part about this email is the Great Collections banner which I believe is old since the name has been changed to eBay Premier. I didn't receive this email and so I don't know what the banner looked like or if it was a "click" link. If it was a "click" link then it makes no sense for someone to use this banner without eBay's permission since eBay is the one who pays the affiliate through Microsoft's ClickTrade technology and their bCentral Business to Business portal.
QUOTE
Clicktrade™, which is part of the Microsoft owned Link Exchange empire, make the set-up of these programs very simple. To track your sales and relate them to the correct affiliate requires a little bit of extra code in the final payment pages of the shopping cart.
Before you can do anything you need to register with Clicktrade at their website. They will issue you with an Account ID which is required for the link.
ClickTrade / Earning Revenue
As an affiliate partner, you can earn revenue from advertisers on a pay per lead or sale basis. Regardless of the payment model, you direct traffic to a marketer's site by displaying a marketer's link on your site.
Pay per lead: You get paid for each visitor that provides requested information to the marketer on the marketer's site. For example, the visitor fills out a form or downloads trial software.
Pay per sale: You get paid for each visitor that purchases a specific product(s) on the marketer's site.
As an affiliate partner using ClickTrade, you receive the full amount specified by the advertiser. Use of the service is free.
END QUOTE
QUOTE
What is a payout rate?
The Revenue Avenue directory listings include programs managed by our ClickTrade service—for example, the bCentral affiliate program—and by advertisers themselves— for example, Amazon.com. For the programs managed by ClickTrade, the referrals are tracked as follows:
A surfer clicks on an affiliate program link on a partner's site.
The surfer is sent to the advertiser's site via a redirection on the ClickTrade system. To the surfer this appears as a direct link to the advertiser. At this point a cookie is set with the surfer.
Sale The surfer continues through the advertiser's site, selects products to purchase, and completes the online ordering process. After the surfer completes the ordering process, the final or exit page contains an invisible tracking image that is served from a ClickTrade server. When the tracking image is loaded, we read the cookie set with the surfer plus the necessary sales information, and we store this information in the database.
Lead The surfer continues through the advertiser's site and performs an action on the site—for example, signs up for a newsletter or downloads trial software. Once the surfer has completed this process, the final or exit page contains an invisible tracking image that is served from a ClickTrade server. When the tracking image is loaded, we read the cookie that was set and store this information in the database
END QUOTE
I guess everyone will have to come to their own conclusions concerning eBay's involvement with this Spam. There's no way to find out who actually sent it using yynmail.com because I doubt they will give out that info but there's no question that many of the eBay users have been targeted for this survey. If you wish to lodge a complaint send it to [email protected] or [email protected]. They don't really tell you how to make a complaint on their website http://www.ynnmail.com but I did notice that their Privacy Policy link wasn't working. LOL
posted on June 17, 2001 10:44:09 AM
I am suspicious of this spam. Ebay reps were interviewed the other day in a Congressional hearing on cybercrime/spam and took a hard line on the record AGAINST spamming/spammers. This may be an attempt by the spammers to hit back at ebay, by antagonizing ebay sellers/bidders and trying to make ebay out to look like a spammer. SpampCop has had similar things done to it by vengeful spammers.
posted on June 17, 2001 10:48:02 AM
One other thing about addresses coiming off ebay. The spammer sending this is probably using a CD of addresses harvested off ebay, SPECIFICALLY. I had one spammer try to sell me a CD of several million names taken off ebay a few months back.
posted on June 17, 2001 10:52:50 AM
If this is coming from a spammer out of Hong Kong, why not forward the info to safeharbor to give them the heads-up for possible legal action, or at least to possibly forward to the govt. in case of further hearings/investigations.
posted on June 17, 2001 10:58:32 AM
Hi Collegepark. I think it would be a good idea to send this info to SafeHarbor but I can't do it because I didn't receive this particular Spam. If someone else who received the email wants to send in the traceroutes and any other info I've provided in this post, they are welcome to do so.
...