Advanstar: Adding new IP ranges for spamming
This has to do with a spammer we already know (see previous posts 1 and 2). They’ve added another IP range. Meanwhile, the spam from the two previously identified ranges is continuing as well.
Spamming IP: 108.160.221.1
Spam headers:
Return-Path: <bounce_x-x@kmpsgroupbounce.com> Received: from e1.Advanstar.kmpsgroupbounce.com (e1.Advanstar.kmpsgroupbounce.com [108.160.221.1]) by x (8.14.4/8.14.4) with ESMTP id x for <x>; Thu, 29 Mar 2012 18:4x:xx +0300 DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=key3pharmsci2; d=pharmsci2.com; h=From:To:Reply-To:Date:Subject:Message-ID:MIME-Version:Content-Type; i=pharmsci@pharmsci2.com; bh=Xba/4neQowsvp5g/xInbgEZtNMI=; b=WZii8ItvpjDYRMBqtzd4K4s9v+M0PARAokDTLTp/CUH+AslU/7qDUiXvQQlZrdDXAAmXfEkDhy3C agPYeYIKPg== DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=key3pharmsci2; d=pharmsci2.com; b=nfBu1j/xwaXtbECSboFNfmp0jBuzUUAMubFBHUgUh3W296Tu+5qUHhV5sX7lML174md9NtHT9rTO rt58RAr31A==; Received: from blastengine.enterprisecommunicationnetwork.com (216.17.41.129) by e1.Advanstar.kmpsgroupbounce.com id x for <x>; Thu, 29 Mar 2012 10:4x:xx -0500 (envelope-from <bounce_x-x@kmpsgroupbounce.com>) X-Port25-MtaID: Advanstar_MTA X-Port25-SendID: x X-Port25-ListID: x X-Sender: bounce_x-x@kmpsgroupbounce.com X-Mailer-Address: x X-Receiver: x From: "LCGC Group" <pharmsci@pharmsci2.com> To: x <x> Reply-To: pharmsci@pharmsci2.com Date: Thu, 29 Mar 2012 15:4x:xx GMT Subject: Your chance to win an iPad3 with LCGC Europe X-Mailer: ECN Communicator 5.1 X-RCPT-TO: <x> Message-ID: <x.x@enterprisecommunicationnetwork.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="_=communicator=_x"
Human-readable spam contents:
Win an Apple iPad3 with LCGC Group
For your chance of winning an iPad 3 with LCGC Group,
simply click here http://www.snapsurveys.com/swh/surveylogin.asp?k=x
and complete the following Food Testing & Safety Survey.Closing date for completed surveys is 6 April 2012.
Good luck!
LCGC GROUP
—————
This email was sent to x by pharmsci@pharmsci2.com. To ensure delivery of emails to your
inbox, please add pharmsci@pharmsci2.com to your address book or safe sender list.
Learn more. http://www.ecn5.com/addContacts/addContacts.html?frem=pharmsci@pharmsci2.com.
If you are having trouble viewing this email, go here: http://emailactivity.ecn5.com/engines/publicPreview.aspx?blastID=x&emailID=xUnsubscribe to future emails: http://emailactivity.ecn5.com/engines/websubscribe.aspx?e=x&g=x&b=x&c=x&s=U&f=html
Report Abuse: http://emailactivity.ecn5.com/engines/reportspam.aspx?p=x,x,x,x,xPrivacy policy: http://www.advanstar.com/privacy-policy
Advanstar Communications provides certain customer contact data (such as customers’ names, addresses, phone numbers and e-mail addresses) to third parties who wish to promote relevant products, services and other opportunities which may be of interest to you. If you do not want Advanstar Communications to make your contact information available to third parties for marketing purposes, simply call (toll free) 1-866-529-2922 at any time, or fax us at 1-218-740-6417. Outside the U.S., please phone 1-218-740-6395.
Contact us by mail at Advanstar Communications Inc., 131 West First St., Duluth, MN 55802-2065, USA.
Spamming netblock WHOIS:
NetRange: 108.160.208.0 - 108.160.223.255 CIDR: 108.160.208.0/20 OriginAS: NetName: TEAMKM NetHandle: NET-108-160-208-0-1 Parent: NET-108-0-0-0-0 NetType: Direct Assignment Comment: http://www.teamKM.com RegDate: 2011-10-14 Updated: 2012-03-02 Ref: http://whois.arin.net/rest/net/NET-108-160-208-0-1 OrgName: Knowledge Marketing, LLC. OrgId: KML-19 Address: 3650 Annapolis Lane City: Plymouth StateProv: MN PostalCode: 55447 Country: US RegDate: 2011-09-23 Updated: 2011-09-23 Comment: www.knowledgemarketing.com Ref: http://whois.arin.net/rest/org/KML-19 OrgAbuseHandle: ANDER88-ARIN OrgAbuseName: Anderson, Pete OrgAbusePhone: +1-763-746-2785 OrgAbuseEmail: pete.anderson@teamkm.com OrgAbuseRef: http://whois.arin.net/rest/poc/ANDER88-ARIN OrgNOCHandle: ANDER88-ARIN OrgNOCName: Anderson, Pete OrgNOCPhone: +1-763-746-2785 OrgNOCEmail: pete.anderson@teamkm.com OrgNOCRef: http://whois.arin.net/rest/poc/ANDER88-ARIN OrgTechHandle: ANDER88-ARIN OrgTechName: Anderson, Pete OrgTechPhone: +1-763-746-2785 OrgTechEmail: pete.anderson@teamkm.com OrgTechRef: http://whois.arin.net/rest/poc/ANDER88-ARIN
Spamming domain WHOIS:
Registrant: Tecknowledge Management 240 Fox Hollow Road Chanhassen, Minnesota 55417 United States Registered through: GoDaddy.com, LLC (http://www.godaddy.com) Domain Name: KMPSGROUPBOUNCE.COM Created on: 16-May-07 Expires on: 16-May-13 Last Updated on: 17-May-11 Administrative Contact: Crandall, Duane domain_admin@teckman.com Tecknowledge Management 240 Fox Hollow Road Chanhassen, Minnesota 55417 United States (763) 746-2785 Technical Contact: Crandall, Duane domain_admin@teckman.com Tecknowledge Management 240 Fox Hollow Road Chanhassen, Minnesota 55417 United States (763) 746-2785 Domain servers in listed order: NS1.LINODE.COM NS2.LINODE.COM NS3.LINODE.COM NS4.LINODE.COM NS5.LINODE.COM
Sender domain WHOIS:
Registrant: Advanstar Communications 131 W 1ST ST DULUTH, MN 55802 US Domain Name: PHARMSCI2.COM Administrative Contact, Technical Contact: Advanstar Communications jkrasaway@advanstar.com 131 W 1ST ST DULUTH, MN 55802 US 218-740-6332 fax: 218-740-7077 Record expires on 11-Jan-2017. Record created on 11-Jan-2012. Database last updated on 7-Apr-2012 01:32:39 EDT. Domain servers in listed order: NS1.ADVANSTAR.COM 67.98.26.1 NS2.ADVANSTAR.COM 12.168.192.165
Unsub domain WHOIS:
Registrant: Teck Management, Inc 14505 21st Ave N Suite 210 Plymouth, MN 55447 US Domain Name: ECN5.COM Administrative Contact, Technical Contact: Teck Management, Inc domain_admin@teckman.com 14505 21st Ave N Suite 210 Plymouth, MN 55447 US 763-746-2780 fax: 999 999 9999 Record expires on 14-Jan-2013. Record created on 14-Jan-2005. Database last updated on 7-Apr-2012 01:32:45 EDT. Domain servers in listed order: NS1.LINODE.COM NS2.LINODE.COM NS3.LINODE.COM NS4.LINODE.COM NS5.LINODE.COM