Email Spam Filter:
jwSpamSpy
Try it for free!


About spam / "419" / Blog
jwSpamSpy
Recent spam domains
Spam domain blacklist

Software
Links
joewein.de
joewein.net
Contact
Google

 

watchsound.com porn spam abusing our email addresses as fake sender

On May 22 we started receiving bounces for porn spam advertising the domain watchsound.com. The bounces were delivered to us because the sender address in each spam was one of our email addresses (we have seen more than one address being used). The spams had been send using several hosts in China, Argentina, the United States and other countries. Below is a typical example. We don't know if our addresses were picked at random or if this is related to the fact that we fight spam. In December and February we were already the object of a Joe-Job attack.

Received: from compuserve.com (unknown [200.74.132.190])
	by mwinf3103.me.freeserve.com (SMTP Server) with SMTP id 7AE5D18001FA
	for <perki@ntfc2k.freeserve.co.uk>; Sat, 22 May 2004 09:29:17 +0200 (CEST)
Date: Sat, 22 May 2004 22:34:30 +0000
From: Joewein <joewein@pobox.com>
Subject: *** SPAM *** RE: Gussing Movies for Perki
To: Perki <perki@ntfc2k.freeserve.co.uk>
References: <8G5AL6D41D0G0957@ntfc2k.freeserve.co.uk>
In-Reply-To: <8G5AL6D41D0G0957@ntfc2k.freeserve.co.uk>
Message-ID: <KI94C2JG46LK29FB@pobox.com>
Reply-To: Joe <joe@interspeed.net>
MIME-Version: 1.0
Content-Type: text/html; charset=Windows-1251
X-me-spamlevel: med
X-me-spamrating: 99.335705
Content-Transfer-Encoding: quoted-printable

<HTML>
<HEAD>
<TITLE>Amazing</TITLE>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; charset=3Diso-885=
9-1">
</HEAD>
<BODY BGCOLOR=3D#FFFFFF LEFTMARGIN=3D0 TOPMARGIN=3D0 MARGINWIDTH=3D0 MARG=
INHEIGHT=3D0>
<center><BR>please wait ... loading message ...<BR>
<A href=3D"http://www.watchsound.com/gen_ads/gen_mail.php?grid=3D154&ape=3D=
gt2715">
<font size=3D5 color=3Dblue>Have you ever seen female ejaculation movies?=
<BR>They are 100% AUTHENTIC ! :)</font></a><BR><BR>
<TABLE BORDER=3D0 CELLPADDING=3D0 CELLSPACING=3D0>
<TR><TD>
<A href=3D"http://www.watchsound.com/gen_ads/gen_mail.php?grid=3D154&ape=3D=
gt2715">
<img src=3D"http://www.watchsound.com/gen_ads/gushing-movie_1/index_01.gi=
f" BORDER=3D0></A></TD>
</TR><TR><TD>
<A href=3D"http://www.watchsound.com/gen_ads/gen_mail.php?grid=3D154&ape=3D=
gt2715">
<img src=3D"http://www.watchsound.com/gen_ads/gushing-movie_1/index_02.jp=
g" BORDER=3D0></A></TD>
</TR><TR><TD>
<A href=3D"http://www.watchsound.com/gen_ads/gen_mail.php?grid=3D154&ape=3D=
gt2715">
<img src=3D"http://www.watchsound.com/gen_ads/gushing-movie_1/index_03.gi=
f" BORDER=3D0></A></TD>
</TR>
</TABLE><BR><BR><BR><BR><BR><BR><BR><BR><BR>
<a href=3D"http://www.watchsound.com/takemeoff">No thanks, please unsubsc=
ribe me...</a>
</center>
</BODY>
</HTML>

We have seens bounces from spams originating at the following hosts:

  • 202.149.216.149 - ttml.co.in (India)
  • 61.178.176.59 - public.lz.gs.cn (China)
  • 200.74.132.190 - att.net.co (Colombia)
  • 66.168.106.122 - charter.net
  • 24.215.148.47 - mindspring.com
  • 24.15.107.106 - comcast.net
  • 61.73.29.74 - kornet.net (Korea)
  • 24.238.130.51 - mindspring.com
  • 69.0.87.85 - swbell.com

The spamvertized domain watchsound.com was registered by a company in Taiwan:

Registrant:
 Ring Global Inc.
 121 Chung Shan North Road
 Taipei,  
 TW

 Domain name: WATCHSOUND.COM

 Administrative Contact:
    Lai, Sui  admin@ringglobal.com
    121 Chung Shan North Road
    Taipei,  
    TW
    +1.886225631243
 Technical Contact:
    Lai, Sui  admin@ringglobal.com
    121 Chung Shan North Road
    Taipei,  
    TW
    +1.886225631243


 Registrar of Record: TUCOWS, INC.
 Record last updated on 18-Mar-2004.
 Record expires on 12-Mar-2005.
 Record created on 12-Mar-2004.

 Domain servers in listed order:
    NS1.WATCHSOUND.COM   61.152.157.53
    NS2.WATCHSOUND.COM   61.152.157.53

The IP-address for this domain was blacklisted by Spamhaus.org on May 16, 2004.

We first received a spam advertising this domain on 2004-05-01 and added it to our published blacklist.

The watchsound.com website is hosted by Chinanet, Shanghai, a notorious "bulletproof" webhoster. See the SPEWS evidence file. Complaints to the hosting company are highly unlikely to have any effect.