Joe Wein
Fighting spam and scams
on the Internet

Home / Blog / About us
Spam
419/Nigeria
Online fraud
jwSpamSpy
Contact

Email Spam Filter:
 jwSpamSpy
Try it for free!

Google
 

hotsalza.com porn spam abusing our email addresses as fake sender

On May 28 we started receiving bounces for porn spam advertising the domain hotsalza.com. The bounces were delivered to us because the sender address in each spam was one of our email addresses (we have seen more than one address being used). The spams had been send using several hosts in Belgium and other countries. Below is a typical example. A similar spam involving the domain watchsound.com abused our address about one week earlier. 

Received: from compuserve.com ([62.112.174.34] RDNS failed) 
	by mail.jfminc.com with Microsoft SMTPSVC(5.0.2195.6713);
	Fri, 28 May 2004 15:50:52 -0500
Date: Sat, 29 May 2004 11:56:34 +0000
From: Ourname <ourname@ourdomain>
Subject: RE: Hi Ajudge
To: Ajudge <ajudge@laka.com>
References: <ICA58G77IF8J25G2@laka.com>
In-Reply-To: <ICA58G77IF8J25G2@laka.com>
Message-ID: <7DE165A6D79K06AJ@ourdomain>
Reply-To: Jra <jra@quik.com>
MIME-Version: 1.0
Content-Type: text/html; charset=Windows-1251
Content-Transfer-Encoding: 8bit
Return-Path: ourname@ourdomain
X-OriginalArrivalTime: 28 May 2004 20:50:54.0384 (UTC) FILETIME=[77FB2300:01C444F5]

Hello Ajudge!<BR><BR>
Here is the cool adult website you were asking:<BR>
<a href="http://www.hotsalza.com/at/1/3/view.html">ASS TRAFFIC</a><BR><BR>
username: Thomas<BR>
password: mynewpass<BR><BR>
regards from Finland<BR>Thomas ajudge@laka.com

We have seens bounces from spams originating from the following hosts:

  • 62.112.174.34 - online.be (Belgium)
  • 203.151.216.3 - inter.net.th (Thailand)

The spamvertized domain hotsalza.com was registered by a company in Panama: 

Domain Name: HOTSALZA.COM 

Registrant:
    Lightstream Multimedia Ltd.
    Lightstream Multimedia Ltd.        (freagol@web.de)
    Avenida Fedrico Boyd Y Calle 51
    Apdo 702
    Panama City 7
    Republic of Panama,1544
    PA
    Tel. +1.5093510384

Creation Date: 03-Dec-2003  
Expiration Date: 03-Dec-2004

Domain servers in listed order:
    ns1.namedservers.com
    ns2.namedservers.com
    ns3.namedservers.com
    ns4.namedservers.com


Administrative Contact:
    Lightstream Multimedia Ltd.
    Lightstream Multimedia Ltd.        (freagol@web.de)
    Avenida Fedrico Boyd Y Calle 51
    Apdo 702
    Panama City 7
    Republic of Panama,1544
    PA
    Tel. +1.5093510384

Technical Contact:
    Lightstream Multimedia Ltd.
    Lightstream Multimedia Ltd.        (freagol@web.de)
    Avenida Fedrico Boyd Y Calle 51
    Apdo 702
    Panama City 7
    Republic of Panama,1544
    PA
    Tel. +1.5093510384

Billing Contact:
    Lightstream Multimedia Ltd.
    Lightstream Multimedia Ltd.        (freagol@web.de)
    Avenida Fedrico Boyd Y Calle 51
    Apdo 702
    Panama City 7
    Republic of Panama,1544
    PA
    Tel. +1.5093510384

We first received a spam advertising this domain on 2004-05-28 and added it to our published blacklist.

The hotsalza.com website is hosted by Chinatelecom, a notorious "bulletproof" webhoster. See the SPEWS evidence file.