A reconstruction of an old posting from almost 15 years ago:
Back in those days, the link was hxxp://www.spam-court.com/?q=node/39, we think a total reconstruction of the site will be a technological suffering too big for us.
Here we go:
Posted November 26th, 2006 by DucksInTwoRows
As usual the best background info is at spamhaus:
www.spamhaus.org/rokso/spammer/SPM818/imedia-networks Spamhaus info on Lindsay
When digging around a bit (reasons are spam for drugs and the usual free ipods and whatever free stuff) we found a lot of domains hosted in Lindsays space:
iMedia Networks Inc. IMEDIA (NET-65-182-128-0-1) 65.182.128.0 - 65.182.143.255 Siliconcompilersystemsinc.com SILICON-06 (NET-65-182-128-0-2) 65.182.128.0 - 65.182.131.255
Fits very good with this one: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL40389 That listing mentions subscriberbase, which we also found when following the spam for all the "free" stuff. Silicon compilersystems is a company that no longer exists. It was bought some time ago by another company and appears to have disappeared as a result of the process. So why does Lindsay own the netblock? What we also found where that most, if not all of the spam originated from various spaces related to transpath.net. One of the questions that naturally has to be asked is: Who is controlling transpath.net? Lindsay? Subscriberbase? Someone else? Several spammers? We do not have an answer to that. But some of the netblocks seems to have belonged to now defunct companies. Which fits the pattern regarding Lindsay/Silicon compilersystems.
whois -h whois.arin.net 'TRANSPATH' TransPath (TRANS-180) TransPath TRANSPATH (NET-64-239-224-0-1) 64.239.224.0 - 64.239.239.255 TransPath TRANSPATH (NET-64-239-224-0-1) 64.239.224.0 - 64.239.239.255 whois -h whois.arin.net 'TRANS-180' OrgName: TransPath OrgID: TRANS-180 Address: 1950 Stemmons Freeway Address: Suite 1039 City: Dallas StateProv: TX PostalCode: 75207 Country: US Comment: RegDate: 2005-08-24 Updated: 2006-02-09 AbuseHandle: NETWO965-ARIN AbuseName: Network Operations AbusePhone: +1-214-841-8900 AbuseEmail: noc@transpath.net AdminHandle: NETWO965-ARIN AdminName: Network Operations AdminPhone: +1-214-841-8900 AdminEmail: noc@transpath.net TechHandle: NETWO965-ARIN TechName: Network Operations TechPhone: +1-214-841-8900 TechEmail: noc@transpath.net
Last time we checked, 214-841-8900 was a payphone located outside MacDonalds at 5403 Ross Avenue in Dallas, Texas.
The drug spam is a different story. The domains are/were hosted in Lindsays space. The spam however comes from what seems to be open proxies/hijacked comps or whatever. With faked headers of course.
Now let's go back in time.
Back in 2005 Lindsay himself posted this to the specialham forum, title "RX Backend For Rent":
We have developed a robust UNIX-based backend for the Pharmacy industry which we are now making available to those needing a good, fast and secure back-end system. The cost for system is 4-5% of monthly gross sales, depending on volume. Features of system include: [for the rest, visit this link to spamhaus] Back in 2004, someone using the nick "mail solution" posted the following on specialham, title "BP hosting FAST 100% uptime": For more information and immediate service please contact Shawn, Email: shawn@fonestream.com Bullet Proof Hosting - providing you 100% uptime. Move your web site to Fonestream where you will not be shut down due to pressure from anti-spam organizations. We have been successfully hosting ecommerce websites for over 5 years. Let us help you make more money with fewer problems. Please review our Bullet Proof pricing plans below: We allocate a "bandwidth pipe" at the switch level at any of the following rates: 0.5 megabit = $950 mo 1 megabit = $1400 mo 1.5 megabit = $1,850 mo 2 megabit = $2,300 mo 2.5 megabit = $2,750 mo 3 megabits = $3,200 mo 4 megabits = $3,600 mo 5 megabits = $4,000 mo 7 megabits = $4,800 mo 10 megabits = $6,000 mo Other services available IP priced as needed DNS priced as needed Domain Registration priced as needed For more information and immediate service please contact Shawn, Email: shawn@fonestream.com Date 6/10/2004 4:18:17 PM
fonestream is Lindsay. Living in the Silicon space.
Note the price: 0.5 megabit = $950 mo
Now back to 2005 again (and again nicked from spamhaus):
mlindsay0912 I'm still new here... Posts: 3 Joined: 9/20/2005 Date 9/21/2005 11:13:41 AM RE: Want BP / Anon Domains ? We have BP Anon domains for $50 each. Immediate availability. Paypal is OK. michael@trixmail.com
Note the domain used: trixmail.com. And head over to spamhaus again.
The whois info has changed since, now trixmail.com appears to be registered to a Saundra Kinnaird. Well, still related to Lindsay:
www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4590
Now we jump forward to 2006. In September 2006 someone using the nick "Mailstream" posted the following on bulkerforum.biz, title "Bullet Proof Hosting":
Hosting that loads faster. Technical service that you can count on.Bullet Proof Hosting based in CA USA: We allocate a "bandwidth pipe" at the switch level at any of the following rates: Compliant sites: 0.5 megabit = $950 mo, (much more bandwidth available as needed) Non-compliant: off shore servers = $1,500 standard - $3,500 very Fast Please cocntact: steve@trixmail.com
"0.5 megabit = $950 mo", you noticed the price from another posting earlier?
Also note the "Non-compliant" part of it, we will come back to that one later (hopefully).
And the same guy also posted the following, title: "Direct Send Mail Servers":
Direct Send Mail Servers (Based in CA USA) Direct Send Email Servers $1,000 and up. no set up fee Reply Email Servers $400 and up. +100.00 setup fee DNS Servers $300 and up. +100 setup fee Our Mail servers are configured as: 1.8-2.4 P4 CPU or whatever you need 1 GIG PC2700RAM CD ROM Bandwidth 4meg., 30 IP's allocated per server, we can talk about more if needed. Please contact: steve@trixmail.com
Again someone uses the trixmail.com for mail. Which apparently is related to Lindsay. Somehow this is confirmed from other sources, someone is using emailaddresses like "andy@trixmail.com" and "andy@fonestream.com". Now you may say that there is a lot of andys out there. We are pretty confident it is the same guy. You have the clues, confirm it for yourself. There is something at trango5.com too, makes us wonder a bit about this one:
network:Class-Name:network network:ID:NET-XO-NET-435bcf00 network:Auth-Area:67.88.0.0/13 network:Network-Name:XO-NET-435bcf00 network:Organization;I:NETWORK OUTSOURCING, INC. (246684-1) network:IP-Network:67.91.207.0/24 network:Admin-Contact;I:XCIA-ARIN network:Tech-Contact;I:XCIA-ARIN network:Created:20060705 network:Updated:20060719 network:Updated-By:ipadmin@eng.xo.com
Someone is offering spammers both mailservers and hosting. The silicon hosting space is obviously a part of that solution, both for the socalled can-spam compliant guys and the illegal guys. And for the mailing part, spam has been seen coming from transpath, promoting sites in silicon space. Mostly subscriberbase. When it gets too hot (for various reasons), the illegal drug sites seems to move to China. Wonder if Lindsay controls something over there too? But he is living dangerously, new drug sites are moving in on nearby IPs. A list of some domains that earlier were hosted at 65.182.129.11, a quick look at some of those indicates they have now moved to 218.104.136.236, China.
And just for the record:
inetnum: 218.104.136.128 - 218.104.136.255 netname: xiamen-nanguomen-corp country: cn descr: xiamen city admin-c: TC254-AP tech-c: TC254-AP status: ASSIGNED NON-PORTABLE changed: daihy@china-netcom.com 20020920 mnt-by: MAINT-CN-ZM28 source: APNIC route: 218.104.128.0/20 descr: CNCGroup CHINA169 FuJian province network country: CN origin: AS4837 mnt-by: MAINT-CNCGROUP-RR changed: abuse@cnc-noc.net 20060803 source: APNIC person: TECH GROUP CNC address: 9/F, Building A, Corporate Square, No. 35 Financial Street, address: Xicheng District, Beijing 100032, P.R.China country: CN phone: +86-10-88093588 fax-no: +86-10-88091442 e-mail: tech-group@china-netcom.com nic-hdl: TC254-AP mnt-by: MAINT-CN-ZM28 changed: zhaomq@china-netcom.com 20010917 source: APNIC
So, is this Lindsays "non-compliant: off shore servers"? Well, it is a fact that they have moved from his silicon space to China, and using proxies/botnets for mailing is for sure not compliant. Yes, we go for that idea; 218.104.136.128 - 218.104.136.255 is most likely Lindsays space in China for "non-compliant" mailers.
10-49-02122024@spam-court.com