VHFcontesting
[Top] [All Lists]

[VHFcontesting] Re: Why we ... YADA YADA YADA

To: <vhfcontesting@contesting.com>
Subject: [VHFcontesting] Re: Why we ... YADA YADA YADA
From: k1ep@mgef.org (Ed K1EP)
Date: Mon Jul 28 16:05:14 2003
Well, thanks to David Vondranek, it seems as if the identity of n2xre@usa.com 
is actually k1ra.

ANDREW R ZWIRKO
12509 RANSOM DR
GLENN DALE MD 20769
USA 

<http://andyz.k8gp.net/>http://andyz.k8gp.net/

So, I ask K1RA, why he needed to use a mail address of "Kip K. n2xre@usa.com"?  
Isn't his callsign K1RA, his name Andy Z. and his mail address andyz@sort.net?  
Why the need to hide?  To cast aspersions at the competition of K8GP?   

At 02:39 PM 7/28/03 -0500, David Vondrasek wrote:
>At 03:20 PM 7/28/2003 -0400, you wrote:
>>Hey Guys,
>>
>>Welcome to the internet.   It IS a spoof.   Take a look at the 
>>headers and notice the underlined sections:
>
>Let's read the headers the correct way...  comments below.
>
>>>Received: from contesting.com [216.1.128.73] by nt030203-107137 with ESMTP
>>>  (SMTPD32-8.00) id A33DA910020; Mon, 28 Jul 2003 10:54:05 -0700
>>>Received: from dayton.akorn.net (localhost [127.0.0.1])
>>>        by contesting.com (8.12.9/8.12.9) with ESMTP id h6SHsCn5016804;
>>>        Mon, 28 Jul 2003 13:54:16 -0400
>
>Above is correct and no to any concern. It's the lists server.
>
>>>Received: from spf13.us4.outblaze.com (205-158-62-67.outblaze.com
>>>        [205.158.62.67])
>> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>And just who is Outblaze.com?  A whois search results:
>
>
>Outblaze is a free email service and will NUKE this account
>if complaints are filed. The abuse type God is  Suresh
>and can be contacted via abuse@outblaze.com
>They are NOT at fault.
>
>>So, Kip is routing his email via a company in Hong Kong?  I don't think so.
>
>Well yes he is.. It's a forwarding service.. And perfectly valid..
>Keep going down..
>
>>>        by contesting.com (8.12.9/8.12.9) with ESMTP id h6SHrxn4016564
>>>        for <vhfcontesting@contesting.com>; Mon, 28 Jul 2003 13:53:59 -0400
>>>Received: from 205-158-62-68.outblaze.com (205-158-62-68.outblaze.com
>>>        [205.158.62.68])
>>>        by spf13.us4.outblaze.com (Postfix) with QMQP id 82EC41800770
>>>        for <vhfcontesting@contesting.com>;
>>>        Mon, 28 Jul 2003 17:53:58 +0000 (GMT)
>>>Received: (qmail 88944 invoked from network); 28 Jul 2003 17:53:54 -0000
>>>Received: from unknown (HELO ws1-12.us4.outblaze.com) (205.158.62.81)
>>>  by 205-158-62-153.outblaze.com with SMTP; 28 Jul 2003 17:53:54 -0000
>>>Received: (qmail 94651 invoked by uid 1001); 28 Jul 2003 17:53:52 -0000
>>>Message-ID: <20030728175352.94650.qmail@mail.com>
>>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>Next, we see that the mail originated on another free email service,
>mail.com.
>
>Mail.com *is* Outblaze. They own mail.com as well as several thousand
>other free email redirectors . Still a valid path line..
>
>
>>Using an anonymous mail account routed via hong kong is a typical
>footprint for
>>an email spammer.
>
>Not in this case.. But your right...
>
>>No problem, except the address used in the email is an address on usa.com.
> The
>>mail should have come from an account on a usa.com server.
>
>It did usa.com = outblaze.com = mail.com
>
>The part you DIDN't leave of the header is the TRUE senders Ip address.
>That would be this part at the bottom.
>
>X-Mailer: MIME-tools 5.41 (Entity 5.404)
>Received: from [12.109.148.178] by ws1-12.us4.outblaze.com with http for
>    n2xre@usa.com; Mon, 28 Jul 2003 12:53:51 -0500
>
>the original person is using the Ip of  12.109.148.178 and he gave it to 
>outblaze.com to be forwared. This is the sender..
>
>This belongs to these people
>
>REGUS BUSINESS CENTRE CO REGUS-BU64-148-128 (NET-12-109-148-128-1)
>                                  12.109.148.128 - 12.109.148.191
>
>OrgName:    REGUS BUSINESS CENTRE CO
>OrgID:      RBC-36
>Address:    13800 COPPERMINE ROAD
>City:       HERNDON
>StateProv:  VA
>PostalCode: 20171
>Country:    US
>
>NetRange:   12.109.148.128 - 12.109.148.191
>CIDR:       12.109.148.128/26
>NetName:    REGUS-BU64-148-128
>NetHandle:  NET-12-109-148-128-1
>Parent:     NET-12-0-0-0-1
>NetType:    Reassigned
>Comment:
To: <vhfcontesting@contesting.com>
>RegDate:    2002-05-19
>Updated:    2002-05-19
>
>TechHandle: JS971-ARIN
>TechName:   SMITH, JIM
>TechPhone:  +1-914-304-4147
>TechEmail:  jsmith@regususa.com
>
>Now.. lets see who comes out of the woodwork...
>
>This also matches a previous post
>
>X-Mailer: MIME-tools 5.41 (Entity 5.404)
>Received: from [12.109.148.178] by ws1-12.us4.outblaze.com with http for
>    n2xre@usa.com; Mon, 28 Jul 2003 12:53:51 -0500
>From: "Kip K." <n2xre@usa.com>
>To: vhfcontesting@contesting.com
To: <vhfcontesting@contesting.com>
>Date: Mon, 28 Jul 2003 12:53:51 -0500
>X-Originating-Ip: 12.109.148.178
>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>X-Originating-Server: ws1-12.us4.outblaze.com
>Subject: [VHFcontesting] Re: Why we ... YADA YADA YADA
>X-BeenThere: vhfcontesting@contesting.com
>X-Mailman-Version: 2.1
>
>
>Dave
>- I do this for a living folks....
>
>_______________________________________________
>VHFcontesting mailing list
>VHFcontesting@contesting.com
>http://lists.contesting.com/mailman/listinfo/vhfcontesting


CONFIDENTIALITY NOTICE: This message is a PRIVATE communication. This email may 
contain privileged and confidential information intended only for the 
above-named 
recipient. If you have received this in error and you are not the intended
recipient, you are hereby notified that any use, dissemination, or copying is 
strictly prohibited. In such case, do not read, copy, or use it, and do not 
disclose 
it to others. Please notify the sender of the delivery error by replying to this
message, and then delete it from your system. Thank you. 

<Prev in Thread] Current Thread [Next in Thread>