Sponsored by..

Friday 19 July 2013

whoswhonetworkonline.com spam

This turd of an email was sent to an info@ email address on a domain I own. It appears to be a classic Who's Who scam.

From:     Who's Who [cpm2@contactwhoswho.us]
Reply-To:     databaseemailergroup@gmail.com
date:     19 July 2013 05:44
subject:     You were recently nominated into Who's Who Amoung Executives

Who's Who Network Online

Hello,

As you are probably aware, in the last few weeks, we at the Who's Who Among Executives and Proefssionals have reached out to several hundred individuals for placement in our upcoming 2013 edition of our directory.  You were contacted, but we did not receive any of your biographical information.  We would like to give you another opportunity to do so.

The publication's editors are now assembling the biographical profiles of today's leaders from the business world into one comprehensive source. Thousands of researchers at medical, academic, public and corporate libraries, as well as journalists and media professionals, rely upon the academic registry as a daily reference tool for obtaining information about the world's most experienced men and women at the C-Level in the private and public sectors. Inclusion in the publication is considered by many as a signal mark of achievement.

To be included in this prestigious publication, you need only provide the requested information by completing our online biographical data form. Please Click Here to fill out your form.

The information you provide will be evaluated according to the selection standards that the NAPN have developed over many years as the world's premier biographical compiler. If your data passes our initial screening, we will prepare your biography and send you a pre-publication proof for your verification and approval.

I congratulate you on the achievements that have brought your name to the attention of our editorial committee. We look forward to hearing from you.

Please remember: Inclusion of your biography in the Who's Who Registry carries neither cost nor commitment to you of any sort. Our continuing mission with each new edition is to prepare a biographies spanning the spectrum of noteworthy and accomplished men and women across all areas of the professional world.

                                             FILL OUT FORM HERE

Who's Who Network Online
2280 Grand Avenue, Baldwin, NY 11510

------------------------------------------

This email is intended only for the recipient(s) and is private.
If you receive our invitation in error please reply with unsubscribe in the subject line

Clicking on the link takes you to whoswhonetworkonline.com hosted on 66.11.129.87 (Stafford Associates Computer Specialists Inc., New York). The WHOIS details are hidden.

There's no clue anywhere on the site or in the email about who is behind the spam. There is no corporation in New York with the exact name "Who's Who Network Online" although there are several similar sounding entities.

However, there are some clues in the headers of the email that link it through to another recent and similarly-themed spam.

Received: from cpm2@contactwhoswho.us by [redacted] by uid 1002 with qmail-scanner-1.22
 ( Clear:RC:0(192.217.104.157):.
 Processed in 0.464627 secs); 19 Jul 2013 04:45:09 -0000
Received: from unknown (HELO whowho4.servername.com) (192.217.104.157)
  by [redacted] with SMTP; 19 Jul 2013 04:45:08 -0000
Received: from c-174-58-75-1.hsd1.fl.comcast.net ([174.58.75.1]:58694 helo=susie-HP.hsd1.fl.comcast.net.)
    by whowho4.servername.com with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256)
    (Exim 4.80.1)
    (envelope-from )
    id 1V02Z1-0000pJ-QW
    for [redacted]; Fri, 19 Jul 2013 08:45:08 +0400
Content-Type: multipart/alternative; boundary="===============0491393293=="


The email originates from a Comcast IP address of 174.58.75.1 in West Florida, and then routes through a server at 192.217.104.157 (NTT America) which has the hostname contactwhoswho.us which is consistent with the cpm2@contactwhoswho.us sender's address. So, who is contactwhoswho.us?

Registrant Name:                Darin Delia
Registrant Address1:            1321 Henry Ave
Registrant City:                Spring Hill
Registrant State/Province:      Florida
Registrant Postal Code:         34608
Registrant Country:             United States
Registrant Country Code:        US
Registrant Phone Number:        +1.5615964330
Registrant Email:               darindelia@gmail.com
Registrant Application Purpose: P1
Registrant Nexus Category:      C11


Darin Delia's address is also West Florida (although some way from the theoretical location of the IP address). Darin Delia appears to be the same person who was sending out Spotlite Radio spam. Is Mr Delia merely a contractor sending out an email blast, or is he responsible for this so-called "Who's Who" outfit. I have no evidence one way or the other, but it seems he does have some sort of association with whoever is running these things..

No comments: