Origene

We’ve been on the receiving end of spam from Origene since March 2015. At the time, we listed 124.127.105.206, a few domain names, and thought nothing more of it. We had the occasion to look at their spam a little more closely today. It’s all coming from a /15 (that’s 131,072 IP addresses) assigned to a research facility in China. The spamming domain name is smarttargetonline.net, registered to a person without an organization. Worth looking at a little more.

On paper, this appears to be a company based in Rockville, MD (Department ID F04352993 in Maryland DAT). However, there is a strong connection to China, which is evident from their spamming.

The IP address lookup for 124.127.105.206 at APNIC indicates the following:

% Information related to '124.126.0.0 - 124.127.255.255'

inetnum:        124.126.0.0 - 124.127.255.255
netname:        RITELE
descr:          Research Institution of Telecom
descr:          No.1 Gaojiayuan,Xicheng District,Beijing,China
country:        CN
admin-c:        YZ1264-AP
tech-c:         YZ1264-AP
mnt-by:         MAINT-CNNIC-AP
mnt-lower:      MAINT-CNNIC-AP
mnt-routes:     MAINT-CNNIC-AP
status:         ALLOCATED PORTABLE
changed:        hm-changed[email protected] 20070228
source:         APNIC

person:         Yiming Zheng
nic-hdl:        YZ1264-AP
e-mail:         [email protected]
address:        No.1 Gaojiayuan,Xicheng District,Beijing,China
phone:          +86-010-84588176
fax-no:         +86-010-84588021
country:        CN
changed:        [email protected] 20070429
mnt-by:         MAINT-CNNIC-AP
source:         APNIC

% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)

A huge network assigned to a research institution of telecom in China, complete with a Hotmail contact address (for a name that suggests a Senior Market Research Analyst at Shanghai Research Institution of China Telecom, if you are to believe the LinkedIn profile of one Yiming Zheng). Lovely. Now what about the domain name?

Domain Name: SMARTTARGETONLINE.NET
Registry Domain ID: 
Registrar WHOIS Server: whois.domain.com
Registrar URL: www.domain.com
Updated Date: 2015-09-15T23:55:44Z
Creation Date: 2010-03-12T06:20:23Z
Registrar Registration Expiration Date: 2020-03-12T05:20:23Z
Registrar: Domain.com, LLC
Registrar IANA ID: 886
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.6027165396
Reseller: Domain.com
Reseller: [email protected]
Reseller: +1.8004033568
Domain Status: ok
Registry Registrant ID: 
Registrant Name: Xiaodong Zhou
Registrant Organization: Xiaodong Zhou
Registrant Street: 14 Chao Yang Men Nan Da Jie
Registrant City: Beijing
Registrant State/Province: 
Registrant Postal Code: 100081
Registrant Country: CN
Registrant Phone: +86.13701005811
Registrant Phone Ext: 
Registrant Fax: 
Registrant Fax Ext: 
Registrant Email: [email protected]
Registry Admin ID: 
Admin Name: Xiaodong Zhou
Admin Organization: Xiaodong Zhou
Admin Street: 14 Chao Yang Men Nan Da Jie
Admin City: Beijing
Admin State/Province: 
Admin Postal Code: 100081
Admin Country: CN
Admin Phone: +86.13701005811
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: [email protected]
Registry Tech ID: 
Tech Name: Xiaodong Zhou
Tech Organization: Xiaodong Zhou
Tech Street: 14 Chao Yang Men Nan Da Jie
Tech City: Beijing
Tech State/Province: 
Tech Postal Code: 100081
Tech Country: CN
Tech Phone: +86.13701005811
Tech Phone Ext: 
Tech Fax: 
Tech Fax Ext: 
Tech Email: [email protected]
Name Server: NS2.DOMAIN.COM
Name Server: NS1.DOMAIN.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2015-09-15T23:55:44Z <<<

Registration Service Provider:
    Domain.com, [email protected]
    +1.8004033568
    This company may be contacted for domain login/passwords,
    DNS/Nameserver changes, and general domain support questions.

And the actual spam-advertised domain name?

Domain Name: ORIGENE.COM
Registry Domain ID: 442862_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.networksolutions.com
Registrar URL: http://networksolutions.com
Updated Date: 2015-01-28T23:40:58Z
Creation Date: 1996-12-17T05:00:00Z
Registrar Registration Expiration Date: 2019-12-16T05:00:00Z
Registrar: NETWORK SOLUTIONS, LLC.
Registrar IANA ID: 2
Registrar Abuse Contact Email: [email protected]
Registrar Abuse Contact Phone: +1.8003337680
Reseller: 
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Registry Registrant ID: 
Registrant Name: OriGene Technologies, Inc.
Registrant Organization: OriGene Technologies, Inc.
Registrant Street: 9620 Medical Center Drive
Registrant City: Rockville
Registrant State/Province: MD
Registrant Postal Code: 20850
Registrant Country: US
Registrant Phone: +1.2406200237
Registrant Phone Ext: 
Registrant Fax: +1.9999999999
Registrant Fax Ext: 
Registrant Email: [email protected]
Registry Admin ID: 
Admin Name: Deng, James
Admin Organization: Origene Inc
Admin Street: 9620 Medical Center Drive suite 200
Admin City: Rockville
Admin State/Province: MD
Admin Postal Code: 20850
Admin Country: US
Admin Phone: +1.2406200253
Admin Phone Ext: 
Admin Fax: 
Admin Fax Ext: 
Admin Email: [email protected]
Registry Tech ID: 
Tech Name: Master, Host
Tech Organization: 
Tech Street: 1950 Stemmons Frwy
Tech City: Dallas
Tech State/Province: TX
Tech Postal Code: 75207
Tech Country: US
Tech Phone: +1.8005531989
Tech Phone Ext: 
Tech Fax: +1.2142617144
Tech Fax Ext: 
Tech Email: [email protected]
Name Server: NS1.PAETEC.NET
Name Server: NS2.PAETEC.NET
DNSSEC: Unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of whois database: Wed, 23 Sep 2015 10:23:21 GMT <<<

Looking at the LinkedIn list of people who have Origene Technologies somewhere on their profile returns a number of people all of Chinese origin. The first hit in the list that this author received is Xiaodong Zhou, Director of IT... who just so happens to be the owner of the spamming domain.

So, the 124.126.0.0/15 network of the Shanghai Research Institute for China Telecom is listed, along with all the domain names involved, and the IP address of their American website host on Lore Systems, Inc. (204.9.46.203; ARIN WHOIS indicates Lore RWHOIS, which is refusing connections in violation of ARIN Number Resource Policy #3.2).

4 thoughts on “Origene

  1. RocketScientist Post author

    Also spamming from

    Received: from mail14.smarttargetonline.net (unknown [58.214.245.130])

    which is in a CHINANET Jiangsu /12. This IP is listed since 3/26.

    Earlier in September 2015 they had also managed to obtain services from ExactTarget, an US ESP.

    Received: from xtinmta02-30.exacttarget.com (xtinmta02-30.exacttarget.com
    [207.67.38.30])

    Reply
  2. RocketScientist Post author


    162.245.214.58.in-addr.arpa. 1800 IN PTR mail10.smarttargetonline.net.
    163.245.214.58.in-addr.arpa. 1800 IN PTR mail11.smarttargetonline.net.
    164.245.214.58.in-addr.arpa. 1800 IN PTR mail12.smarttargetonline.net.
    165.245.214.58.in-addr.arpa. 1800 IN PTR mail13.smarttargetonline.net.
    166.245.214.58.in-addr.arpa. 1800 IN PTR mail14.smarttargetonline.net.

    All listed now.

    Reply
  3. RocketScientist Post author

    Still spamming from ExactTarget,

    Received: from xtinmta02-30.exacttarget.com (xtinmta02-30.exacttarget.com
    [207.67.38.30])
    From: OriGene Technologies Inc Subject: Video Protocol: Gene Knockout via CRISPR
    Date: Mon, 19 Oct 2015 10:17:09 -0600

    just in.

    Reply
  4. RocketScientist Post author

    Partners in Europe with Acris Antibodies:


    Received: from web03.acris-antibodies.com (web03.acris-antibodies.com
    [178.63.70.136])
    ...
    Subject: Take a 2-min survey on cDNA clone use and win a fit-bit wristband
    Date: Fri, 5 Aug 2016 hh:mm:ss +0200
    From: Acris Antibodies / OriGene Europe <[email protected]>

    and

    Received: from web03.acris-antibodies.com (web03.acris-antibodies.com
    [178.63.70.136])
    ...
    Subject: Live Webinar: All about Lenti-Virus
    Date: Tue, 20 Sep 2016 hh:mm:ss +0200
    From: Acris Antibodies / OriGene Europe <[email protected]>

    Reply

Leave a Reply to RocketScientist Cancel reply

Your email address will not be published. Required fields are marked *