{"id":220,"date":"2015-09-23T10:28:41","date_gmt":"2015-09-23T10:28:41","guid":{"rendered":"https:\/\/scientificspam.net\/?p=220"},"modified":"2015-09-23T10:41:06","modified_gmt":"2015-09-23T10:41:06","slug":"origene","status":"publish","type":"post","link":"https:\/\/www.scientificspam.net\/?p=220","title":{"rendered":"Origene"},"content":{"rendered":"

We’ve been on the receiving end of spam from Origene<\/A> since March 2015. At the time, we listed 124.127.105.206, a few domain names, and thought nothing more of it. We had the occasion to look at their spam a little more closely today. It’s all coming from a \/15 (that’s 131,072 IP addresses) assigned to a research facility in China. The spamming domain name is smarttargetonline.net, registered to a person without an organization. Worth looking at a little more.<\/p>\n

<\/p>\n

On paper, this appears to be a company based in Rockville, MD (Department ID F04352993 in Maryland DAT<\/A>). However, there is a strong connection to China, which is evident from their spamming.<\/p>\n

The IP address lookup for 124.127.105.206 at APNIC indicates the following:<\/p>\n

\r\n% Information related to '124.126.0.0 - 124.127.255.255'\r\n\r\ninetnum:        124.126.0.0 - 124.127.255.255\r\nnetname:        RITELE\r\ndescr:          Research Institution of Telecom\r\ndescr:          No.1 Gaojiayuan,Xicheng District,Beijing,China\r\ncountry:        CN\r\nadmin-c:        YZ1264-AP\r\ntech-c:         YZ1264-AP\r\nmnt-by:         MAINT-CNNIC-AP\r\nmnt-lower:      MAINT-CNNIC-AP\r\nmnt-routes:     MAINT-CNNIC-AP\r\nstatus:         ALLOCATED PORTABLE\r\nchanged:        hm-changed@apnic.net 20070228\r\nsource:         APNIC\r\n\r\nperson:         Yiming Zheng\r\nnic-hdl:        YZ1264-AP\r\ne-mail:         jordan_23_178@hotmail.com\r\naddress:        No.1 Gaojiayuan,Xicheng District,Beijing,China\r\nphone:          +86-010-84588176\r\nfax-no:         +86-010-84588021\r\ncountry:        CN\r\nchanged:        ipas@cnnic.cn 20070429\r\nmnt-by:         MAINT-CNNIC-AP\r\nsource:         APNIC\r\n\r\n% This query was served by the APNIC Whois Service version 1.69.1-APNICv1r0 (UNDEFINED)\r\n<\/pre>\n
A huge network assigned to a research institution of telecom<\/em> in China, complete with a Hotmail contact address (for a name that suggests a Senior Market Research Analyst at Shanghai Research Institution of China Telecom, if you are to believe the LinkedIn profile of one Yiming Zheng<\/A>). Lovely.  Now what about the domain name?<\/p>\n
\r\nDomain Name: SMARTTARGETONLINE.NET\r\nRegistry Domain ID: \r\nRegistrar WHOIS Server: whois.domain.com\r\nRegistrar URL: www.domain.com\r\nUpdated Date: 2015-09-15T23:55:44Z\r\nCreation Date: 2010-03-12T06:20:23Z\r\nRegistrar Registration Expiration Date: 2020-03-12T05:20:23Z\r\nRegistrar: Domain.com, LLC\r\nRegistrar IANA ID: 886\r\nRegistrar Abuse Contact Email: compliance@domain-inc.net\r\nRegistrar Abuse Contact Phone: +1.6027165396\r\nReseller: Domain.com\r\nReseller: support@domain-inc.net\r\nReseller: +1.8004033568\r\nDomain Status: ok\r\nRegistry Registrant ID: \r\nRegistrant Name: Xiaodong Zhou\r\nRegistrant Organization: Xiaodong Zhou\r\nRegistrant Street: 14 Chao Yang Men Nan Da Jie\r\nRegistrant City: Beijing\r\nRegistrant State\/Province: \r\nRegistrant Postal Code: 100081\r\nRegistrant Country: CN\r\nRegistrant Phone: +86.13701005811\r\nRegistrant Phone Ext: \r\nRegistrant Fax: \r\nRegistrant Fax Ext: \r\nRegistrant Email: xdzhou@gmail.com\r\nRegistry Admin ID: \r\nAdmin Name: Xiaodong Zhou\r\nAdmin Organization: Xiaodong Zhou\r\nAdmin Street: 14 Chao Yang Men Nan Da Jie\r\nAdmin City: Beijing\r\nAdmin State\/Province: \r\nAdmin Postal Code: 100081\r\nAdmin Country: CN\r\nAdmin Phone: +86.13701005811\r\nAdmin Phone Ext: \r\nAdmin Fax: \r\nAdmin Fax Ext: \r\nAdmin Email: xdzhou@gmail.com\r\nRegistry Tech ID: \r\nTech Name: Xiaodong Zhou\r\nTech Organization: Xiaodong Zhou\r\nTech Street: 14 Chao Yang Men Nan Da Jie\r\nTech City: Beijing\r\nTech State\/Province: \r\nTech Postal Code: 100081\r\nTech Country: CN\r\nTech Phone: +86.13701005811\r\nTech Phone Ext: \r\nTech Fax: \r\nTech Fax Ext: \r\nTech Email: xdzhou@gmail.com\r\nName Server: NS2.DOMAIN.COM\r\nName Server: NS1.DOMAIN.COM\r\nDNSSEC: unsigned\r\nURL of the ICANN WHOIS Data Problem Reporting System: http:\/\/wdprs.internic.net\/\r\n>>> Last update of WHOIS database: 2015-09-15T23:55:44Z <<<\r\n\r\nRegistration Service Provider:\r\n    Domain.com, support@domain-inc.net\r\n    +1.8004033568\r\n    This company may be contacted for domain login\/passwords,\r\n    DNS\/Nameserver changes, and general domain support questions.\r\n<\/pre>\n
And the actual spam-advertised domain name?<\/p>\n
\r\nDomain Name: ORIGENE.COM\r\nRegistry Domain ID: 442862_DOMAIN_COM-VRSN\r\nRegistrar WHOIS Server: whois.networksolutions.com\r\nRegistrar URL: http:\/\/networksolutions.com\r\nUpdated Date: 2015-01-28T23:40:58Z\r\nCreation Date: 1996-12-17T05:00:00Z\r\nRegistrar Registration Expiration Date: 2019-12-16T05:00:00Z\r\nRegistrar: NETWORK SOLUTIONS, LLC.\r\nRegistrar IANA ID: 2\r\nRegistrar Abuse Contact Email: abuse@web.com\r\nRegistrar Abuse Contact Phone: +1.8003337680\r\nReseller: \r\nDomain Status: clientTransferProhibited http:\/\/www.icann.org\/epp#clientTransferProhibited\r\nRegistry Registrant ID: \r\nRegistrant Name: OriGene Technologies, Inc.\r\nRegistrant Organization: OriGene Technologies, Inc.\r\nRegistrant Street: 9620 Medical Center Drive\r\nRegistrant City: Rockville\r\nRegistrant State\/Province: MD\r\nRegistrant Postal Code: 20850\r\nRegistrant Country: US\r\nRegistrant Phone: +1.2406200237\r\nRegistrant Phone Ext: \r\nRegistrant Fax: +1.9999999999\r\nRegistrant Fax Ext: \r\nRegistrant Email: cbirkett@ORIGENE.COM\r\nRegistry Admin ID: \r\nAdmin Name: Deng, James\r\nAdmin Organization: Origene Inc\r\nAdmin Street: 9620 Medical Center Drive suite 200\r\nAdmin City: Rockville\r\nAdmin State\/Province: MD\r\nAdmin Postal Code: 20850\r\nAdmin Country: US\r\nAdmin Phone: +1.2406200253\r\nAdmin Phone Ext: \r\nAdmin Fax: \r\nAdmin Fax Ext: \r\nAdmin Email: jdeng@origene.com\r\nRegistry Tech ID: \r\nTech Name: Master, Host\r\nTech Organization: \r\nTech Street: 1950 Stemmons Frwy\r\nTech City: Dallas\r\nTech State\/Province: TX\r\nTech Postal Code: 75207\r\nTech Country: US\r\nTech Phone: +1.8005531989\r\nTech Phone Ext: \r\nTech Fax: +1.2142617144\r\nTech Fax Ext: \r\nTech Email: NETWORK.ADMIN@FOSTER-MILLER.COM\r\nName Server: NS1.PAETEC.NET\r\nName Server: NS2.PAETEC.NET\r\nDNSSEC: Unsigned\r\nURL of the ICANN WHOIS Data Problem Reporting System: http:\/\/wdprs.internic.net\/\r\n>>> Last update of whois database: Wed, 23 Sep 2015 10:23:21 GMT <<<\r\n<\/pre>\n
Looking at the LinkedIn list of people who have Origene Technologies somewhere on their profile<\/A> returns a number of people all of Chinese origin.  The first hit in the list that this author received is Xiaodong Zhou, Director of IT<\/A>... who just so happens to be the owner of the spamming domain.<\/strong><\/p>\n
So, the 124.126.0.0\/15 network of the Shanghai Research Institute for China Telecom is listed, along with all the domain names involved, and the IP address of their American website host on Lore Systems, Inc. (204.9.46.203; ARIN WHOIS indicates Lore RWHOIS, which is refusing connections in violation of ARIN Number Resource Policy #3.2<\/A>).<\/p>\n","protected":false},"excerpt":{"rendered":"
We’ve been on the receiving end of spam from Origene since March 2015. At the time, we listed 124.127.105.206, a few domain names, and thought nothing more of it. We had the occasion to look at their spam a little more closely today. It’s all coming from a \/15 (that’s 131,072 IP addresses) assigned to […]<\/p>\n","protected":false},"author":1,"featured_media":228,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[22,15,58],"tags":[120,122,121],"class_list":["post-220","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-escalation-listing","category-j-random-spammer","category-university-spam","tag-origene-com","tag-research-institution-for-telecom","tag-smarttargetonline-net"],"_links":{"self":[{"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/posts\/220","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=220"}],"version-history":[{"count":4,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/posts\/220\/revisions"}],"predecessor-version":[{"id":231,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/posts\/220\/revisions\/231"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=\/wp\/v2\/media\/228"}],"wp:attachment":[{"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.scientificspam.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}