YourMusic.com is an online music service of BMG Direct, Inc. You set up a list of cd’s you’d like to purchase, then you are shipped one CD a month for a steady price (currently at $6.99). I registered with them on Wednesday, November 2, 2005 at 3:40:31pm EST. And I used a unique email address that I generate for any web site I need to register at. I received no email to that address at all, except the one message from YourMusic.com when I first opened the account. After reading their web site materials, I decided to not buy music from them.
The spam came from hot-daily-perks.net. If you go to their web site, you get apparently an IIS error page. If you go to any other URL on the site, you get a kind of 404 error. Their spam had a 146 character (all hex characters) URL in it. I scrambled their hex code to experiment. I suspect if I clicked the ad I would start to get a lot of spam at that address.
The message itself was a HTML monstrosity. It was made up of a 4×4 html table, with each cell containing an image loaded from http://www.bemywoo.com. The image when built was also an ad for BeMyWoo.
The Whois information is where things get a little interesting. The whois for hot-daily-perks.net did not lead anywhere else, except to the Moniker.com registrar.
But the whois for BeMYWoo.com leads to both cliqventures.com and loorebox.com. Their whois info was not too interesting, leading into a circle. Hmm, by looking at their whois info, it appears that the registration info for BeMyWoo, CliqVenture, and Loorebox is invalid, there isn’t a suite listed like there is on the web site.
$ host loorebox.com
loorebox.com has address 220.127.116.11
loorebox.com mail is handled by 0 loorebox.com.
$ host bemywoo.com
bemywoo.com has address 18.104.22.168
bemywoo.com mail is handled by 0 bemywoo.com.
$ host cliqventures.com
cliqventures.com has address 22.214.171.124
cliqventures.com mail is handled by 0 cliqventures.com.
$ host hot-daily-perks.net
hot-daily-perks.net has address 126.96.36.199
hot-daily-perks.net mail is handled by 10 hot-daily-perks.net.
So it appears that the hot-daily-perks.net site hired CliqVenture to be their spammer. hot-daily-perks.net is hosted with Hurricane Electric. CliqVenture is hosted by Atjeu Hosting (atjeu.com). I will be emailing a spam abuse complaint to Atjeu shortly.