I have received the same email about 30 times now and I wanted to share a bit more information that I have found on this matter:
-------
Congratulations on your purchase of summerhouse.info.
Your domain's value has been estimated on our domain appraisal service. You can read your custom report here:
http://domainestimator.com/results/?domain=summerhouse.info. (Domain Estimator Report)
There is a large portfolio of domains related to your keywords. The current list of premium domains can be viewed here:
http://domainclosing.com/?phrase=summerhouse.info (Related Premium Domains)
Cordially,
Stefanie Shay
- Support Department @ DomainEstimator.com
We received your contact details from the Public Domain Deed Records. If you would prefer not to receive email notifications of your estimated values in the future, please reply to this email with "REMOVE" in the subject line.
__________
I started out reading the headers which brings up the email came from:
------------
[email protected]
------------
Which then if you do a Traceroute search it shows that the email originated from:
------------
14 ns17.servers.coderulers.net (198.143.185.253) 66.934 ms 66.877 ms 66.524 ms
--------------
Now upon visiting coderulers.net there would appear to be nothing there but a bit more digging directories and the api lists of how this person finds people to spam via the godaddy api:
------------------
http://code.coderulers.net/api/
------------------
Now if you view the readme.txt file it shows the listing of api's being used which brings up some interesting facts:
-----------------
--------------------------------------------------------
/domain/availability - checks wither a domain is available or not
EXAMPLE GET COMMAND:
http://184.154.181.13/api/domain/availability/?linking=yes&sld=witches&tld=xxx
http://184.154.181.13/api/domain/availability/?linking=no&sld=witches&tld=xxx
linking=yes or linking=no
Example usage:
file_get_contents('http://code.coderulers.net/api/domain/availability/?linking=no&sld=' . $sld . '.' . '$thetld');
--------------------------------------------------------
/domain/godaddy - checks group availability of searched keyword+com
EXAMPLE GET COMMAND:
http://184.154.181.13/api/domain/godaddy/?keyword=aquanauts
Example usage:
$keyword = 'devanhcrow';
$url = 'http://code.coderulers.net/api/domain/godaddy/?keyword=' . $keyword;
$tld = file_get_contents($url);
$tld = json_decode($tld,1);
extract($tld); // puts the tlds into PHP variables - example: $com
--------------------------------------------------------
/namemedia/listed - checks wither a domain is listed with nameMedia or not
EXAMPLE GET COMMAND:
http://184.154.181.13/api/namemedia/listed/?domain=$full
--------------------------------------------------------
/domain/domainParts/?domian=witches.org - parses and output the chosen output part by name
(supports over 6k advanced tlds)
EXAMPLE GET COMMAND:
Example usage #1 (internal):
http://184.154.181.13/api/domain/domainParts/?domain=witches.com
EXAMPLE usage 2 (public):
http://api.domainparts.us/?domain=devanhcrow.com
<?php
$domain = 'forums.DigitalPoint';
$arr = file_get_contents('http://api.domainparts.us/?domain=' . $domain);
$blah = json_decode($arr,1);
// print_r($blah); // print the array
$tld = $blah['tld'];
$sld = $blah['sld'];
for($i=1;$i<=10;$i+=1)
${'sub'.$i} = $blah['sub'][$i];
echo ($sub1.'.'.$sld.'.'.$tld); // echo the TLD and SLD
?>
--------------------------------------------------------
/api/client/remoteAddress/ - Gets user's IP address
EXAMPLE GET COMMAND:
http://184.154.181.13/api/client/remoteAddress/
--------------------------------------------------------
/api/client/deviceType/ - Get's user's device type
EXAMPLE GET COMMAND:
http://184.154.181.13/api/client/deviceType/
--------------------------------------------------------
/api/client/ipLocation/ - Get IP Address location details
EXAMPLE GET COMMAND:
http://184.154.181.13/api/client/ipLocation/?ip=108.193.61.21
<?php
$ip = $_GET['ip'];
$blah = file_get_contents('http://184.154.181.13/api/client/ipLocation/?ip='.$ip);
$blah = json_decode($blah,TRUE);
$arr = array('statusCode','ipAddress','countryCode','regionName','cityName','zipCode','latitude','longitude','timeZone');
foreach($arr as $item){
${$item} = $blah[$item];
}
echo $regionName;
/*
if($regionName !== 'MASSACHUSETTS'){
echo 'you are not behind enemy lines';
}else{
echo 'watch out! you are behind enemy lines!';
}
*/
?>
COMBINED API USES:
COMBINED APIs:
/api/client/ipLocation/ - Get IP Address location details
/api/client/remoteAddress/ - Gets user's IP address (including the actual code from this)
EXAMPLE GET COMMAND:
<?php
$remoteAddress = $_SERVER['REMOTE_ADDR'];
$blah = file_get_contents('http://184.154.181.13/api/client/ipLocation/?ip='.$remoteAddress);
$blah = json_decode($blah,TRUE);
$arr = array('statusCode','ipAddress','countryCode','regionName','cityName','zipCode','latitude','longitude','timeZone');
foreach($arr as $item){
echo ${$item} = $blah[$item];
echo '<br>';
}
//echo $regionName;
/*
$regionName = ucwords(strtolower($cityName));
if($regionName !== 'Massachusetts'){
echo 'you are not behind enemy lines';
}else{
echo 'watch out! you are behind enemy lines!';
}
*/
?>
--------------------------------------------------------
/api/twitter/handleAvailability/ - Gets the availability of any twitter handle
EXAMPLE GET COMMAND:
http://184.154.181.13/api/twitter/handleAvailability/?twitterHandle=devanhcrow
--------------------------------------------------------
/api/facebook/usernameAvailability/ - Gets the availability of any Facebook Username
EXAMPLE GET COMMAND:
http://184.154.181.13/api/facebook/usernameAvailability/?fbUsername=arunner22
------------------
Based on the twitter handle: devanhcrow
Name: Devan Hamlin Crow
The persons twitter:
https://twitter.com/devanhcrow
The persons Facebook:
https://www.facebook.com/devancrow
Now I have no proof other then a lot of coincidences that this is the person responsible for the spam. I'll let you decide for yourself but to me it sure looks like this may be the right person or is connected otherwise.
Just wanted to add what I found with my very brief search and dig
Feel free to dig more as there is lots more information that I can post later on.
Cheers
Blake A. Worthington
---------- Post added at 01:12 AM ---------- Previous post was at 12:52 AM ----------
Also found this was connected and perhaps a real name or partner:
------------
Registered through: GoDaddy.com, LLC (
http://www.godaddy.com)
Domain Name: WHOISPARSER.COM
Created on: 05-Dec-12
Expires on: 05-Dec-13
Last Updated on: 05-Dec-12
Registrant:
Instant-Automation
2885 Sanford Ave
SW #15906
Grandville, Michigan 49418
United States
Administrative Contact:
McKenzie, Joshua Email Masking
[email protected]
Instant-Automation
2885 Sanford Ave
SW #15906
Grandville, Michigan 49418
United States
6012483959
---------------
Above was found via this webpage:
http://stackoverflow.com/questions/12453145/bulk-retrieve-whois-contact-details/13764005#13764005
Now this looks oddly familiar
====================
Domain Name: codervision.com
Registered at
http://www.dynadot.com
Registrant:
Devan Hamlin Crow, Inc.
Devan Hamlin Crow
2885 Sanford Ave
SW#15906
Grandville, MI 49418
United States
Administrative Contact:
Devan Hamlin Crow, Inc.
Devan Hamlin Crow
2885 Sanford Ave
SW#15906
Grandville, MI 49418
United States
+001 580-786-1043
Technical Contact:
Devan Hamlin Crow, Inc.
Devan Hamlin Crow
2885 Sanford Ave
SW#15906
Grandville, MI 49418
United States
+001 580-786-1043
Record expires on 2013/01/12 UTC
Record created on 2012/01/12 UTC
Domain servers in listed order:
ns1.iadnshost.com
ns2.iadnshost.com
======================
Information Obtained from:
http://whois.domaintools.com/codervision.com