Further Research into the GSPC’s Homepage

As I noted in two earlier posts here and here, the GSPC has had a bit of help with keeping thier sites online. One of thier earlier websites was registered to one “Songkod Sataratpayoon” (ie: songkod@hotmail.com) who was also into Nigerian 419 Scams and Phishing attacks. I’ve revisited Mr. Songkod and done a bit of research into his online presence. A brief summary of my findings follows after the break.

I’ll add that it has been several days and two emails to the company hosting the GSPC’s current website in Dallas, Texas, I have received no reply (and don’t expect one) and the website is still online.

Note that he was the technical contact listed on Jihad-Algeria’s DNS record.

He was also listed on the “www.astb.us” 419 fraud as is seen below:

#begin lookup

Registrant Name: Mr Henry henry
Registrant Organization: henry
Registrant Address1: bkk
Registrant Address2: bkk
Registrant City: bkk
Registrant State/Province: bkk
Registrant Postal Code: 11000
Registrant Country: Thailand
Registrant Country Code: TH
Registrant Phone Number: +66.32433280
Registrant Facsimile Number: +66.32433280
Registrant Email: bytech98@yahoo.com
Registrant Application Purpose: P1
Registrant Nexus Category: C11
Administrative Contact ID: GODA-25849323
Administrative Contact Name: Mr.songkod Sataratpayoon
Administrative Contact Organization: Cha-am IT Shop
Administrative Contact Address1: 30/26 Ratpree1 RD.
Administrative Contact Address2: Cha-am
Administrative Contact City: Phetchburi
Administrative Contact State/Province: Phetchburi
Administrative Contact Postal Code: 76120
Administrative Contact Country: Thailand
Administrative Contact Country Code: TH
Administrative Contact Phone Number: +66.32433280
Administrative Contact Facsimile Number: +66.32433280
Administrative Contact Email: songkod@hotmail.com
Administrative Contact Application Purpose: P1
Administrative Contact Nexus Category: C11
Billing Contact ID: GODA-35849323
Billing Contact Name: Mr.songkod Sataratpayoon
Billing Contact Organization: Cha-am IT Shop
Billing Contact Address1: 30/26 Ratpree1 RD.
Billing Contact Address2: Cha-am
Billing Contact City: Phetchburi
Billing Contact State/Province: Phetchburi
Billing Contact Postal Code: 76120
Billing Contact Country: Thailand
Billing Contact Country Code: TH
Billing Contact Phone Number: +66.32433280
Billing Contact Facsimile Number: +66.32433280
Billing Contact Email: songkod@hotmail.com
Billing Contact Application Purpose: P1
Billing Contact Nexus Category: C11
Technical Contact ID: GODA-15849323
Technical Contact Name: Mr.songkod Sataratpayoon
Technical Contact Organization: Cha-am IT Shop
Technical Contact Address1: 30/26 Ratpree1 RD.
Technical Contact Address2: Cha-am
Technical Contact City: Phetchburi
Technical Contact State/Province: Phetchburi
Technical Contact Postal Code: 76120
Technical Contact Country: Thailand
Technical Contact Country Code: TH
Technical Contact Phone Number: +66.32433280
Technical Contact Facsimile Number: +66.32433280
Technical Contact Email: songkod@hotmail.com
Technical Contact Application Purpose: P1
Technical Contact Nexus Category: C11
Name Server: NS1.HYNIXS.NET
Name Server: NS2.HYNIXS.NET
Created by Registrar: BLUE RAZOR DOMAINS, INC.
Last Updated by Registrar: BLUE RAZOR DOMAINS, INC.
Domain Registration Date: Wed Mar 17 10:26:36 GMT 2004
Domain Expiration Date: Wed Mar 16 23:59:59 GMT 2005
Domain Last Updated Date: Fri Feb 04 04:00:45 GMT 2005

>>>> Whois database was last updated on: Tue Feb 08 03:46:17 GMT 2005 Whois Privacy and Spam Prevention by Whois Source
30/26 ratpree1 chaam phetchburi
phetchburi, phetchburi 76120
032433280 Fax: 032433280
Technical Contact:
Sitthipitune, Thanawut Whois Privacy and Spam Prevention by Whois Source
4/10 Moo.8 SoiJaransanitwong 13
Saibangwaek Road,
KetPasrijarearn, Bangkok 10160
662-8657673 Fax: 662-8657721
Registrar of Record: TUCOWS, INC.
Record last updated on 09-Dec-2004.
Record expires on 01-Jan-2012.
Record created on 01-Jan-2002.

The site is located in Chicago, Illinois, USA as is evidenced below.
Website Title: Home
Response Code: 206
SSL Cert: gourmetcollections.com expires in 155 days
Alexa Trend/Rank: Not Ranked
Website Status: Active
Reverse IP: Web server hosts 737 websites (reverse ip tool requires free login)
Server Type: Apache/1.3.34 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.4 FrontPage/ mod_ssl/2.8.25 OpenSSL/0.9.6b PHP-CGI/0.1b
(Spry.com also uses Apache)
IP Address: (ARIN & RIPE IP search)
IP Location: – Illinois – Chicago – Xnet Information Systems
Blacklist Status: Clear – Last blocked 2005-07-29 (history)
Whois History: 5 records stored
Oldest: 2004-05-07
Newest: 2006-02-27
Record Type: Domain Name
Monitor: Monitor or Backorder
Wildcard search: ‘chaamit’ or ‘ch aa mit’ in all domains.
[5 available domains]
Created: 01-jan-2002
Expires: 01-jan-2012

Hmmm looks like the site above also uses the SSL certificate for “https://gourmetcollections.com”. “Gourmet Collections” is a food website right? Wrong, they “sell” performance import car parts. It’s hosted in Dayton, Ohio, USA.

For a final laugh our aspiring cyber jihadi does a bit of really shitty web design as evidenced on “Chaamgoat.com”. The Chaamgoat website has multiple links to Islamic websites (I know, big surprise there).

Chaamgoat is registered too:

Registrant: Cha-am It 30/26 ratpree1 chaam phetchburi
phetchburi, phetchburi 76120 TH Domain name:
Administrative Contact: sataratpayoon, Mr.songkod
30/26 ratpree1 chaam phetchburi
phetchburi, phetchburi 76120
TH 032433280 Fax: 032433280

That is all for today.


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: