Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [counterfeit] [85.172.27.17] (trarich.com - modadns.com) luxuries for cheap

0 views
Skip to first unread message

TomezNet

unread,
Jul 9, 2007, 3:32:59 AM7/9/07
to
Received From:
IP 85.172.27.17 85.172.27.17.modem-pool.krdn.ru
(at kuban.ru)

Spamvert:
trarich.com IP 124.254.2.230
(SBL56318 - SBL48585) (at THBA / gwbn.net.cn)

Title: Diamond Watches a.k.a Diamond Replicas

More spammer sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&

Headers forgery by spammer.

More info below:
====================

X-Message-Info:
txF49lGdW434cca0V6TtFun7fPOT6ZWTBncp35QuHlX5KqygIsht0a0pUHlO3rYJ
Received: from tomts30-srv.bellnexxia.net ([209.226.175.104]) by bay0-
pamc1-f13.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 8 Jul 2007 11:57:20 -0700
Received: from [MUNGED]
by toip21.srvr.bell.ca with ESMTP; 08 Jul 2007 14:57:14 -0400
Received: (qmail 16155 invoked by uid 110); 8 Jul 2007 14:46:40 -0400
Delivered-To: [MUNGED]
Received: (qmail 16018 invoked from network); 8 Jul 2007 14:46:37
-0400
Received: from 85.172.27.17.modem-pool.krdn.ru (85.172.27.17)
by [MUNGED] with SMTP; 8 Jul 2007 14:46:37 -0400
Return-path: <[MUNGED]>
X-Original-To: [MUNGED]
Delivered-To: [MUNGED]
Received: from [85.172.27.17] (port=19260 helo=85.172.27.17.modem-
pool.krdn.ru)
by [MUNGED] with ESMTP id 61603617682
for <[MUNGED]>; Sun, 08 Jul 2007 22:46:28 +0300 (EET)
From: [MUNGED]
To: [MUNGED]
Subject: luxuries for cheap
Date: Sun, 08 Jul 2007 22:46:29 +0300 (EET)
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: 4dJ5II20046u18088fl78425py7rO3==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Message-ID: <0a4d01c7c1b1$01c7c1b1$111bac55@[MUNGED]>
Status:
X-OriginalArrivalTime: 08 Jul 2007 18:57:20.0968 (UTC)
FILETIME=[D0225C80:01C7C191]

Exclusive,handmade rep lica models</!>
100% your satisfaction guaranteed.</234>
http://trarich.com/
HUGE discounts.

-- END OF SPAM --

See:
IP 85.172.27.17 85.172.27.17.modem-pool.krdn.ru

http://www.moensted.dk/spam/?addr=85.172.27.17
http://www.spamhaus.org/query/bl?ip=85.172.27.17
http://cbl.abuseat.org/lookup.cgi?ip=85.172.27.17

inetnum: 85.172.0.0 - 85.172.31.255
netname: KRASNODAR-REGION-NETWORK
descr: Public Joint Stock Company "Southern
Telecommunication Company"
descr: Krasnodar, Russia
country: RU
role: STC Internet Center
address: "Southern Telecommunications Company" PJSC
address: 66, Karasunskaya Str.
address: Krasnodar 350000
address: Russia

More kuban.ru sightings:
http://groups.google.com/groups/search?q=kuban.ru+group%3A*abuse&start=0&scoring=d&

postmaster and abuse[]kuban.ru are listed in rfc-ignorant.org database

route: 85.172.0.0/19
descr: Southen Telecommunication Maintainer
origin: AS25490
notify: g...@ns.kuban.ru
mnt-by: STC-MNT
changed: g...@ns.kuban.ru

Prefix: 85.172.0.0/19
Prefix Name: Southen Telecommunication Maintainer
AS: 25490
AS Name: STC AS Southern Telecommunication Autonomous Systems
http://www.cidr-report.org/cgi-bin/as-report?as=25490

See:
trarich.com IP 124.254.2.230
ns1.modadns.com [58.83.12.6] [TTL=172800] [CN]
ns2.modadns.com [124.254.2.230] [TTL=172800] [CN]

NS records at nameservers are:
dns1.trarich.com [no glue provided] [TTL=60]
dns2.trarich.com [no glue provided] [TTL=60]

SOA record [TTL=2048] is:
Primary nameserver: ns1.myserver.com
Hostmaster E-mail address: hostm...@trarich.com
Serial #: 1183638089

trarich.com has no MX records

http://www.moensted.dk/spam/?addr=124.254.2.230
http://www.spamhaus.org/query/bl?ip=124.254.2.230

Source code:
HTTP/1.1 302 Found
Date: Sun, 08 Jul 2007 19:28:02 GMT
Server: Apache/2.2.4 (FreeBSD) mod_ssl/2.2.4 OpenSSL/0.9.7e-p1 DAV/2
PHP/5.2.3 with Suhosin-Patch
X-Powered-By: PHP/5.2.3
Location: http://trarich.com/rp/index.php?mid=10016&fid=PoWjfKskwsLFjsFlsjfe
Content-Length: 0
Connection: close
Content-Type: text/html

5 hosts sharing ip 124.254.2.230 with trarich.com
aftflu.com
behflu.com
ephflu.com
stflu.com
takewflu.com

inetnum: 124.254.0.0 - 124.254.63.255
netname: THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
person: Song Wang
nic-hdl: SW623-AP
e-mail: luy...@163.com
mntner: MAINT-CN-THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
person: Shilie Weng
address: 1954 Huashan Rd.
address: Shanghai Jiaotong University
address: Shanghai, 200030, CN
phone: +86-21-4310310 ext 2236
e-mail: slw...@sjtu.edu.cn
nic-hdl: SW1-CN
notify: dm...@apnic.net
tech-c: SW1-CN
upd-to: bkson...@msn.com

IP: 124.254.2.230
Reverse: undefined.bjgwbn.net.cn

Prefix: 124.254.0.0/18
Prefix Name: error
AS: 4847
AS Name: CHINANET BJ METRO BeijingTelecom
http://www.cidr-report.org/cgi-bin/as-report?as=4847

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL48585
124.254.0.0/18 is listed on the Spamhaus Block List (SBL)

09-May-2007 08:47 GMT | SR02

THBA
Spam haven, bulletproof hosting for spammers.

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56318
124.254.2.230/32 is listed on the Spamhaus Block List (SBL)

06-Jul-2007 06:55 GMT | SR02

stflu.com etc.

30 SBL/ROKSO listings for IPs under the responsibility of gwbn.net.cn
http://www.spamhaus.org/sbl/listings.lasso?isp=gwbn.net.cn

Let see whois:
Checking server [whois.enom.com]
Results:
Registration Service Provided By: NameCheap.com
Contact: sup...@NameCheap.com

Domain name: trarich.com

Registrant Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsia2007[]pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Administrative Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Technical Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Status: Locked

Name Servers:
ns1.modadns.com
ns2.modadns.com

Creation date: 05 Jul 2007 09:19:58
Expiration date: 05 Jul 2008 09:19:58

More trarich.com sightings:
http://groups.google.com/groups/search?q=trarich.com+group%3A*abuse&qt_s=Search

See:
ns1.modadns.com IP 58.83.12.6

ns1.modadns.com has no MX records -> modadns.com has no MX records

http://www.moensted.dk/spam/?addr=58.83.12.6
http://www.spamhaus.org/query/bl?ip=58.83.12.6

More 58.83.12.6 sightings:
http://groups.google.com/groups/search?q=58.83.12.6+group%3A*abuse&qt_s=Search

inetnum: 58.83.12.0 - 58.83.15.255
netname: csallnetlink-cn
descr: changsha allnetlink development co.,LTD
country: CN
remarks: w...@allnetlink.com.cn
person: yongcheng wang
nic-hdl: YW811-AP
e-mail: wan...@allnetlink.com.cn
address: changsha allnetlink co., LTD
person: ada chen
nic-hdl: AC893-AP
changed: BLUESKY...@163.COM

Aliases:
ns1.leoemch.com
entrflu.com
ns2.leoemch.com
leoemch.com

Prefix: 58.83.12.0/22
Prefix Name: error
AS: 18118
AS Name: CITICNET AP CITIC Networks Management Co ,Ltd 6 XINYUANNANLU
BEIJING
http://www.cidr-report.org/cgi-bin/as-report?as=18118

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL51900
58.83.0.0/16 is listed on the Spamhaus Block List (SBL)

27-Apr-2007 08:03 GMT | SR02

tianjian / hylink-cn / bluesky

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL53280
58.83.12.0/22 is listed on the Spamhaus Block List (SBL)

07-Apr-2007 10:32 GMT | SR02

csallnetlink-cn / BLUESKY

BLUESKY provides bulletproof spam hosting and does not reply to spam
reports or SBL listings.

20 SBL/ROKSO listings for IPs under the responsibility of bluesky
http://www.spamhaus.org/sbl/listings.lasso?isp=bluesky

Let see whois:
Checking server [whois.enom.com]
Results:
Registration Service Provided By: NameCheap.com
Contact: sup...@NameCheap.com

Domain name: modadns.com

Registrant Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsia2007[]pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Administrative Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Technical Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Status: Locked

Name Servers:
ns1.modadns.com
ns2.modadns.com

Creation date: 18 May 2007 22:46:20
Expiration date: 18 May 2008 22:46:20

More modadns.com sightings:
http://groups.google.com/groups/search?q=modadns.com+group%3A*abuse&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/e88f04f531f71be4

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/d4ec058f23e668e1

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages