Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [counterfeit] [67.168.106.59] (disrich.com / modadns.com / slonoima.com) Final sale in replica watch store

0 views
Skip to first unread message

TomezNet

unread,
Jul 16, 2007, 1:30:10 AM7/16/07
to
Received From:
IP 67.168.106.59 c-67-168-106-59.hsd1.wa.comcast.net

Spamvert:
disrich.com IP 124.254.2.230
(SBL48585 / SBL56318) (at THBA / gwbn.net.cn)

slonoima.com IP N/A

counterfeit watches spam.

Title: Diamond Watches (a.k.a Diamond Replicas)

More spammer sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&

More info below:
====================

X-SID-PRA: <loren...@hotmail.com>
X-SID-Result: SoftFail
X-Message-Info: txF49lGdW41vs4UMMl/
hrV9cA5MT8yspm8kBxNKd9NWRvCQK6Cv2EZh9SEOedfKR
Received: from tomts3-srv.bellnexxia.net ([209.226.175.115]) by bay0-
pamc1-f11.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Tue, 10 Jul 2007 21:45:42 -0700
Received: from [MUNGED]
by toip24.srvr.bell.ca with ESMTP; 11 Jul 2007 00:45:36 -0400
Received: (qmail 1546 invoked by uid 110); 11 Jul 2007 00:45:36 -0400
Delivered-To: [MUNGED]
Received: (qmail 1511 invoked from network); 11 Jul 2007 00:45:36
-0400
Received: from c-67-168-106-59.hsd1.wa.comcast.net (HELO CHICOSTICK.
6ueo5.net) (67.168.106.59)
by [MUNGED] with SMTP; 11 Jul 2007 00:45:36 -0400
Message-ID: <06190928963284.9CC5E32E47@7Z8YI>
From: <loren...@hotmail.com >
To: <[MUNGED]>
Subject: Final sale in replica watch store
Date: Tue, 10 Jul 2007 21:46:21 -0700
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: caQIdN3CQ6aCvXZgrFc7511pW0htV7kvQ1Vb
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0032_9D575F62.91F6E454"
Return-Path: loren...@hotmail.com
X-OriginalArrivalTime: 11 Jul 2007 04:45:42.0695 (UTC)
FILETIME=[566DEB70:01C7C376]

------=_NextPart_000_0032_9D575F62.91F6E454
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit

First thing in the paraphernalia of a high-society person - luxury
timepiece!
Enjoy our unbelievably low prices and free express shipping!
All the most popular brands always in stock - waiting for you!
http://disrich.com
------=_NextPart_000_0032_9D575F62.91F6E454
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit

<html>
Hottest offer of this summer - affordable replica watches at our shop!
<br>
Enjoy our unbelievably low prices and free express shipping!<br>
<A href="http://slonoima.com">Pick up a perfect chronometer for you
out of our huge stock now!<br></A>

<br><br><br><br><br><br><br><br>
<font color=white>Head First Design Patterns </font>
<font color=white>else. Something more</font>
<font color=white>to use them (and when </font>
<font color=white>it struggling with academic</font>
<font color=white>so that you can spend </font>
<font color=white>science, and learning theory, </font>
<font color=white>also want to learn </font>
<font color=white> be wrong (and what </font>
<font color=white>support in your own code.</font>
<font color=white>science, and learning theory, </font>
<font color=white>about inheritance might</font>
<font color=white>matter--why to use them, </font>
<font color=white> a book, you want </font>
<font color=white>a design paddle pattern. </font>
<font color=white>is so often misunderstood, </font>
<font color=white>your time on...something </font>
<font color=white>Best of all, in a way that won't </font>
<font color=white>applications. You </font>
<font color=white> challenging. Something </font>
<font color=white>Java's built-in pattern </font>
<font color=white>to do instead). You want</font>
<font color=white>to use them (and when </font>
<font color=white> Patterns--the lessons</font>
<font color=white>up a creek without </font>
<font color=white> advantage</font>
<font color=white>"secret language" </font>
<font color=white>your time on...something </font>
<font color=white>will load patterns into your </font>
<font color=white>But you don't just </font>
<font color=white>matter--why to use them, </font>
<font color=white> what to expect--a visually-rich </font>
<font color=white> the "Trading Spaces" show. </font>
<font color=white>to use them (and when </font>
<font color=white>your boss told you </font>
<font color=white>science, and learning theory, </font>
<font color=white> and why everything </font>
</html>

------=_NextPart_000_0032_9D575F62.91F6E454--

-- END OF SPAM --

This spammer is always sending multiple emails to unknown users (Cc: /
Bcc:), from forged senders that are their actual targets, relying on
MTA to bounce the mail to the forged sender, with original body
trying
to create backscatter spam.

See:
IP 67.168.106.59 c-67-168-106-59.hsd1.wa.comcast.net

http://www.moensted.dk/spam/?addr=67.168.106.59
http://www.spamhaus.org/query/bl?ip=67.168.106.59
http://www.spamhaus.org/pbl/query/PBL114748
http://cbl.abuseat.org/lookup.cgi?ip=67.168.106.59
http://www.apews.org/?page=test&C=130&E=219236&ip=67.168.106.59

So much more comcast.net sightings:
http://groups.google.com/groups/search?q=comcast.net+group%3A*abuse&start=0&scoring=d&

Comcast Cable Communications, Inc. ATT-COMCAST (NET-67-160-0-0-1)
67.160.0.0 - 67.191.255.255
Comcast Cable Communications, IP Services WASHINGTON-4
(NET-67-168-0-0-1)
67.168.0.0 - 67.168.127.255

CustName: Comcast Cable Communications, IP Services
NetRange: 67.168.0.0 - 67.168.127.255
CIDR: 67.168.0.0/17
NetName: WASHINGTON-4
NetHandle: NET-67-168-0-0-1
Parent: NET-67-160-0-0-1
NetType: Reassigned

route: 67.168.0.0/17
descr: Comcast Cable Communications, Inc.
1800 Bishops Gate Blvd
Mt Laurel, NJ 08054
origin: AS33650
mnt-by: MNT-CMCS
changed: tony_...@spam-free.cable.comcast.com
Prefix: 67.168.0.0/17
Prefix Name: Comcast Cable Communications, Inc 1800 Bishops Gate Blvd
Mt Laurel, NJ 08054
AS: 33650
AS Name: ?
http://www.cidr-report.org/cgi-bin/as-report?as=33650

28 SBL/ROKSO listings for IPs under the responsibility of comcast.net
http://www.spamhaus.org/sbl/listings.lasso?isp=comcast.net

See:
slonoima.com IP N/A

slonoima.com has no MX records

Let see whois:
Checking server [whois.enom.com]
Registration Service Provided By: NameCheap.com
Contact: sup...@NameCheap.com

Domain name: slonoima.com

Registrant Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsia2007[]pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Administrative Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Technical Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Status: Locked

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 15 Jun 2007 22:18:54
Expiration date: 15 Jun 2008 22:18:54

More slonoima.com sightings:
http://groups.google.com/groups/search?q=slonoima.com+group%3A*abuse&start=0&scoring=d&

Spamvert URL redirection:

HTTP/1.1 302 Found
Date: Mon, 16 Jul 2007 04:56:15 GMT
Server: Apache/2.2.4 (FreeBSD) mod_ssl/2.2.4 OpenSSL/0.9.7e-p1 DAV/2
PHP/5.2.3 with Suhosin-Patch
X-Powered-By: PHP/5.2.3
Location: http://disrich.com/rp/index.php?mid=10041&fid=MkAi83MaoqhMFjsMFhwuaakdjhfKeuw
Content-Length: 0
Connection: close
Content-Type: text/html

See:
disrich.com IP 124.254.2.230
ns1.modadns.com [58.83.12.6] [TTL=172800] [CN]
ns2.modadns.com [124.254.2.230] [TTL=172800] [CN]

NS records at nameservers are:
dns1.disrich.com [no glue provided] [TTL=60]
dns2.disrich.com [no glue provided] [TTL=60]

SOA record [TTL=2048] is:
Primary nameserver: ns1.myserver.com
Hostmaster E-mail address: hostm...@disrich.com
Serial #: 1184480567

disrich.com has no MX records

www.disrich.com CNAME disrich.com [TTL=60]

http://www.moensted.dk/spam/?addr=124.254.2.230
http://www.spamhaus.org/query/bl?ip=124.254.2.230

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL48585
124.254.0.0/18 is listed on the Spamhaus Block List (SBL)

09-May-2007 08:47 GMT | SR02

THBA
Spam haven, bulletproof hosting for spammers.

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56318
124.254.2.230/32 is listed on the Spamhaus Block List (SBL)

06-Jul-2007 06:55 GMT | SR02

stflu.com etc.

33 SBL/ROKSO listings for IPs under the responsibility of gwbn.net.cn
http://www.spamhaus.org/sbl/listings.lasso?isp=gwbn.net.cn

7 hosts sharing ip 124.254.2.230 with disrich.com
aftflu.com
behflu.com
ephflu.com
picrich.com
stflu.com
takewflu.com
trarich.com

inetnum: 124.254.0.0 - 124.254.63.255
netname: THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
person: Song Wang
nic-hdl: SW623-AP
e-mail: luy...@163.com
mntner: MAINT-CN-THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
person: Shilie Weng
address: 1954 Huashan Rd.
address: Shanghai Jiaotong University
address: Shanghai, 200030, CN
phone: +86-21-4310310 ext 2236
e-mail: slw...@sjtu.edu.cn
nic-hdl: SW1-CN
notify: dm...@apnic.net
tech-c: SW1-CN
upd-to: bkson...@msn.com

IP: 124.254.2.230
Reverse: undefined.bjgwbn.net.cn

Aliases:
trarich.com
ephflu.com
picrich.com
aftflu.com
stflu.com
behflu.com
takewflu.com

Prefix: 124.254.0.0/18
Prefix Name: error
AS: 4847
AS Name: CHINANET BJ METRO BeijingTelecom
http://www.cidr-report.org/cgi-bin/as-report?as=4847

Let see whois:
Checking server [whois.enom.com]
Registration Service Provided By: NameCheap.com
Contact: sup...@NameCheap.com

abuse[]NameCheap.com is listed in rfc-ignorant.org database

Domain name: disrich.com

Registrant Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsia2007[]pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Administrative Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Technical Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Status: Locked

Name Servers:
ns1.modadns.com
ns2.modadns.com

Creation date: 05 Jul 2007 09:19:11
Expiration date: 05 Jul 2008 09:19:11

More disrich.com sightings:
http://groups.google.com/groups/search?q=disrich.com+group%3A*abuse&start=0&scoring=d&

See also more registrant falsi...@pop.com.br sightings:
http://groups.google.com/groups/search?q=%22falsia2007%40pop.com.br%22+group%3A*abuse&qt_s=Search

See:
ns1.modadns.com IP 58.83.12.6

ns1.modadns.com has no MX records -> modadns.com has no MX records

http://www.moensted.dk/spam/?addr=58.83.12.6
http://www.spamhaus.org/query/bl?ip=58.83.12.6

More 58.83.12.6 sightings:
http://groups.google.com/groups/search?q=58.83.12.6+group%3A*abuse&qt_s=Search

58.83.12.6 is listed in the SBL, in the following records:
* SBL51900
* SBL53280
* SBL56425

inetnum: 58.83.12.0 - 58.83.15.255
netname: csallnetlink-cn
descr: changsha allnetlink development co.,LTD
country: CN
remarks: w...@allnetlink.com.cn
person: yongcheng wang
nic-hdl: YW811-AP
e-mail: wan...@allnetlink.com.cn
address: changsha allnetlink co., LTD
person: ada chen
nic-hdl: AC893-AP
changed: BLUESKY...@163.COM

Aliases:
ns1.leoemch.com
entrflu.com
ns2.leoemch.com
leoemch.com

Prefix: 58.83.12.0/22
Prefix Name: error
AS: 18118
AS Name: CITICNET AP CITIC Networks Management Co ,Ltd 6 XINYUANNANLU
BEIJING
http://www.cidr-report.org/cgi-bin/as-report?as=18118

More modadns.com sightings:
http://groups.google.com/groups/search?q=modadns.com+group%3A*abuse&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/ad6e99fecf4ae825

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/4f006a383b0a7f79

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages