Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [counterfeit] [84.3.141.221] (picrich.com / modadns.com) exclusive watches

0 views
Skip to first unread message

TomezNet

unread,
Jul 11, 2007, 12:30:28 AM7/11/07
to
Received From:
IP 84.3.141.221 catv54038ddd.pool.t-online.hu

Spamvert:
picrich.com IP 124.254.2.230
(SBL56318 - SBL48585) (at THBA / gwbn.net.cn)

Title: Diamond Watches (a.k.a Diamond Replicas)

More spammer sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&

Sender identity and Headers forgery by spammer.

More info below:
====================

X-SID-PRA: <[MUNGED]>
X-Message-Info:
txF49lGdW424IRDwFUpg2lbsgaPhb1SE2uW91cYrvZKIyT4DHEmUoeg7+nfXSRha
Received: from tomts1-srv.bellnexxia.net ([209.226.175.113]) by bay0-
pamc1-f6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sat, 7 Jul 2007 16:01:17 -0700
Received: from [MUNGED]
by toip23.srvr.bell.ca with ESMTP; 07 Jul 2007 19:01:14 -0400
Received: (qmail 25684 invoked by uid 110); 7 Jul 2007 19:01:13 -0400
Delivered-To: [MUNGED]
Received: (qmail 25638 invoked from network); 7 Jul 2007 19:01:13
-0400
Received: from catv54038ddd.pool.t-online.hu (84.3.141.221)
by [MUNGED] with SMTP; 7 Jul 2007 19:01:13 -0400
Return-path: <[MUNGED]>
X-Original-To: [MUNGED]
Delivered-To: [MUNGED]
Received: from [84.3.141.221] (port=36078 helo=catv54038DDD.pool.t-
online.hu)
by [MUNGED] with ESMTP id [MUNGED]
for <[MUNGED]>; Sun, 08 Jul 2007 01:01:20 +0100 (EET)
From: [MUNGED]
To: [MUNGED]
Subject: exclusive watches
Date: Sun, 08 Jul 2007 01:01:20 +0100 (EET)
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: 8512gxel22qb47Kx02SYN8RJAWSk70==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Message-ID: <3af601c7c0fb$01c7c0fb$dd8d0354@[MUNGED]>
Status:
X-OriginalArrivalTime: 07 Jul 2007 23:01:17.0640 (UTC)
FILETIME=[B9DB8480:01C7C0EA]

Exclusive,handmade rep lica models</!>
100% your satisfaction guaranteed.</234>
http://picrich.com/
HUGE discounts.

-- END OF SPAM --

See:
IP 84.3.141.221 catv54038ddd.pool.t-online.hu

http://www.moensted.dk/spam/?addr=84.3.141.221
http://www.spamhaus.org/query/bl?ip=84.3.141.221
http://www.spamhaus.org/pbl/query/PBL042863
http://www.apews.org/?page=test&C=82&E=178799&ip=84.3.141.221

More t-online.hu sightings:
http://groups.google.com/groups/search?q=t-online.hu+group%3A*abuse&start=0&scoring=d&

inetnum: 84.3.0.0 - 84.3.255.255
netname: CATV-TO
descr: Hungarian Telecom
descr: CATV clients (T-online dynamic pool)
country: HU
person: Irina Varnai
address: T-Online Hungary, Magyar Telecom Group
address: Pf.204
address: H-1364 Budapest
address: Hungary
person: Istvan Csaky
address: Hungarian Telecom
address: Long Distance Directorate
address: Varoshaz str. 18.
address: Budapest
address: H-1052 Hungary
phone: +36 1 235 2355
fax-no: +36 1 235 2350
e-mail: cs...@matav.net
person: Attila Balogh
e-mail: b...@matav.net
abuse-mailbox: ab...@t-online.hu => ???

abuse[]t-online.hu is listed in rfc-ignorant.org database

route: 84.0.0.0/14
descr: T-Com Hungary, T-Online Hungary
descr: Public Internet Access Provider
descr: Budapest, Hungary
descr: HU
origin: AS5483
notify: net-...@matav.net
mnt-by: TCOM-MNT
changed: b...@matav.net 20040917
changed: ir...@t-online.hu 20060523
changed: b...@matav.net

Prefix: 84.0.0.0/14
Prefix Name: T Com Hungary, T Online Hungary Public Internet Access
Provider Budapest, Hungary HU
AS: 5483
AS Name: HTC AS Hungarian Telecom Public Internet Access Provider
Budapest, Hungary HU
http://www.cidr-report.org/cgi-bin/as-report?as=5483

2 SBL/ROKSO listings for IPs under the responsibility of t-online.hu
http://www.spamhaus.org/sbl/listings.lasso?isp=t-online.hu

Spamvert URL Redirected to:
http://picrich.com/rp/index.php

See:
picrich.com IP 124.254.2.230
ns1.modadns.com [58.83.12.6] [TTL=172800] [CN]
ns2.modadns.com [124.254.2.230] [TTL=172800] [CN]

NS records at nameservers are:
dns1.picrich.com [no glue provided] [TTL=60]
dns2.picrich.com [no glue provided] [TTL=60]

SOA record [TTL=2048] is:
Primary nameserver: ns1.myserver.com
Hostmaster E-mail address: hostm...@picrich.com
Serial #: 1184014620

picrich.com has no MX records

http://www.moensted.dk/spam/?addr=124.254.2.230
http://www.spamhaus.org/query/bl?ip=124.254.2.230

Source code:
HTTP/1.1 302 Found
Date: Wed, 11 Jul 2007 03:40:19 GMT
Server: Apache/2.2.4 (FreeBSD) mod_ssl/2.2.4 OpenSSL/0.9.7e-p1 DAV/2
PHP/5.2.3 with Suhosin-Patch
X-Powered-By: PHP/5.2.3
Location: http://picrich.com/rp/index.php?mid=10016&fid=PoWjfKskwsLFjsFlsjfe
Content-Length: 0
Connection: close
Content-Type: text/html

6 hosts sharing ip 124.254.2.230 with picrich.com
aftflu.com
behflu.com
ephflu.com
stflu.com
takewflu.com
trarich.com

inetnum: 124.254.0.0 - 124.254.63.255
netname: THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
person: Song Wang
nic-hdl: SW623-AP
e-mail: luy...@163.com
mntner: MAINT-CN-THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
person: Shilie Weng
address: 1954 Huashan Rd.
address: Shanghai Jiaotong University
address: Shanghai, 200030, CN
phone: +86-21-4310310 ext 2236
e-mail: slw...@sjtu.edu.cn
nic-hdl: SW1-CN
notify: dm...@apnic.net
tech-c: SW1-CN
upd-to: bkson...@msn.com

IP: 124.254.2.230
Reverse: undefined.bjgwbn.net.cn

Aliases:
trarich.com
ephflu.com
picrich.com
aftflu.com
stflu.com
behflu.com
takewflu.com

Prefix: 124.254.0.0/18
Prefix Name: error
AS: 4847
AS Name: CHINANET BJ METRO BeijingTelecom
http://www.cidr-report.org/cgi-bin/as-report?as=4847

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL48585
124.254.0.0/18 is listed on the Spamhaus Block List (SBL)

09-May-2007 08:47 GMT | SR02

THBA
Spam haven, bulletproof hosting for spammers.

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56318
124.254.2.230/32 is listed on the Spamhaus Block List (SBL)

06-Jul-2007 06:55 GMT | SR02

stflu.com etc.

33 SBL/ROKSO listings for IPs under the responsibility of gwbn.net.cn
http://www.spamhaus.org/sbl/listings.lasso?isp=gwbn.net.cn

Let see whois:
Checking server [whois.enom.com]
Results:
Registration Service Provided By: NameCheap.com
Contact: sup...@NameCheap.com

abuse[]NameCheap.com is listed in rfc-ignorant.org database

Domain name: picrich.com

Registrant Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsia2007[]pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Administrative Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Technical Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Status: Locked

Name Servers:
ns1.modadns.com
ns2.modadns.com

Creation date: 05 Jul 2007 09:19:27
Expiration date: 05 Jul 2008 09:19:27

More picrich.com sightings:
http://groups.google.com/groups/search?q=picrich.com+group%3A*abuse&qt_s=Search

See:
ns1.modadns.com IP 58.83.12.6

ns1.modadns.com has no MX records -> modadns.com has no MX records

http://www.moensted.dk/spam/?addr=58.83.12.6
http://www.spamhaus.org/query/bl?ip=58.83.12.6

More 58.83.12.6 sightings:
http://groups.google.com/groups/search?q=58.83.12.6+group%3A*abuse&qt_s=Search

inetnum: 58.83.12.0 - 58.83.15.255
netname: csallnetlink-cn
descr: changsha allnetlink development co.,LTD
country: CN
remarks: w...@allnetlink.com.cn
person: yongcheng wang
nic-hdl: YW811-AP
e-mail: wan...@allnetlink.com.cn
address: changsha allnetlink co., LTD
person: ada chen
nic-hdl: AC893-AP
changed: BLUESKY...@163.COM

Aliases:
ns1.leoemch.com
entrflu.com
ns2.leoemch.com
leoemch.com

Prefix: 58.83.12.0/22
Prefix Name: error
AS: 18118
AS Name: CITICNET AP CITIC Networks Management Co ,Ltd 6 XINYUANNANLU
BEIJING
http://www.cidr-report.org/cgi-bin/as-report?as=18118

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL51900
58.83.0.0/16 is listed on the Spamhaus Block List (SBL)

27-Apr-2007 08:03 GMT | SR02

tianjian / hylink-cn / bluesky

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL53280
58.83.12.0/22 is listed on the Spamhaus Block List (SBL)

07-Apr-2007 10:32 GMT | SR02

csallnetlink-cn / BLUESKY

BLUESKY provides bulletproof spam hosting and does not reply to spam
reports or SBL listings.

21 SBL/ROKSO listings for IPs under the responsibility of bluesky
http://www.spamhaus.org/sbl/listings.lasso?isp=bluesky

Let see whois:
Checking server [whois.enom.com]
Results:
Registration Service Provided By: NameCheap.com
Contact: sup...@NameCheap.com

Domain name: modadns.com

Registrant Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Creation date: 18 May 2007 22:46:20
Expiration date: 18 May 2008 22:46:20

More modadns.com sightings:
http://groups.google.com/groups/search?q=modadns.com+group%3A*abuse&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/e88f04f531f71be4

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/243dd83a0ddf6fa4

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/ba4031f2758913d6

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages