Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [counterfeit] [189.6.68.166] (disrich.com / modadns.com / proroma.com) Save money and look posh!

0 views
Skip to first unread message

TomezNet

unread,
Jul 22, 2007, 7:30:16 PM7/22/07
to
Received From:
IP 189.6.68.166
(at virtua.com.br)

disrich.com IP 124.254.2.230
proroma.com IP 124.254.2.230
(SBL48585 / SBL56318) (at THBA / gwbn.net.cn)

Redirected to:
http://disrich.com/rp/
http://proroma.com/rp/

counterfeit watches spam.

Title: Diamond Watches (a.k.a Diamond Replicas)

More spammer sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&

More info below:
====================

X-SID-PRA: <kearn...@hotmail.com>
X-SID-Result: SoftFail
X-Message-Info:
txF49lGdW40v5Jg5tIUuMayZ4dGVaknEEUCh435Qku6AGMkYr3ujqzUX20pUTgk+
Received: from tomts32-srv.bellnexxia.net ([209.226.175.106]) by bay0-
pamc1-f11.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 22 Jul 2007 11:29:13 -0700
Received: from [MUNGED]
by toip24.srvr.bell.ca with ESMTP; 22 Jul 2007 14:29:10 -0400
Received: (qmail 17864 invoked by uid 110); 22 Jul 2007 14:29:09 -0400
Delivered-To: [MUNGED]
Received: (qmail 17798 invoked from network); 22 Jul 2007 14:29:09
-0400
Received: from unknown (HELO USUARIO-B1CBF24) (189.6.68.166)
by [MUNGED] with SMTP; 22 Jul 2007 14:29:09 -0400
Message-ID: <47408328895717.26785FFA51@YQU0FUL>
From: <kearn...@hotmail.com >
To: [MUNGED]
Subject: Save money and look posh!
Date: Sun, 22 Jul 2007 15:36:08 -0300
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: LStrvMmvvgyTnPndqZqBWCVzGNoqjZzvskoR
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_008B_E6A73958.2B2938E6"
Return-Path: kearn...@hotmail.com
X-OriginalArrivalTime: 22 Jul 2007 18:29:13.0320 (UTC)
FILETIME=[34003680:01C7CC8E]

------=_NextPart_000_008B_E6A73958.2B2938E6
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit

Don't miss the chance to get yourself a qualitative replica timepiece
for less!
Get a step up on social ladder with one of our affordable replica
timepieces!
Millions of people all over the world believe the blameless quality of
our items!
http://proroma.com
------=_NextPart_000_008B_E6A73958.2B2938E6
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit

<html>
Don't have enough dough to buy the timepiece you want? See our replica
store!<br>
Check out our huge choice of affordable replica chronometers now!<br>
<A href="http://disrich.com">Best quality for about as much as nothing
- all famous brands presented here!<br></A>

<br><br><br><br><br><br><br><br>
<font color=white>is so often misunderstood, </font>
<font color=white>applications. You </font>
<font color=white> challenging. Something </font>
<font color=white>Best of all, in a way that won't </font>
<font color=white>look "in the wild".</font>
<font color=white>same problems. </font>
<font color=white>or on the real relationship </font>
<font color=white> own with your co-worker </font>
<font color=white>But you don't just </font>
<font color=white> and Adapter. With Head First</font>
<font color=white> Patterns--the lessons</font>
<font color=white> of the best practices </font>
<font color=white>somewhere in the world</font>
<font color=white>principles will help</font>
<font color=white>to know how they </font>
<font color=white> a book, you want </font>
<font color=white>NOT to use them). </font>
<font color=white>it struggling with academic</font>
<font color=white>will load patterns into your </font>
<font color=white>reinvent the wheel </font>
<font color=white>more complex. </font>
<font color=white>your boss told you </font>
<font color=white>neurobiology, cognitive </font>
<font color=white>design problems </font>
<font color=white>of patterns with others </font>
<font color=white>neurobiology, cognitive </font>
<font color=white>on your team. </font>
<font color=white>your time is too important</font>
<font color=white>so you look to Design</font>
<font color=white>how patterns are </font>
<font color=white>or on the real relationship </font>
<font color=white> the "Trading Spaces" show. </font>
<font color=white> You want to learn the </font>
<font color=white>You're not </font>
<font color=white>Head First Design Patterns </font>
<font color=white>you get to take</font>
</html>
------=_NextPart_000_008B_E6A73958.2B2938E6--

-- END OF SPAM --

SEE sender identity and headers forgery by spammer spoofing our
domain.

See:
IP 189.6.68.166

http://www.moensted.dk/spam/?addr=189.6.68.166
http://www.spamhaus.org/query/bl?ip=189.6.68.166
http://cbl.abuseat.org/lookup.cgi?ip=189.6.68.166
http://spamcop.net/w3m?action=checkblock&ip=189.6.68.166

inetnum: 189.4/14
aut-num: AS28573
abuse-c: DSS30
owner: NET Serviços de Comunicação S.A.
ownerid: 000.065.376/0002-65
responsible: Diego S. Soares
owner-c: DSS30
tech-c: DSS30
inetrev: 189.4.0/18
nserver: dns1.ctb.virtua.com.br

abuse[]virtua.com.br is listed in rfc-ignorant.org database
abuse[]embratel.net.br is listed in rfc-ignorant.org database

route: 189.4.0.0/14
descr: Virtua Sao Paulo - Net Servicos
origin: AS28573
mnt-by: MAINT-AS28573
changed: msar...@netservicos.com.br
route: 189.6.64.0/18
descr: Embratel Customer
origin: AS28573
notify: neta...@embratel.net.br

Prefix: 189.6.64.0/18
Prefix Name: error
AS: 28573
AS Name: Virtua Virtua Net Servicos de Comunicacao S A
http://www.cidr-report.org/cgi-bin/as-report?as=28573

15 SBL/ROKSO listings for IPs under the responsibility of
embratel.net.br
http://www.spamhaus.org/sbl/listings.lasso?isp=embratel.net.br

See:
disrich.com IP 124.254.2.230
ns1.modadns.com [58.83.12.6] [TTL=172800] [CN]
ns2.modadns.com [124.254.2.230] [TTL=172800] [CN]

NS records at nameservers are:
dns1.disrich.com [no glue provided] [TTL=60]
dns2.disrich.com [no glue provided] [TTL=60]

SOA record [TTL=2048] is:
Primary nameserver: ns1.myserver.com
Hostmaster E-mail address: hostm...@disrich.com
Serial #: 1184480567

disrich.com has no MX records

www.disrich.com CNAME disrich.com [TTL=60]

http://www.moensted.dk/spam/?addr=124.254.2.230
http://www.spamhaus.org/query/bl?ip=124.254.2.230

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL48585
124.254.0.0/18 is listed on the Spamhaus Block List (SBL)

09-May-2007 08:47 GMT | SR02

THBA
Spam haven, bulletproof hosting for spammers.

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56318
124.254.2.230/32 is listed on the Spamhaus Block List (SBL)

06-Jul-2007 06:55 GMT | SR02

stflu.com etc.

33 SBL/ROKSO listings for IPs under the responsibility of gwbn.net.cn
http://www.spamhaus.org/sbl/listings.lasso?isp=gwbn.net.cn

9 hosts sharing ip 124.254.2.230 with disrich.com
aftflu.com
behflu.com
entrflu.com
ephflu.com
picrich.com
potechno.com
stflu.com
takewflu.com
trarich.com

inetnum: 124.254.0.0 - 124.254.63.255
netname: THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
person: Song Wang
nic-hdl: SW623-AP
e-mail: luy...@163.com
mntner: MAINT-CN-THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
person: Shilie Weng
address: 1954 Huashan Rd.
address: Shanghai Jiaotong University
address: Shanghai, 200030, CN
phone: +86-21-4310310 ext 2236
e-mail: slw...@sjtu.edu.cn
nic-hdl: SW1-CN
notify: dm...@apnic.net
tech-c: SW1-CN
upd-to: bkson...@msn.com

IP: 124.254.2.230
Reverse: undefined.bjgwbn.net.cn

Aliases:
trarich.com
ephflu.com
picrich.com
aftflu.com
stflu.com
behflu.com
takewflu.com

Prefix: 124.254.0.0/18
Prefix Name: error
AS: 4847
AS Name: CHINANET BJ METRO BeijingTelecom
http://www.cidr-report.org/cgi-bin/as-report?as=4847

Let see whois:
Checking server [whois.enom.com]
Registration Service Provided By: NameCheap.com

More disrich.com sightings:
http://groups.google.com/groups/search?q=disrich.com+group%3A*abuse&start=0&scoring=d&

See also more registrant falsi...@pop.com.br sightings:
http://groups.google.com/groups/search?q=%22falsia2007%40pop.com.br%22+group%3A*abuse&qt_s=Search

See:
ns1.modadns.com IP 58.83.12.6

ns1.modadns.com has no MX records -> modadns.com has no MX records

http://www.moensted.dk/spam/?addr=58.83.12.6
http://www.spamhaus.org/query/bl?ip=58.83.12.6

More 58.83.12.6 sightings:
http://groups.google.com/groups/search?q=58.83.12.6+group%3A*abuse&qt_s=Search

58.83.12.6 is listed in the SBL, in the following records:
* SBL51900
* SBL53280
* SBL56425

inetnum: 58.83.12.0 - 58.83.15.255
netname: csallnetlink-cn
descr: changsha allnetlink development co.,LTD
country: CN
remarks: w...@allnetlink.com.cn
person: yongcheng wang
nic-hdl: YW811-AP
e-mail: wan...@allnetlink.com.cn
address: changsha allnetlink co., LTD
person: ada chen
nic-hdl: AC893-AP
changed: BLUESKY...@163.COM

Aliases:
ns1.leoemch.com
entrflu.com
ns2.leoemch.com
leoemch.com

Prefix: 58.83.12.0/22
Prefix Name: error
AS: 18118
AS Name: CITICNET AP CITIC Networks Management Co ,Ltd 6 XINYUANNANLU
BEIJING
http://www.cidr-report.org/cgi-bin/as-report?as=18118

More modadns.com sightings:
http://groups.google.com/groups/search?q=modadns.com+group%3A*abuse&qt_s=Search

See:
proroma.com IP 124.254.2.230
ns1.modadns.com [58.83.12.6] [TTL=172800] [CN]
ns2.modadns.com [124.254.2.230] [TTL=172800] [CN]

NS records at your nameservers are:
dns1.proroma.com [no glue provided] [TTL=60]
dns2.proroma.com [no glue provided] [TTL=60]

SOA record [TTL=2048] is:
Primary nameserver: ns1.myserver.com
Hostmaster E-mail address: hostm...@proroma.com
Serial #: 1184942353

proroma.com has no MX records

http://www.moensted.dk/spam/?addr=124.254.2.230
http://www.spamhaus.org/query/bl?ip=124.254.2.230

10 hosts sharing ip with proroma.com
aftflu.com
behflu.com
disrich.com
entrflu.com
ephflu.com
picrich.com
potechno.com
stflu.com
takewflu.com
trarich.com

Let see whois.enom.com:
Registration Service Provided By: NameCheap.com
Contact: sup...@NameCheap.com

Domain name: proroma.com

Registrant Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsia2007[]pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Administrative Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Technical Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@pop.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Status: Locked

Name Servers:
ns1.modadns.com
ns2.modadns.com

Creation date: 13 Jul 2007 17:39:12
Expiration date: 13 Jul 2008 17:39:12

More proroma.com sightings:
http://groups.google.com/groups/search?q=proroma.com+group%3A*abuse&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/356e07a43227bfe6

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/87cbb8856b3a8d9d

Cheers, Tomez


--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages