Spamvert:
disrich.com IP 124.254.2.231 / 58.83.12.6 (OLD IP 124.254.2.230)
proroma.com IP 124.254.2.230
(SBL48585 / SBL56318) (at THBA / gwbn.net.cn)
Redirected to:
http://disrich.com/rp/
http://proroma.com/rp/
counterfeit watches spam.
Title: Diamond Watches (a.k.a Diamond Replicas)
More spammer sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&
More info below:
====================
X-SID-PRA: <rebec...@hotmail.com>
X-SID-Result: SoftFail
X-Message-Info: 6sSXyD95QpWgbvjXHZKDO/dw6QIUTNSVO0a
+SKFmYv54fXr3eBDSRGSfIp1Aj2lkZKtf1T2EogswbIBwsbq0iQ==
Received: from tomts2-srv.bellnexxia.net ([209.226.175.114]) by bay0-
pamc1-f6.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 5 Aug 2007 06:36:20 -0700
Received: from [MUNGED]
by toip19.srvr.bell.ca with ESMTP; 05 Aug 2007 09:36:14 -0400
Received: (qmail 20332 invoked by uid 110); 5 Aug 2007 09:36:13 -0400
Delivered-To: [MUNGED]
Received: (qmail 20220 invoked from network); 5 Aug 2007 09:36:07
-0400
Received: from c-68-50-153-87.hsd1.md.comcast.net (HELO CEO)
(68.50.153.87)
by [MUNGED] with SMTP; 5 Aug 2007 09:36:07 -0400
Message-ID: <79639108321108.E6B01201F5@06XCT0>
From: <rebec...@hotmail.com >
To: [MUNGED]
Subject: Best prices for HQ replica watches
Date: Sun, 5 Aug 2007 09:43:44 -0400
MIME-Version: 1.0
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: AvlgDtuy1LXd8TDgOxKkoqNOCVSdYpTpg5YP
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_00A9_95589942.5165FC71"
Return-Path: rebec...@hotmail.com
X-OriginalArrivalTime: 05 Aug 2007 13:36:20.0441 (UTC)
FILETIME=[9B882C90:01C7D765]
------=_NextPart_000_00A9_95589942.5165FC71
Content-Type: text/plain;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
Get yourself a gorgeous luxury watch at a tiny fraction of the
original price!
Same quality offered at a tiny fraction of the original manufacturer's
price!
Choose your favorite model by your favorite brand - we definitely have
it!
http://disrich.com
------=_NextPart_000_00A9_95589942.5165FC71
Content-Type: text/html;
charset="Windows-1252"
Content-Transfer-Encoding: 7bit
<html>
Don't miss the chance to get yourself a qualitative replica timepiece
for less!<br>
Why pay more for the same blameless quality? Our prices will please
you!<br>
<A href="http://proroma.com">Best models by the best brands -
available for purchase right now!<br></A>
<br><br><br><br><br><br><br><br>
<font color=white>design problems, and better </font>
<font color=white>Best of all, in a way that won't </font>
<font color=white>Head First Design Patterns </font>
<font color=white>sounds, how the Factory </font>
<font color=white>applications. You </font>
<font color=white>science, and learning theory, </font>
<font color=white>"secret language" </font>
<font color=white>"secret language" </font>
<font color=white>reinvent the wheel </font>
<font color=white>You're not </font>
<font color=white> the "Trading Spaces" show. </font>
<font color=white>on your team. </font>
<font color=white>of Design Patterns so </font>
<font color=white>principles will help</font>
<font color=white>"secret language" </font>
<font color=white> (and too short) to spend </font>
<font color=white>so that you can spend </font>
<font color=white>matter--why to use them, </font>
<font color=white>look "in the wild".</font>
<font color=white> Design Patterns, you'll avoid </font>
<font color=white>will load patterns into your </font>
<font color=white>it struggling with academic</font>
<font color=white>You're not </font>
<font color=white> Patterns--the lessons</font>
<font color=white>deep understanding of why </font>
<font color=white>who've faced the </font>
<font color=white>so you look to Design</font>
<font color=white>environment. In other </font>
<font color=white> with</font>
<font color=white>You're not </font>
<font color=white>deep understanding of why </font>
<font color=white> be wrong (and what </font>
<font color=white>at speaking the language </font>
<font color=white>You want to learn about </font>
<font color=white>sounds, how the Factory </font>
<font color=white> be wrong (and what </font>
</html>
------=_NextPart_000_00A9_95589942.5165FC71--
-- END OF SPAM --
This spammer is always sending multiple emails to unknown users (Cc: /
Bcc:), from forged senders that are their actual targets, relying on
MTA to bounce the mail to the forged sender, with original body
trying
to create backscatter spam.
See:
IP 68.50.153.87 c-68-50-153-87.hsd1.md.comcast.net
http://www.moensted.dk/spam/?addr=68.50.153.87
http://cbl.abuseat.org/lookup.cgi?ip=68.50.153.87
Comcast Cable Communications, Inc. JUMPSTART-1 (NET-68-32-0-0-1)
68.32.0.0 - 68.63.255.255
Comcast Cable Communications, Inc. DC-4 (NET-68-50-0-0-1)
68.50.0.0 - 68.50.255.255
CustName: Comcast Cable Communications, Inc.
NetRange: 68.50.0.0 - 68.50.255.255
CIDR: 68.50.0.0/16
NetName: DC-4
NetHandle: NET-68-50-0-0-1
Parent: NET-68-32-0-0-1
NetType: Reassigned
route: 68.50.0.0/16
descr: Comcast Cable Communications, Inc.
1800 Bishops Gate Blvd
Mt Laurel, NJ 08054
origin: AS33657
mnt-by: MNT-CMCS
changed: tony_...@spam-free.cable.comcast.com
changed: tony_...@nospam.cable.comcast.net
changed: tony_...@comcast.net
AS Name: DNEO-OSP7 - Comcast Cable Communications, Inc
http://www.cidr-report.org/cgi-bin/as-report?as=33657
21 SBL/ROKSO listings for IPs under the responsibility of comcast.net
http://www.spamhaus.org/sbl/listings.lasso?isp=comcast.net
Spamvert URL:
http://disrich.com/
HTTP/1.1 302 Found
Date: Tue, 14 Aug 2007 12:24:07 GMT
Server: Apache/2.2.4 (FreeBSD) mod_ssl/2.2.4 OpenSSL/0.9.7e-p1 DAV/2
PHP/5.2.3 with Suhosin-Patch
X-Powered-By: PHP/5.2.3
Location: http://disrich.com/rp/index.php?mid=10041&fid=MkAi83MaoqhMFjsMFhwuaakdjhfKeuw
Content-Length: 0
Connection: close
Content-Type: text/html
Redirected to:
http://disrich.com/rp/index.php
See:
disrich.com IP 124.254.2.231 / 58.83.12.6 (OLD IP 124.254.2.230)
ns1.modadns.com [58.83.12.6] [TTL=172800] [CN]
ns2.modadns.com [124.254.2.231] [TTL=172800] [CN]
NS records at nameservers are:
dns1.disrich.com [no glue provided] [TTL=60]
dns2.disrich.com [no glue provided] [TTL=60]
OLD:
ns2.modadns.com [124.254.2.231]
SOA record [TTL=2048] is:
Primary nameserver: ns1.myserver.com
Hostmaster E-mail address: hostm...@disrich.com
Serial #: 1186864237 (OLD 1184480567)
disrich.com has no MX records
www.disrich.com CNAME disrich.com [TTL=60]
http://www.moensted.dk/spam/?addr=124.254.2.231
http://www.spamhaus.org/query/bl?ip=124.254.2.231
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL48585
124.254.0.0/18 is listed on the Spamhaus Block List (SBL)
09-May-2007 08:47 GMT | SR02
THBA
Spam haven, bulletproof hosting for spammers.
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56318
124.254.2.230/32 is listed on the Spamhaus Block List (SBL)
06-Jul-2007 06:55 GMT | SR02
stflu.com etc.
31 SBL/ROKSO listings for IPs under the responsibility of gwbn.net.cn
http://www.spamhaus.org/sbl/listings.lasso?isp=gwbn.net.cn
inetnum: 124.254.0.0 - 124.254.63.255
netname: THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
person: Song Wang
nic-hdl: SW623-AP
e-mail: luy...@163.com
mntner: MAINT-CN-THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
person: Shilie Weng
address: 1954 Huashan Rd.
address: Shanghai Jiaotong University
address: Shanghai, 200030, CN
phone: +86-21-4310310 ext 2236
e-mail: slw...@sjtu.edu.cn
nic-hdl: SW1-CN
notify: dm...@apnic.net
tech-c: SW1-CN
upd-to: bkson...@msn.com
IP: 124.254.2.231
Reverse: undefined.bjgwbn.net.cn
Prefix: 124.254.0.0/18
Prefix Name: error
AS: 4847
AS Name: CHINANET BJ METRO BeijingTelecom
http://www.cidr-report.org/cgi-bin/as-report?as=4847
Let see whois:
Checking server [whois.enom.com]
Registration Service Provided By: NameCheap.com
More disrich.com sightings:
http://groups.google.com/groups/search?q=disrich.com+group%3A*abuse&start=0&scoring=d&
See also more registrant falsi...@pop.com.br sightings:
http://groups.google.com/groups/search?q=%22falsia2007%40pop.com.br%22+group%3A*abuse&qt_s=Search
See:
disrich.com IP 58.83.12.6
ns1.modadns.com IP 58.83.12.6
ns1.modadns.com has no MX records -> modadns.com has no MX records
http://www.moensted.dk/spam/?addr=58.83.12.6
http://www.spamhaus.org/query/bl?ip=58.83.12.6
More 58.83.12.6 sightings:
http://groups.google.com/groups/search?q=58.83.12.6+group%3A*abuse&qt_s=Search
58.83.12.6 is listed in the SBL, in the following records:
* SBL51900
* SBL53280
* SBL56425
inetnum: 58.83.12.0 - 58.83.15.255
netname: csallnetlink-cn
descr: changsha allnetlink development co.,LTD
country: CN
remarks: w...@allnetlink.com.cn
person: yongcheng wang
nic-hdl: YW811-AP
e-mail: wan...@allnetlink.com.cn
address: changsha allnetlink co., LTD
person: ada chen
nic-hdl: AC893-AP
changed: BLUESKY...@163.COM
Prefix: 58.83.12.0/22
Prefix Name: error
AS: 18118
AS Name: CITICNET AP CITIC Networks Management Co ,Ltd 6 XINYUANNANLU
BEIJING
http://www.cidr-report.org/cgi-bin/as-report?as=18118
More modadns.com sightings:
http://groups.google.com/groups/search?q=modadns.com+group%3A*abuse&qt_s=Search
See:
proroma.com IP 124.254.2.231
ns1.modadns.com [58.83.12.6] [TTL=172800] [CN]
ns2.modadns.com [124.254.2.230] [TTL=172800] [CN]
NS records at your nameservers are:
dns1.proroma.com [no glue provided] [TTL=60]
dns2.proroma.com [no glue provided] [TTL=60]
SOA record [TTL=2048] is:
Primary nameserver: ns1.myserver.com
Hostmaster E-mail address: hostm...@proroma.com
Serial #: 1184942353
proroma.com has no MX records
http://www.moensted.dk/spam/?addr=124.254.2.231
http://www.spamhaus.org/query/bl?ip=124.254.2.231
Let see whois.enom.com:
Registration Service Provided By: NameCheap.com
Contact: sup...@NameCheap.com
More proroma.com sightings:
http://groups.google.com/groups/search?q=proroma.com+group%3A*abuse&qt_s=Search
See also more eNom spam support sightings:
http://groups.google.com/groups/search?q=eNom+group%3A*abuse&start=0&scoring=d&
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/5a8790add0f1e2ba
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.
For a copy of the guidelines to this group, see: