Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [counterfeit] [80.139.252.149] (lumpk.com / xuxadns.com / name-services.com) watch and go

0 views
Skip to first unread message

TomezNet

unread,
Apr 26, 2007, 6:00:30 PM4/26/07
to
Received From:
IP 80.139.252.149 p508bfc95.dip.t-dialin.net
(at dns04.btx.dtag.de / telekom.de)

Spamvert:
lumpk.com IP 124.254.44.66
(SBL48585 - SBL52530 / ROK4932) (at THBA / gwbn.net.cn)

ns2.xuxadns.com IP 123.176.83.44
(SBL53201, SBL53507, SBL53565) (at )

Web:
Title => Diamond Watches a.k.a Diamond Replicas

More spammer Diamond Replicas sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&

counterfeit watches spam
Forged logo of "Hacker Safe"
Forged headers "From"

More info below:
====================

X-SID-PRA: Kim <[MUNGED]>
X-Message-Info: txF49lGdW42LuyMvOaHU8gh6YCIyyEVRp8NiZ+VA/
tIrzdXeHbpr29ftnQbTwlX5
Received: from tomts41-srv.bellnexxia.net ([209.226.175.98]) by bay0-
pamc1-f11.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Thu, 26 Apr 2007 03:52:55 -0700
Received: from [MUNGED]
by toip19.srvr.bell.ca with ESMTP; 26 Apr 2007 06:52:44 -0400
Received: (qmail 22060 invoked by uid 110); 26 Apr 2007 06:52:44 -0400
Delivered-To: [MUNGED]
Received: (qmail 22023 invoked from network); 26 Apr 2007 06:52:43
-0400
Received: from p508bfc95.dip.t-dialin.net (80.139.252.149)
by ruthhuffmandesigns.com with SMTP; 26 Apr 2007 06:52:43 -0400
Return-path: [MUNGED]
X-Original-To: [MUNGED]
Delivered-To: [MUNGED]
Received: from [80.139.252.149] (port=18445 helo=p508BFC95.dip.t-
dialin.net)
by [MUNGED] with ESMTP id 52573114160
for <[MUNGED]>; Thu, 26 Apr 2007 12:52:32 +0100 (EET)
From: [MUNGED]
To: [MUNGED]
Subject: watch and go
Date: Thu, 26 Apr 2007 12:52:32 +0100 (EET)
MIME-Version: 1.0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
Thread-Index: K6r1u0761WLtORo46nHD3vdK62n412==
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028
Message-ID: <73a101c78801$01c78801$95fc8b50@[MUNGED]>
Status:
X-OriginalArrivalTime: 26 Apr 2007 10:52:55.0659 (UTC)
FILETIME=[0BB46BB0:01C787F1]

You can't miss this deal.
- Perfect Replicas. Beautiful, you can't miss.
- All the luxury for a fraction of the price
- High Quality pieces for the best prices!
***
Yes!, Now you can do it and save 15% on 2 or more!
Check in our site, http://lumpk.com/

-- END OF SPAM --

IP 80.139.252.149 p508bfc95.dip.t-dialin.net

http://www.moensted.dk/spam/?addr=80.139.252.149
http://www.spamhaus.org/query/bl?ip=80.139.252.149
http://www.spamhaus.org/pbl/query/PBL038778
http://spamcop.net/w3m?action=checkblock&ip=80.139.252.149

inetnum: 80.128.0.0 - 80.146.159.255
netname: DTAG-DIAL16
person: DTAG Global IP-Addressing
address: Deutsche Telekom AG
mnt-by: DTAG-NIC
changed: ripe...@telekom.de

route: 80.128.0.0/11
descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
member-of: AS3320:RS-PA-TELEKOM
mnt-by: DTAG-RR
changed: b...@nic.dtag.de 20010807
source: RIPE
changed: r...@TE142.T-COM 2004061
ASN: 3320
ASN Name: DTAG (Deutsche Telekom AG)
Country (per IP registrar): DE [Germany]
Country IP Range: 80.128.0.0 to 80.159.255.255
http://www.cidr-report.org/cgi-bin/as-report?as=3320

abuse[]telekom.de is listed in rfc-ignorant.org database
postmaster and abuse[]t-ipconnect.de are listed in rfc-ignorant.org
database
postmaster and abuse[]t-dialin.de are listed in rfc-ignorant.org
database
whois, postmaster and abuse[]dtag.de are listed in rfc-ignorant.org
database

6 SBL/ROKSO listings for IPs under the responsibility of telekom.de
http://www.spamhaus.org/sbl/listings.lasso?isp=telekom.de

7 SBL/ROKSO listings for IPs under the responsibility of dtag.de
http://www.spamhaus.org/sbl/listings.lasso?isp=dtag.de

See:
lumpk.com IP 124.254.44.66
ns1.xuxadns.com [124.254.44.66] [TTL=172800] [CN]
ns2.xuxadns.com [123.176.83.44] [TTL=172800] [CN]

NS records at nameservers are:
dns1.lumpk.com [no glue provided] [TTL=60]
dns2.lumpk.com [no glue provided] [TTL=60]

SOA record [TTL=2048] is:
Primary nameserver: ns1.myserver.com
Hostmaster E-mail address: hostm...@lumpk.com
Serial #: 1177337245

lumpk.com has no MX records

http://www.moensted.dk/spam/?addr=124.254.44.66
http://www.spamhaus.org/query/bl?ip=124.254.44.66

Aliases on the same IP:
ns1.permissionemailcorp.com
ns1.xuxadns.com

inetnum: 124.254.0.0 - 124.254.63.255
netname: THBA
descr: Beijing THBA Technology Co,.Ltd.
descr: No68 WanQuanHe road ,Haidian district ,Beijing
country: CN
mnt-routes: MAINT-CNCGROUP-RR
changed: ip...@cnnic.cn
person: Song Wang
nic-hdl: SW623-AP
e-mail: luy...@163.com

ASN: 37945
ASN Name: CNNIC-PRIMETELECOM-AP (Beijing Primezone Technologies Inc.)
Country (per IP registrar): CN [China]
Country IP Range: 124.254.0.0 to 124.254.63.255
http://www.cidr-report.org/cgi-bin/as-report?as=37945

http://www.spamhaus.org/SBL/sbl.lasso?query=SBL52530
124.254.44.66/32 is listed on the Spamhaus Block List (SBL/ROKSO)

31-Mar-2007 21:29 GMT | SR14

Leo Kuvayev / BadCow.
Spam Landing pages: cd.curield.com/rugousak.com

http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL48585
124.254.0.0/18 is listed on the Spamhaus Block List (SBL)

15-Apr-2007 07:50 GMT | SR02

THBA

Spam haven, bulletproof hosting for spammers.

13 SBL/ROKSO listings for IPs under the responsibility of gwbn.net.cn
http://www.spamhaus.org/sbl/listings.lasso?isp=gwbn.net.cn

postmaster and abuse[]gwbn.net.cn are listed in rfc-ignorant.org
database

Let see whois:
Registrar: ENOM, INC.
Registration Service Provided By: NameCheap.com
Contact: sup...@NameCheap.com

abuse[]NameCheap.com are listed in rfc-ignorant.org database

Domain name: lumpk.com

Registrant Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsia2007[]bol.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Administrative Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@bol.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Technical Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@bol.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Status: Locked

Name Servers:
ns1.xuxadns.com
ns2.xuxadns.com

Creation date: 21 Apr 2007 02:28:09
Expiration date: 21 Apr 2008 02:28:09

More lumpk.com sightings:
http://groups.google.com/groups/search?q=lumpk.com+group%3A*abuse&start=0&scoring=d&

See:
ns2.xuxadns.com IP 123.176.83.44

ns2.xuxadns.com has no MX records -> xuxadns.com has no MX records

http://www.moensted.dk/spam/?addr=123.176.83.44
http://www.spamhaus.org/query/bl?ip=123.176.83.44

123.176.83.44 is listed in the SBL, in the following records:
SBL53201, SBL53507, SBL53565

22 SBL/ROKSO listings for IPs under the responsibility of china-
netcom.com
http://www.spamhaus.org/sbl/listings.lasso?isp=china-netcom.com

Let see whois:
Registrar: ENOM, INC.
Registration Service Provided By: NameCheap.com
Contact: sup...@NameCheap.com

Domain name: xuxadns.com

Registrant Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@bol.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Administrative Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@bol.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Technical Contact:
Mikron Informatica Ltda
Rodolfo Jesus (falsi...@bol.com.br)
+55.632241143
Fax: +55.632241143
R Duque de Caxias 121
Ararauna, RJ 88362
BR

Status: Locked

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 13 Mar 2007 17:09:51
Expiration date: 13 Mar 2008 17:09:51

More xuxadns.com sightings:
http://groups.google.com/groups/search?q=xuxadns.com+group%3A*abuse&start=0&scoring=d&

Much Registrant E-mail falsia2007[]bol.com.br sightings:
http://groups.google.com/groups/search?q=%22falsia2007%40bol.com.br%22+group%3A*abuse&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/953078994f0d4361

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages