This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 1St bogus RIPE reggies fact:=>
- Previous message (by thread): [anti-abuse-wg] A simple question about RIPE registrations:=>
- Next message (by thread): [anti-abuse-wg] 1St bogus RIPE reggies fact:=>
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
abuse@localhost.com
world.antispam.report at inbox.com
Tue Jul 26 02:16:18 CEST 2011
Take note! The present is BCC'ed to concerned persons. We first go with the original SPAM. Take note that I still possess the original in a given mailbox. After, below that spam datas will come the "Questions", Ok?... ========================================== Received: from simonbutcher73 at aol.com by (64.135.83.95:25) via ims-m14.mx.aol.com (64.12.207.147:58265) with [InBox.Com SMTP Server] id 1107232150020.WH95 for XXXX at inbox.com; Sat, 23 Jul 2011 21:50:06 -0800 Received: from oms-db01.r1000.mx.aol.com (oms-db01.r1000.mx.aol.com [205.188.58.1]) by ims-m14.mx.aol.com (8.14.1/8.14.1) with ESMTP id p6O5nQQt023644; Sun, 24 Jul 2011 01:49:26 -0400 Received: from mtaomg-ma03.r1000.mx.aol.com (mtaomg-ma03.r1000.mx.aol.com [172.29.41.10]) by oms-db01.r1000.mx.aol.com (AOL Outbound OMS Interface) with ESMTP id B2A751C000081; Sun, 24 Jul 2011 01:49:26 -0400 (EDT) Received: from core-mua004b.r1000.mail.aol.com (core-mua004.r1000.mail.aol.com [172.29.237.141]) by mtaomg-ma03.r1000.mx.aol.com (OMAG/Core Interface) with ESMTP id 73A6EE000081; Sun, 24 Jul 2011 01:49:26 -0400 (EDT) To: bradanddebs at blueyonder.co.uk, greg at hartworks.go-plus.net, fonida at tiscali.it, alessandralabate at hotmail.com, hugandas at hotmail.com, gansklos at gmail.com, wyn at doke.fsnet.co.uk, lyricals at hotmail.com, aholden1 at blueyonder.co.uk, XXXXX at inbox.com Content-Transfer-Encoding: 8bit Subject: X-MB-Message-Source: WebUI X-AOL-IP: 110.55.218.190 X-MB-Message-Type: User MIME-Version: 1.0 From: Simon Heale <simonbutcher73 at aol.com> Content-Type: text/plain; charset="us-ascii"; format=flowed X-Mailer: Webmail 33996-STANDARD Received: from 110.55.218.190 by webmail-m061.sysops.aol.com (64.12.158.161) with HTTP (WebMailUI); Sun, 24 Jul 2011 01:49:26 -0400 Message-Id: <8CE17DC94DC726E-BB8-20321 at webmail-m061.sysops.aol.com> X-Originating-IP: [110.55.218.190] Date: Sun, 24 Jul 2011 01:49:26 -0400 (EDT) x-aol-global-disposition: S X-SPAM-FLAG:YES X-AOL-SCOLL-SCORE: 0:2:142936448:93952408 X-AOL-SCOLL-URL_COUNT: 0 X-AOL-REROUTE: YES x-aol-sid: 3039ac1d290a4e2bb2662c2a X-Spam-Ratio: 3.41 http://0331c66.netsolhost.com/nopl.php ========================================== Anybody can tell me please what "X-Originating-IP: [110.55.218.190]" means? Could it ever means what I can read on that website:=> http://network-tools.com/default.asp?prog=network&host=110.55.218.190 Quite a "Standard Usual" SPAM emaning from abuse at bayan.com.ph who gave a right valid abuse email address! No problem! Next... What was that SPAM advertise about? I'd be curious to know if the SPAM was sent by human being or a trojan? Thus, the SPAM requested me to visit this specific website:=> 0331c66.netsolhost.com/nopl.php for which my browser was redirected toward the website: adurgomas.com... Ok! "Who" are these persons? -adurgomas.com = [95.64.61.92] Romanian netserv.ro & hostingfrenzy.org. Registered at RIPE by Mr."Noreply Mozzart SRL" residing in Bucurest. Let's now have a look how this "RIPE" network behave on the Internet:=> http://www.senderbase.org/senderbase_queries/detailip?search_string=95.64.61.92 Every IPs are blacklisted for "X" reasons! Ahum! Ok! Let's help the poor guy by advising him that most if not all of his computers are obviously infected by trojans! Mail to : abuse-mailbox:=> noc at hostingfrenzy.org as specified by "RIPE" registrations of that network... You know what?... This under:=> -----Original Message----- From: recycle at inbox.com Sent: Mon, 25 Jul 2011 08:28:52 +0000 To: XXXXX at inbox.com Subject: Error sending message [1107240655006.WM29] from [WM29.inbox.com] Error sending message [1107240655006.WM29] from [WM29.inbox.com]. Mail From: <XXXXXX at inbox.com> Rcpt To: <noc at hostingfrenzy.org> Repeated: <7> Last Try: <7/25/2011 8:28:31 AM> The reason of the delivery failure was: Can not connect to SMTP server <hostingfrenzy.org>. Here is listed the initial part of the message: Received: from inbox.com (127.0.0.1:25) by inbox.com with [InBox.Com SMTP Server] id <1107240655006.WM29> for <noc at hostingfrenzy.org> from <XXXXX at inbox.com>; Sun, 24 Jul 2011 06:55:39 -0800 Mime-Version: 1.0 Date: Sun, 24 Jul 2011 06:55:39 -0800 Message-ID: <7E5D5003F8E.00000119XXXXX at inbox.com> From: Mail Delivery System <XXXXX at inbox.com> Reply-To: abuse at localhost.com Subject: AOL trojan Origin = Skyinet.net on redirecting toward romanian (RIPE) customer?:=> To: reportspam at networksolutions.com Cc: abuse at skyinet.net, ripe at netserv.ro, noc at hostingfrenzy.org, aa-wg-chairs at ripe.net X-Mailer: INBOX.COM X-Originating-IP: 66.158.156.184 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-IWM-ACU: REl3BNnDDtYo_Gixnf_X636zN3IcUjM7X2Uq_c5rDLG6_-tGybg_57M_8HqL GIO69kAPSNwT-VbpnNWH3dXO-aLNWa-8bs2_dHluQcZwtHdRl0OrdcPgL81j kSGLDlBA59M-5Y78y Tagalog bersyon ay dito sa ibaba: =3D> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ================================= In conclusion, I repeat my question:=> Is it a fact that anybody can give any false and misleading informations to RIPE about registration of IP# block numbers? Because if RIPE do not have any rule of conduct, that becomes an ideal tool to carry all kind of criminal activities. Second question, does any IP# block number recipient who paid fees ($) to obtain a given block number is authorized to resell subnets (Part of block numbers) to evade his responsibilities toward any RIPE regulations if any does exist in fact? In closing this e-mail, I would like to mention that I have in archive quite a few SPAM for which the given network provided forged & misleading datas to RIPE. What is worst is that RIPE do not appear to have a webpage where such forgeries can be reported. That was that! antispam.report at inbox.com ____________________________________________________________ Publish your photos in seconds for FREE TRY IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=if4
- Previous message (by thread): [anti-abuse-wg] A simple question about RIPE registrations:=>
- Next message (by thread): [anti-abuse-wg] 1St bogus RIPE reggies fact:=>
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]