[anti-abuse-wg] 1St bogus RIPE reggies fact:=>

Take note! The present is BCC'ed to concerned persons.
We first go with the original SPAM.
Take note that I still possess the original in a given mailbox.
After, below that spam datas will come the "Questions", Ok?...
==========================================
Received: from simonbutcher73 at aol.com by (64.135.83.95:25) via
  ims-m14.mx.aol.com (64.12.207.147:58265) with [InBox.Com SMTP Server] id
  1107232150020.WH95 for XXXX at inbox.com; Sat, 23 Jul 2011 21:50:06 -0800
Received: from oms-db01.r1000.mx.aol.com (oms-db01.r1000.mx.aol.com [205.188.58.1])
	by ims-m14.mx.aol.com (8.14.1/8.14.1) with ESMTP id p6O5nQQt023644;
	Sun, 24 Jul 2011 01:49:26 -0400
Received: from mtaomg-ma03.r1000.mx.aol.com (mtaomg-ma03.r1000.mx.aol.com [172.29.41.10])
	by oms-db01.r1000.mx.aol.com (AOL Outbound OMS Interface) with ESMTP id B2A751C000081;
	Sun, 24 Jul 2011 01:49:26 -0400 (EDT)
Received: from core-mua004b.r1000.mail.aol.com (core-mua004.r1000.mail.aol.com [172.29.237.141])
	by mtaomg-ma03.r1000.mx.aol.com (OMAG/Core Interface) with ESMTP id 73A6EE000081;
	Sun, 24 Jul 2011 01:49:26 -0400 (EDT)
To: bradanddebs at blueyonder.co.uk, greg at hartworks.go-plus.net,
        fonida at tiscali.it, alessandralabate at hotmail.com, hugandas at hotmail.com,
        gansklos at gmail.com, wyn at doke.fsnet.co.uk, lyricals at hotmail.com,
        aholden1 at blueyonder.co.uk, XXXXX at inbox.com
Content-Transfer-Encoding: 8bit
Subject: 
X-MB-Message-Source: WebUI
X-AOL-IP: 110.55.218.190
X-MB-Message-Type: User
MIME-Version: 1.0
From: Simon Heale <simonbutcher73 at aol.com>
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Mailer: Webmail 33996-STANDARD
Received: from 110.55.218.190 by webmail-m061.sysops.aol.com (64.12.158.161) with HTTP (WebMailUI); Sun, 24 Jul 2011 01:49:26 -0400
Message-Id: <8CE17DC94DC726E-BB8-20321 at webmail-m061.sysops.aol.com>
X-Originating-IP: [110.55.218.190]
Date: Sun, 24 Jul 2011 01:49:26 -0400 (EDT)
x-aol-global-disposition: S
X-SPAM-FLAG:YES
X-AOL-SCOLL-SCORE: 0:2:142936448:93952408  
X-AOL-SCOLL-URL_COUNT: 0  
X-AOL-REROUTE: YES 
x-aol-sid: 3039ac1d290a4e2bb2662c2a
X-Spam-Ratio: 3.41

http://0331c66.netsolhost.com/nopl.php
==========================================
Anybody can tell me please what "X-Originating-IP: [110.55.218.190]" means? Could it ever means what I can read on that website:=>
http://network-tools.com/default.asp?prog=network&host=110.55.218.190
Quite a "Standard Usual" SPAM emaning from abuse at bayan.com.ph who gave a right valid abuse email address! No problem!

Next... What was that SPAM advertise about?
I'd be curious to know if the SPAM was sent by human being or a trojan?

Thus, the SPAM requested me to visit this specific website:=> 0331c66.netsolhost.com/nopl.php for which my browser was redirected toward the website: adurgomas.com... Ok! "Who" are these persons?

-adurgomas.com = [95.64.61.92] Romanian netserv.ro & hostingfrenzy.org.
Registered at RIPE by Mr."Noreply Mozzart SRL" residing in Bucurest.

Let's now have a look how this "RIPE" network behave on the Internet:=>
http://www.senderbase.org/senderbase_queries/detailip?search_string=95.64.61.92
Every IPs are blacklisted for "X" reasons! Ahum!

Ok! Let's help the poor guy by advising him that most if not all of his computers are obviously infected by trojans!
Mail to : abuse-mailbox:=>  noc at hostingfrenzy.org as specified by "RIPE" registrations of that network...

You know what?... This under:=>
-----Original Message-----
From: recycle at inbox.com
Sent: Mon, 25 Jul 2011 08:28:52 +0000
To: XXXXX at inbox.com
Subject: Error sending message [1107240655006.WM29] from [WM29.inbox.com]

Error sending message [1107240655006.WM29] from [WM29.inbox.com].

Mail From: <XXXXXX at inbox.com>
Rcpt To:   <noc at hostingfrenzy.org>
Repeated:  <7>
Last Try:  <7/25/2011 8:28:31 AM>


The reason of the delivery failure was:

Can not connect to SMTP server <hostingfrenzy.org>.


Here is listed the initial part of the message:

Received: from inbox.com (127.0.0.1:25)
	by inbox.com with [InBox.Com SMTP Server]
	id <1107240655006.WM29> for <noc at hostingfrenzy.org> from <XXXXX at inbox.com>;
	Sun, 24 Jul 2011 06:55:39 -0800
Mime-Version: 1.0
Date: Sun, 24 Jul 2011 06:55:39 -0800
Message-ID: <7E5D5003F8E.00000119XXXXX at inbox.com>
From: Mail Delivery System <XXXXX at inbox.com>
Reply-To: abuse at localhost.com
Subject: AOL trojan Origin = Skyinet.net on redirecting toward romanian
  (RIPE) customer?:=>
To: reportspam at networksolutions.com
Cc: abuse at skyinet.net, ripe at netserv.ro, noc at hostingfrenzy.org,
  aa-wg-chairs at ripe.net
X-Mailer: INBOX.COM
X-Originating-IP: 66.158.156.184
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-IWM-ACU: REl3BNnDDtYo_Gixnf_X636zN3IcUjM7X2Uq_c5rDLG6_-tGybg_57M_8HqL
  GIO69kAPSNwT-VbpnNWH3dXO-aLNWa-8bs2_dHluQcZwtHdRl0OrdcPgL81j
  kSGLDlBA59M-5Y78y

Tagalog bersyon ay dito sa ibaba: =3D>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
=================================
In conclusion, I repeat my question:=>
Is it a fact that anybody can give any false and misleading informations to RIPE about registration of IP# block numbers?
Because if RIPE do not have any rule of conduct, that becomes an ideal tool to carry all kind of criminal activities.

Second question, does any IP# block number recipient who paid fees ($) to obtain a given block number is authorized to resell subnets (Part of block numbers) to evade his responsibilities toward any RIPE regulations if any does exist in fact?

In closing this e-mail, I would like to mention that I have in archive quite a few SPAM for which the given network provided forged & misleading datas to RIPE.

What is worst is that RIPE do not appear to have a webpage where such forgeries can be reported.

That was that!
antispam.report at inbox.com

____________________________________________________________
Publish your photos in seconds for FREE
TRY IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=if4