Wednesday, April 26, 2006

How Sweet, letter from another eBay customer.

How Sweet, letter from another eBay customer. Lets fry this clown..
Here is the text of the scam email :

 Question from mmjd1996
Item: (4629414062)
This message was sent while the listing was active.
mmjd1996 is a potential buyer.
Hi, how much would be shipping to Germany? Thanks

Using DNSStuff I find out our scammers IP address.

eBay.com URL points to:
http://1393442438/img/...bleh/signin.ebay.com/ws/eBayISAPI.dll/SignIn.htm

1393442438 is decimal for 83.14.62.134

Seems to be a box on some DSL line in Poland..

IP address: 83.14.62.134
Reverse DNS: dyk134.internetdsl.tpnet.pl.
Reverse DNS authenticity: [Verified]
ASN: 5617
ASN Name: TPNET (Polish Telecom's commercial IP network)
IP range connectivity: 2
Registrar (per ASN): RIPE
Country (per IP registrar): PL [Poland]
Country Currency: PLN [Poland Zlotych]
Country IP Range: 83.0.0.0 to 83.31.255.255

The ISP is Poland Telecom. Here are the ISP contact numbers and email addresses.

role: TP S.A. Hostmaster
address: TP S.A. "POLPAK"
address: ul. Nowogrodzka 47A
address: 00-695 Warszawa
address: Poland
phone: +48 22 6252383
fax-no: +48 22 6225182
remarks: trouble: Network problems: hostmaster@tpnet.pl
remarks: trouble: Abuse and spam notification: abuse@tpnet.pl
remarks: trouble: DNS problems: dns@tpnet.pl
remarks: trouble: Routing problems: registry@tpnet.pl
admin-c: TK569-RIPE
tech-c: TK569-RIPE
tech-c: JS1838-RIPE
nic-hdl: TPHT
remarks: ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
remarks: Please send spam and abuse notification only to abuse@tpnet.pl
remarks: ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
mnt-by: TPNET
e-mail: hostmaster@tpnet.pl
abuse-mailbox: abuse@tpnet.pl
changed: hostmaster@tpnet.pl 20030122
changed: hostmaster@tpnet.pl 20030904
changed: hostmaster@tpnet.pl 20060306
source: RIPE

person: Tomasz Kielb
address: TP S.A. - POLPAK
address: ul. Nowogrodzka 47A
address: 00-695 Warszawa
address: POLAND
remarks: ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
remarks:
remarks: In case of abuse (intrusion attempts, hacking,
remarks: spamming or other unaccepted behavior) from
remarks: TP S.A. address space, please contact only to:
remarks:
remarks: abuse@tpnet.pl
remarks:
remarks: ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
phone: +48 800 120 810
phone: +48 800 120 811
fax-no: +48 22 5230178
e-mail: Tomasz.Kielb@telekomunikacja.pl
nic-hdl: TK569-RIPE
mnt-by: TPNET
changed: tkielb@cst.tpsa.pl 19970730
changed: tkielb@cst.tpsa.pl 20011003
changed: tomasz.kielb@telekomunikacja.pl 20021129
changed: tomasz.kielb@telekomunikacja.pl 20030114
changed: hostmaster@tpnet.pl 20030904
changed: hostmaster@tpnet.pl 20041220
source: RIPE

person: Jaroslaw Salamon
address: TP S.A. -POLPAK
address: ul. Nowogrodzka 47A
address: 00-695 Warszawa
address: POLAND
remarks:
remarks: !=====================================================
remarks:
remarks: In case of abuse (intrusion attempts, hacking,
remarks: spamming or other unaccepted behavior) from
remarks: TP S.A. address space, please contact only to:
remarks:
remarks: abuse@telekomunikacja.pl
remarks:
remarks: !=====================================================
remarks:
phone: +48 800 120 810
phone: +48 800 120 811
fax-no: +48 22 5230178
e-mail: Jaroslaw.Salamon@telekomunikacja.pl
nic-hdl: JS1838-RIPE
mnt-by: TPNET
changed: tkielb@cst.tpsa.pl 20000727
changed: hostmaster@tpnet.pl 20030904
changed: hostmaster@tpnet.pl 20031211
changed: hostmaster@tpnet.pl 20060407
source: RIPE

person: Konrad Plich
address: TP S.A. CST POLPAK
address: ul. Sienkiewicza 9
address: 97-300 Piotrkow Tryb.
address: Poland
remarks: ---------------------------------------------
remarks: In case of abuse (intrusion attempts, hacking,
remarks: spamming or other unaccepted behavior) from
remarks: TP S.A. address space, please mail only to:
remarks: abuse@tpnet.pl
remarks: ----------------------------------------------
phone: + 48 44 6480030
fax-no: + 48 44 6473572
e-mail: konradpl@piotrkow.tpsa.pl
nic-hdl: KP21-RIPE
mnt-by: AS5617-MNT
changed: konradpl@piotrkow.tpsa.pl 20031001
source: RIPE

So I shoot a quick email to the boys at Polish Telecom (abuse@tpnet.pl)

I also paste the bougus URL into PhishFighing.com.
That feeds our "Phisherman" with hundreds of bogus usernames and passwords.
That should keep him busy for a few days.
Just another day ho hum.

0 Comments:

Post a Comment

<< Home