Wednesday, April 26, 2006

Sure. I trust you. Lets fry this clown. mmjd1996

Another email from another eBay customer.
Sure. I trust you. Lets fry this clown..

Here is the text of the scam email :

 Question from mmjd1996
Item: (4629414062)
This message was sent while the listing was active.
mmjd1996 is a potential buyer.
Hi, how much would be shipping to Germany? Thanks

Using DNSStuff.com I find out our scammers IP address.

eBay.com URL points to:
http://1393442438/img/...bleh/signin.ebay.com/ws/eBayISAPI.dll/SignIn.htm

1393442438 is decimal for 83.14.62.134

Seems to be a box on some DSL line in Poland..

IP address: 83.14.62.134
Reverse DNS: dyk134.internetdsl.tpnet.pl.
Reverse DNS authenticity: [Verified]
ASN: 5617
ASN Name: TPNET (Polish Telecom's commercial IP network)
IP range connectivity: 2
Registrar (per ASN): RIPE
Country (per IP registrar): PL [Poland]
Country Currency: PLN [Poland Zlotych]
Country IP Range: 83.0.0.0 to 83.31.255.255

The ISP is Poland Telecom. Here are the ISP contact numbers and email addresses.

role: TP S.A. Hostmaster
address: TP S.A. "POLPAK"
address: ul. Nowogrodzka 47A
address: 00-695 Warszawa
address: Poland
phone: +48 22 6252383
fax-no: +48 22 6225182
remarks: trouble: Network problems: hostmaster@tpnet.pl
remarks: trouble: Abuse and spam notification: abuse@tpnet.pl
remarks: trouble: DNS problems: dns@tpnet.pl
remarks: trouble: Routing problems: registry@tpnet.pl
admin-c: TK569-RIPE
tech-c: TK569-RIPE
tech-c: JS1838-RIPE
nic-hdl: TPHT
remarks: ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
remarks: Please send spam and abuse notification only to abuse@tpnet.pl
remarks: ! - ! - ! - ! - ! - ! - ! - ! - ! - ! - !
mnt-by: TPNET
e-mail: hostmaster@tpnet.pl
abuse-mailbox: abuse@tpnet.pl
changed: hostmaster@tpnet.pl 20030122
changed: hostmaster@tpnet.pl 20030904
changed: hostmaster@tpnet.pl 20060306
source: RIPE

Port scan shows nothing but FTP and SSH. No UDP ports open.

So I shoot a quick email to the boys at Polish Telecom (abuse@tpnet.pl).

I also paste the bougus URL into PhishFighing.com.
(That feeds our "Phisherman" with hundreds of bogus usernames and passwords.)

That should keep him busy for a few days.

Just another day ho hum.

0 Comments:

Post a Comment

<< Home