[an error occurred while processing this directive]
The report for this spam can be found at: 2007 Deadbeats Page 05.
Received: from pmsmtp01.st1.spray.net (212.78.207.245) by studio42.com with
ESMTP (Eudora Internet Mail Server 3.2.10) for <chris@studio42.com>;
Wed, 12 Dec 2007 21:54:05 -0800
Received: from pmsmtp01.st1.spray.net (pmfilter04.st1.spray.net [212.78.207.174])
by pmsmtp01.st1.spray.net (Postfix) with ESMTP id 938422B8056
for <chris@studio42.com>; Thu, 13 Dec 2007 05:54:03 +0000 (GMT)
Received: from 192.168.1.107 (host-84-221-105-131.cust-adsl.tiscali.it [84.221.105.131])
by pmsmtp01.st1.spray.net (Postfix) with ESMTP id D007A2B8054
for <chris@studio42.com>; Thu, 13 Dec 2007 05:54:02 +0000 (GMT)
Date: Thu, 13 Dec 2007 07:53:14 +0100
To: chris@studio42.com
From: "emailselfservice@lycospower.it" <emailselfservice@lycospower.it>
Reply-To: emailselfservice@lycospower.it
Subject: indirizzi email e numeri fax di aziende italiane
Message-ID: <47a222b77478ca6bac72798de724a46c@smtp.premiummail.lycos.it>
X-Priority: 3
X-Mailer: Produced By Microsoft MimeOLE V6.00.2800.1896
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="b1_47a222b77478ca6bac72798de724a46c"
X-Lycos-AS: 47.00
X-Lycos-AV: OK
X-Lycos-IS: NO
--b1_47a222b77478ca6bac72798de724a46c
Content-Type: text/plain; charset = "iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Disponiamo
di BANCHE
DATI
indirizzi
EMAIL e
numeri FAX
altamente
profilate
per area
geografica
e settore
merceologico.Le
banche
dati
contengono-
ragione
sociale
completa
dell=B4azienda-
indirizzo
postale,
cap,
citt=E0,
provincia,
regione-
Numero
telefono -
indirizzo
Email -
numero
fax-
Categoria
merceologica
-
sottocategoria
merceologicaCon
la giusta
banca dati
in tuo
possesso,
sarai
libero ed
autonomo nel
promuovere
al meglio
i
servizi/prodotti
della tua
azienda.Il
database
vi verr=E0
consegnato
in formato
excell o
access,
facilmente
consultabile
da
chiunque. Informati
e acquista
le nostre
banche
dati --Ricevi
questa
comunicazione
perch=E8 sei
iscritto
alla
nostro
networkPer
non
ricevere
ulteriori
comunicazioni
rispondete
a questa
email con
oggetto
remove
--b1_47a222b77478ca6bac72798de724a46c
Content-Type: text/html; charset = "iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content=3D"text/html;charset=3DISO-8859-15"
http-equiv=3D"Content-Type">
</head>
<body bgcolor=3D"#ffffff" text=3D"#000000">
<div style=3D"text-align: left; font-family: Arial,Helvetica,sans-serif;"=
><font style=3D"font-family: Verdana,Arial,Helvetica,sans-serif;" size=3D=
"2">Disponiamo di <strong><font style=3D"font-weight: bold;" size=3D"2">B=
ANCHE DATI indirizzi EMAIL e numeri </font><font style=3D"font-weight: bo=
ld;" size=3D"2">FAX</font><font size=3D"2"> </font><br></strong>altamente=
profilate per <strong>area geografica</strong> e <strong>settore merceol=
ogico</strong>.</font><font size=3D"2"><br><br></font><font style=3D"font=
-family: Verdana,Arial,Helvetica,sans-serif;" size=3D"2">Le banche dati c=
ontengono<br>- ragione sociale completa dell=B4azienda<br>- indirizzo pos=
tale, cap, citt=E0, provincia, regione<br>- Numero telefono - indirizzo E=
mail - numero fax<br>- Categoria merceologica - sottocategoria merceologi=
ca<br></font><font size=3D"2"><br></font><font style=3D"font-family: Verd=
ana,Arial,Helvetica,sans-serif;" size=3D"2">Con la giusta banca dati in t=
uo possesso, sarai libero ed autonomo nel promuovere al meglio i
servizi/prodotti della tua azienda.<br>Il database vi verr=E0 consegnato =
in formato excell o access, facilmente consultabile da chiunque.</font><b=
r> <br><font style=3D"font-weight: bold;" size=3D"3"><a href=3D"http=
://digilander.libero.it/servizi.online/indirizzi2.html" target=3D"_self">=
Informati e acquista le nostre banche dati</a></font><br> <br><font =
size=3D"2"> </font><br><font size=3D"2"><br><font size=3D"1">--<br>R=
icevi questa comunicazione perch=E8 sei iscritto alla nostro network</fon=
t></font><br><font size=3D"1">Per non ricevere ulteriori comunicazioni ri=
spondete a questa email con oggetto remove</font></div>
</body></html>
--b1_47a222b77478ca6bac72798de724a46c--
[studio42@flatus studio42]$ host 212.78.207.245
245.207.78.212.in-addr.arpa domain name pointer pmsmtp01.st1.spray.net.
[studio42@flatus studio42]$ whois 212.78.207.245@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #3.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '212.78.192.0 - 212.78.223.255'
inetnum: 212.78.192.0 - 212.78.223.255
org: ORG-SNSA2-RIPE
netname: DE-LYCEU-990504
descr: Lycos Europe GmbH
country: DE
admin-c: JS5687-RIPE
tech-c: SH2596-RIPE
tech-c: KD849-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: MNT-LYCEU
mnt-domains: MNT-LYCEU
mnt-routes: MNT-LYCEU
source: RIPE # Filtered
organisation: ORG-SNSA2-RIPE
org-name: Spray Network Services AB
org-type: LIR
descr: Lycos Europe GmbH
address: Carl-Bertelsmann Str 29
address: DE-33311
address: Guetersloh
address: Germany
phone: +49 5241 8071000
fax-no: +49 5241 80671334
admin-c: JS5687-RIPE
admin-c: SH2596-RIPE
mnt-ref: SPRAYNET-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
source: RIPE # Filtered
person: Johannes Spangenberg
address: Lycos Europe GmbH
phone: +49 5241 8071 313
mnt-by: MNT-LYCEU
nic-hdl: JS5687-RIPE
source: RIPE # Filtered
person: Stefan Hegger
address: Lycos Europe GmbH
address: Carl Bertelsmann Str 29
address: DE-33311 Guetersloh
address: Germany
phone: +49 5241 8071 334
fax-no: +49 5241 80671 334
remarks: ----------------------------------------------
remarks: do NOT e-mail abuse to contacts given here,
remarks: e-mail them to abuse@lycos-europe.com instead.
remarks: (as shown below at "abuse-mailbox:") You will receive a ticket n
umber.
remarks: or contact our service desk under +49 5154 705 413 after receiv
ing a ticket number from our ticket system
abuse-mailbox: abuse@lycos-europe.com
mnt-by: MNT-LYCEU
nic-hdl: SH2596-RIPE
source: RIPE # Filtered
person: Konstantion Dounaev
address: Lycos Europe GmbH
address: Carl Bertelsmann Str 29
address: DE-33311 Guetersloh
address: Germany
phone: +49 5241 8071 327
mnt-by: MNT-LYCEU
nic-hdl: KD849-RIPE
source: RIPE # Filtered
% Information related to '212.78.192.0/19AS12832'
route: 212.78.192.0/19
descr: Lycos Europe Gmbh
origin: AS12832
mnt-by: MNT-LYCEU
source: RIPE # Filtered
I can see the outgoing server and the intermediate collection point on the same netblock,
that will most likely end up being blacklisted.
Onto the spammer or zombie:
[studio42@flatus studio42]$ host 84.221.105.131
131.105.221.84.in-addr.arpa domain name pointer host-84-221-105-131.cust-adsl.ti
scali.it.
[studio42@flatus studio42]$ whois 84.221.105.131@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '84.220.0.0 - 84.221.255.255'
inetnum: 84.220.0.0 - 84.221.255.255
netname: TISCALINET
descr: Tiscali Italia SpA
descr: PROVIDER
country: IT
admin-c: RC524-RIPE
admin-c: FP1849-RIPE
admin-c: FB2233-RIPE
tech-c: TI335-RIPE
rev-srv: ns.tiscalinet.it
rev-srv: sns.tiscali.it
remarks: ADSL dial-up customers
remarks: -----------------------------------------------------------
remarks: Send trouble queries or problems to noc@it.tiscali.com
remarks: -----------------------------------------------------------
remarks: SPAM or net abuse please mail to abuse@tiscali.it
remarks: -----------------------------------------------------------
remarks: For more information see http://www.tiscali.it/
remarks: -----------------------------------------------------------
status: ASSIGNED PA
mnt-by: AS8612-MNT
source: RIPE # Filtered
role: Tiscali IT
address: Tiscali Italia S.p.A.
address: SS 195 Km 2.300
address: localita Sa Illetta
address: 09122 - Cagliari
address: Italy
phone: +39 070 46011
fax-no: +39 070 4601400
remarks: -----------------------------------------------------------
remarks: Send trouble queries or problems to noc@it.tiscali.com
remarks: -----------------------------------------------------------
remarks: SPAM or net abuse please mail to abuse@tiscali.it
remarks: -----------------------------------------------------------
remarks: For more information see http://www.tiscali.it/
remarks: -----------------------------------------------------------
e-mail: registry@it.tiscali.com
admin-c: RC524-RIPE
admin-c: FP1849-RIPE
tech-c: RC524-RIPE
tech-c: FB2233-RIPE
tech-c: FP1849-RIPE
nic-hdl: TI335-RIPE
mnt-by: AS8612-MNT
source: RIPE # Filtered
person: Francesco Boi
address: Tiscali Italia SpA
address: SS. 195 Km. 2,300
address: 09122 Cagliari
address: Sardinia - Italy
phone: +39 070 46011
fax-no: +39 070 4609250
e-mail: fboi@it.tiscali.com
nic-hdl: FB2233-RIPE
source: RIPE # Filtered
person: Ruben Cardella
address: Tiscali
address: SS. 195 Km. 2,300
address: 09122 Cagliari
address: Sardinia - Italy
remarks: Network Engineer
phone: +39 070 46011
fax-no: +39 070 4609328
e-mail: rcardella@it.tiscali.com
nic-hdl: RC524-RIPE
source: RIPE # Filtered
person: Francesco Pau
address: Tiscali
address: SS. 195 Km. 2,300
address: 09122 Cagliari
address: Sardinia - Italy
remarks: Network Engineer
phone: +39 070 46011
fax-no: +39 070 4609251
e-mail: pau@tiscali.net
nic-hdl: FP1849-RIPE
source: RIPE # Filtered
% Information related to '84.220.0.0/14AS8612'
route: 84.220.0.0/14
descr: Tiscali Italia SpA
origin: AS8612
mnt-by: AS8612-MNT
mnt-by: TISCALI-INT-ROUTE
source: RIPE # Filtered
% Information related to '84.220.0.0/14AS3257'
route: 84.220.0.0/14
descr: Tiscali SpA
origin: AS3257
mnt-by: TISCALI-INT-ROUTE
source: RIPE # Filtered
That was easy.
Onto the scammer site:
[studio42@flatus studio42]$ host digilander.libero.it
digilander.libero.it is an alias for digilander.iol.it.
digilander.iol.it has address 195.210.93.172
[studio42@flatus studio42]$ whois 195.210.93.172@whois.ripe.net
[whois.ripe.net]
% This is the RIPE Whois query server #2.
% The objects are in RPSL format.
%
% Rights restricted by copyright.
% See http://www.ripe.net/db/copyright.html
% Note: This output has been filtered.
% To receive output for a database update, use the "-B" flag
% Information related to '195.210.92.0 - 195.210.95.255'
inetnum: 195.210.92.0 - 195.210.95.255
netname: IOL-2
descr: Italia OnLine S.P.A
descr: Via Lorenteggio 257 - 20152 Milano
country: IT
remarks: For Abuse Spam Security please notify: abuse@iol.it
admin-c: IHM1-RIPE
tech-c: IHM1-RIPE
status: ASSIGNED PA
mnt-by: AS1267-MNT
mnt-routes: AS1267-MNT
source: RIPE # Filtered
person: IOL Host Master
address: Italia Online S.p.A.
address: Via Lorenteggio, 257
address: I-20153 Milano
address: Italy
phone: +39 02 30111
fax-no: +39 02 30114182
e-mail: hostmaster@iol.it
nic-hdl: IHM1-RIPE
mnt-by: AS1267-MNT
source: RIPE # Filtered
% Information related to '195.210.64.0/19AS1267'
route: 195.210.64.0/19
descr: IOL
origin: AS1267
remarks: removed cross-mnt: AS1267-MNT
mnt-lower: AS1267-MNT
mnt-routes: AS1267-MNT
mnt-by: AS1267-MNT
source: RIPE # Filtered
[an error occurred while processing this directive]