Take note! The present is BCC'ed to concerned persons. We first go with the original SPAM. Take note that I still possess the original in a given mailbox. After, below that spam datas will come the "Questions", Ok?... ========================================== Received: from simonbutcher73@aol.com by (64.135.83.95:25) via ims-m14.mx.aol.com (64.12.207.147:58265) with [InBox.Com SMTP Server] id 1107232150020.WH95 for XXXX@inbox.com; Sat, 23 Jul 2011 21:50:06 -0800 Received: from oms-db01.r1000.mx.aol.com (oms-db01.r1000.mx.aol.com [205.188.58.1]) by ims-m14.mx.aol.com (8.14.1/8.14.1) with ESMTP id p6O5nQQt023644; Sun, 24 Jul 2011 01:49:26 -0400 Received: from mtaomg-ma03.r1000.mx.aol.com (mtaomg-ma03.r1000.mx.aol.com [172.29.41.10]) by oms-db01.r1000.mx.aol.com (AOL Outbound OMS Interface) with ESMTP id B2A751C000081; Sun, 24 Jul 2011 01:49:26 -0400 (EDT) Received: from core-mua004b.r1000.mail.aol.com (core-mua004.r1000.mail.aol.com [172.29.237.141]) by mtaomg-ma03.r1000.mx.aol.com (OMAG/Core Interface) with ESMTP id 73A6EE000081; Sun, 24 Jul 2011 01:49:26 -0400 (EDT) To: bradanddebs@blueyonder.co.uk, greg@hartworks.go-plus.net, fonida@tiscali.it, alessandralabate@hotmail.com, hugandas@hotmail.com, gansklos@gmail.com, wyn@doke.fsnet.co.uk, lyricals@hotmail.com, aholden1@blueyonder.co.uk, XXXXX@inbox.com Content-Transfer-Encoding: 8bit Subject: X-MB-Message-Source: WebUI X-AOL-IP: 110.55.218.190 X-MB-Message-Type: User MIME-Version: 1.0 From: Simon Heale <simonbutcher73@aol.com> Content-Type: text/plain; charset="us-ascii"; format=flowed X-Mailer: Webmail 33996-STANDARD Received: from 110.55.218.190 by webmail-m061.sysops.aol.com (64.12.158.161) with HTTP (WebMailUI); Sun, 24 Jul 2011 01:49:26 -0400 Message-Id: <8CE17DC94DC726E-BB8-20321@webmail-m061.sysops.aol.com> X-Originating-IP: [110.55.218.190] Date: Sun, 24 Jul 2011 01:49:26 -0400 (EDT) x-aol-global-disposition: S X-SPAM-FLAG:YES X-AOL-SCOLL-SCORE: 0:2:142936448:93952408 X-AOL-SCOLL-URL_COUNT: 0 X-AOL-REROUTE: YES x-aol-sid: 3039ac1d290a4e2bb2662c2a X-Spam-Ratio: 3.41 http://0331c66.netsolhost.com/nopl.php ========================================== Anybody can tell me please what "X-Originating-IP: [110.55.218.190]" means? Could it ever means what I can read on that website:=> http://network-tools.com/default.asp?prog=network&host=110.55.218.190 Quite a "Standard Usual" SPAM emaning from abuse@bayan.com.ph who gave a right valid abuse email address! No problem! Next... What was that SPAM advertise about? I'd be curious to know if the SPAM was sent by human being or a trojan? Thus, the SPAM requested me to visit this specific website:=> 0331c66.netsolhost.com/nopl.php for which my browser was redirected toward the website: adurgomas.com... Ok! "Who" are these persons? -adurgomas.com = [95.64.61.92] Romanian netserv.ro & hostingfrenzy.org. Registered at RIPE by Mr."Noreply Mozzart SRL" residing in Bucurest. Let's now have a look how this "RIPE" network behave on the Internet:=> http://www.senderbase.org/senderbase_queries/detailip?search_string=95.64.61... Every IPs are blacklisted for "X" reasons! Ahum! Ok! Let's help the poor guy by advising him that most if not all of his computers are obviously infected by trojans! Mail to : abuse-mailbox:=> noc@hostingfrenzy.org as specified by "RIPE" registrations of that network... You know what?... This under:=> -----Original Message----- From: recycle@inbox.com Sent: Mon, 25 Jul 2011 08:28:52 +0000 To: XXXXX@inbox.com Subject: Error sending message [1107240655006.WM29] from [WM29.inbox.com] Error sending message [1107240655006.WM29] from [WM29.inbox.com]. Mail From: <XXXXXX@inbox.com> Rcpt To: <noc@hostingfrenzy.org> Repeated: <7> Last Try: <7/25/2011 8:28:31 AM> The reason of the delivery failure was: Can not connect to SMTP server <hostingfrenzy.org>. Here is listed the initial part of the message: Received: from inbox.com (127.0.0.1:25) by inbox.com with [InBox.Com SMTP Server] id <1107240655006.WM29> for <noc@hostingfrenzy.org> from <XXXXX@inbox.com>; Sun, 24 Jul 2011 06:55:39 -0800 Mime-Version: 1.0 Date: Sun, 24 Jul 2011 06:55:39 -0800 Message-ID: <7E5D5003F8E.00000119XXXXX@inbox.com> From: Mail Delivery System <XXXXX@inbox.com> Reply-To: abuse@localhost.com Subject: AOL trojan Origin = Skyinet.net on redirecting toward romanian (RIPE) customer?:=> To: reportspam@networksolutions.com Cc: abuse@skyinet.net, ripe@netserv.ro, noc@hostingfrenzy.org, aa-wg-chairs@ripe.net X-Mailer: INBOX.COM X-Originating-IP: 66.158.156.184 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-IWM-ACU: REl3BNnDDtYo_Gixnf_X636zN3IcUjM7X2Uq_c5rDLG6_-tGybg_57M_8HqL GIO69kAPSNwT-VbpnNWH3dXO-aLNWa-8bs2_dHluQcZwtHdRl0OrdcPgL81j kSGLDlBA59M-5Y78y Tagalog bersyon ay dito sa ibaba: =3D> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D ================================= In conclusion, I repeat my question:=> Is it a fact that anybody can give any false and misleading informations to RIPE about registration of IP# block numbers? Because if RIPE do not have any rule of conduct, that becomes an ideal tool to carry all kind of criminal activities. Second question, does any IP# block number recipient who paid fees ($) to obtain a given block number is authorized to resell subnets (Part of block numbers) to evade his responsibilities toward any RIPE regulations if any does exist in fact? In closing this e-mail, I would like to mention that I have in archive quite a few SPAM for which the given network provided forged & misleading datas to RIPE. What is worst is that RIPE do not appear to have a webpage where such forgeries can be reported. That was that! antispam.report@inbox.com ____________________________________________________________ Publish your photos in seconds for FREE TRY IM TOOLPACK at http://www.imtoolpack.com/default.aspx?rc=if4