Delcampe.net Auctions - Phishing Scammers

Phishing scams, hijacking of TM accounts, keyloggers and all manner of other nasties. This is the place to report them and get help if you've been hit.
Post Reply
ionet
Members
Posts: 2160
Joined: Fri Feb 18, 2005 2:33 pm
Location: Hawkes Bay

Delcampe.net Auctions - Phishing Scammers

Post by ionet » Mon Nov 19, 2012 11:30 pm

_


From Delcampe.net Admin:

Emails not originating from Delcampe:


1. E-mails not originating from the Delcampe site 2012-11-19 17:42:27

Dear members,


Hundreds of people have received an e-mail pretending to be originating from Delcampe.



For safety reasons, please do not follow the link that generally leads to an online pharmaceutical service probably illegal.


Contrary to appearances, this e-mail does not come from our services and is sent from various places in the world.


We are currently researching how these people were able to get the addresses of hundreds of our members.


Our databases are of course secure; and for the moment there is no indication of failure at this level. Nevertheless, we are keeping on with all the verifications.


To the extent possible, we always recommend that you regularly change your password via "My Delcampe> Contact details".


Kind regards

The Delcampe.net Team


_



Phishing Emails received:


From delcampe.net
Subject Line: [D*] Ticket [#48485]


Thank you for your letter of Nov 19, your request arrived today.

Alright, here's the link:

Proceed to information


Thank you for taking the time to contact us.

Best regards,
Your Delcampe team.



From delcampe.net
Subject Line: [D*] Ticket [#4619]


Thank you for contacting us, your request arrived today.

Alright, here's the link:


Proceed to information


Thank you for taking the time to contact us.

Best regards,
Your Delcampe team.



From Support team
Subject Line: [D*] Request [#62772]


Thank you for contacting us, your request arrived today.

Alright, here's the link


Proceed to information


If we can help in any way, please do not hesitate to contact us.

Best regards,
Support team.




Spammer's Phishing site in all three messages:


http://npdpharm.com/" onclick="window.open(this.href);return false;




Domain Lookup:
domain: npdpharm.com
status: LOCK,TRANSFER-LOCK-60
owner-c: LULU-11737026
admin-c: LULU-11737026
tech-c: LULU-11737026
zone-c: LULU-11737026
nserver: ns1.npdpharm.com
nserver: ns2.npdpharm.com
created: 2012-11-16 09:28:03
expire: 2013-11-16 09:28:03 (registry time)
changed: 2012-11-17 07:15:05


[owner-c] handle: 11737026
[owner-c] type: PERSON
[owner-c] title:
[owner-c] fname: Emerenciana
[owner-c] lname: Tello
[owner-c] org:
[owner-c] address: Rua 113 1952
[owner-c] city: Maracanau
[owner-c] pcode: 61920-520
[owner-c] country: BR
[owner-c] state: CE
[owner-c] phone: +55-85957-12940
[owner-c] fax: +55-85957-12940
[owner-c] email:
[owner-c] protection: B
[owner-c] updated: 2012-11-16 09:28:01

[admin-c] handle: 11737026
[admin-c] type: PERSON
[admin-c] title:
[admin-c] fname: Emerenciana
[admin-c] lname: Tello
[admin-c] org:
[admin-c] address: Rua 113 1952
[admin-c] city: Maracanau
[admin-c] pcode: 61920-520
[admin-c] country: BR
[admin-c] state: CE
[admin-c] phone: +55-85957-12940
[admin-c] fax: +55-85957-12940
[admin-c] email:
[admin-c] protection: B
[admin-c] updated: 2012-11-16 09:28:01

[tech-c] handle: 11737026
[tech-c] type: PERSON
[tech-c] title:
[tech-c] fname: Emerenciana
[tech-c] lname: Tello
[tech-c] org:
[tech-c] address: Rua 113 1952
[tech-c] city: Maracanau
[tech-c] pcode: 61920-520
[tech-c] country: BR
[tech-c] state: CE
[tech-c] phone: +55-85957-12940
[tech-c] fax: +55-85957-12940
[tech-c] email:
[tech-c] protection: B
[tech-c] updated: 2012-11-16 09:28:01

[zone-c] handle: 11737026
[zone-c] type: PERSON
[zone-c] title:
[zone-c] fname: Emerenciana
[zone-c] lname: Tello
[zone-c] org:
[zone-c] address: Rua 113 1952
[zone-c] city: Maracanau
[zone-c] pcode: 61920-520
[zone-c] country: BR
[zone-c] state: CE
[zone-c] phone: +55-85957-12940
[zone-c] fax: +55-85957-12940
[zone-c] email:
[zone-c] protection: B
[zone-c] updated: 2012-11-16 09:28:01


Networks used to send the spam:

1. Two Spam messages:
inetnum: 81.21.192.0 - 81.21.207.255
netname: PL-BCI-20020220
descr: KKI - BCI Sp. z o.o.
country: PL
org: ORG-BCI1-RIPE
admin-c: MW4053-RIPE
tech-c: MW4053-RIPE
status: ALLOCATED PA
notify:
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: BCI-MNT
mnt-routes: BCI-MNT
changed: 20020220
changed: 20090220
changed: 20090220
changed: 20090220
changed: 20090220
changed: 20100415
changed: 20110217
changed: 20110217
source: RIPE

organisation: ORG-BCI1-RIPE
org-name: KKI - BCI Sp. z o.o.
org-type: LIR
address: Grupa KKI-BCI Sp. Z o.o.
Marek Marzec
Zacisze 10/10
31-156 Krakow
Poland
phone: +48123972323
fax-no: +48123972344
e-mail:
admin-c: MW4053-RIPE
tech-c: MW4053-RIPE
mnt-ref: BCI-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
2. One Spam message:

inetnum: 81.21.192.0 - 81.21.207.255
netname: PL-BCI-20020220
descr: KKI - BCI Sp. z o.o.
country: PL
org: ORG-BCI1-RIPE
admin-c: MW4053-RIPE
tech-c: MW4053-RIPE
status: ALLOCATED PA
notify:
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: BCI-MNT
mnt-routes: BCI-MNT
changed: 20020220
changed: 20090220
changed: 20090220
changed: 20090220
changed: 20090220
changed: 20100415
changed: 20110217
changed: 20110217
source: RIPE

organisation: ORG-BCI1-RIPE
org-name: KKI - BCI Sp. z o.o.
org-type: LIR
address: Grupa KKI-BCI Sp. Z o.o.
Marek Marzec
Zacisze 10/10
31-156 Krakow
Poland
phone: +48123972323
fax-no: +48123972344
e-mail:
admin-c: MW4053-RIPE
tech-c: MW4053-RIPE
mnt-ref: BCI-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT


notify:
mnt-by: MAINT-MY-SKSATECH
mnt-lower: MAINT-MY-SKSATECH
mnt-routes: MAINT-MY-SKSATECH
mnt-irt: IRT-SKSATECH1-MY
changed: 20120605
source: APNIC

person: IP Administrator
address: SKSA Technology Sdn. Bhd.
address: No. 36-3, Jalan USJ 9/5Q
address: Subang Business Center
address: 47620 Subang Jaya
address: Selangor
country: MY
phone: +603 2096 9121
fax-no: +603 2096 9131
e-mail:
e-mail:
nic-hdl: IA109-AP

M




_
Ultimate Auction Security: Kick 'em in the pants & sweep them under the carpet fast before anyone sees & hope they go away.

User avatar
marika3
Scambuster
Posts: 4290
Joined: Tue May 11, 2004 7:06 am
Location: Auckland
Contact:

Re: Delcampe.net Auctions - Phishing Scammers

Post by marika3 » Tue Nov 20, 2012 2:43 am

On Delcampe forums people wondering if these emails were sent only to Delcampe members (and Delcampe database was compromised) or it's an usual blanket spam.

I would be interested to hear from non-Delcampers if they received this spam. Thanks
http://www.oneway.co.nz/member/marika3

ionet
Members
Posts: 2160
Joined: Fri Feb 18, 2005 2:33 pm
Location: Hawkes Bay

Re: Delcampe.net Auctions - Phishing Scammers

Post by ionet » Tue Nov 20, 2012 2:52 am

_


the three spam messages in first posting were all sent to NZ based Delcampe members
registered email addresses


M


_
Ultimate Auction Security: Kick 'em in the pants & sweep them under the carpet fast before anyone sees & hope they go away.

User avatar
marika3
Scambuster
Posts: 4290
Joined: Tue May 11, 2004 7:06 am
Location: Auckland
Contact:

Re: Delcampe.net Auctions - Phishing Scammers

Post by marika3 » Tue Nov 20, 2012 3:27 am

Yes, I received one too, but just wondering - if anyone NOT registered with Delcampe got this email?
This would eleminate database compromise.

Foggyone, could you please check your famous spam-catching addresses? Is there anything from "Delcampe"?
http://www.oneway.co.nz/member/marika3

ionet
Members
Posts: 2160
Joined: Fri Feb 18, 2005 2:33 pm
Location: Hawkes Bay

Re: Delcampe.net Auctions - Phishing Scammers

Post by ionet » Wed Nov 21, 2012 2:56 pm

_


Here are the same Spammers / Phishing Scammers at it again - not Delcampe this time
but doesn't eliminate the source for the email addresses being spammed:


From: Accounts support
Subject line: Access Code Ticket [#9255]


Thank you for using our products and services, your request arrived.

Alright, here's the link to your support ticket and help:

Proceed to information

If we can help in any way, please do not hesitate to contact us.

Best regards,
Account support team.



Phishing Link:

http://www.porschetuningmag.com/request/code/ticket/" onclick="window.open(this.href);return false;

IP # rec'd from 78.129.174.193
inetnum: 78.129.174.0 - 78.129.174.255
netname: Rapidswitch-14
descr: Rapidswitch Ltd
country: GB
admin-c: AR6363-RIPE
tech-c: AR6363-RIPE
status: ASSIGNED PA
mnt-by: RAPIDSWITCH-MNT
source: RIPE # Filtered

person: Abuse Robot
address: iomart Hosting Ltd t/a RapidSwitch
address: Spectrum House
address: Clivemont Road
address: Maidenhead
address: SL6 7FW
phone: +44 (0)1753 471 040
_

From: Accounts support
Subject line: Access Code Ticket [#7958]


Thank you for your letter of Nov 21, your request arrived.

Alright, here's the link to your support ticket and help:


Proceed to information

If we can help in any way, please do not hesitate to contact us.

Best regards,
Account support team.



Phishing Link:

http://www.uicphipsi.com/request/code/ticket/" onclick="window.open(this.href);return false;

IP # rec'd from 81.218.234.61
inetnum: 81.218.234.0 - 81.218.234.255
netname: INTERHOST-NETWORKS
descr: INTERHOST-NETWORKS-LAN
country: IL
admin-c: BNT1-RIPE
tech-c: BHT2-RIPE
status: ASSIGNED PA
remarks: please send ABUSE complains to
mnt-by: AS8551-MNT
mnt-lower: AS8551-MNT
source: RIPE # Filtered

role: BEZEQINT HOSTMASTERS TEAM
address: Bezeq International
address: 40 hashacham st.
address: Petach Tikva 49170 Israel
phone: +972 1 800014014
fax-no: +972 3 9257674
admin-c: MR916-RIPE
tech-c: LBHM-RIPE
tech-c: HMSB-RIPE
nic-hdl: BHT2-RIPE
remarks: Please Send Spam and Abuse ONLY to
mnt-by: AS8551-MNT
source: RIPE # Filtered

role: BEZEQINT NETWORKING TEAM
address: Bezeq International
address: 40 hashacham st.
address: Petach Tikva 49170 Israel
phone: +972 1 800014014
fax-no: +972 3 9257674
admin-c: MR916-RIPE
tech-c: MR916-RIPE
tech-c: RD1278-RIPE
nic-hdl: BNT1-RIPE
_

From: Accounts support
Subject line: Access Code Ticket [#435]


Thank you for contacting us, your request arrived.

Alright, here's the link to your support ticket and help


Proceed to information

Thank you for using our services.

Best regards,
Account support team.



Phishing Link:

http://www.northatlantaaccounting.com/r ... de/ticket/" onclick="window.open(this.href);return false;

IP # rec'd from 213.186.60.58
inetnum: 213.186.60.0 - 213.186.60.255
netname: OVH
descr: OVH SAS
descr: Dedicated Servers
descr: http://www.ovh.com" onclick="window.open(this.href);return false;
country: FR
admin-c: OK217-RIPE
tech-c: OTC2-RIPE
status: ASSIGNED PA
mnt-by: OVH-MNT
source: RIPE # Filtered

role: OVH Technical Contact
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
admin-c: OK217-RIPE
tech-c: GM84-RIPE
nic-hdl: OTC2-RIPE
abuse-mailbox:
mnt-by: OVH-MNT
source: RIPE # Filtered

person: Octave Klaba
address: OVH SAS
address: 2 rue Kellermann
address: 59100 Roubaix
address: France
phone: +33 9 74 53 13 23
M

_
Ultimate Auction Security: Kick 'em in the pants & sweep them under the carpet fast before anyone sees & hope they go away.

ionet
Members
Posts: 2160
Joined: Fri Feb 18, 2005 2:33 pm
Location: Hawkes Bay

Re: Delcampe.net Auctions - Phishing Scammers

Post by ionet » Fri Nov 23, 2012 11:05 am

marika3 wrote:On Delcampe forums people wondering if these emails were sent only to Delcampe members (and Delcampe database was compromised) or it's an usual blanket spam.

I would be interested to hear from non-Delcampers if they received this spam. Thanks


That's a very good point too Marika 8-)

If no non-Delcampe members received any Phishing messages then a question remains as to how
Spammers connected the dots & the source of the email list they obviously obtained
to send spam out to.

If none outside Delecampe membership received the first phishing messages then it would seem
there is possibility of a breach of site database somewhere, and Delcampe's message tonight
to members is a bit like closing the door after the horse has bolted & damage done:


Dear XXXXXX XXXXXXXX,


Our system has detected a possible risk as regards your password on Delcampe.

For safety reasons, we have changed it for you.

You must now follow the following steps in order to be able to log in again:

1. Retrieve your new password via the page "My Delcampe> Lost Password" by entering your nickname "nztrade":
http://www.delcampe.net/lost_password.php?language=E" onclick="window.open(this.href);return false;

2. Log in to the site and choose a new password via the page "My Delcampe> Account> My information> Contact details":
http://www.delcampe.net/status.php?tab= ... language=E" onclick="window.open(this.href);return false;

3. If you are using your Delcampe password on other websites, we recommend as a precautionary measure that you modify it too.


For more details, please read the information page:
http://www.delcampe.net/announcements.p ... =2367#2367" onclick="window.open(this.href);return false;


Best regards,

Your Delcampe team


http://www.delcampe.net/announcements.p ... =2367#2367" onclick="window.open(this.href);return false;

Tue, 20 Nov 2012

Dear members,


We announced to you earlier this week that email addresses of our members had been obtained by malicious people. They were then able to send Delcampe-signed emails to many of you. (More information)




It is currently impossible for us to know how many of you have received these emails. There is no evidence at this time either that these stolen pieces of information come directly from our website or that there was a security problem. However, we must be proactive for our members and ensure your safety when a possible risk arises.

So we have decided to reset all the passwords of all our members.


In the next few hours, you will receive an email informing you of the modification of your password.


etc etc


M

_
Ultimate Auction Security: Kick 'em in the pants & sweep them under the carpet fast before anyone sees & hope they go away.

User avatar
marika3
Scambuster
Posts: 4290
Joined: Tue May 11, 2004 7:06 am
Location: Auckland
Contact:

Re: Delcampe.net Auctions - Phishing Scammers

Post by marika3 » Fri Nov 23, 2012 11:19 am

It's been reported on English Delcampe forum by one member that they recieved "Delcampe" phising email to email address NOT registered with Delcampe.
http://www.oneway.co.nz/member/marika3

ionet
Members
Posts: 2160
Joined: Fri Feb 18, 2005 2:33 pm
Location: Hawkes Bay

Re: Delcampe.net Auctions - Phishing Scammers

Post by ionet » Fri Nov 23, 2012 11:26 am

_

It's interesting to note the following Feb-2012 thread on Delcampe.com which the Admin personnel
did not return to:


http://www.delcampe.com/page/forum_inde ... age,E.html" onclick="window.open(this.href);return false;



And a recent Stampboards thread:

http://www.stampboards.com/viewtopic.php?f=13&t=41572" onclick="window.open(this.href);return false;

in particular postings like this -
I am quite certain that these emails are hacked from Delcampe database. I have quite new email for Delcampe which has not been anywhere in public. So I can't guess any other source for email than Delcampes database.

It is not really a big suprise as Delcampe's website feels very old-fashioned and it is not functioning very well.
I would be suprised if not as I have an email only for Delcampe use and it is only few weeks old. I haven't received same spam to any other emails so far. Of course my opinion is easily proved wrong if someone who is not Delcampe user has got same spam.

This spam didn't work with me, but it was very clever as it used even noreply(a)delcampe.com as a replay address.

Ok, this was my last post about this one. Let's continue with stamps and wish that Delcampe is awake

The analysis as it stands now is -

1. Hundreds if not thousands of Delcampe members have received the phishing emails & follow-ons.

2. One reports a near new email address used for that site only (Delcampe registered) received the phish

3. One reports receiving it a non Delcampe registered email address, but they are possibly in the collectables realm ?


M

_
Ultimate Auction Security: Kick 'em in the pants & sweep them under the carpet fast before anyone sees & hope they go away.

User avatar
marika3
Scambuster
Posts: 4290
Joined: Tue May 11, 2004 7:06 am
Location: Auckland
Contact:

Re: Delcampe.net Auctions - Phishing Scammers

Post by marika3 » Fri Nov 23, 2012 2:11 pm

Reading Delcampe announcements, it looks like they themselves think that database had been indeed compromised.

But resetting users passwords without finding the cause of data leak is quite useless exercise.
What's taken once, can be taken again.

And yes, I agree with many posts on Stampboards - Delcampe is very hard to navigate, full of bugs and glitches, falls apart under pressure easily, and became extremely expensive to sell on.
Luckally, there are much better places on the net.
http://www.oneway.co.nz/member/marika3

User avatar
marika3
Scambuster
Posts: 4290
Joined: Tue May 11, 2004 7:06 am
Location: Auckland
Contact:

Re: Delcampe.net Auctions - Phishing Scammers

Post by marika3 » Fri Nov 23, 2012 2:52 pm

An illustration of site's security and number of bugs (quoted from Delcampe forums):
I'm getting very confused....
came on the site about an hour ago after reading the email.... and needed to log in, fair enough, log in refused & needed to ask for a reset on my password, fair enough...... still awaitng an email from Del with temp password an hour later...... BUT It now shows I am Logged in....
like I said... no reset password has arrived in my inbox (or spam box) so I havent logged in and yet according to Delcampe I AM logged in AND I can get to all my account links (like closed sales with buyers etc)
:grin: :grin:
Funny to reset passwords if site allows users to be logged in indefinitely.
http://www.oneway.co.nz/member/marika3

ionet
Members
Posts: 2160
Joined: Fri Feb 18, 2005 2:33 pm
Location: Hawkes Bay

Re: Delcampe.net Auctions - Phishing Scammers

Post by ionet » Fri Nov 30, 2012 10:47 am

_


Another series of Phishing Scam messages from "The Delcampe Phishing Scammers"
received in the past 24 hours:

From: Accounts support
Subject: Access Code Ticket [#31925]

Thank you for your letter of Nov 29, your request arrived.

Alright, here's the link to your support ticket and help:

Proceed to information

Thank you for using our services.

Best regards,
Account support team.



From: Accounts support
Subject: Access Code Ticket [#6815]


Thank you for your letter of Nov 29, your request arrived.

Alright, here's the link to your support ticket and help:

Proceed to information

If we can be of any further assistance, please let us know.

Best regards,
Account support team.


From: Accounts support
Subject: Access Code Ticket [#2859

Thank you for your letter regarding our services, your request arrived.

Alright, here's the link to your support ticket and help:

Proceed to information


If we can help in any way, please do not hesitate to contact us.

Best regards,
Account support team.



Phishing Site URL for all three phishes:


http://herbalsubstances.net/" onclick="window.open(this.href);return false;


NOTE: The above link may still be an active Phishing Site



Source of Spam:

IP Address: 80.74.148.248
inetnum: 80.74.128.0 - 80.74.159.255
org: ORG-MG1-RIPE
netname: CH-METANET-20010619
descr: METANET AG
country: CH
admin-c: PWS22-RIPE
tech-c: MWS22-RIPE
status: ALLOCATED PA
mnt-by: RIPE-NCC-HM-MNT
mnt-lower: META-NET
mnt-routes: META-NET
source: RIPE # Filtered

organisation: ORG-MG1-RIPE
org-name: METANET AG
org-type: LIR
address: METANET AG
Pascal Schnarwiler
Hardstrasse 235
CH-8005 Zuerich
Switzerland
phone: +41 443108766
fax-no: +41 443108769
IP Address: 91.200.34.182
inetnum: 91.200.32.0 - 91.200.35.255
netname: ARTNET
descr: Artnet Sp. z o.o.
country: PL
org: ORG-ASzo16-RIPE
admin-c: PB5438-RIPE
tech-c: PB5438-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: ATMAN-MNT
mnt-by: MNT-ARTNET
mnt-routes: ATMAN-MNT
mnt-routes: MNT-ARTNET
mnt-domains: ATMAN-MNT
mnt-domains: MNT-ARTNET
source: RIPE # Filtered

organisation: ORG-ASzo16-RIPE
org-name: Artnet Spolka z ograniczona odpowiedzialnoscia
org-type: LIR
address: Artnet Spolka z ograniczona odpowiedzialnoscia
Waly Piastowskie 1
80-855 Gdansk
Poland
IP Address: 193.42.154.175
inetnum: 193.42.154.0 - 193.42.154.255
netname: Forward-NET-PL
descr: Forward Szalacha Pawel
country: PL
org: ORG-FSP2-RIPE
admin-c: PS8163-RIPE
tech-c: PS8163-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-END-MNT
mnt-lower: RIPE-NCC-END-MNT
mnt-by: AS12968-MNT
mnt-routes: AS12968-MNT
mnt-domains: AS12968-MNT
source: RIPE # Filtered

organisation: ORG-FSP2-RIPE
org-name: Forward Szalacha Pawel
org-type: OTHER
address: Orlat Lwowskich 2/11
address: 35-303 Rzeszow
address: POLAND


M

_
Ultimate Auction Security: Kick 'em in the pants & sweep them under the carpet fast before anyone sees & hope they go away.

ionet
Members
Posts: 2160
Joined: Fri Feb 18, 2005 2:33 pm
Location: Hawkes Bay

Re: Delcampe.net Auctions - Phishing Scammers

Post by ionet » Mon Dec 10, 2012 4:30 am

_

Another bundle of Facebook Phishing Scam attempts from the 'Delcampe Email database' Phishers:


8 Dec 2012:

From: "Gianna Anthony" <ericrain@striker.ottawa.on.ca>
Subject: You have notifications pending


Hi,

Here's some activity you have missed.

3 friend request


This message was sent to a webuser@kiwiland.fromspammer. If you don't want to receive these emails in the future, please click: unsubscribe.
Department 973 P.O Box 14378 Palo Alto CA 89365



Facebook Phishing Site URL:

http://www.papelcintas.com/request/code/ticket/" onclick="window.open(this.href);return false;



10 Dec 2012:

From: "Aylin Hickman" bruce.rothermaln@sun.com
Subject: You have notifications pending


Hi,
Here's some activity you have missed.

2 friend request

This message was sent to a webuser@kiwiland.fromspammer. If you don't want to receive these emails in the future, please click: unsubscribe.
Department 973 P.O Box 14378 Palo Alto CA 89365

Facebook Phishing Site URL:


http://www.trozebiz.com/update/news/pages/" onclick="window.open(this.href);return false;


_


From: "Lainey Parker" doomss@slrmc.org
Subject: You have notifications pending

Hi,
Here's some activity you have missed.

1 friend request


This message was sent to a webuser@kiwiland.fromspammer. If you don't want to receive these emails in the future, please click: unsubscribe.
Department 973 P.O Box 14378 Palo Alto CA 89365


Facebook Phishing Site URL:

http://www.luciam.com/request/code/ticket/" onclick="window.open(this.href);return false;




_


Source of these Phishing Scam Messages:


10.12.2012 2.22pm


213.239.236.50


inetnum: 213.239.236.48 - 213.239.236.55
netname: ISITRAIN-NET
descr: ISITRAIN GmbH
country: DE
admin-c: WG840-RIPE
tech-c: WG840-RIPE
status: ASSIGNED PA
mnt-by: HOS-GUN
mnt-lower: HOS-GUN
mnt-routes: HOS-GUN
source: RIPE # Filtered

person: Wolfgang Geng
address: BITWINGS GbR
address: Deininger Weg 2
address: 92318 Neumarkt
address: GERMANY
phone: +4991815093770
fax-no: +49918150937799
nic-hdl: WG840-RIPE
mnt-by: HOS-GUN
source: RIPE # Filtered

route: 213.239.192.0/18
descr: HETZNER-RZ-NBG-BLK2
origin: AS24940
mnt-by: HOS-GUN
source: RIPE # Filtered

_


10.12.2012 2.09 pm


IP Information for 80.87.129.48

inetnum: 80.87.129.0 - 80.87.129.255
netname: POSITIVE-MANAGED-FREE
descr: positive infrastructure available
country: GB
admin-c: KO219-RIPE
tech-c: JJ3956-RIPE
tech-c: KO219-RIPE
remarks: Please email abuse to
status: ASSIGNED PA
mnt-by: OCHPOSITIVE-MNT
mnt-domains: OCHPOSITIVE-MNT
source: RIPE # Filtered

person: Joachim Jellinek
address: Positive Internet
address: 24 Broadway
address: West Ealing
address: London
address: W13 0SU
phone: +44208 579 5551
fax-no: +44207 681 1881
nic-hdl: JJ3956-RIPE
remarks: Please email abuse to
mnt-by: OCHPOSITIVE-MNT
source: RIPE # Filtered

person: Kim Olsen
address: NOC
address: Positive House
address: 24 Broadway
address: West Ealing
address: London
address: W13 0SU
phone: +442085795551
fax-no: +442076811881
nic-hdl: KO219-RIPE


_


inetnum: 213.83.36.112 - 213.83.36.119
netname: GUNDLACH-SERVER-NET
descr: Reifen Gundlach GmbH
descr: Talstrasse 1-3, Raubach
country: DE
admin-c: JB13723-RIPE
tech-c: PLN
status: ASSIGNED PA
mnt-by: PLUSLINE-MNT
source: RIPE # Filtered

role: Plus.Line Noc
address: Plus.line AG
address: Mainzer Landstr. 199
address: 60326 Frankfurt
address: Germany
phone: +49 69 758915 0
fax-no: +49 69 758915 33
admin-c: RG72-RIPE
tech-c: RG72-RIPE
tech-c: MBPL-RIPE
tech-c: GSPL
nic-hdl: PLN
mnt-by: PLUSLINE-MNT
source: RIPE # Filtered

person: Josef Buendgen
address: Reifen Gundlach GmbH
address: Talstrasse 1-3
address: 56316 Raubach
phone: +49 2684 9450 0
fax-no: +49 2684 9450 733
nic-hdl: JB13723-RIPE
mnt-by: PLUSLINE-MNT
source: RIPE # Filtered

route: 213.83.0.0/18
descr: Plus.line Systemhaus GmbH
origin: AS12306
mnt-by: PLUSLINE-MNT
source: RIPE # Filtered


_



Domain Lookups for Phishing Sites:

Registered through: GoDaddy.com, LLC (http://www.godaddy.com" onclick="window.open(this.href);return false;)
Domain Name: LUCIAM.COM
Created on: 01-Jul-09
Expires on: 01-Jul-13
Last Updated on: 03-Jul-12

Registrant:
-
7484
Nairobi, 00200
Kenya

Administrative Contact:
Amolo, Noah noahamolot@gmail.com
-
7484
Nairobi, 00200
Kenya
+254.0710297585

Technical Contact:
Amolo, Noah noahamolot@gmail.com
-
7484
Nairobi, 00200
Kenya
+254.0710297585

Domain servers in listed order:
NS1111.WEBSITEWELCOME.COM
NS1112.WEBSITEWELCOME.COM


_


Trozebiz.com

Registered through: GoDaddy.com, LLC (http://www.godaddy.com" onclick="window.open(this.href);return false;)
Domain Name: TROZEBIZ.COM
Created on: 26-Feb-09
Expires on: 26-Feb-13
Last Updated on: 06-Dec-11

Registrant:
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States

Administrative Contact:
Private, Registration TROZEBIZ.COM@domainsbyproxy.com
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2598

Technical Contact:
Private, Registration TROZEBIZ.COM@domainsbyproxy.com
Domains By Proxy, LLC
DomainsByProxy.com
14747 N Northsight Blvd Suite 111, PMB 309
Scottsdale, Arizona 85260
United States
(480) 624-2599 Fax -- (480) 624-2598

Domain servers in listed order:
NS693.HOSTGATOR.COM
NS694.HOSTGATOR.COM


_


Domain Name: PAPELCINTAS.COM
Registrar: GODADDY.COM, LLC
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com" onclick="window.open(this.href);return false;
Name Server: MY.PRIVATEDNS.COM
Name Server: YOUR.PRIVATEDNS.COM
Status: clientDeleteProhibited
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Updated Date: 21-aug-2012
Creation Date: 02-sep-2010
Expiration Date: 02-sep-2013



Registered through: GoDaddy.com, LLC (http://www.godaddy.com" onclick="window.open(this.href);return false;)
Domain Name: PAPELCINTAS.COM
Created on: 02-Sep-10
Expires on: 02-Sep-13
Last Updated on: 20-Aug-12

Registrant:
Mercadeo Paginas Web
Calle 88 A # 49A-23
Patria
Bogota, Cundinamarca 000
Colombia

Administrative Contact:
Gomez Tabares, Andres Fernando info@mercadeopaginasweb.com
Mercadeo Paginas Web
Calle 88 A # 49A-23
Patria
Bogota, Cundinamarca 000
Colombia
+31.17512739

Technical Contact:
Gomez Tabares, Andres Fernando info@mercadeopaginasweb.com
Mercadeo Paginas Web
Calle 88 A # 49A-23
Patria
Bogota, Cundinamarca 000
Colombia
+31.17512739

Domain servers in listed order:
MY.PRIVATEDNS.COM
YOUR.PRIVATEDNS.COM


M

_
Ultimate Auction Security: Kick 'em in the pants & sweep them under the carpet fast before anyone sees & hope they go away.

User avatar
marika3
Scambuster
Posts: 4290
Joined: Tue May 11, 2004 7:06 am
Location: Auckland
Contact:

Re: Delcampe.net Auctions - Phishing Scammers

Post by marika3 » Mon Dec 10, 2012 5:34 am

These must be from another source, not Delcampe database, I did not get them at all.
http://www.oneway.co.nz/member/marika3

User avatar
marika3
Scambuster
Posts: 4290
Joined: Tue May 11, 2004 7:06 am
Location: Auckland
Contact:

Re: Delcampe.net Auctions - Phishing Scammers

Post by marika3 » Tue Dec 11, 2012 1:30 am

Correction.
Delcampe database must be huge, not all emails serviced in one day.
Got my share of "notification pending" spams today.
from: Giselle Caldwell <hengloc@lmc.ca>
reply-to: hengloc@lmc.ca
from: Miley Wolf <marcelov@ceee.com.br>
reply-to: marcelov@ceee.com.br
http://www.oneway.co.nz/member/marika3

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest