Results 1 to 18 of 18
  1. #1
    TheGamblingGuru's Avatar
    TheGamblingGuru is offline Private Member
    Join Date
    January 2009
    Location
    Tamarack Forest
    Posts
    323
    Thanks
    739
    Thanked 181 Times in 114 Posts

    Default SPAM/Spoof from Poker.com

    I just received this email here and the return address is from one of the public members here named Kris@ and his/her site www.poker.com, his/her profile page HERE

    I don't believe this is actually from him/her but it's someone that is spoofing his/her site name for Spamming purposes.


    Whois Record

    Domain poker.com:

    Casper Enterprises Group Ltd

    P O Box 3444

    Road Town, Tortola NA VG

    Administrative contact:

    Technical contact:

    Billing contact:

    Casper Enterprises Group Ltd

    Linda Shepherdson


    P O Box 3444
    Road Town, Tortola NA VG
    Phone: +1.411 4024
    Fax:


    Record dates:

    Record created on: 1998-07-31 04:00:00 UTC

    Record modified on: 2009-03-22 01:02:43 UTC

    Record expires on: 2014-07-30 UTC

    Nameservers:

    ns1.poker.com:

    66.212.241.36

    ns2.poker.com:

    66.212.241.37


    Full Header:

    Delivered-To: xxxxx@xxxxxx.net
    Received: by 10.239.156.76 with SMTP id l12cs73722hbc;
    Wed, 17 Jun 2009 23:15:01 -0700 (PDT)
    Received: by 10.100.46.3 with SMTP id t3mr1384949ant.179.1245305700537;
    Wed, 17 Jun 2009 23:15:00 -0700 (PDT)
    Return-Path: <>
    Received: from outmta12.xxxxx@xxxxxx.net (outmta12.xxxxx@xxxxxx.net[216.170.230.232])
    by mx.google.com with ESMTP id 41si2529253yxe.114.2009.06.17.23.14.59;
    Wed, 17 Jun 2009 23:15:00 -0700 (PDT)
    Received-SPF: softfail (google.com: domain of transitioning poker.com does not designate 216.170.230.193 as permitted sender) client-ip=216.170.230.193;
    Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning poker.com does not designate 216.170.230.193 as permitted sender) smtp.mail=
    Received: from inmta13.xxxxx@xxxxxx.net ([216.170.230.193])
    by outmta12.xxxxx@xxxxxx.net (InterMail vM.7.05.02.00 201-2174-114-20060621) with ESMTP
    id <20090618061459.TNJV27117.outmta12.xxxxx@xxxxxx.net@inmta13.xxxxx@xxxxxx.net>
    for <xxxxx@xxxxxx.net>;
    Thu, 18 Jun 2009 01:14:59 -0500
    Received: from inaamta14.xxxxx@xxxxxx.net ([216.170.230.184])
    by inmta13.xxxxx@xxxxxx.net (InterMail vM.7.08.03.00 201-2186-126-20070710) with ESMTP
    id <20090618061459.IZJP3572.inmta13.xxxxx@xxxxxx.net>
    for <xxxxx@xxxxxx.net>; Thu, 18 Jun 2009 01:14:59 -0500
    Received: from WA2EHSNDR002.bigfish.com ([204.231.192.41])
    by inaamta14.xxxxx@xxxxxx.net
    (InterMail vG.3.00.02.00 201-2196-120-20070322) with ESMTP
    id <20090618061459.KXNP23746.xxxxx@xxxxxx.net
    @WA2EHSNDR002.bigfish.com
    >
    for <xxxxx@xxxxxx.net>; Thu, 18 Jun 2009 01:14:59 -0500
    Received: from TX2EHSOBE007.bigfish.com (10.2.40.3) by
    WA2EHSNDR002.bigfish.com (10.2.40.22) with Microsoft SMTP Server (TLS) id
    8.1.340.0; Thu, 18 Jun 2009 06:14:56 +0000
    Received: from mail164-tx2-R.bigfish.com (10.9.14.241) by
    TX2EHSOBE007.bigfish.com (10.9.40.27) with Microsoft SMTP Server id
    8.1.340.0; Thu, 18 Jun 2009 06:14:56 +0000
    Received: from mail164-tx2 (localhost.localdomain [127.0.0.1]) by
    mail164-tx2-R.bigfish.com (Postfix) with ESMTP id 14CF510B05C4 for
    <xxxxx@xxxxxx.net>; Thu, 18 Jun 2009 06:14:56 +0000 (UTC)
    X-BigFish: VPS34(z3df6iz13feK383rzz1202hzzz31n6bh17ch87il)
    X-FB-OUTBOUND-SPAM: yes
    X-SpamScore: 34
    X-FB-DOMAIN-IP-MATCH: fail
    Received: by mail164-tx2 (MessageSwitch) id 1245305694978597_19950; Thu, 18
    Jun 2009 06:14:54 +0000 (UCT)
    Received: from ruby1604.utsa.edu (email.utsa.edu [129.115.102.173]) by
    mail164-tx2.bigfish.com (Postfix) with ESMTP id C8EE115805F for
    <xxxxx@xxxxxx.net>; Thu, 18 Jun 2009 06:14:54 +0000 (UTC)
    Received: from links ([129.115.102.107]) by ruby1604.utsa.edu with Microsoft
    SMTPSVC(6.0.3790.3959); Thu, 18 Jun 2009 01:14:30 -0500
    Date: Thu, 18 Jun 2009 01:14:30 -0500
    From: <shepherd@poker.com>
    To: xxxxx@xxxxxx.net
    Message-ID: <18015839.1270401245305670498.JavaMail.CFusion@ruby 1604.utsa.edu>
    Subject: New Slot Machines!
    MIME-Version: 1.0
    Content-Type: text/plain; charset="UTF-8"
    Content-Transfer-Encoding: 7bit
    X-Mailer: ColdFusion 8 Application Server
    X-OriginalArrivalTime: 18 Jun 2009 06:14:30.0139 (UTC) FILETIME=[0A4C5CB0:01C9EFDC]
    Return-Path: shepherd@poker.com
    Reply-To: <shepherd@poker.com>
    You have received this e-mail from:
    morly (shepherd@poker.com)


    Do you like to Gamble? Then theres only 1 thing to do then. Visit http://profiles.yahoo.com/blog/4YPXGXTXNIOXBDYYP52BEGK66I?eid=7JvQyiU0ynidhM57bcZ kfbO.kjS.QvaYgyGGgJce3whl2__hgA and start betting! BlackJack and No Limit Poker tables Online! Visit http://profiles.yahoo.com/blog/4YUJY62U7RLBVKJ477GBDHF5ZQ?eid=9xinBSdkyn2lyVr5ckS 0H.htGFJGpVV3EOdybZV9_HEkcONn3g and win big money! Play against people from around the world!


    When you click on one of the links it takes you to this Yahoo Blog page:

    Name:  Spam1.JPG
Views: 1110
Size:  159.7 KB

    And then when you click on that banner it takes you here:

    Name:  Spam2.JPG
Views: 532
Size:  252.7 KB

    Domain Name : pimp294.net
    PunnyCode : pimp294.net

    Registrant:
    Organization : shu geyun
    Name : shu geyun
    Address : Hongta District of Yuxi City Cultural Road 60
    City : Yuxi
    Province/State : Yuxi
    Country : cn
    Postal Code : 653100

    Administrative Contact:
    Name : shu geyun
    Organization : shu geyun
    Address : Hongta District of Yuxi City Cultural Road 60
    City : Yuxi
    Province/State : Yuxi
    Country : cn
    Postal Code : 653100
    Phone Number : 86-877-2158736
    Fax : 86-877-2158736
    Email :

    Technical Contact:
    Name : shu geyun
    Organization : shu geyun
    Address : Hongta District of Yuxi City Cultural Road 60
    City : Yuxi
    Province/State : Yuxi
    Country : cn
    Postal Code : 653100
    Phone Number : 86-877-2158736
    Fax : 86-877-2158736
    Email :

    Billing Contact:
    Name : shu geyun
    Organization : shu geyun
    Address : Hongta District of Yuxi City Cultural Road 60
    City : Yuxi
    Province/State : Yuxi
    Country : cn
    Postal Code : 653100
    Phone Number : 86-877-2158736
    Fax : 86-877-2158736
    Email :
    Last edited by TheGamblingGuru; 18 June 2009 at 2:40 am.

  2. The Following User Says Thank You to TheGamblingGuru For This Useful Post:

    raphnix (18 June 2009)

  3. #2
    raphnix's Avatar
    raphnix is offline Private Member
    Join Date
    March 2009
    Location
    Philippines
    Posts
    464
    Thanks
    36
    Thanked 68 Times in 60 Posts

    Default

    Wow. It took time to actually do that serious investigation. It's more like using a reputed marketer to do their scamming campaign. Glad you actually reveal another fraud in the industry.

    Good job TheGamblingGuru.

    ps. Nice to have you in my twitter network too.

  4. The Following User Says Thank You to raphnix For This Useful Post:

    TheGamblingGuru (18 June 2009)

  5. #3
    TheGamblingGuru's Avatar
    TheGamblingGuru is offline Private Member
    Join Date
    January 2009
    Location
    Tamarack Forest
    Posts
    323
    Thanks
    739
    Thanked 181 Times in 114 Posts

    Default

    Quote Originally Posted by raphnix View Post
    Wow. It took time to actually do that serious investigation. It's more like using a reputed marketer to do their scamming campaign. Glad you actually reveal another fraud in the industry.

    Good job TheGamblingGuru.

    ps. Nice to have you in my twitter network too.

    Thanks raphnix, this type of guy here that is doing this SPAM Spoofing could do it to any of us really, so we need to expose these a$$holes every chance we get..

  6. The Following User Says Thank You to TheGamblingGuru For This Useful Post:

    raphnix (18 June 2009)

  7. #4
    TheGamblingGuru's Avatar
    TheGamblingGuru is offline Private Member
    Join Date
    January 2009
    Location
    Tamarack Forest
    Posts
    323
    Thanks
    739
    Thanked 181 Times in 114 Posts

    Angry

    Just received another one of these awhile ago and this time the spammer is spoofing Casino.com in the emails:

    Brand New Online Casino. We have all the games you want to play! Start betting today and collect your winnings instantly! Visit http://profiles.yahoo.com/blog/RBLLK...NhGT8gnsEKYGtA to place your bets!

    Just goes to show that RTG software company will accept any rogue outfit out there as long as they make their money!

    Delivered-To: xxxxxxxx@xxxx.netReceived: by 10.239.156.76 with SMTP id l12cs124503hbc;
    Thu, 18 Jun 2009 17:43:16 -0700 (PDT)
    Received: by 10.100.125.15 with SMTP id x15mr2996706anc.73.1245372193685;
    Thu, 18 Jun 2009 17:43:13 -0700 (PDT)
    Return-Path: <ignazio@casino.com>
    Received: from inmta18.xxxxxxxx@xxxx.net (inmta18.xxxxxxxx@xxxx.net[216.170.230.198])
    by mx.google.com with ESMTP id 41si4431803yxe.148.2009.06.18.17.43.11;
    Thu, 18 Jun 2009 17:43:12 -0700 (PDT)
    Received-SPF: softfail (google.com: domain of transitioning ignazio@casino.com does not designate 216.170.230.197 as permitted sender) client-ip=216.170.230.197;
    Authentication-Results: mx.google.com; spf=softfail (google.com: domain of transitioning ignazio@casino.com does not designate 216.170.230.197 as permitted sender) smtp.mail=ignazio@casino.com
    Received: from inmta17.xxxxxxxx@xxxx.net ([216.170.230.197])
    by inmta18.xxxxxxxx@xxxx.net (InterMail vM.7.08.03.00 201-2186-126-20070710) with ESMTP
    id <20090619004311.TEVP28212.inmta18.xxxxxxxx@xxxx.net@inmta17.xxxxxxxx@xxxx.net>
    for <xxxxxxxx@xxxx.net>;
    Thu, 18 Jun 2009 19:43:11 -0500
    Received: from inaamta13.xxxxxxxx@xxxx.net ([216.170.230.183])
    by inmta17.xxxxxxxx@xxxx.net
    (InterMail vM.7.08.03.00 201-2186-126-20070710) with ESMTP
    id <20090619004309.XMIB4580.inmta17.xxxxxxxx@xxxx.net@inaamta13xxxxxxxx@xxxx.net>
    for <xxxxxxxx@xxxx.net>; Thu, 18 Jun 2009 19:43:09 -0500
    Received: from UHAMAIL2.students.hartford.edu ([137.49.1.252])
    by inaamta13.xxxxxxxx@xxxx.net
    (InterMail vG.3.00.02.00 201-2196-120-20070322) with ESMTP
    id <20090619004311.DZZQ22161.inaamta13.xxxxxxxx@xxxx.net@UHAMAIL2.students.hartford.edu>
    for <xxxxxxxx@xxxx.net>; Thu, 18 Jun 2009 19:43:11 -0500
    Received: from [137.49.1.223] by UHAMAIL2.hartford.edu (GMS
    11.02.3397/NY8210.00.7ac0dcc with ESMTP id sielegba for xxxxxxxx@xxxx.net;
    Thu, 18 Jun 2009 20:43:07 -0400
    Received: from mail pickup service by www.hartford.edu with Microsoft SMTPSVC;
    Thu, 18 Jun 2009 20:43:06 -0400
    Thread-Topic: Play Poker, Slots, BlackJack Today!
    thread-index: AcnwduknjeZreOuVRTK0R3RXHY3eVg==
    From: <ignazio@casino.com>
    To: xxxxxxxx@xxxx.net

    Subject: Play Poker, Slots, BlackJack Today!
    Date: Thu, 18 Jun 2009 20:43:06 -0400
    Message-ID: <788BACD8C4C547FF9E68C39B37A7D96B@facstaff.hartford .edu>

  8. #5
    pgaming's Avatar
    pgaming is offline Public Member
    Join Date
    July 2005
    Posts
    2,854
    Thanks
    414
    Thanked 215 Times in 164 Posts

    Default

    Following with interest Guru like collecting viruses and spam email is my second favorite. Eventually you will find they all have something in common.

    greek39

  9. #6
    TheGamblingGuru's Avatar
    TheGamblingGuru is offline Private Member
    Join Date
    January 2009
    Location
    Tamarack Forest
    Posts
    323
    Thanks
    739
    Thanked 181 Times in 114 Posts

    Default

    Quote Originally Posted by greek39 View Post
    Following with interest Guru like collecting viruses and spam email is my second favorite. Eventually you will find they all have something in common.

    greek39
    LOL, I already know what they all have in common...this Idiot right here:

    Domain Name : pimp294.net
    PunnyCode : pimp294.net

    Registrant:
    Organization : shu geyun
    Name : shu geyun
    Address : Hongta District of Yuxi City Cultural Road 60
    City : Yuxi
    Province/State : Yuxi
    Country : cn
    Postal Code : 653100

  10. #7
    pgaming's Avatar
    pgaming is offline Public Member
    Join Date
    July 2005
    Posts
    2,854
    Thanks
    414
    Thanked 215 Times in 164 Posts

    Default

    Quote Originally Posted by TheGamblingGuru View Post
    LOL, I already know what they all have in common...this Idiot right here:

    Domain Name : pimp294.net
    PunnyCode : pimp294.net

    Registrant:
    Organization : shu geyun
    Name : shu geyun
    Address : Hongta District of Yuxi City Cultural Road 60
    City : Yuxi
    Province/State : Yuxi
    Country : cn
    Postal Code : 653100
    LMAOYour right the bugger is here. I have a few of my own pushing this.
    abc-1200-pot.net/ mainly MGS brands.

    Oh yeah I always find away to reply back.

    greek39

  11. The Following User Says Thank You to pgaming For This Useful Post:

    TheGamblingGuru (18 June 2009)

  12. #8
    TheGamblingGuru's Avatar
    TheGamblingGuru is offline Private Member
    Join Date
    January 2009
    Location
    Tamarack Forest
    Posts
    323
    Thanks
    739
    Thanked 181 Times in 114 Posts

    Default

    Quote Originally Posted by greek39 View Post
    LMAOYour right the bugger is here. I have a few of my own pushing this.
    abc-1200-pot.net/ mainly MGS brands.

    Oh yeah I always find away to reply back.

    greek39
    You mean you are getting spamed by that outfit too?
    Last edited by TheGamblingGuru; 18 June 2009 at 9:11 pm.

  13. #9
    pgaming's Avatar
    pgaming is offline Public Member
    Join Date
    July 2005
    Posts
    2,854
    Thanks
    414
    Thanked 215 Times in 164 Posts

    Default

    Yes have been for a while now. The landing pages will change frequently we he sends out a new batch. But if you look at

    pimp294.net and abc-1200-pot.net the landing page is the same. June Casino he calling it today. Yesterday it was Casino Action and tomorrow who knows, I like surprises lol. I should post all ten that I have been following with interest.

    greek39

  14. The Following User Says Thank You to pgaming For This Useful Post:

    TheGamblingGuru (18 June 2009)

  15. #10
    Kris@'s Avatar
    Kris@ is offline New Member
    Join Date
    March 2007
    Location
    Australia
    Posts
    5
    Thanks
    0
    Thanked 2 Times in 2 Posts

    Default

    Yeah not me. Annoying.

  16. #11
    pgaming's Avatar
    pgaming is offline Public Member
    Join Date
    July 2005
    Posts
    2,854
    Thanks
    414
    Thanked 215 Times in 164 Posts

    Default

    Quote Originally Posted by Kris@ View Post
    Yeah not me. Annoying.
    Hey Kris this is your first post! No I do not think it was you but I do have some aff tags for MGS brands.

    greek39

  17. #12
    pgaming's Avatar
    pgaming is offline Public Member
    Join Date
    July 2005
    Posts
    2,854
    Thanks
    414
    Thanked 215 Times in 164 Posts

    Default

    Did some poking around some of splash pages again appeared to be MGS brands. However upon download I found out the brand of the infamous GOLD VIP CLUB CASINO!

    greek39

  18. #13
    Renee's Avatar
    Renee is offline Sponsor Affiliate Program
    Join Date
    August 2005
    Posts
    9,065
    Blog Entries
    6
    Thanks
    6,631
    Thanked 3,525 Times in 2,200 Posts

    Default

    Hey mate

    Can you please forward over the Casino Action email you received?

    Cheers
    __________________
    Renee, Affiliate Program Manager
    http://www.RewardsAffiliates.com
    Affiliate Program for CasinoRewards.com
    Best Affiliate Manager - CAP Awards 2008
    Best Casino Affiliate Manager - CAP Awards 2009
    Best Casino Affiliate Manager - iGB Affiliate Awards 2010

  19. The Following User Says Thank You to Renee For This Useful Post:


  20. #14
    pgaming's Avatar
    pgaming is offline Public Member
    Join Date
    July 2005
    Posts
    2,854
    Thanks
    414
    Thanked 215 Times in 164 Posts

    Default

    Sure will Renee on its way.

    thanks

    greek39

  21. The Following User Says Thank You to pgaming For This Useful Post:

    Renee (21 June 2009)

  22. #15
    pgaming's Avatar
    pgaming is offline Public Member
    Join Date
    July 2005
    Posts
    2,854
    Thanks
    414
    Thanked 215 Times in 164 Posts

    Question Curious TheGamblingGuru if ....

    Curious TheGamblingGuru if you have received anymore of the same spam email since bringing this to our attention?

    greek39

  23. #16
    pgaming's Avatar
    pgaming is offline Public Member
    Join Date
    July 2005
    Posts
    2,854
    Thanks
    414
    Thanked 215 Times in 164 Posts

    Default

    Thanks Renee have not received anymore.

    The gamblingguru spent some time on yours I have two domains. About 70% of all spam email originates from China. But this does not necessarily mean the spammer is from there. China has some real laxed regulations. Ironic they continue to pressure Google to censor Porn.

    greek39

  24. The Following User Says Thank You to pgaming For This Useful Post:

    TheGamblingGuru (26 June 2009)

  25. #17
    Renee's Avatar
    Renee is offline Sponsor Affiliate Program
    Join Date
    August 2005
    Posts
    9,065
    Blog Entries
    6
    Thanks
    6,631
    Thanked 3,525 Times in 2,200 Posts

    Default

    No probs

    China actually is very strict on spam - i know this because I have been trying to get a spammer from China shut down for months. The problem is that there needs to be lots of proof. The headers showing it originated from China, and that it is advertising a Chinese company are not enough if the email comes from a .com domain.

    Shame because I really want these guys to %^&* off!
    __________________
    Renee, Affiliate Program Manager
    http://www.RewardsAffiliates.com
    Affiliate Program for CasinoRewards.com
    Best Affiliate Manager - CAP Awards 2008
    Best Casino Affiliate Manager - CAP Awards 2009
    Best Casino Affiliate Manager - iGB Affiliate Awards 2010

  26. The Following 2 Users Say Thank You to Renee For This Useful Post:

    TheGamblingGuru (26 June 2009)

  27. #18
    pgaming's Avatar
    pgaming is offline Public Member
    Join Date
    July 2005
    Posts
    2,854
    Thanks
    414
    Thanked 215 Times in 164 Posts

    Default

    You now I really must remember to record my tracks. I have two suspicious domains one is now under construction the other just saying “hello”. Both domain details are the same one is from Florida the other Israel.

    I connected the dots last night now I forget how I did it lol. In any event I have these plus 30 others.

    # Careluck.com

    # Hornluck.com

    # Imp584.net

    The IP is correct 218.10.16.239

    Anyway according to my sources China is having a huge spam crisis right now. They seem to be purchasing huge quantities of .CN domains.

    I agree Renee I get almost zero cooperation from Registers and Networks located in China. I think the problem is Chinese Networks lack the knowledge regarding Internet Infrastructure.

    Top ten favourite spammers registrars IMO,

    1. Xin Net Bei Gong Da Software
    2. Beijing Innovative Networks
    3. Todaynic
    4. Joker
    5. eNom, Inc.
    6. MONIKER
    7. Dynamic Dolphin
    8. The Nameit Co/AITDOMAINS.COM
    9. PDR/Directi
    10. Intercosmos/DIRECTN

    Think I will start complaining to ICANN. They seem to be able throw their weight around pretty well.

    Okay I am done now. Spam drives me nuts lol.

    greek39

  28. The Following User Says Thank You to pgaming For This Useful Post:

    TheGamblingGuru (26 June 2009)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •