Wednesday, August 18, 2010

heihachi.net fraud

I have been told the owner of heihachi.net, Dominik Bauer aka  Andreas Mueller aka 13speedtest37
from Austria, has been arrested in connection with the fraud sites he hosted.
Story here:
http://www.polizei.bayern.de/lka/news/presse/aktuell/index.html/136840
Translation here:
http://www.microsofttranslator.com/BV.aspx?ref=IE8Activity&a=http%3A%2F%2Fwww.polizei.bayern.de%2Flka%2Fnews%2Fpresse%2Faktuell%2Findex.html%2F136840

www.dhl-logistic.com FAKE FRAUD
www.dhl-logistik.com FAKE FRAUD
www.packetstation.net FAKE FRAUD
www.packstation-verifizierung.info FAKE FRAUD PHISHING

Other sites hosted by Heihachi LTD. and mentioned in connection with DDoS attacks:
http://netscammers.blogspot.com/2010/05/aa419-ddos-attack.html


Address lookup
canonical name dhl-logistic.com
aliases
addresses 188.72.205.238


Domain Whois record
Queried whois.internic.net with "dom dhl-logistic.com"...

Domain Name: DHL-LOGISTIC.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DNS1.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Name Server: DNS5.NAME-SERVICES.COM
Status: clientTransferProhibited
Updated Date: 17-aug-2010
Creation Date: 16-aug-2010
Expiration Date: 16-aug-2011

>>> Last update of whois database: Wed, 18 Aug 2010 18:50:54 UTC <<< Queried whois.enom.com with "dhl-logistic.com"... Visit AboutUs.org for more information about dhl-logistic.com AboutUs: dhl-logistic.com

Registration Service Provided By: Heihachi LTD.
Contact: support@heihachi.net
Visit: www.heihachi.net

Domain name: dhl-logistic.com

Administrative Contact:
Heihachi LTD.
Andreas Mueller (support@heihachi.net)
+507.8321668
Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Technical Contact:
Heihachi LTD.
Andreas Mueller (support@heihachi.net)
+507.8321668
Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Registrant Contact:
Heihachi LTD.
Andreas Mueller ()

Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Status: Locked

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 16 Aug 2010 22:38:28
Expiration date: 16 Aug 2011 22:38:00

Network Whois record
Queried whois.ripe.net with "-B 188.72.205.238"...

% Information related to '188.72.205.0 - 188.72.206.255'

inetnum: 188.72.205.0 - 188.72.206.255
netname: SANTREX-INTERNET-SERVICE-968432
descr: Santrex Internet Service
country: DE
admin-c: KC77-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
changed: technik@netdirekt.de 20090813
source: RIPE

person: Khalid Cook
address: 41 granite apartments
address: London, Stratford
address: United Kingdom
address: E15 1PY
phone: +447703031000
fax-no: +447703031000
e-mail: support@santrex.net
abuse-mailbox: abuse@santrex.net
nic-hdl: KC77-RIPE
mnt-by: NETDIRECT-MNT
changed: technik@netdirekt.de 20091015
source: RIPE

person: Simon Roehl
address: netdirekt e. K.
address: Kleyer Strasse 79 /Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: technik@netdirekt.de
abuse-mailbox: abuse@netdirekt.de
nic-hdl: SR614-RIPE
mnt-by: NETDIRECT-MNT
changed: technik@netdirekt.de 20040224
changed: technik@netdirekt.de 20100617
source: RIPE

% Information related to '188.72.192.0/18AS28753'

route: 188.72.192.0/18
descr: ORG-nA8-RIPE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
changed: technik@netdirekt.de 20090722
source: RIPE

organisation: ORG-nA8-RIPE
org-name: netdirect
org-type: LIR
address: netdirekt e. K.
Kleyer Strasse 79 / Tor 14
60326 Frankfurt
Germany
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: ripe@netdirekt.de
admin-c: SR614-RIPE
admin-c: WW200-RIPE
mnt-ref: NETDIRECT-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
changed: hostmaster@ripe.net 20040415
changed: bitbucket@ripe.net 20050329
changed: bitbucket@ripe.net 20060223
changed: bitbucket@ripe.net 20060223
changed: bitbucket@ripe.net 20060815
changed: bitbucket@ripe.net 20070108
changed: bitbucket@ripe.net 20070509
changed: bitbucket@ripe.net 20070813
changed: bitbucket@ripe.net 20080516
changed: bitbucket@ripe.net 20080527
changed: bitbucket@ripe.net 20081014
changed: bitbucket@ripe.net 20090102
changed: bitbucket@ripe.net 20090227
changed: bitbucket@ripe.net 20090708
changed: bitbucket@ripe.net 20090709
changed: bitbucket@ripe.net 20090710
changed: bitbucket@ripe.net 20090929
changed: bitbucket@ripe.net 20090929
changed: bitbucket@ripe.net 20091204
changed: bitbucket@ripe.net 20100105
changed: bitbucket@ripe.net 20100205
source: RIPE

DNS records
DNS query for 238.205.72.188.in-addr.arpa returned an error from the server: NameError

name class type data time to live
dhl-logistic.com IN A 188.72.205.238 1800s (00:30:00)
dhl-logistic.com IN SOA server: dns1.name-services.com
email: info.name-services.com
serial: 2002050701
refresh: 10001
retry: 1801
expire: 604801
minimum ttl: 181
1800s (00:30:00)

canonical name dhl-logistik.com.
aliases
addresses 188.72.205.238


Domain Whois record
Queried whois.internic.net with "dom dhl-logistik.com"...

Domain Name: DHL-LOGISTIK.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DNS1.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Name Server: DNS5.NAME-SERVICES.COM
Status: clientTransferProhibited
Updated Date: 17-aug-2010
Creation Date: 16-aug-2010
Expiration Date: 16-aug-2011

>>> Last update of whois database: Wed, 18 Aug 2010 19:06:46 UTC <<< Queried whois.enom.com with "dhl-logistik.com"... Visit AboutUs.org for more information about dhl-logistik.com AboutUs: dhl-logistik.com

Registration Service Provided By: Heihachi LTD.
Contact: support@heihachi.net
Visit: www.heihachi.net

Domain name: dhl-logistik.com

Administrative Contact:
Heihachi LTD.
Andreas Mueller (support@heihachi.net)
+507.8321668
Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Technical Contact:
Heihachi LTD.
Andreas Mueller (support@heihachi.net)
+507.8321668
Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Registrant Contact:
Heihachi LTD.
Andreas Mueller ()

Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Status: Locked

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 16 Aug 2010 22:38:30
Expiration date: 16 Aug 2011 22:38:00

Network Whois record
Queried whois.ripe.net with "-B 188.72.205.238"...

% Information related to '188.72.205.0 - 188.72.206.255'

inetnum: 188.72.205.0 - 188.72.206.255
netname: SANTREX-INTERNET-SERVICE-968432
descr: Santrex Internet Service
country: DE
admin-c: KC77-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
changed: technik@netdirekt.de 20090813
source: RIPE

person: Khalid Cook
address: 41 granite apartments
address: London, Stratford
address: United Kingdom
address: E15 1PY
phone: +447703031000
fax-no: +447703031000
e-mail: support@santrex.net
abuse-mailbox: abuse@santrex.net
nic-hdl: KC77-RIPE
mnt-by: NETDIRECT-MNT
changed: technik@netdirekt.de 20091015
source: RIPE

person: Simon Roehl
address: netdirekt e. K.
address: Kleyer Strasse 79 /Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: technik@netdirekt.de
abuse-mailbox: abuse@netdirekt.de
nic-hdl: SR614-RIPE
mnt-by: NETDIRECT-MNT
changed: technik@netdirekt.de 20040224
changed: technik@netdirekt.de 20100617
source: RIPE

% Information related to '188.72.192.0/18AS28753'

route: 188.72.192.0/18
descr: ORG-nA8-RIPE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
changed: technik@netdirekt.de 20090722
source: RIPE

organisation: ORG-nA8-RIPE
org-name: netdirect
org-type: LIR
address: netdirekt e. K.
Kleyer Strasse 79 / Tor 14
60326 Frankfurt
Germany
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: ripe@netdirekt.de
admin-c: SR614-RIPE
admin-c: WW200-RIPE
mnt-ref: NETDIRECT-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
changed: hostmaster@ripe.net 20040415
changed: bitbucket@ripe.net 20050329
changed: bitbucket@ripe.net 20060223
changed: bitbucket@ripe.net 20060223
changed: bitbucket@ripe.net 20060815
changed: bitbucket@ripe.net 20070108
changed: bitbucket@ripe.net 20070509
changed: bitbucket@ripe.net 20070813
changed: bitbucket@ripe.net 20080516
changed: bitbucket@ripe.net 20080527
changed: bitbucket@ripe.net 20081014
changed: bitbucket@ripe.net 20090102
changed: bitbucket@ripe.net 20090227
changed: bitbucket@ripe.net 20090708
changed: bitbucket@ripe.net 20090709
changed: bitbucket@ripe.net 20090710
changed: bitbucket@ripe.net 20090929
changed: bitbucket@ripe.net 20090929
changed: bitbucket@ripe.net 20091204
changed: bitbucket@ripe.net 20100105
changed: bitbucket@ripe.net 20100205
source: RIPE

DNS records
DNS query for 238.205.72.188.in-addr.arpa returned an error from the server: NameError

name class type data time to live
dhl-logistik.com IN A 188.72.205.238 1800s (00:30:00)
dhl-logistik.com IN SOA server: dns1.name-services.com
email: info.name-services.com
serial: 2002050701
refresh: 10001
retry: 1801
expire: 604801
minimum ttl: 181
1800s

canonical name packetstation.net.
aliases
addresses 188.72.205.238


Domain Whois record
Queried whois.internic.net with "dom packetstation.net"...

Domain Name: PACKETSTATION.NET
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DNS1.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Name Server: DNS5.NAME-SERVICES.COM
Status: clientTransferProhibited
Updated Date: 21-jul-2010
Creation Date: 13-jul-2010
Expiration Date: 13-jul-2011

>>> Last update of whois database: Wed, 18 Aug 2010 19:08:48 UTC <<< Queried whois.enom.com with "packetstation.net"... Visit AboutUs.org for more information about packetstation.net AboutUs: packetstation.net

Registration Service Provided By: Heihachi LTD.
Contact: support@heihachi.net
Visit: www.heihachi.net

Domain name: packetstation.net

Administrative Contact:
Heihachi LTD.
Andreas Mueller (support@heihachi.net)
+507.8321668
Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Technical Contact:
Heihachi LTD.
Andreas Mueller (support@heihachi.net)
+507.8321668
Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Registrant Contact:
Heihachi LTD.
Andreas Mueller ()

Fax:
Bruenner Strasse 32/2
Wien, AT 1210
AT

Status: Locked

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 13 Jul 2010 10:46:04
Expiration date: 13 Jul 2011 10:46:00

Network Whois record
Queried whois.ripe.net with "-B 188.72.205.238"...

% Information related to '188.72.205.0 - 188.72.206.255'

inetnum: 188.72.205.0 - 188.72.206.255
netname: SANTREX-INTERNET-SERVICE-968432
descr: Santrex Internet Service
country: DE
admin-c: KC77-RIPE
tech-c: SR614-RIPE
status: ASSIGNED PA
mnt-by: NETDIRECT-MNT
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
changed: technik@netdirekt.de 20090813
source: RIPE

person: Khalid Cook
address: 41 granite apartments
address: London, Stratford
address: United Kingdom
address: E15 1PY
phone: +447703031000
fax-no: +447703031000
e-mail: support@santrex.net
abuse-mailbox: abuse@santrex.net
nic-hdl: KC77-RIPE
mnt-by: NETDIRECT-MNT
changed: technik@netdirekt.de 20091015
source: RIPE

person: Simon Roehl
address: netdirekt e. K.
address: Kleyer Strasse 79 /Tor 14
address: 60326 Frankfurt
address: DE
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: technik@netdirekt.de
abuse-mailbox: abuse@netdirekt.de
nic-hdl: SR614-RIPE
mnt-by: NETDIRECT-MNT
changed: technik@netdirekt.de 20040224
changed: technik@netdirekt.de 20100617
source: RIPE

% Information related to '188.72.192.0/18AS28753'

route: 188.72.192.0/18
descr: ORG-nA8-RIPE
origin: AS28753
org: ORG-nA8-RIPE
mnt-lower: NETDIRECT-MNT
mnt-routes: NETDIRECT-MNT
mnt-by: NETDIRECT-MNT
changed: technik@netdirekt.de 20090722
source: RIPE

organisation: ORG-nA8-RIPE
org-name: netdirect
org-type: LIR
address: netdirekt e. K.
Kleyer Strasse 79 / Tor 14
60326 Frankfurt
Germany
phone: +49 69 90556880
fax-no: +49 69 905568822
e-mail: ripe@netdirekt.de
admin-c: SR614-RIPE
admin-c: WW200-RIPE
mnt-ref: NETDIRECT-MNT
mnt-ref: RIPE-NCC-HM-MNT
mnt-by: RIPE-NCC-HM-MNT
changed: hostmaster@ripe.net 20040415
changed: bitbucket@ripe.net 20050329
changed: bitbucket@ripe.net 20060223
changed: bitbucket@ripe.net 20060223
changed: bitbucket@ripe.net 20060815
changed: bitbucket@ripe.net 20070108
changed: bitbucket@ripe.net 20070509
changed: bitbucket@ripe.net 20070813
changed: bitbucket@ripe.net 20080516
changed: bitbucket@ripe.net 20080527
changed: bitbucket@ripe.net 20081014
changed: bitbucket@ripe.net 20090102
changed: bitbucket@ripe.net 20090227
changed: bitbucket@ripe.net 20090708
changed: bitbucket@ripe.net 20090709
changed: bitbucket@ripe.net 20090710
changed: bitbucket@ripe.net 20090929
changed: bitbucket@ripe.net 20090929
changed: bitbucket@ripe.net 20091204
changed: bitbucket@ripe.net 20100105
changed: bitbucket@ripe.net 20100205
source: RIPE

DNS records
DNS query for 238.205.72.188.in-addr.arpa returned an error from the server: NameError

name class type data time to live
packetstation.net IN A 188.72.205.238 1800s (00:30:00)
packetstation.net IN SOA server: dns1.name-services.com
email: info.name-services.com
serial: 2002050701
refresh: 10001
retry: 1801
expire: 604801
minimum ttl: 181
1800s

canonical name packstation-verifizierung.info.
aliases
addresses 92.241.190.202


Domain Whois record
Queried whois.afilias.info with "packstation-verifizierung.info"...

Domain ID:D33854586-LRMS
Domain Name:PACKSTATION-VERIFIZIERUNG.INFO
Created On:20-Jul-2010 22:50:26 UTC
Last Updated On:20-Jul-2010 23:15:23 UTC
Expiration Date:20-Jul-2011 22:50:26 UTC
Sponsoring Registrar:eNom, Inc. (R126-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:584cd695c5e2e101
Registrant Name:Andreas Mueller
Registrant Organization:Heihachi LTD.
Registrant Street1:Bruenner Strasse 32/2
Registrant Street2:
Registrant Street3:
Registrant City:Wien
Registrant State/Province:AT
Registrant Postal Code:1210
Registrant Country:AT
Registrant Phone:+507.8321668
Registrant Phone Ext.:
Registrant FAX:+507.8321668
Registrant FAX Ext.:
Registrant Email:support@heihachi.net
Admin ID:584cd695c5e2e101
Admin Name:Andreas Mueller
Admin Organization:Heihachi LTD.
Admin Street1:Bruenner Strasse 32/2
Admin Street2:
Admin Street3:
Admin City:Wien
Admin State/Province:AT
Admin Postal Code:1210
Admin Country:AT
Admin Phone:+507.8321668
Admin Phone Ext.:
Admin FAX:+507.8321668
Admin FAX Ext.:
Admin Email:support@heihachi.net
Billing ID:584cd695c5e2e101
Billing Name:Andreas Mueller
Billing Organization:Heihachi LTD.
Billing Street1:Bruenner Strasse 32/2
Billing Street2:
Billing Street3:
Billing City:Wien
Billing State/Province:AT
Billing Postal Code:1210
Billing Country:AT
Billing Phone:+507.8321668
Billing Phone Ext.:
Billing FAX:+507.8321668
Billing FAX Ext.:
Billing Email:support@heihachi.net
Tech ID:584cd695c5e2e101
Tech Name:Andreas Mueller
Tech Organization:Heihachi LTD.
Tech Street1:Bruenner Strasse 32/2
Tech Street2:
Tech Street3:
Tech City:Wien
Tech State/Province:AT
Tech Postal Code:1210
Tech Country:AT
Tech Phone:+507.8321668
Tech Phone Ext.:
Tech FAX:+507.8321668
Tech FAX Ext.:
Tech Email:support@heihachi.net
Name Server:NS1.HEIHACHI.NET
Name Server:NS2.HEIHACHI.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:

Network Whois record
Queried whois.ripe.net with "-B 92.241.190.202"...

% Information related to '92.241.190.0 - 92.241.190.255'

inetnum: 92.241.190.0 - 92.241.190.255
netname: HEIHACHI
descr: Heihachi Ltd
country: RU
admin-c: HEI668-RIPE
tech-c: HEI668-RIPE
status: ASSIGNED PA
mnt-by: RU-WEBALTA-MNT
changed: lexa@wahome.ru 20090908
source: RIPE

person: Andreas Mueller
address: Bella Vista, Calle 53, Marbella
address: Ciudad de Panama, Panama
remarks: Visit us under gigalinknetwork.com
remarks: ICQ 7979970
remarks: Dedicated Servers, Webspace, VPS, DDOS protected Webspace
remarks: Send abuse ONLY to: abuse@gigalinknetwork.com
remarks: Technical and sales info: support@gigalinknetwork.com
phone: +5078321458
abuse-mailbox: abuse@gigalinknetwork.com
nic-hdl: hei668-RIPE
mnt-by: WEBALTA-MNT
changed: support@gigalinknetwork.com 20100307
source: RIPE

% Information related to '92.241.160.0/19AS41947'

route: 92.241.160.0/19
descr: Wahome IP's =)
origin: AS41947
mnt-by: RU-WEBALTA-MNT
mnt-routes: GIGABASE-MNT
mnt-routes: RU-WEBALTA-MNT
changed: lexa@wahome.ru 20071218
source: RIPE

DNS records
name class type data time to live
packstation-verifizierung.info IN MX preference: 10
exchange: mail.packstation-verifizierung.info
14400s (04:00:00)
packstation-verifizierung.info IN TXT v=spf1 a mx ip4:92.241.164.198 ~all 14400s (04:00:00)
packstation-verifizierung.info IN A 92.241.190.202 14400s (04:00:00)
packstation-verifizierung.info IN SOA server: ns1.heihachi.net
email: hostmaster.packstation-verifizierung.info
serial: 2010072000
refresh: 14400
retry: 3600
expire: 1209600
minimum ttl: 86400
14400s (04:00:00)
packstation-verifizierung.info IN NS ns2.heihachi.net 14400s (04:00:00)
packstation-verifizierung.info IN NS ns1.heihachi.net 14400s (04:00:00)
202.190.241.92.in-addr.arpa IN PTR webspace.heihachi.net 1222s (00:20:22)

Leia Mais…