Spamvert URL:
http://rie.fqmostpeople.com
rie.fqmostpeople.com => botnet
rie.fqmostpeople.com Resolved to fqmostpeople.com. to 125.141.88.145
to 24.0.166.217 to 68.40.208.119 to 68.44.183.53 to 76.168.26.51 to
77.239.12.195 to 89.102.48.180 to 89.176.242.105
Redirected to:
http://laoje.net
laoje.net IP 118.216.29.237
(SBL64192) (at HANANET / hanaro.com / Korea)
Title: SwissWatchesDirect- Rolex, Breitling, Tag & More
More info below:
====================
X-SID-PRA: hwelsh_vm[]fido.ca
X-Message-Info: 6sSXyD95QpXxWhdPoRG0q1bN77/
SrzcWGPDJM4ep4bMsCa92LlOjbRWD6GMb/oyZ1RoDGScKmDmtTNBCN9mJJw==
Received: from tomts30-srv.bellnexxia.net ([209.226.175.104]) by bay0-
pamc1-f3.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Thu, 10 Apr 2008 07:25:22 -0700
Received: from toip22.srvr.bell.ca ([67.69.240.24])
by toip42.srvr.bell.ca with ESMTP; 10 Apr 2008 10:25:17 -0400
Received: from [MUNGED]
by toip22.srvr.bell.ca with ESMTP; 10 Apr 2008 10:25:15 -0400
Received: (qmail 32407 invoked by uid 110); 10 Apr 2008 10:25:14 -0400
Delivered-To: [MUNGED]
Received: (qmail 32214 invoked from network); 10 Apr 2008 10:25:11
-0400
Received: from unknown (HELO dljdh) (212.175.245.26)
by [MUNGED] with SMTP; 10 Apr 2008 10:25:11 -0400
Sender: <hwelsh_vm[]fido.ca>
Subject: APRIL Sale! $180 forRolex Men&Women, Panerai, Omega,
Breitling, Patek Philippe, Tag Heuer, IWC rivtxz mbeyshq ksgkn4jl6
Date: Thu, 10 Apr 2008 07:37:23 -0700
Reply-To: "Hal Welsh" <hwelsh_vm[]fido.ca>
To: <[MUNGED]>
Bcc: <[MUNGED]>
In-Reply-To: <06bd01c895ff$14e8d3ca$324fa62d@b0giq73>
Message-ID: <1207838243.1384[]fido.ca>
From: "Hal Welsh" <hwelsh_vm[]fido.ca>
X-Sender: <hwelsh_vm[]fido.ca>
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
Return-Path: hwelsh_vm[]fido.ca
X-OriginalArrivalTime: 10 Apr 2008 14:25:22.0298 (UTC)
FILETIME=[B5DFADA0:01C89B16]
HIGH QUALITY REPL1CA WATCHES
Newly added 1000 LATEST arrival model watches
:: All Time Classics
:: ExquisiteRolex Rep1ica
:: Superb Quality Watch
:: Overnight Shipping
:: ship via DHL, UPS, FedEx & USPS
From $1XX each, CheapestPrice on WEB
-- END OF SPAM --
This spammer is always sending multiple emails to unknown users (Cc: /
Bcc:), from forged senders that are their actual targets, relying on
MTA to bounce the mail to the forged sender, with original body
trying
to create backscatter spam.
See:
IP 212.175.245.26
http://www.moensted.dk/spam/?addr=212.175.245.26
http://cbl.abuseat.org/lookup.cgi?ip=212.175.245.26
http://dsbl.org/listing?212.175.245.26
http://www.spamcop.net/bl.shtml?212.175.245.26
inetnum: 212.175.245.0 - 212.175.245.255
netname: NedTicLtdSti
descr: ismet inonu bulvari 226/b Gazomagosa Mersin TURKEY
country: TR
person: Erden MAZHAR
address: ismet inonu bulvari 226/b Gazomagosa Mersin TURKEY
phone: +90 533 867 01 20
e-mail: erden....@gmail.com
route: 212.175.128.0/17
descr: TurkTelecom
origin: AS9121
mnt-by: AS9121-MNT
changed: i...@turktelekom.com.tr
AS Name: TTNET TTnet Autonomous System
http://www.cidr-report.org/cgi-bin/as-report?as=9121
See:
rie.fqmostpeople.com => botnet
rie.fqmostpeople.com Resolved to fqmostpeople.com to 125.141.88.145 to
24.0.166.217 to 68.40.208.119 to 68.44.183.53 to 76.168.26.51 to
77.239.12.195 to 89.102.48.180 to 89.176.242.105
ns1.aotheholiday.com IP 66.130.104.103
ns2.aotheholiday.com IP 58.146.196.178
ns3.aotheholiday.com IP 68.60.148.135
ns4.aotheholiday.com IP 69.70.199.122
rie.fqmostpeople.com has no MX records -> fqmostpeople.com has no MX
records
See IP rDNS on botnet:
125.141.88.145 no PTR at KORNET / kt.co.kr / Korea
24.0.166.217 = c-24-0-166-217.hsd1.pa.comcast.net
68.40.208.119 = no PTR at DNEO-OSP7 - Comcast Cable
68.44.183.53 = c-68-44-183-53.hsd1.nj.comcast.net
76.168.26.51 = cpe-76-168-26-51.socal.res.rr.com
77.239.12.195 = cm-static-12-195.telekabel.ba / telekabelcatv.net
89.102.48.180 = ip-89-102-48-180.karneval.cz / upcbroadband.com
89.176.242.105 = rb5dk105.net.upc.cz / mistral.cz
AND:
IP 66.130.104.103 = modemcable103.104-130-66.mc.videotron.ca
IP 58.146.196.178 = no PTR at YBS / onybs.co.kr / YOUNGDOONG-AS-KR /
Korea
IP 68.60.148.135 = c-68-60-148-135.hsd1.mi.comcast.net
IP 69.70.199.122 = modemcable122.199-70-69.mc.videotron.ca
SEE ALSO:
hostnames sharing ip with a-records
cmconfidence.com
diturn.com
dpeclipse.com
ebgerry.com
fhthesame.com
mgtelling.com
mrlong22.com
rb5dk105.net.upc.cz
vhresidual.com
domains sharing nameservers
aotheholiday.com
beothparties.com
cflastmonth.com
cmconfidence.com
cotheamerican.com
diturn.com
dpeclipse.com
ebgerry.com
enandwho.com
fhthesame.com
fothesnow.com
mrlong22.com
sabyknock.com
sdwasin.com
sefirstplace.com
sharkansas.com
tritsown.com
vgisstill.com
vhresidual.com
winasabur.com
xcarkans.com
Let see whois.dns.com.cn:
Domain Name.......... fqmostpeople.com
Creation Date........ 2008-03-22 21:16:18
Registration Date.... 2008-03-22 21:16:18
Expiry Date.......... 2009-03-22 21:16:18
Organisation Name.... Wang Sanshui
Organisation Address. Chengdu
Organisation Address.
Organisation Address. Chengdu
Organisation Address. 610000
Organisation Address. SC
Organisation Address. CN
Admin Name........... Wang Sanshui
Admin Address........ Chengdu
Admin Address........
Admin Address........ Chengdu
Admin Address........ 610000
Admin Address........ SC
Admin Address........ CN
Admin Email.......... wmiao[]yahoo.com
Admin Phone.......... +86.13898778834
Admin Fax............ +86.13898778834
Tech Name............ Wang Sanshui
Tech Address......... Chengdu
Tech Address.........
Tech Address......... Chengdu
Tech Address......... 610000
Tech Address......... SC
Tech Address......... CN
Tech Email........... wm...@yahoo.com
Tech Phone........... +86.13898778834
Tech Fax............. +86.13898778834
Bill Name............ Wang Sanshui
Bill Address......... Chengdu
Bill Address.........
Bill Address......... Chengdu
Bill Address......... 610000
Bill Address......... SC
Bill Address......... CN
Bill Email........... wm...@yahoo.com
Bill Phone........... +86.13898778834
Bill Fax............. +86.13898778834
Name Server.......... ns2.aotheholiday.com
Name Server.......... ns1.aotheholiday.com
Name Server.......... ns3.aotheholiday.com
Name Server.......... ns4.aotheholiday.com
SEE:
ns1.aotheholiday.com IP 66.130.104.103
ns2.aotheholiday.com IP 58.146.196.178
ns3.aotheholiday.com IP 68.60.148.135
ns4.aotheholiday.com IP 69.70.199.122
Let see whois.dns.com.cn:
Domain Name.......... aotheholiday.com
Creation Date........ 2007-11-27 09:56:48
Registration Date.... 2007-11-27 09:56:48
Expiry Date.......... 2008-11-27 09:56:48
Organisation Name.... Ma Linlin
Organisation Address. Beijing
Organisation Address.
Organisation Address. Beijing
Organisation Address. 210001
Organisation Address. BJ
Organisation Address. CN
Admin Name........... Ma Linlin
Admin Address........ Beijing
Admin Address........
Admin Address........ Beijing
Admin Address........ 210001
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... dfeeexxdf[]163.com
Admin Phone.......... +86.13076885511
Admin Fax............ +86.13076885511
Tech Name............ Ma Linlin
Tech Address......... Beijing
Tech Address.........
Tech Address......... Beijing
Tech Address......... 210001
Tech Address......... BJ
Tech Address......... CN
Tech Email........... dfee...@163.com
Tech Phone........... +86.13076885511
Tech Fax............. +86.13076885511
Bill Name............ Ma Linlin
Bill Address......... Beijing
Bill Address.........
Bill Address......... Beijing
Bill Address......... 210001
Bill Address......... BJ
Bill Address......... CN
Bill Email........... dfee...@163.com
Bill Phone........... +86.13076885511
Bill Fax............. +86.13076885511
Name Server.......... ns2.aotheholiday.com
Name Server.......... ns1.aotheholiday.com
Name Server.......... ns3.aotheholiday.com
Name Server.......... ns4.aotheholiday.com
SEE source code:
HTTP/1.1 302 Found
Date: Thu, 10 Apr 2008 14:57:21 GMT
Server: Apache/2.0.59 (FreeBSD) PHP/4.4.4 with Suhosin-Patch
X-Powered-By: PHP/4.4.4
Location: http://laoje.net
Content-Length: 0
Connection: close
Content-Type: text/html
Title: SwissWatchesDirect- Rolex, Breitling, Tag & More
SEE:
laoje.net IP 118.216.29.237
ns1.hopens.com 116.199.135.168
ns2.hopens.com 58.253.71.79
ns3.hopens.com 116.199.136.61
ns4.hopens.com 116.199.138.24
laoje.net has no MX records
http://moensted.dk/spam/?addr=118.216.29.237
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=118.216.29.237
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64192
inetnum: 118.216.0.0 - 118.223.255.255
netname: HANANET
descr: Hanaro Telecom
[ ISP Organization Information ]
Org Name : Hanaro Telecom Inc.
Service Name : HANANET
Org Address : Yeoeuido-dong Yeongdeungpo-gu SEOUL
Org Detail Address: 17-7 Asia One Bldg.
[ ISP IPv4 Admin Contact Information ]
Name : IP manager
Phone : +82-2-106-2
E-Mail : ip-...@hanaro.com
[ ISP IPv4 Tech Contact Information ]
Name : IP manager
Phone : +82-2-106-2
E-mail : ip-...@hanaro.com
[ ISP Network Abuse Contact Information ]
Name : manager
Phone : +82-2-106-2
E-mail : ab...@hanaro.com => ?????
route: 118.216.0.0/16
descr: Proxy-registered route object
origin: AS9318
notify: ra...@hutchcity.com
mnt-by: MAINT-AS9304
AS Name: HANARO-AS Hanaro Telecom Inc.
http://www.cidr-report.org/cgi-bin/as-report?as=9318
SEE ALSO:
domains sharing nameservers
aeinoe.com
afterkindsss.com
ainomw.com
alextreelove.com
appht.com
beforessskind.com
blueredcat.com
brighthad.com
burnhit.com
burnnumber.com
catlovered.com
cedrtr.com
cianl.com
credfot.com
dadony.com
detoyg.com
doanie.com
drinkcell.com
eionad.com
eniske.com
eomars.com
ertmko.com
fillalexhead.com
fillbice.com
flipmencool.com
flipsssbonk.com
flowfakes.com
flywatches.com
foorker.com
fopns.com
gaienis.com
gempotty.com
gluestuckcat.com
goldwatchdirect.com
goodmoneypig.com
greatpigmoney.com
greencatred.com
headalexman.com
hersns.com
ialexmore.com
ieonse.com
indapills.com
joealexnight.com
justwatchz.com
kapdfot.com
kassty.com
keepwhyme.com
kimalextree.com
lawdstr.com
lawoyg.com
ldioon.com
legbott.com
leisuretimewatches.com
lovetreecat.com
maiok.com
manbestcool.com
meds75.com
mikpotf.com
misnit.com
moneypiggood.com
moressslove.com
mostsssbark.com
mseio.com
multiplybell.com
northegg.com
nowssstim.com
nuoroh.com
oilcount.com
osnien.com
oxygenforward.com
panmenwalk.com
powersuffix.com
powudat.com
prettydesert.com
proud3ms.com
purpluecat.com
qionh.com
rutjop.com
shoebranch.com
slampigmoney.com
soofanb.com
supa-watches.com
tailssspin.com
thebigwatches.com
theyalexless.com
timefoly.com
timepigmoney.com
toforthree.com
treealexbop.com
treessspig.com
uaaut.com
waerer.com
waodt.com
watchwildworld.com
wealexmore.com
woanetu.com
womentreepan.com
workfather.com
xedter.com
xoieh.com
yellowpincat.com
yethappy.com
(only showing 100 results)
Let see whois.internet.bs:
Domain laoje.net
Date Registered: 2007-11-12
Date Modified: 2008-3-4
Expiry Date: 2008-11-12
DNS1: ns4.hopens.com
DNS2: ns1.hopens.com
DNS3: ns2.hopens.com
DNS4: ns3.hopens.com
Registrant
Bibhuti Swain
Sify Iway,Shop # 9,Nayasarak
753002 Orissa
India
Administrative Contact
Bibhuti Swain bibhuti88 (at) gmail dot com
Sify Iway,Shop # 9,Nayasarak
753002 Orissa
India
Tel: +91.9938036689
Technical Contact
Bibhuti Swain bibhuti88 (at) gmail dot com
Sify Iway,Shop # 9,Nayasarak
753002 Orissa
India
Tel: +91.9938036689
SEE:
ns1.hopens.com 116.199.135.168
ns2.hopens.com 58.253.71.79
ns3.hopens.com 116.199.136.61
ns4.hopens.com 116.199.138.24
Let see whois.paycenter.com.cn:
Domain Name: hopens.com
Registrant:
liu haijun
wu han
321099
Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com
Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Registration Date: 2008-02-29
Update Date: 2008-02-29
Expiration Date: 2009-02-28
Primary DNS: ns1.hopens.com 116.199.139.5
Secondary DNS: ns2.hopens.com 221.122.64.14
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/c3d221016e808364
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/e0c90b1d63e182ac
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/51d5585110aebe89
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/