[email] [Soloway] (ish.cn) Re: we can help with advertising...
TomezNet
IP 220.225.186.178
(at relianceinfo.com / murnsp001.rilinfo.net)
http://njabl.org/cgi-bin/lookup.cgi?query=220.225.186.178
open proxy -- 1142876147 (Mon Mar 20 18:35:47 2006)
Spamvert:
broad.1122.ish.cn IP 60.191.23.122
(ROK1096 - SBL39560) (at chinanet-zj / ns.zjnbptt.net.cn)
More Soloway sightings:
http://groups.google.com/groups/search?q=Soloway+group%3A*abuse&start=0&scoring=d&
More info below:
====================
Delivered-To: xx..xx@xx..xx.biz
X-Message-Info: BTFabfKL06tK43FifyD93DLXogcQD578WS53Q5c7L
X-Authentication-Warning: bie39-pageant7.qr0ai.everyday.com.kh:
fku471zoroaster set sender to Henriett...@germany.net using -a
Date: Tue, 28 Mar 2006 21:31:14 -0200
From: Site Owner <Henriett...@germany.net>
Subject: Re: we can help with advertising...
To: xx..xx@xx..xx.biz
X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [47 12]
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin
* 4.3 RCVD_IN_OPM_SOCKS RBL: OPM: sender is open SOCKS proxy
* [220.225.186.178 listed in opm.blitzed.org]
* 1.1 RCVD_IN_SORBS_SOCKS RBL: SORBS: sender is open SOCKS proxy
server
* [220.225.186.178 listed in dnsbl.sorbs.net]
* 1.1 RCVD_IN_DSBL RBL: Received via a relay in list.dsbl.org
* [<http://dsbl.org/listing?220.225.186.178>]
* 2.2 RCVD_IN_BL_SPAMCOP_NET RBL: Received via a relay in
bl.spamcop.net
* [Blocked - see
<http://www.spamcop.net/bl.shtml?220.225.186.178>]
* 1.1 MIME_HTML_ONLY_MULTI Multipart message only has text/html
MIME parts
Content-Type: text/html;
<HTML><HEAD><STYLE>
BODY {font-family="Arial"}
TT {font-family="Courier New"}
BLOCKQUOTE.CITE {padding-left:0.5em; margin-left:0; margin-right:0;
margin-top:0; margin-bottom:0; border-left:"solid 2";}
SPAN.TABOOHEADER {display=none}
</STYLE></HEAD>
<table cellspacing=0 cellpadding=0 width=100% bgcolor=#ECE9D8
text=#000000>
<tr bgcolor=#ECE9D8 text=#000000><td>
<div>From: Site Owner <Henriett...@germany.net></div>
<div>Subject: *****SPAM***** Re: we can help with advertising...</div>
To: xx..xx@xx..xx.biz
</td></tr>
</table>
<BR>
<div>
<div>Content-Type: text/html;</div>
<br>
<font type="arial">
<a href="http://broad.1122.ish.cn/" ><img
src="http://static.flickr.com/43/117492959_34a90b0ace_m.jpg" ><BR><BR>
<font size=4><B>Click to Advertise Your Web Site Today for Free to
2,000,000 Email Users</A><BR><BR><BR><BR><BR>
<font size=2><i><b>...only if you are a non-profit charity.</b>simply
click on "charity info" on our corporate web site for<br>
full details on this non-commercial special offer to assist
charities. this non-commercial email &<br>
non-commercial email offer have a primary sole purpose to assist
non-profit charities with their<br>
non-commercial email message only. if you are not a non-profit charity,
please immediately delete<br>
this email, do not visit our web site, do not read this email, do not
contact us and do not respond<br>
to this email or email offer as this email is not intended for any
commercial purpose of any kind.<br><br>
another primary purpose of this email is to share with you some funny
and interesting signs...</html>
</div>
-- END OF SPAM --
See:
IP 220.225.186.178
http://www.moensted.dk/spam/?addr=220.225.186.178
http://cbl.abuseat.org/lookup.cgi?ip=220.225.186.178
http://www.spamhaus.org/query/bl?ip=220.225.186.178
inetnum: 220.225.160.0 - 220.225.191.255
netname: RELIANCE
country: IN [India]
descr:
RELIANCE-Broadband-Internet-access-Users-DHCP-Pools-for-29-cities-accross-the-country
admin-c: JT125-AP
route: 220.225.186.0/24
ASN: 18101
ASN Name: RIL-IDC (Reliance Infocom Ltd Internet Data Centre,)
http://www.cidr-report.org/cgi-bin/as-report?as=18101
See:
broad.1122.ish.cn IP 60.191.23.122
ns.xinnetdns.com [210.51.170.66]
ns.xinnet.cn [210.51.171.209]
broad.1122.ish.cn has no MX records -> 1122.ish.cn has no MX records ->
ish.cn has no MX records
http://www.moensted.dk/spam/?addr=60.191.23.122
inetnum: 60.191.23.96 - 60.191.23.127
netname: HANGZHOU-WANGTONG-LTD
country: CN
ASN: 4134
ASN Name: CHINANET-BACKBONE (No.31,Jin-rong Street)
http://www.cidr-report.org/cgi-bin/as-report?as=4134
http://www.spamhaus.org/query/bl?ip=60.191.23.122
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL39560
60.191.23.122/32 is listed on the Spamhaus Block List (SBL/ROKSO)
28-Mar-2006 10:39 GMT | SR23
Robert Soloway - Newport Internet Marketing
broad.1122.ish.cn (Newport Email Broadcasting)
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK1096
7 SBL/ROKSO listings for IPs under the responsibility of chinanet-zj
http://www.spamhaus.org/sbl/listings.lasso?isp=chinanet-zj
Let see whois at whois.cnnic.net.cn:
Domain Name: ish.cn
ROID: 20040920s10001s02686110-cn
Domain Status: ok
Registrant Organization: ?????????????
Registrant Name: ???
Administrative Email: my...@yahoo.com.cn
Sponsoring Registrar: ??????????????
Name Server:ns.xinnetdns.com
Name Server:ns.xinnet.cn
Registration Date: 2004-09-20 09:12
Expiration Date: 2006-09-20 09:12
More Soloway 1122.ish.cn group sightings:
http://groups.google.com/groups/search?q=1122.ish.cn+group%3A*abuse&start=0&scoring=d&
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/1a28a5ee6aa40155
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.
For a copy of the guidelines to this group, see: