Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [Soloway] (newportcorp.cn - vicp.net) Re: regarding your hosting

0 views
Skip to first unread message

TomezNet

unread,
Apr 11, 2006, 4:03:04 PM4/11/06
to
Received From:
IP 81.56.103.49 ede67-1-81-56-103-49.fbx.proxad.net
(at ns2-rev.proxad.net / ns0.proxad.net)

Spamvert:
www.newportcorp.cn IP 222.210.196.86
only4testinter.vicp.net IP 222.210.196.86
(at CHINANET-SC / hichina.com)

See Soloway OLD Listing
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL39964
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK1096

static.flickr.com IP 68.142.213.135
(at NS3.YAHOO.COM)

More Soloway spam sightings:
http://groups.google.com/groups/search?q=Soloway+group%3A*abuse&start=0&scoring=d&

Received at an address harvested from domain registration.

More info below:
====================
X-Persona: <xx..xx@xx..xx.biz>
Return-Path: <VioletH...@germany.net>
Delivered-To: xx..xx@xx..xx.biz
Received: (qmail 21241 invoked from network); 11 Apr 2006 14:28:08
-0000
Received: from xxx.ws2800.net (209.51.1.....)
by xx..xx..xx.net with DES-CBC3-SHA encrypted SMTP; 11 Apr 2006
14:28:08 -0000
Received: from [81.56.103.49]
(helo=ede67-1-81-56-103-49.fbx.proxad.net)
by xxx.ws2800.net with smtp (Exim 4.52)
id 1FTJqc-0005az-Uc; Tue, 11 Apr 2006 10:28:04 -0400
Message-ID: <12194855607905....@sitek.net>
Received: from 112.66.160.250 by nx02-yo229.mbu308.virgilio.it with
DAV;
Tue, 11 Apr 2006 16:21:02 +0100
Reply-To: "Domain Name Owner" <VioletH...@germany.net>
From: "Administrator" <VioletH...@germany.net>
To: <xx..xx@xx..xx.biz>
Subject: Re: regarding your hosting
Date: Tue, 11 Apr 2006 16:21:02 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--29938824638499254"

<HTML><HEAD><STYLE>
BODY {font-family="Arial"}
TT {font-family="Courier New"}
BLOCKQUOTE.CITE {padding-left:0.5em; margin-left:0; margin-right:0;
margin-top:0; margin-bottom:0; border-left:"solid 2";}
SPAN.TABOOHEADER {display=none}
</STYLE></HEAD>
<BODY>
<table cellspacing=0 cellpadding=0 width=100% bgcolor=#ECE9D8
text=#000000>
<tr bgcolor=#ECE9D8 text=#000000><td>
<div>From: &quot;Administrator&quot;
&lt;VioletH...@germany.net&gt;</div>
<div>To: &lt;&xx..xx@xx..xx.bizgt;</div>
Subject: Re: regarding your hosting
</td></tr>
</table>
<BR>
<div>
<div>Content-Type: text/plain;</div>
<br>
<font type="arial">
<a href="http://www.newportcorp.cn/"><img
src="http://static.flickr.com/40/103297105_74e00a9be7_m.jpg"><BR><BR>
<font size=4><B>Click to Advertise Your Web Site Today for Free to
2,000,000 Email Users</A><BR><BR><BR><BR><BR>

<font size=1><i><b>...only if you are a non-profit
charity.</b>simply click on "charity info" on our corporate web site
for<br>
full details on this non-commercial special offer to assist
charities. this non-commercial email &<br>
non-commercial email offer have a primary sole purpose to assist
non-profit charities with their<br>
non-commercial email message only. if you are not a non-profit
charity, please immediately delete<br>
this email, do not visit our web site, do not read this email, do not
contact us and do not respond<br>
to this email or email offer as this email is not intended for any
commercial purpose of any kind.<br><br>

another primary purpose of this email is to share with you some funny
and interesting signs...
</div></body></html>

-- END OF SPAM --

See:
IP 81.56.103.49 ede67-1-81-56-103-49.fbx.proxad.net

http://www.moensted.dk/spam/?addr=81.56.103.49
http://cbl.abuseat.org/lookup.cgi?ip=81.56.103.49
http://www.spamhaus.org/query/bl?ip=81.56.103.49
http://www.spamcop.net/bl.shtml?81.56.103.49

inetnum: 81.56.102.0 - 81.56.103.255
netname: FR-PROXAD-ADSL
descr: Proxad / Free SAS
descr: Static pool (Freebox)
descr: edel-2 (strasbourg)
descr: NCC#2003105443
country: FR

route: 81.56.0.0/15
descr: ProXad network / Free SA
descr: Paris, France
origin: AS12322
ASN Name: PROXAD (AS for Proxad ISP)
http://www.cidr-report.org/cgi-bin/as-report?as=12322

23 SBL/ROKSO listings for IPs under the responsibility of proxad.net
http://www.spamhaus.org/sbl/listings.lasso?isp=proxad.net

See:
only4testinter.vicp.net IP 222.210.196.86
ns2.vicp.net [210.51.180.211]
ns1.vicp.net [202.105.21.217]

only4testinter.vicp.net has no MX records -> vicp.net has no MX records

http://www.moensted.dk/spam/?addr=222.210.196.86

Let see whois:
Registrar: ONLINENIC, INC.

Registrant:
ORAY Network Resource Co., Ltd. doma...@oray.net +86.2061073333
Vavic Network Technology, Inc.
1F Office,NO 15,Jiangong Road,Tianhe S&T Zone Guangzhou,510655
P.R.C
Guangzhou,Guangdong,CN 510655

Domain Name: vicp.net
Record last updated at 2006-02-16 23:44:34
Record created on 2001/8/15
Record expired on 2011/8/15

Domain servers in listed order:
ns1.vicp.net ns2.vicp.net

Administrator:
Name-- Vavic Network Technology, Inc.
EMail-: (doma...@oray.net)
tel --: +86.2061073333
org: Vavic Network Technology, Inc.
1F Office,NO 15,Jiangong Road,Tianhe S&T Zone Guangzhou,510655
P.R.C
Guangzhou,Guangdong,CN 510655

Technical Contactor:
Name-- Vavic Network Technology, Inc.
EMail-: (domainreg[]oray.net)
tel --: +86.2061073333
org: Vavic Network Technology, Inc.
1F Office,NO 15,Jiangong Road,Tianhe S&T Zone Guangzhou,510655
P.R.C
Guangzhou,Guangdong,CN 510655

Billing Contactor:
Name-- Vavic Network Technology, Inc.
EMail-: (doma...@oray.net)
tel --: +86.2061073333
org: Vavic Network Technology, Inc.
1F Office,NO 15,Jiangong Road,Tianhe S&T Zone Guangzhou,510655
P.R.C
Guangzhou,Guangdong,CN 510655

More vicp.net sightings:
http://groups.google.com/groups?q=vicp.net+group%3A*abuse&start=0&scoring=d&

See:
www.newportcorp.cn IP 222.210.196.86
ns2.vicp.net [210.51.180.211] => CNC-BJ-IDC
ns1.vicp.net [202.105.21.217] => CHINANET-GD
dns9.hichina.com A IN 137624 218.30.103.100
dns10.hichina.com A IN 137624 218.244.143.64

Resolved www.newportcorp.cn to only4testinter.vicp.net. to
222.210.196.86

www.newportcorp.cn has no MX records -> newportcorp.cn has no MX
records

http://www.moensted.dk/spam/?addr=222.210.196.86

inetnum: 222.208.0.0 - 222.215.255.255
netname: CHINANET-SC
descr: CHINANET Sichuan province network
descr: Chin

ASN: 4134
ASN Name: CHINANET-BACKBONE (No.31,Jin-rong Street)
Country IP Range: 222.192.0.0 to 222.223.255.255
http://www.cidr-report.org/cgi-bin/as-report?as=4134

See:
Robert Soloway - Newport Internet Marketing
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL39964

2 SBL listings for IPs under the responsibility of CHINANET-SC
http://www.spamhaus.org/sbl/listings.lasso?isp=CHINANET-SC

1 SBL listings for IPs under the responsibility of hichina.com
http://www.spamhaus.org/sbl/listings.lasso?isp=hichina.com

Let see whois at whois.cnnic.net.cn:

Domain Name: newportcorp.cn
ROID: 20060330s10001s47212991-cn
Domain Status: ok
Registrant Organization: ????
Registrant Name: ??
Administrative Email: cn...@hichina.com
Sponsoring Registrar: ??????????????????
Name Server: dns9.hichina.com [218.30.103.100]
Name Server: dns10.hichina.com [218.244.143.64]
Registration Date: 2006-03-30 11:21
Expiration Date: 2007-03-30 11:21

More newportcorp.cn sightings:
http://groups.google.com/groups/search?q=newportcorp.cn+group%3A*abuse&start=0&scoring=d&

See:
static.flickr.com
Resolved static.flickr.com to storage1.flickr.vip.mud.yahoo.com to IP
68.142.213.135

av1-mrin.yahoo.com A IN 1800 216.145.48.106
av2-mrin.yahoo.com A IN 1800 216.145.48.70
ns1.yahoo.com A IN 172800 66.218.71.63
ns2.yahoo.com A IN 172800 66.163.169.170
ns3.yahoo.com A IN 172800 217.12.4.104
ns5.yahoo.com A IN 172800 216.109.116.17
ns7.yahoo.com A IN 172800 68.142.226.82

[static.flickr.com has 1 MX record (0)]

http://www.moensted.dk/spam/?addr=68.142.213.135

OrgName: Inktomi Corporation
OrgID: INKT
ASN: 14780
ASN Name: INKTOMI-LAWSON
http://www.cidr-report.org/cgi-bin/as-report?as=14780

7 SBL/ROKSO listings for IPs under the responsibility of yahoo.com
http://www.spamhaus.org/sbl/listings.lasso?isp=yahoo.com

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/1a28a5ee6aa40155

AND:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/8b64bf3dcda1bb95

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages