Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [counterfeit] [121.246.154.202] (shoes1wonder.com / s4455.com / celebshoes21.com / talkns.com / designerscheckout.com / nodns2.com) Brand Name Top Designer Shoes Boots and High Heels Gucci Prada Chanel & More

0 views
Skip to first unread message

TomezNet

unread,
Apr 8, 2008, 12:46:13 PM4/8/08
to
Received From:
IP 121.246.154.202 121.246.154.202.static.hyderabad.vsnl.net.in

Spamvert:
shoes1wonder.com IP 211.118.190.4
(SBL64135) (at BORANET / dacom.net / LG DACOM / Korea)

ns1.s4455.com IP 218.61.22.239 => Open Proxy, SBL64136
ns2.s4455.com IP 116.199.136.61 => SBL62986
ns3.s4455.com IP 116.199.135.191 => SBL63283

SEE sender identity and headers forgery by spammer spoofing our
domain.

More info below:
====================

X-SID-PRA: [MUNGED]
X-Message-Info: 6sSXyD95QpWgxLzK
+WNYxmlwkXdaWCyNJRIC8OyyBeIqANbRgTGDyA6L20ie+RBLYs5/
zTOlDBPG5I8uRogXcw==
Received: from tomts34-srv.bellnexxia.net ([209.226.175.108]) by bay0-
pamc1-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 6 Apr 2008 10:24:41 -0700
Received: from toip15.srvr.bell.ca ([67.69.240.17])
by toip48.srvr.bell.ca with ESMTP; 06 Apr 2008 12:28:06 -0400
Received: from [MUNGED]
by toip15.srvr.bell.ca with ESMTP; 06 Apr 2008 12:28:03 -0400
Received: (qmail 30024 invoked by uid 110); 6 Apr 2008 12:28:03 -0400
Delivered-To: [MUNGED]
Received: (qmail 29905 invoked from network); 6 Apr 2008 12:28:02
-0400
Received: from 121.246.154.202.static.hyderabad.vsnl.net.in (HELO
server) (121.246.154.202)
by [MUNGED] with SMTP; 6 Apr 2008 12:28:02 -0400
X-Originating-IP: [12.79.9.92]
X-Originating-Email: [[MUNGED]]
X-Sender: [MUNGED]
Message-Id: <20080406145753.4401.qmail@server>
To: <[MUNGED]>
Subject: Brand Name Top Designer Shoes Boots and High Heels Gucci
Prada Chanel & More
From: <[MUNGED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 0631-3, 08/04/2006), Outbound message
X-Antivirus-Status: Clean
Date: Sun, 6 Apr 2008 13:24:41 -0400
Return-Path: anita[#]millennium.ab.ca
X-OriginalArrivalTime: 06 Apr 2008 17:24:42.0161 (UTC)
FILETIME=[19997A10:01C8980B]

Ladies and Gentlemen, Get Ready for..

Thought I would let you know about the Fashion Footwear SPRING Sale!
Men and Women Designer Shoes, Heels, Sandals and Boots, All Half-OFF,
Buy Direct, Forget Department Store Prices, Get Exclusive 2008 Gucci
Prada Chanel, Christian Dior, Dsquared, Versace D&G, Uggs and More!
They Ship International for FREE on all Orders!

http://www.google.com/pagead/iclk?sa=l&ai=ymjjm&num=125003&adurl=http://shoes1wonder.com


Don't Waste any More Time

-- END OF SPAM --

Also More spammer sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&

See:
IP 121.246.154.202 121.246.154.202.static.hyderabad.vsnl.net.in

http://www.moensted.dk/spam/?addr=121.246.154.202

Much More vsnl.net.in sightings:
http://groups.google.com/groups/search?q=vsnl.net.in+group%3A*abuse*&qt_s=Search

inetnum: 121.240.0.0 - 121.247.255.255
netname: VSNL-IN
descr: Videsh Sanchar Nigam Ltd - India.
descr: Videsh Sanchar Bhawan, M.G. Road
descr: Fort, Bombay 400001
country: IN
route: 121.240.0.0/13
descr: Route for VSNL
origin: AS4755
mnt-by: MAINT-VSNL-AP
changed: ip.a...@vsnl.co.in

route: 121.246.0.0/15
descr: Pune GDC-VSNL Route Object
origin: AS4755
mnt-by: MAINT-VSNL-IN
changed: ip.a...@vsnl.co.in

route: 121.246.0.0/15
descr: Pune GDC Route Object
origin: AS4755
mnt-by: VSNL-MAINT-MCI
changed: gps...@giasbm01.vsnl.net.in

route: 121.240.0.0/13
descr: Route for VSNL
origin: AS4755
mnt-by: MAINT-VSNL-AP
changed: ip.a...@vsnl.co.in

See:
shoes1wonder.com IP 211.118.190.4

ns1.s4455.com IP 218.61.22.239
ns2.s4455.com IP 116.199.136.61
ns3.s4455.com IP 116.199.135.191

www.shoes1wonder.com has no MX records -> shoes1wonder.com has no MX
records

http://moensted.dk/spam/?addr=211.118.190.4
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=211.118.190.4

http://www.spamhaus.org/SBL/sbl.lasso?query=SBL64135

inetnum: 211.118.0.0 - 211.118.255.255
netname: BORANET-NET-211-118
descr: DACOM Corp.
descr: Facility-based Telecommunication Service Provider
descr: providing Internet leased-ine, on-line service, BLL etc.
country: KR
inetnum: 211.118.0.0 - 211.119.255.255
netname: BORANET-KR
descr: LG DACOM Corporation

[ ISP Organization Information ]
Org Name : LG DACOM Corporation
Service Name : BORANET
Org Address : Seoul Gangnam-gu Yeoksam-dong
Org Detail Address: 706-1

[ ISP IPv4 Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-2089-7755
E-Mail : shki...@chol.com

[ ISP IPv4 Tech Contact Information ]
Name : IP ADMIN
Phone : +82-2-2089-7755
E-mail : dka...@bora.net

[ ISP Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-2089-0101
E-mail : secu...@bora.net

route: 211.118.0.0/15
descr: contact n...@bora.net if necessary
contact whc...@bora.net if necessary
origin: AS3786
mnt-by: MAINT-AS3786
changed: ysj...@bora.net

route: 211.118.0.0/16
descr: contact n...@bora.net if necessary
origin: AS3786
mnt-by: MAINT-AS3786
changed: yunc...@bora.net

Let see whois.paycenter.com.cn:
Domain Name: shoes1wonder.com

Registrant:
liu bin
wu han huoche zhan
410214

Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com

Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Registration Date: 2008-04-03
Update Date: 2008-04-05
Expiration Date: 2009-04-03

Primary DNS: ns1.s4455.com 218.61.22.239
Secondary DNS: ns2.s4455.com 116.199.136.61

More shoes1wonder.com sightings:
http://groups.google.com/groups/search?q=shoes1wonder.com+group%3A*abuse*&qt_s=Search

SEE Also:
hostnames sharing ip with a-records
dayshoesnow1.com
spring08shoe.com

ALSO BY THE SAME SPAMMER:
02shoeyou.com, 08shoea.com, 08shoec.com, 18springshoes.com,
1cooshoe.com, 2008heelshoes.com,
2008shoeboot.com, asoftoke.com, bootshoe1.com,
bottesoft.com, chaatomastersoft.com,
checkshoe1.com, dayshoes1.com, eurocasinoafa.com,
onlinequickdegree.com, shoe1tad.com, shoec08.com,
shoeceleb23.com, shoecoo1.com, shoecoolio.com,
shoes2yous.com, shoes681.com, shoesceleb23.com,
shoescelebs21.com, shoeshos.com, shoetad1.com,
shoetoea.com, shoetos.com, shoewatches1.com,
shoey08.com, shoeyou1.com, shoeyou2.com,
springshoe18.com, thequalitymedsstore.com,
worldultimatecasino.com, wwwstarcasino.com,
youshoe19.com, youshoes2008.com, shoes1wonder.com,
dayshoesnow1.com, etc ...

See also More 21springshoe.com sightings:
http://groups.google.com/groups/search?q=21springshoe.com+group%3A*abuse*&qt_s=Search

See:
ns1.s4455.com IP 218.61.22.239
ns2.s4455.com IP 116.199.136.61
ns3.s4455.com IP 116.199.135.191

ns1.s4455.com has no MX records -> s4455.com has no MX records

http://moensted.dk/spam/?addr=218.61.22.239
http://dsbl.org/listing?218.61.22.239
Open Proxy - http://www.ahbl.org/lookup?ip=218.61.22.239
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL64136

inetnum: 218.60.0.0 - 218.61.255.255
netname: CNCGROUP-LN
country: CN
descr: CNCGROUP Liaoning province network
mntner: MAINT-CNCGROUP-LN
upd-to: men...@online.ln.cn
descr: CNC Liaoning
admin-c: TM626-AP
tech-c: TM626-AP
referral-by: APNIC-HM
auth: CRYPT-PW apvOim4K3mdkU
person: Tao Meng
nic-hdl: TM626-AP
e-mail: ji...@lntelecom.com
mntner: MAINT-CNCGROUP
mnt-nfy: dm...@publicf.bta.net.cn
changed: men...@online.ln.cn
person: Guangyu Zhan
changed: zha...@lntelecom.com

See:
ns2.s4455.com IP 116.199.136.61

http://moensted.dk/spam/?addr=116.199.136.61
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL62986

inetnum: 116.199.135.0 - 116.199.138.255
netname: Newspeed
descr: Shenzhen Newspeed Science and technology Development
Limited company
descr: Shenzhen Mt. Nanshan area Nanhai main road Jinhun
building B2612
country: CN
person: Yang Li
e-mail: Tiet...@k65.net
person: Yongchen Wang
e-mail: g...@21cn.com
changed: ip...@cnnic.cn
person: Yang Li
e-mail: QY...@126.com
person: Yong Li
address: Network Center
address: Heilongjiang University
address: XueFu Road 74
address: Harbin, China
phone: +86 451 6672259
fax-no: +86 451 6672259
e-mail: ji...@hkd.hrbust.edu.cn
nic-hdl: YL10-CN
notify: address-allo...@net.edu.cn
mnt-by: MAINT-NULL
changed: sz...@net.edu.cn

See:
ns3.s4455.com IP 116.199.135.191

http://moensted.dk/spam/?addr=116.199.135.191
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL63283

inetnum: 116.199.135.0 - 116.199.138.255
netname: Newspeed

Let see whois.paycenter.com.cn:
Domain Name:s4455.com

Registrant:
liu bin
wu han huoche zhan
410214

Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com

Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Registration Date: 2008-03-28
Update Date: 2008-03-28
Expiration Date: 2009-03-28

Primary DNS: ns1.s4455.com 218.61.22.239
Secondary DNS: ns2.s4455.com 116.199.136.61

More s4455.com sightings:
http://groups.google.com/groups/search?q=s4455.com+group%3A*abuse*&qt_s=Search

SEE ALSO:
Spammer's BOOKMARK SITE: http://www.celebshoes21.com/

www.celebshoes21.com IP 118.129.65.112 (OLD IP 118.129.65.92,
212.26.146.226)

ns1.talkns.com IP 116.199.136.61
ns2.talkns.com IP 58.253.71.79
ns3.talkns.com IP 116.199.135.191

www.celebshoes21.com has no MX records -> celebshoes21.com has no MX
records

http://moensted.dk/spam/?addr=118.129.65.112
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=118.129.65.112

inetnum: 118.128.0.0 - 118.131.255.255
netname: BORANET
descr: LG DACOM Corporation
descr: 65-228,DACOM Bldg ,Hangangro 1ga Yongsangu, Seoul

Let see whois.paycenter.com.cn:
Domain Name: celebshoes21.com

Registrant:
liu bin
wu han huoche zhan
410214

Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com

Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Registration Date: 2008-03-06
Update Date: 2008-03-06
Expiration Date: 2009-03-06

Primary DNS: ns1.talkns.com 116.199.136.61
Secondary DNS: ns2.talkns.com 218.61.22.239

More celebshoes21.com sightings
http://groups.google.com/groups/search?q=celebshoes21.com+group%3A*abuse*&qt_s=Search

See:
ns1.talkns.com IP 116.199.136.61
ns2.talkns.com IP 58.253.71.79
ns3.talkns.com IP 116.199.135.191

Let see whois.paycenter.com.cn:
Domain Name:talkns.com

Registrant:
liu haijun
wu han
321099

Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com

Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com

Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com

Registration Date: 2008-02-25
Update Date: 2008-03-06
Expiration Date: 2009-02-25

Primary DNS: ns1.talkns.com 116.199.136.61
Secondary DNS: ns2.talkns.com 218.61.22.239

More talkns.com sightings
http://groups.google.com/groups/search?q=talkns.com+group%3A*abuse*&qt_s=Search

SEE ORDER SITE:
www.designerscheckout.com IP 118.129.65.112

ns1.nodns2.com IP 116.199.138.24
ns2.nodns2.com IP 116.199.135.191
ns3.nodns2.com IP 116.199.136.61

www.designerscheckout.com has no MX records -> designerscheckout.com
has no MX records

Let see whois.paycenter.com.cn:
Domain Name: designerscheckout.com

Registrant:
liu bin
wu han huoche zhan
410214

Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecustomersupport[]gmail.com

Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecus...@gmail.com

Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecus...@gmail.com

Registration Date: 2008-03-21
Update Date: 2008-03-21
Expiration Date: 2009-03-21

Primary DNS: ns1.nodns2.com 218.61.22.239
Secondary DNS: ns2.nodns2.com 116.199.135.191

See:
ns1.nodns2.com IP 116.199.138.24
ns2.nodns2.com IP 116.199.135.191
ns3.nodns2.com IP 116.199.136.61

Let see whois.paycenter.com.cn:
Domain Name: nodns2.com

Registrant:
liu haijun
wu han
321099

Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com

Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com

Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com

Registration Date: 2008-03-06
Update Date: 2008-03-25
Expiration Date: 2009-03-06

Primary DNS: ns1.nodns2.com 218.61.22.239
Secondary DNS: ns2.nodns2.com 116.199.135.191

See Much More Registrant cncliup[]21cn.com sightings:
http://groups.google.com/groups/search?q=cncliup%4021cn.com+group%3A*abuse*&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/d6f2455a26b9f6ef

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/f018f40fc3e699fe

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/e80c45c9f12ad548

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/

0 new messages