Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [counterfeit] [217.18.131.188] (shoes1wonder.com / s4455.com / celebshoes21.com / talkns.com / designerscheckout.com / nodns2.com) Brand Name Top Designer Shoes Boots and High Heels Gucci Prada Chanel & More

0 views
Skip to first unread message

TomezNet

unread,
Apr 9, 2008, 12:35:51 PM4/9/08
to
Received From:
IP 217.18.131.188 188.131.18.217.adsl.tomsknet.ru
(at Tomsktelecom)

Spamvert:
shoes1wonder.com NEW IP 116.199.139.5
(SBL56563 / SBL63407) (now at Newspeed)

shoes1wonder.com IP 211.118.190.4
(SBL64135) (at BORANET / dacom.net / LG DACOM / Korea)

ns1.s4455.com IP 218.61.22.239 => Open Proxy, SBL64136
ns2.s4455.com IP 116.199.136.61 => SBL62986
ns3.s4455.com IP 116.199.135.191 => SBL63283

SEE sender identity and headers forgery by spammer spoofing our
domain.

Much More info below:
====================

X-SID-PRA: [MUNGED]
X-Message-Info:
6sSXyD95QpWnNqKT4y5T8nemFRuaum54wmF2s4B1zd2ktGySl0t3DJANsB+N9RDS0Pj+9A/
hk5tTUEAndAlnjw==
Received: from tomts48-srv.bellnexxia.net ([209.226.175.192]) by bay0-
pamc1-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Tue, 8 Apr 2008 22:23:25 -0700
Received: from toip23.srvr.bell.ca ([67.69.240.25])
by toip25.srvr.bell.ca with ESMTP; 09 Apr 2008 01:23:20 -0400
Received: from [MUNGED]
by toip23.srvr.bell.ca with ESMTP; 09 Apr 2008 01:23:20 -0400
Received: (qmail 20178 invoked by uid 110); 9 Apr 2008 01:23:19 -0400
Delivered-To: [MUNGED]
Received: (qmail 20153 invoked from network); 9 Apr 2008 01:23:19
-0400
Received: from 188.131.18.217.adsl.tomsknet.ru (HELO sidorov)
(217.18.131.188)
by [MUNGED] with SMTP; 9 Apr 2008 01:23:19 -0400
X-Originating-IP: [07.8.477.916]
X-Originating-Email: [MUNGED]
X-Sender: [MUNGED]
Message-Id: <20080409192746.3064.qmail@sidorov>
To: <[MUNGED]>
Subject: Brand Name Top Designer Shoes Boots and High Heels Gucci
Prada Chanel & More
From: <[MUNGED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Date: Wed, 9 Apr 2008 01:23:24 -0400
Return-Path: design[]annn.nl
X-OriginalArrivalTime: 09 Apr 2008 05:23:25.0762 (UTC)
FILETIME=[D6184A20:01C89A01]

Ladies and Gentlemen, Get Ready for..

Thought I would let you know about the Fashion Footwear SPRING Sale!
Men and Women Designer Shoes, Heels, Sandals and Boots, All Half-OFF,
Buy Direct, Forget Department Store Prices, Get Exclusive 2008 Gucci
Prada Chanel, Christian Dior, Dsquared, Versace D&G, Uggs and More!
They Ship International for FREE on all Orders!

http://www.google.com/pagead/iclk?sa=l&ai=qdljm&num=65060&adurl=http://shoes1wonder.com


Don't Waste any More Time

-- END OF SPAM --

Also More spammer sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&

See:
IP 217.18.131.188 188.131.18.217.adsl.tomsknet.ru

http://www.moensted.dk/spam/?addr=217.18.131.188
http://spamcop.net/w3m?action=checkblock&ip=217.18.131.188

Much More tomsknet.ru sightings:
http://groups.google.com/groups/search?q=tomsknet.ru+group%3A*abuse*&qt_s=Search

inetnum: 217.18.131.0 - 217.18.131.255
netname: TOMSKNET
descr: Tomsktelecom, ISP in Tomsk, Russia and Tomsk region
country: RU
role: DIN Tomsktelecom NET Contact Role
address: Digital Information Network
address: Tomsktelecom
address: 40, Chernykh str.,
address: 634063, Tomsk, Russia
phone: +7 3822 662510
phone: +7 3822 662506
phone: +7 3822 559876
fax-no: +7 3822 662502
e-mail: n...@tomsknet.ru
person: Vadim G. Kozlov
e-mail: v...@tomsknet.ru
person: Leonid Y Shurygin
e-mail: s...@tomsknet.ru
person: Yuri A. Selivanov
e-mail: u...@tomsknet.ru

abuse[]tomsknet.ru is listed in rfc-ignorant.org database

route: 217.18.128.0/19
descr: TOMSKTELECOM
descr: Tomsk, Russia
origin: AS15759
mnt-by: DIN-RIPE-MNT
changed: a...@tomsknet.ru
AS Name: DIN-AS TOMSKTELECOM AS
http://www.cidr-report.org/cgi-bin/as-report?as=15759

See:
shoes1wonder.com NEW IP 116.199.139.5
shoes1wonder.com IP 116.199.139.5

ns1.s4455.com IP 218.61.22.239 => Open Proxy, SBL64136
ns2.s4455.com IP 116.199.136.61 => SBL62986
ns3.s4455.com IP 116.199.135.191 => SBL63283

www.shoes1wonder.com has no MX records -> shoes1wonder.com has no MX
records

http://moensted.dk/spam/?addr=211.118.190.4
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=211.118.190.4

http://www.spamhaus.org/SBL/sbl.lasso?query=SBL64135

inetnum: 211.118.0.0 - 211.118.255.255
netname: BORANET-NET-211-118
descr: DACOM Corp.
descr: Facility-based Telecommunication Service Provider
descr: providing Internet leased-ine, on-line service, BLL etc.
country: KR
inetnum: 211.118.0.0 - 211.119.255.255
netname: BORANET-KR
descr: LG DACOM Corporation

[ ISP Organization Information ]
Org Name : LG DACOM Corporation
Service Name : BORANET
Org Address : Seoul Gangnam-gu Yeoksam-dong
Org Detail Address: 706-1

[ ISP IPv4 Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-2089-7755
E-Mail : shki...@chol.com

[ ISP IPv4 Tech Contact Information ]
Name : IP ADMIN
Phone : +82-2-2089-7755
E-mail : dka...@bora.net

[ ISP Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-2089-0101
E-mail : secu...@bora.net

route: 211.118.0.0/15
descr: contact n...@bora.net if necessary
contact whc...@bora.net if necessary
origin: AS3786
mnt-by: MAINT-AS3786
changed: ysj...@bora.net

route: 211.118.0.0/16
descr: contact n...@bora.net if necessary
origin: AS3786
mnt-by: MAINT-AS3786
changed: yunc...@bora.net
AS Name: LGDACOM LG DACOM Corporation
http://www.cidr-report.org/cgi-bin/as-report?as=3786

See:
shoes1wonder.com NEW IP 116.199.139.5

http://moensted.dk/spam/?addr=116.199.139.5

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56563
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63407

inetnum: 116.199.139.0 - 116.199.139.255
netname: Newspeed
descr: Shenzhen Newspeed Science and technology Development
Limited company
descr: Shenzhen Mt. Nanshan area Nanhai main road Jinhun
building B2612
country: CN

AS Name: CNCNET-CN China Netcom Corp.
http://www.cidr-report.org/cgi-bin/as-report?as=9929

Let see whois.paycenter.com.cn:
Domain Name: shoes1wonder.com

Registrant:
liu bin
wu han huoche zhan
410214

Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com

Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Registration Date: 2008-04-03
Update Date: 2008-04-05
Expiration Date: 2009-04-03

Primary DNS: ns1.s4455.com 218.61.22.239
Secondary DNS: ns2.s4455.com 116.199.136.61

More shoes1wonder.com sightings:
http://groups.google.com/groups/search?q=shoes1wonder.com+group%3A*abuse*&qt_s=Search

SEE Also:
hostnames sharing ip with a-records
dayshoesnow1.com
spring08shoe.com

ALSO BY THE SAME SPAMMER:
02shoeyou.com, 08shoea.com, 08shoec.com, 18springshoes.com,
1cooshoe.com, 2008heelshoes.com,
2008shoeboot.com, asoftoke.com, bootshoe1.com,
bottesoft.com, chaatomastersoft.com,
checkshoe1.com, dayshoes1.com, eurocasinoafa.com,
onlinequickdegree.com, shoe1tad.com, shoec08.com,
shoeceleb23.com, shoecoo1.com, shoecoolio.com,
shoes2yous.com, shoes681.com, shoesceleb23.com,
shoescelebs21.com, shoeshos.com, shoetad1.com,
shoetoea.com, shoetos.com, shoewatches1.com,
shoey08.com, shoeyou1.com, shoeyou2.com,
springshoe18.com, thequalitymedsstore.com,
worldultimatecasino.com, wwwstarcasino.com,
youshoe19.com, youshoes2008.com, shoes1wonder.com,
dayshoesnow1.com, etc ...

See also More 21springshoe.com sightings:
http://groups.google.com/groups/search?q=21springshoe.com+group%3A*abuse*&qt_s=Search

See:
ns1.s4455.com IP 218.61.22.239
ns2.s4455.com IP 116.199.136.61
ns3.s4455.com IP 116.199.135.191

ns1.s4455.com has no MX records -> s4455.com has no MX records

http://moensted.dk/spam/?addr=218.61.22.239
http://dsbl.org/listing?218.61.22.239
Open Proxy - http://www.ahbl.org/lookup?ip=218.61.22.239
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL64136

inetnum: 218.60.0.0 - 218.61.255.255
netname: CNCGROUP-LN
country: CN
descr: CNCGROUP Liaoning province network
mntner: MAINT-CNCGROUP-LN
upd-to: men...@online.ln.cn
descr: CNC Liaoning
admin-c: TM626-AP
tech-c: TM626-AP
referral-by: APNIC-HM
auth: CRYPT-PW apvOim4K3mdkU
person: Tao Meng
nic-hdl: TM626-AP
e-mail: ji...@lntelecom.com
mntner: MAINT-CNCGROUP
mnt-nfy: dm...@publicf.bta.net.cn
changed: men...@online.ln.cn
person: Guangyu Zhan
changed: zha...@lntelecom.com

See:
ns2.s4455.com IP 116.199.136.61

http://moensted.dk/spam/?addr=116.199.136.61
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL62986

inetnum: 116.199.135.0 - 116.199.138.255
netname: Newspeed
descr: Shenzhen Newspeed Science and technology Development
Limited company
descr: Shenzhen Mt. Nanshan area Nanhai main road Jinhun
building B2612
country: CN
person: Yang Li
e-mail: Tiet...@k65.net
person: Yongchen Wang
e-mail: g...@21cn.com
changed: ip...@cnnic.cn
person: Yang Li
e-mail: QY...@126.com
person: Yong Li
address: Network Center
address: Heilongjiang University
address: XueFu Road 74
address: Harbin, China
phone: +86 451 6672259
fax-no: +86 451 6672259
e-mail: ji...@hkd.hrbust.edu.cn
nic-hdl: YL10-CN
notify: address-allo...@net.edu.cn
mnt-by: MAINT-NULL
changed: sz...@net.edu.cn

See:
ns3.s4455.com IP 116.199.135.191

http://moensted.dk/spam/?addr=116.199.135.191
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL63283

inetnum: 116.199.135.0 - 116.199.138.255
netname: Newspeed
mnt-nfy: QY...@126.com
person: Yongchen Wang
address: Shenzhen Mt. Nanshan area Nanhai main road Jinhun
building B2612
e-mail: g...@21cn.com

Let see whois.paycenter.com.cn:
Domain Name:s4455.com

Registrant:
liu bin
wu han huoche zhan
410214

Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com

Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Registration Date: 2008-03-28
Update Date: 2008-03-28
Expiration Date: 2009-03-28

Primary DNS: ns1.s4455.com 218.61.22.239
Secondary DNS: ns2.s4455.com 116.199.136.61

More s4455.com sightings:
http://groups.google.com/groups/search?q=s4455.com+group%3A*abuse*&qt_s=Search

SEE ALSO:
Spammer's BOOKMARK SITE: http://www.celebshoes21.com/

www.celebshoes21.com IP 218.61.22.239 and
www.celebshoes21.com IP 118.129.65.112 (OLD IP 118.129.65.92,
212.26.146.226)

ns1.talkns.com IP 116.199.136.61
ns2.talkns.com IP 58.253.71.79
ns3.talkns.com IP 116.199.135.191

www.celebshoes21.com has no MX records -> celebshoes21.com has no MX
records

http://moensted.dk/spam/?addr=118.129.65.112
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=118.129.65.112

inetnum: 118.128.0.0 - 118.131.255.255
netname: BORANET
descr: LG DACOM Corporation
descr: 65-228,DACOM Bldg ,Hangangro 1ga Yongsangu, Seoul

See:
www.celebshoes21.com IP 218.61.22.239

http://moensted.dk/spam/?addr=218.61.22.239
Open Proxy - http://www.ahbl.org/lookup?ip=218.61.22.239

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64136
218.61.22.239/32 is listed on the Spamhaus Block List (SBL)

04-Apr-2008 00:06 GMT | SR20

footwear spammer - expanding to other counterfeit items

inetnum: 218.60.0.0 - 218.61.255.255
netname: CNCGROUP-LN
country: CN
descr: CNCGROUP Liaoning province network
person: Guangyu Zhan
nic-hdl: GZ84-AP
changed: zha...@lntelecom.com
mntner: MAINT-CNCGROUP-LN
upd-to: men...@online.ln.cn
person: Tao Meng
nic-hdl: TM626-AP
e-mail: ji...@lntelecom.com

route: 218.61.0.0/16
descr: PNAP-SEA SEA-PNAP-USEI-ROUTES
origin: AS4134
mnt-by: INAP-MAINT-RADB
changed: dheid...@internap.com

route: 218.61.0.0/16
descr: CNC Group LiaoNing Network
origin: AS4837
mnt-by: MAINT-AS4837
changed: I...@cnc-noc.net
AS Name: CHINA169-BACKBONE CNCGROUP China169 Backbone
http://www.cidr-report.org/cgi-bin/as-report?as=4837

Let see whois.paycenter.com.cn:
Domain Name: celebshoes21.com

Registrant:
liu bin
wu han huoche zhan
410214

Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com

Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Registration Date: 2008-03-06
Update Date: 2008-03-06
Expiration Date: 2009-03-06

Primary DNS: ns1.talkns.com 116.199.136.61
Secondary DNS: ns2.talkns.com 218.61.22.239

More celebshoes21.com sightings
http://groups.google.com/groups/search?q=celebshoes21.com+group%3A*abuse*&qt_s=Search

See:
ns1.talkns.com IP 116.199.136.61
ns2.talkns.com IP 58.253.71.79
ns3.talkns.com IP 116.199.135.191

Let see whois.paycenter.com.cn:
Domain Name:talkns.com

Registrant:
liu haijun
wu han
321099

Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com

Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com

Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com

Registration Date: 2008-02-25
Update Date: 2008-03-06
Expiration Date: 2009-02-25

Primary DNS: ns1.talkns.com 116.199.136.61
Secondary DNS: ns2.talkns.com 218.61.22.239

More talkns.com sightings
http://groups.google.com/groups/search?q=talkns.com+group%3A*abuse*&qt_s=Search

SEE ORDER SITE:
www.designerscheckout.com IP 118.129.65.112
www.designerscheckout.com IP 116.199.139.5

ns1.nodns2.com IP 116.199.138.24
ns2.nodns2.com IP 116.199.135.191
ns3.nodns2.com IP 116.199.136.61

www.designerscheckout.com has no MX records -> designerscheckout.com
has no MX records

http://moensted.dk/spam/?addr=116.199.139.5

inetnum: 116.199.139.0 - 116.199.139.255
netname: Newspeed

http://moensted.dk/spam/?addr=118.129.65.112

inetnum: 118.128.0.0 - 118.131.255.255
netname: BORANET
descr: LG DACOM Corporation
descr: 65-228,DACOM Bldg ,Hangangro 1ga Yongsangu, Seoul

SEE:
hostnames sharing ip with a-records
celebshoes21.com
wonshoe12.com
www.21springshoe.com

Let see whois.paycenter.com.cn:
Domain Name: designerscheckout.com

Registrant:
liu bin
wu han huoche zhan
410214

Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecustomersupport[]gmail.com

Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecus...@gmail.com

Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecus...@gmail.com

Registration Date: 2008-03-21
Update Date: 2008-03-21
Expiration Date: 2009-03-21

Primary DNS: ns1.nodns2.com 218.61.22.239
Secondary DNS: ns2.nodns2.com 116.199.135.191

More designerscheckout.com sightings:
http://groups.google.com/groups/search?q=designerscheckout.com+group%3A*abuse*&qt_s=Search

See:
ns1.nodns2.com IP 116.199.138.24
ns2.nodns2.com IP 116.199.135.191
ns3.nodns2.com IP 116.199.136.61

Let see whois.paycenter.com.cn:
Domain Name: nodns2.com

Registrant:
liu haijun
wu han
321099

Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com

Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com

Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com

Registration Date: 2008-03-06
Update Date: 2008-03-25
Expiration Date: 2009-03-06

Primary DNS: ns1.nodns2.com 218.61.22.239
Secondary DNS: ns2.nodns2.com 116.199.135.191

See Much More Registrant cncliup[]21cn.com sightings:
http://groups.google.com/groups/search?q=cncliup%4021cn.com+group%3A*abuse*&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/d6f2455a26b9f6ef

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/f018f40fc3e699fe

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/e80c45c9f12ad548

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/c3d221016e808364

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/

0 new messages