Spamvert:
shoes1wonder.com NEW IP 116.199.139.5
(SBL56563 / SBL63407) (now at Newspeed)
shoes1wonder.com IP 211.118.190.4
(SBL64135) (at BORANET / dacom.net / LG DACOM / Korea)
ns1.s4455.com IP 218.61.22.239 => Open Proxy, SBL64136
ns2.s4455.com IP 116.199.136.61 => SBL62986
ns3.s4455.com IP 116.199.135.191 => SBL63283
SEE sender identity and headers forgery by spammer spoofing our
domain.
Much More info below:
====================
X-SID-PRA: [MUNGED]
X-Message-Info:
6sSXyD95QpWnNqKT4y5T8nemFRuaum54wmF2s4B1zd2ktGySl0t3DJANsB+N9RDS0Pj+9A/
hk5tTUEAndAlnjw==
Received: from tomts48-srv.bellnexxia.net ([209.226.175.192]) by bay0-
pamc1-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Tue, 8 Apr 2008 22:23:25 -0700
Received: from toip23.srvr.bell.ca ([67.69.240.25])
by toip25.srvr.bell.ca with ESMTP; 09 Apr 2008 01:23:20 -0400
Received: from [MUNGED]
by toip23.srvr.bell.ca with ESMTP; 09 Apr 2008 01:23:20 -0400
Received: (qmail 20178 invoked by uid 110); 9 Apr 2008 01:23:19 -0400
Delivered-To: [MUNGED]
Received: (qmail 20153 invoked from network); 9 Apr 2008 01:23:19
-0400
Received: from 188.131.18.217.adsl.tomsknet.ru (HELO sidorov)
(217.18.131.188)
by [MUNGED] with SMTP; 9 Apr 2008 01:23:19 -0400
X-Originating-IP: [07.8.477.916]
X-Originating-Email: [MUNGED]
X-Sender: [MUNGED]
Message-Id: <20080409192746.3064.qmail@sidorov>
To: <[MUNGED]>
Subject: Brand Name Top Designer Shoes Boots and High Heels Gucci
Prada Chanel & More
From: <[MUNGED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Date: Wed, 9 Apr 2008 01:23:24 -0400
Return-Path: design[]annn.nl
X-OriginalArrivalTime: 09 Apr 2008 05:23:25.0762 (UTC)
FILETIME=[D6184A20:01C89A01]
Ladies and Gentlemen, Get Ready for..
Thought I would let you know about the Fashion Footwear SPRING Sale!
Men and Women Designer Shoes, Heels, Sandals and Boots, All Half-OFF,
Buy Direct, Forget Department Store Prices, Get Exclusive 2008 Gucci
Prada Chanel, Christian Dior, Dsquared, Versace D&G, Uggs and More!
They Ship International for FREE on all Orders!
http://www.google.com/pagead/iclk?sa=l&ai=qdljm&num=65060&adurl=http://shoes1wonder.com
Don't Waste any More Time
-- END OF SPAM --
Also More spammer sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&
See:
IP 217.18.131.188 188.131.18.217.adsl.tomsknet.ru
http://www.moensted.dk/spam/?addr=217.18.131.188
http://spamcop.net/w3m?action=checkblock&ip=217.18.131.188
Much More tomsknet.ru sightings:
http://groups.google.com/groups/search?q=tomsknet.ru+group%3A*abuse*&qt_s=Search
inetnum: 217.18.131.0 - 217.18.131.255
netname: TOMSKNET
descr: Tomsktelecom, ISP in Tomsk, Russia and Tomsk region
country: RU
role: DIN Tomsktelecom NET Contact Role
address: Digital Information Network
address: Tomsktelecom
address: 40, Chernykh str.,
address: 634063, Tomsk, Russia
phone: +7 3822 662510
phone: +7 3822 662506
phone: +7 3822 559876
fax-no: +7 3822 662502
e-mail: n...@tomsknet.ru
person: Vadim G. Kozlov
e-mail: v...@tomsknet.ru
person: Leonid Y Shurygin
e-mail: s...@tomsknet.ru
person: Yuri A. Selivanov
e-mail: u...@tomsknet.ru
abuse[]tomsknet.ru is listed in rfc-ignorant.org database
route: 217.18.128.0/19
descr: TOMSKTELECOM
descr: Tomsk, Russia
origin: AS15759
mnt-by: DIN-RIPE-MNT
changed: a...@tomsknet.ru
AS Name: DIN-AS TOMSKTELECOM AS
http://www.cidr-report.org/cgi-bin/as-report?as=15759
See:
shoes1wonder.com NEW IP 116.199.139.5
shoes1wonder.com IP 116.199.139.5
ns1.s4455.com IP 218.61.22.239 => Open Proxy, SBL64136
ns2.s4455.com IP 116.199.136.61 => SBL62986
ns3.s4455.com IP 116.199.135.191 => SBL63283
www.shoes1wonder.com has no MX records -> shoes1wonder.com has no MX
records
http://moensted.dk/spam/?addr=211.118.190.4
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=211.118.190.4
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL64135
inetnum: 211.118.0.0 - 211.118.255.255
netname: BORANET-NET-211-118
descr: DACOM Corp.
descr: Facility-based Telecommunication Service Provider
descr: providing Internet leased-ine, on-line service, BLL etc.
country: KR
inetnum: 211.118.0.0 - 211.119.255.255
netname: BORANET-KR
descr: LG DACOM Corporation
[ ISP Organization Information ]
Org Name : LG DACOM Corporation
Service Name : BORANET
Org Address : Seoul Gangnam-gu Yeoksam-dong
Org Detail Address: 706-1
[ ISP IPv4 Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-2089-7755
E-Mail : shki...@chol.com
[ ISP IPv4 Tech Contact Information ]
Name : IP ADMIN
Phone : +82-2-2089-7755
E-mail : dka...@bora.net
[ ISP Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-2089-0101
E-mail : secu...@bora.net
route: 211.118.0.0/15
descr: contact n...@bora.net if necessary
contact whc...@bora.net if necessary
origin: AS3786
mnt-by: MAINT-AS3786
changed: ysj...@bora.net
route: 211.118.0.0/16
descr: contact n...@bora.net if necessary
origin: AS3786
mnt-by: MAINT-AS3786
changed: yunc...@bora.net
AS Name: LGDACOM LG DACOM Corporation
http://www.cidr-report.org/cgi-bin/as-report?as=3786
See:
shoes1wonder.com NEW IP 116.199.139.5
http://moensted.dk/spam/?addr=116.199.139.5
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56563
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63407
inetnum: 116.199.139.0 - 116.199.139.255
netname: Newspeed
descr: Shenzhen Newspeed Science and technology Development
Limited company
descr: Shenzhen Mt. Nanshan area Nanhai main road Jinhun
building B2612
country: CN
AS Name: CNCNET-CN China Netcom Corp.
http://www.cidr-report.org/cgi-bin/as-report?as=9929
Let see whois.paycenter.com.cn:
Domain Name: shoes1wonder.com
Registrant:
liu bin
wu han huoche zhan
410214
Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com
Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Registration Date: 2008-04-03
Update Date: 2008-04-05
Expiration Date: 2009-04-03
Primary DNS: ns1.s4455.com 218.61.22.239
Secondary DNS: ns2.s4455.com 116.199.136.61
More shoes1wonder.com sightings:
http://groups.google.com/groups/search?q=shoes1wonder.com+group%3A*abuse*&qt_s=Search
SEE Also:
hostnames sharing ip with a-records
dayshoesnow1.com
spring08shoe.com
ALSO BY THE SAME SPAMMER:
02shoeyou.com, 08shoea.com, 08shoec.com, 18springshoes.com,
1cooshoe.com, 2008heelshoes.com,
2008shoeboot.com, asoftoke.com, bootshoe1.com,
bottesoft.com, chaatomastersoft.com,
checkshoe1.com, dayshoes1.com, eurocasinoafa.com,
onlinequickdegree.com, shoe1tad.com, shoec08.com,
shoeceleb23.com, shoecoo1.com, shoecoolio.com,
shoes2yous.com, shoes681.com, shoesceleb23.com,
shoescelebs21.com, shoeshos.com, shoetad1.com,
shoetoea.com, shoetos.com, shoewatches1.com,
shoey08.com, shoeyou1.com, shoeyou2.com,
springshoe18.com, thequalitymedsstore.com,
worldultimatecasino.com, wwwstarcasino.com,
youshoe19.com, youshoes2008.com, shoes1wonder.com,
dayshoesnow1.com, etc ...
See also More 21springshoe.com sightings:
http://groups.google.com/groups/search?q=21springshoe.com+group%3A*abuse*&qt_s=Search
See:
ns1.s4455.com IP 218.61.22.239
ns2.s4455.com IP 116.199.136.61
ns3.s4455.com IP 116.199.135.191
ns1.s4455.com has no MX records -> s4455.com has no MX records
http://moensted.dk/spam/?addr=218.61.22.239
http://dsbl.org/listing?218.61.22.239
Open Proxy - http://www.ahbl.org/lookup?ip=218.61.22.239
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL64136
inetnum: 218.60.0.0 - 218.61.255.255
netname: CNCGROUP-LN
country: CN
descr: CNCGROUP Liaoning province network
mntner: MAINT-CNCGROUP-LN
upd-to: men...@online.ln.cn
descr: CNC Liaoning
admin-c: TM626-AP
tech-c: TM626-AP
referral-by: APNIC-HM
auth: CRYPT-PW apvOim4K3mdkU
person: Tao Meng
nic-hdl: TM626-AP
e-mail: ji...@lntelecom.com
mntner: MAINT-CNCGROUP
mnt-nfy: dm...@publicf.bta.net.cn
changed: men...@online.ln.cn
person: Guangyu Zhan
changed: zha...@lntelecom.com
See:
ns2.s4455.com IP 116.199.136.61
http://moensted.dk/spam/?addr=116.199.136.61
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL62986
inetnum: 116.199.135.0 - 116.199.138.255
netname: Newspeed
descr: Shenzhen Newspeed Science and technology Development
Limited company
descr: Shenzhen Mt. Nanshan area Nanhai main road Jinhun
building B2612
country: CN
person: Yang Li
e-mail: Tiet...@k65.net
person: Yongchen Wang
e-mail: g...@21cn.com
changed: ip...@cnnic.cn
person: Yang Li
e-mail: QY...@126.com
person: Yong Li
address: Network Center
address: Heilongjiang University
address: XueFu Road 74
address: Harbin, China
phone: +86 451 6672259
fax-no: +86 451 6672259
e-mail: ji...@hkd.hrbust.edu.cn
nic-hdl: YL10-CN
notify: address-allo...@net.edu.cn
mnt-by: MAINT-NULL
changed: sz...@net.edu.cn
See:
ns3.s4455.com IP 116.199.135.191
http://moensted.dk/spam/?addr=116.199.135.191
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL63283
inetnum: 116.199.135.0 - 116.199.138.255
netname: Newspeed
mnt-nfy: QY...@126.com
person: Yongchen Wang
address: Shenzhen Mt. Nanshan area Nanhai main road Jinhun
building B2612
e-mail: g...@21cn.com
Let see whois.paycenter.com.cn:
Domain Name:s4455.com
Registrant:
liu bin
wu han huoche zhan
410214
Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com
Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Registration Date: 2008-03-28
Update Date: 2008-03-28
Expiration Date: 2009-03-28
Primary DNS: ns1.s4455.com 218.61.22.239
Secondary DNS: ns2.s4455.com 116.199.136.61
More s4455.com sightings:
http://groups.google.com/groups/search?q=s4455.com+group%3A*abuse*&qt_s=Search
SEE ALSO:
Spammer's BOOKMARK SITE: http://www.celebshoes21.com/
www.celebshoes21.com IP 218.61.22.239 and
www.celebshoes21.com IP 118.129.65.112 (OLD IP 118.129.65.92,
212.26.146.226)
ns1.talkns.com IP 116.199.136.61
ns2.talkns.com IP 58.253.71.79
ns3.talkns.com IP 116.199.135.191
www.celebshoes21.com has no MX records -> celebshoes21.com has no MX
records
http://moensted.dk/spam/?addr=118.129.65.112
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=118.129.65.112
inetnum: 118.128.0.0 - 118.131.255.255
netname: BORANET
descr: LG DACOM Corporation
descr: 65-228,DACOM Bldg ,Hangangro 1ga Yongsangu, Seoul
See:
www.celebshoes21.com IP 218.61.22.239
http://moensted.dk/spam/?addr=218.61.22.239
Open Proxy - http://www.ahbl.org/lookup?ip=218.61.22.239
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64136
218.61.22.239/32 is listed on the Spamhaus Block List (SBL)
04-Apr-2008 00:06 GMT | SR20
footwear spammer - expanding to other counterfeit items
inetnum: 218.60.0.0 - 218.61.255.255
netname: CNCGROUP-LN
country: CN
descr: CNCGROUP Liaoning province network
person: Guangyu Zhan
nic-hdl: GZ84-AP
changed: zha...@lntelecom.com
mntner: MAINT-CNCGROUP-LN
upd-to: men...@online.ln.cn
person: Tao Meng
nic-hdl: TM626-AP
e-mail: ji...@lntelecom.com
route: 218.61.0.0/16
descr: PNAP-SEA SEA-PNAP-USEI-ROUTES
origin: AS4134
mnt-by: INAP-MAINT-RADB
changed: dheid...@internap.com
route: 218.61.0.0/16
descr: CNC Group LiaoNing Network
origin: AS4837
mnt-by: MAINT-AS4837
changed: I...@cnc-noc.net
AS Name: CHINA169-BACKBONE CNCGROUP China169 Backbone
http://www.cidr-report.org/cgi-bin/as-report?as=4837
Let see whois.paycenter.com.cn:
Domain Name: celebshoes21.com
Registrant:
liu bin
wu han huoche zhan
410214
Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com
Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Registration Date: 2008-03-06
Update Date: 2008-03-06
Expiration Date: 2009-03-06
Primary DNS: ns1.talkns.com 116.199.136.61
Secondary DNS: ns2.talkns.com 218.61.22.239
More celebshoes21.com sightings
http://groups.google.com/groups/search?q=celebshoes21.com+group%3A*abuse*&qt_s=Search
See:
ns1.talkns.com IP 116.199.136.61
ns2.talkns.com IP 58.253.71.79
ns3.talkns.com IP 116.199.135.191
Let see whois.paycenter.com.cn:
Domain Name:talkns.com
Registrant:
liu haijun
wu han
321099
Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com
Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Registration Date: 2008-02-25
Update Date: 2008-03-06
Expiration Date: 2009-02-25
Primary DNS: ns1.talkns.com 116.199.136.61
Secondary DNS: ns2.talkns.com 218.61.22.239
More talkns.com sightings
http://groups.google.com/groups/search?q=talkns.com+group%3A*abuse*&qt_s=Search
SEE ORDER SITE:
www.designerscheckout.com IP 118.129.65.112
www.designerscheckout.com IP 116.199.139.5
ns1.nodns2.com IP 116.199.138.24
ns2.nodns2.com IP 116.199.135.191
ns3.nodns2.com IP 116.199.136.61
www.designerscheckout.com has no MX records -> designerscheckout.com
has no MX records
http://moensted.dk/spam/?addr=116.199.139.5
inetnum: 116.199.139.0 - 116.199.139.255
netname: Newspeed
http://moensted.dk/spam/?addr=118.129.65.112
inetnum: 118.128.0.0 - 118.131.255.255
netname: BORANET
descr: LG DACOM Corporation
descr: 65-228,DACOM Bldg ,Hangangro 1ga Yongsangu, Seoul
SEE:
hostnames sharing ip with a-records
celebshoes21.com
wonshoe12.com
www.21springshoe.com
Let see whois.paycenter.com.cn:
Domain Name: designerscheckout.com
Registrant:
liu bin
wu han huoche zhan
410214
Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecustomersupport[]gmail.com
Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecus...@gmail.com
Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecus...@gmail.com
Registration Date: 2008-03-21
Update Date: 2008-03-21
Expiration Date: 2009-03-21
Primary DNS: ns1.nodns2.com 218.61.22.239
Secondary DNS: ns2.nodns2.com 116.199.135.191
More designerscheckout.com sightings:
http://groups.google.com/groups/search?q=designerscheckout.com+group%3A*abuse*&qt_s=Search
See:
ns1.nodns2.com IP 116.199.138.24
ns2.nodns2.com IP 116.199.135.191
ns3.nodns2.com IP 116.199.136.61
Let see whois.paycenter.com.cn:
Domain Name: nodns2.com
Registrant:
liu haijun
wu han
321099
Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com
Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Registration Date: 2008-03-06
Update Date: 2008-03-25
Expiration Date: 2009-03-06
Primary DNS: ns1.nodns2.com 218.61.22.239
Secondary DNS: ns2.nodns2.com 116.199.135.191
See Much More Registrant cncliup[]21cn.com sightings:
http://groups.google.com/groups/search?q=cncliup%4021cn.com+group%3A*abuse*&qt_s=Search
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/d6f2455a26b9f6ef
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/f018f40fc3e699fe
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/e80c45c9f12ad548
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/c3d221016e808364
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/