Spamvert URL:
http://vraeweypr.com/
Redirected to:
http://vraeweypr.com/main.php
vraeweypr.com IP 61.156.238.167
(at CNCGROUP-SD)
ns2.ns-earthling.com IP 61.156.238.167
ns1.ns-earthling.com IP 210.14.130.212 => SBL56347 at zbyd
Title: KING REPLICA
More spammer recent sightings:
http://groups.google.com/groups/search?q=%22KING+REPLICA%22+group%3A*abuse*&qt_s=Search
More info below:
====================
X-SID-PRA: Marilyn Yarbrough <Marilyn[]du.edu>
X-SID-Result: Neutral
X-Message-Info: 6sSXyD95QpX2JT7NLAr2W/
MP9MxTL5T9aFzEsHShtRwUAdZ1Yc2auM9KbxQIhLGxSbmlSTIM0gYPUMkIuUel6g==
Received: from tomts26-srv.bellnexxia.net ([209.226.175.189]) by bay0-
pamc1-f1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Fri, 21 Mar 2008 16:40:50 -0700
Received: from toip18.srvr.bell.ca ([67.69.240.20])
by toip32.srvr.bell.ca with ESMTP; 21 Mar 2008 19:40:46 -0400
Received: from [MUNGED]
by toip18.srvr.bell.ca with ESMTP; 21 Mar 2008 19:40:45 -0400
Received: (qmail 22527 invoked by uid 110); 21 Mar 2008 19:40:45 -0400
Delivered-To: [MUNGED]
Received: (qmail 21928 invoked from network); 21 Mar 2008 19:40:19
-0400
Received: from unknown (HELO hurontel.on.ca) (86.108.199.91)
by [MUNGED] with SMTP; 21 Mar 2008 19:40:19 -0400
Return-Path: <Marilyn[]du.edu>
Received: from 130.253.1.74 (HELO smtpout.cair.du.edu)
by [MUNGED] with esmtp ({nChar[8-12]} {nChar[4-6]})
id [MUNGED]
for [MUNGED]; Sat, 22 Mar 2008 01:40:20 -2200
Message-ID: <126701c88bac$eca03fe0$d52b938c@Marilyn>
From: "Marilyn Yarbrough" <Marilyn[]du.edu>
To: [MUNGED]
Subject: Fake timepieces and luxury reproductions
Date: Sat, 22 Mar 2008 01:40:20 -2200
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_4709_12CF_01C88BBD.B0290FE0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1441
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441
X-OriginalArrivalTime: 21 Mar 2008 23:40:50.0321 (UTC)
FILETIME=[FEA96810:01C88BAC]
This is a multi-part message in MIME format.
------=_NextPart_4709_12CF_01C88BBD.B0290FE0
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
thinking in the range of three or four billion=2E But thats where
Georges=
long German and French bonds=2E At the same time, he shorts German
Buy our copies of the high-end watches, that will feel like you are
weari=
ng the original!
Our products will prove to be the items worth your careful attention!
http://vraeweypr=2Ecom/
later suggests that he did not authorize publication of his remarks=2E
It=
continued to mount as he kept his money in currencies other thanHis
confi=
dence is growing that the British will have to pull theat this
moment=2E =
And I tell you categorically that is not the governments
Kaletskys phone rang=2E George Soros was on the line=2Eand if most
people=
outside Wall Street and the City had never heard ofAt the same time,
Sor=
os buys $500 million worth of British stocks,Kovners funds made an
estima=
ted $300 million; Joness funds made
------=_NextPart_4709_12CF_01C88BBD.B0290FE0
Content-Type: text/html;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4=2E0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html;
charset=3Diso-8859-=
2">
<META content=3D"MSHTML 6=2E00=2E2800=2E1441" name=3DGENERATOR>
</HEAD>
<BODY><font size=3D"-2">thinking in the range of three or four
billion=2E=
But thats where Georgeslong German and French bonds=2E At the same
time,=
he shorts German</font><br><br>
Buy our copies of the high-end watches, that will feel like you are
weari=
ng the original!<br>=20
<a href=3D"http://vraeweypr=2Ecom/">Our products will prove to be the
ite=
ms worth your careful attention!</a><br><br><br>
<font size=3D"-2">later suggests that he did not authorize publication
of=
his remarks=2E Itcontinued to mount as he kept his money in
currencies o=
ther thanHis confidence is growing that the British will have to pull
the=
at this moment=2E And I tell you categorically that is not the
government=
s<br>
Kaletskys phone rang=2E George Soros was on the line=2Eand if most
people=
outside Wall Street and the City had never heard ofAt the same time,
Sor=
os buys $500 million worth of British stocks,Kovners funds made an
estima=
ted $300 million; Joness funds made</font></BODY></HTML>
------=_NextPart_4709_12CF_01C88BBD.B0290FE0--
-- END OF SPAM --
Also More spammer sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&
Spammer old listings SBL52081, SBL54224, SBL54249
See:
IP 86.108.199.91
http://www.moensted.dk/spam/?addr=86.108.199.91
inetnum: 86.108.192.0 - 86.108.255.255
netname: TCELL-GPRS-1
descr: GPRS User Segment
country: TR
person: Turkcell IP Manager
address: Turkcell Maltepe Plaza
address: Yenimahalle Pamukkale Sok No 3
address: Soganlik Kartal ISTANBUL
phone: +90 216 458 10 00
fax-no: +90 216 427 50 60
e-mail: n...@turkcell.com.tr
route: 86.108.128.0/17
descr: Turkcell RO
origin: AS16135
mnt-by: tr-turkcell
changed: kerem...@turkcell.com.tr
AS Name: TURKCELL-AS Turkcell A.S.
http://www.cidr-report.org/cgi-bin/as-report?as=16135
Spamvert URL:
http://vraeweypr.com/
Redirected to:
http://vraeweypr.com/main.php
HTTP/1.1 200 OK
Date: Sat, 22 Mar 2008 04:28:24 GMT
Server: Apache/2.0.58 (Unix) mod_ssl/2.0.58 OpenSSL/0.9.7f PHP/4.4.7
Connection: close
Set-Cookie: AFF=3088119236; expires=Sat, 29-Mar-2008 04:28:24 GMT;
path=/
Set-Cookie: DOM=vraeweypr.com; expires=Sat, 29-Mar-2008 04:28:24 GMT;
path=/
Set-Cookie: OPT=O; expires=Sat, 29-Mar-2008 04:28:24 GMT; path=/
Set-Cookie: PAGE=3884804911; path=/
Content-type: text/html
Content-Length: 764
See:
vraeweypr.com IP 61.156.238.167
ns2.ns-earthling.com IP 61.156.238.167
ns1.ns-earthling.com IP 210.14.130.212 => SBL56347 at zbyd
[vraeweypr.com has 1 MX record vraeweypr.com (1)]
http://www.moensted.dk/spam/?addr=61.156.238.167
inetnum: 61.156.0.0 - 61.156.255.255
netname: CNCGROUP-SD
descr: CNCGROUP Shandong province network
country: CN
person: XIAOFENG ZHANG
nic-hdl: XZ14-AP
e-mail: i...@pub.sd.cninfo.net
address: Jinan,Shandong P.R China
phone: +86-531-6666666
fax-no: +86-531-6666666
country: CN
changed: i...@sdinfo.net
person: Data Communication Bureau Shandong
mntner: MAINT-CNCGROUP-SD
upd-to: i...@sdinfo.net
descr: Shandong Communication Corporation Internet Department
auth: CRYPT-PW apz8dRGX6w7hI
admin-c: DS95-AP
tech-c: DS95-AP
country: CN
mnt-nfy: i...@sdinfo.net
notify: ma...@china-netcom.com
route: 61.156.0.0/16
descr: PNAP-SEA
CHINAnet
origin: AS4134
mnt-by: INAP-MAINT-RADB
changed: hol...@internap.com
route: 61.156.0.0/16
descr: CNC Group ShanDong Network
origin: AS4837
mnt-by: MAINT-AS4837
changed: hai...@cnc-noc.net
route: 61.156.0.0/16
descr: CNC Group CHINA169 Shandong Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
AS Name: CHINA169-BACKBONE CNCGROUP China169 Backbone
http://www.cidr-report.org/cgi-bin/as-report?as=4837
1 SBL listings for IPs under the responsibility of CNCGROUP-SD
http://www.spamhaus.org/sbl/listings.lasso?isp=CNCGROUP-SD
Let see whois.paycenter.com.cn:
Domain Name: VRAEWEYPR.COM
Registrar: XIN NET TECHNOLOGY CORPORATION
Whois Server: whois.paycenter.com.cn
Referral URL: http://www.xinnet.com
Name Server: NS1.NS-EARTHLING.COM
Name Server: NS2.NS-EARTHLING.COM
Status: ok
Updated Date: 20-mar-2008
Creation Date: 20-mar-2008
Expiration Date: 20-mar-2009
SEE Also:
hostnames sharing ip with a-records
*.lkylsh.com
acnippoa.com
allopea.com
attussizc.com
rtsakwc.lkylsh.com
veniutk.com
domains sharing nameservers
ancrostimer.com
areanrestoos.com
areneretso.com
astioh.com
beancountars.com
beancountis.com
beautifuldics.com
believersto.com
berituari.com
bevejeoste.com
bigisneverenoughs.com
bliverstages.com
bulletgevi.com
bulltiofu.com
burituap.com
buritubu.com
burivur.com
burtieat.com
chetenget.com
classtiws.com
clazonets.com
clitostrike.com
conmedri.com
creeniost.com
cretlam.com
daveedons.com
devirsion.com
difieted.com
dimeenors.com
diveintes.com
divenrson.com
doughests.com
enlargementesz.com
erucktis.com
fallitens.com
fashstv.com
fijutie.com
fisvot.com
ganimenti.com
gerifuea.com
germenseei.com
growthprovennow.com
heriakle.com
hilmore.com
hufruie.com
hurienau.com
ibereast.com
ifoutlj.com
incredigrowth.com
infelloble.com
ininqw.com
iplatyes.com
jerycanno.com
jirtuena.com
jisterlys.com
juriaeor.com
kilmalo.com
klacebos.com
klinenery.com
kokomoones.com
koriaebg.com
leniesteen.com
miffikitt.com
moreisbettered.com
mozolut.com
muatutes.com
musenuter.com
mutyouch.com
mytiemaos.com
noobernati.com
paryoum.com
pimmonester.com
placeteh.com
pleitu.com
plinvesateters.com
poliofora.com
polirewa.com
porfiedue.com
porifaela.com
prescribedenlarged.com
progling.com
pullenstatens.com
rawjusm.com
riddli.com
riopli.com
sandsloses.com
scudpatio.com
smiffiki.com
superupsizeme.com
sutyehoio.com
thuaeota.com
tobetobet.com
torconus.com
trackielones.com
trikoosters.com
turinbrak.com
turrest.com
voktopoke.com
xbjhse.com
xiqwt.com
xoizone.com
zenweki.com
(only showing 100 results)
More vraeweypr.com
http://groups.google.com/groups/search?q=vraeweypr.com+group%3A*abuse*&qt_s=Search
See:
ns2.ns-earthling.com IP 61.156.238.167
ns1.ns-earthling.com IP 210.14.130.212
ns1.ns-earthling.com has no MX records -> ns-earthling.com has no MX
records
http://moensted.dk/spam/?addr=210.14.130.212
http://www.spamhaus.org/query/bl?ip=210.14.130.212
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56347
210.14.128.0/19 is listed on the Spamhaus Block List (SBL)
09-Nov-2007 09:09 GMT | SR02
ZBYD Technology Co.,Ltd
No response to multiple SBL listings. Hosting many ROKSO and botnet
spam gang's websites and nameservers.
July, August: No response from upstream CNCGROUP-BJ.
November: Bulletproof hosting continues still routed by China-Netcom
211.144.11.62 (SBL58407).
inetnum: 210.14.128.0 - 210.14.159.255
netname: ZBYD
descr: ZBYD Technology Co.,Ltd
descr: 15A build , xiyongle road ,shijingshan district ,Beijing
country: CN
person: Lei An
nic-hdl: LA100-AP
e-mail: wee...@bbn.cn
mntner: MAINT-CNNIC-AP
upd-to: ip...@cnnic.net.cn
AS Name: JINGXUN Beijing Jingxun Public Information Technology Co.,
Ltd
http://www.cidr-report.org/cgi-bin/as-report?as=9803
AS Name: TIMENET BeiJing Sincerity-times Network Technology Project
Ltd.
http://www.cidr-report.org/cgi-bin/as-report?as=38356
31 SBL listings for IPs under the responsibility of zbyd
http://www.spamhaus.org/sbl/listings.lasso?isp=zbyd
Let see whois.paycenter.com.cn:
Domain Name: ns-earthling.com
Registrant:
mei li yi shen
jiangxi nan chang
564123
Administrative Contact:
daidai
mei li yi shen
jiangxi nan chang
nan chang Jiangxi 564123
CN
tel: 213 546789
fax: 213 546789
cnc...@21cn.com
Technical Contact:
daidai
mei li yi shen
jiangxi nan chang
nan chang Jiangxi 564123
CN
tel: 546789
fax: 546789
cnc...@21cn.com
Billing Contact:
daidai
mei li yi shen
jiangxi nan chang
nan chang Jiangxi 564123
CN
tel: 546789
fax: 546789
cnc...@21cn.com
Registration Date: 2007-12-19
Update Date: 2007-12-19
Expiration Date: 2008-12-19
More ns-earthling.com sightings:
http://groups.google.com/groups/search?q=ns-earthling.com+group%3A*abuse*&qt_s=Search
And More cnc...@21cn.com sightings:
http://groups.google.com/groups/search?q=cncliup%4021cn.com+group%3A*abuse*&qt_s=Search
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/8e90e6e72da1385f
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/d50ae08e4a6aa2c3
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/51d5585110aebe89
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/