Spamvert:
kukun-oem.com IP 203.186.128.18
(SBL49519 - ROK6138 Polyakov) (at ctinets.com / ns1o.ctihk.com)
See Much More the same spammer sightings:
http://groups.google.com/groups/search?q=%22XSALSA%40%22+group%3A*abuse&start=0&scoring=d&
Received at an address harvested from this abuse group.
More info below:
====================
X-Apparently-To: [MUNGED] via 216.252.100.175; Sat, 06 Jan 2007
18:56:20 -0800
X-YahooFilteredBulk: 71.195.166.48
X-Originating-IP: [71.195.166.48]
Return-Path: <sekmh...@fireplaceexpress.com>
Authentication-Results: mta185.mail.re4.yahoo.com
from=fireplaceexpress.com; domainkeys=neutral (no sig)
Received: from 71.195.166.48 (HELO localhost) (71.195.166.48) by
mta185.mail.re4.yahoo.com with SMTP; Sat, 06 Jan 2007 18:56:20 -0800
Message-ID: <000001c73207$4ceb5700$0100007f@localhost>
From: "Carter Ramirez" <sekmh...@fireplaceexpress.com>
To: [MUNGED]
Subject: Corel Draw
Date: Sat, 06 Jan 2007 18:56:33 -0800
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.3160
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.200
Content-Length: 654
Christmas discounts! Special New Year offers!
T0P 1O ITEMS N0W!
$79 Microsoft Windows Vista Ultimate
$79 MS Office Enterprise 2007
$79 Adobe Acrobat 8 Pro
$49 Windows XP Pro w/SP2
$99 Macromedia Studio 8
$59 Adobe Premiere 2.0
$59 Corel Grafix Suite X3
$59 Adobe Illustrator CS2
$129 Autodesk Autocad 2007
$149 Adobe Creative Suite 2
http://kukun-oem.com/?488F6C08B3C9FBDD5A4B40E282391434538D&t0
See more by this manufacturers:
Microsoft....Mac....Adobe....Borland....Macromedia
http://kukun-oem.com/?488F6C08B3C9FBDD5A4B40E282391434538D&t4
Microsoft Windows Vista Ultimate
Retail price: $399.00
Proposition: $79.95
Your benefit: $319.05 (80%)
Availability: Can be downloaded INSTANTLY.
http://kukun-oem.com/2480.php?488F6C08B3C9FBDD5A4B40E282391434538D&t3
Best choice for home and professional. (46862 reviews)
Microsoft Office 2007 Enterprise Edition
Regular price: $899.00
Our offer: $79.95
You save: $819.95 (89%)
Availability: Pay and download instantly.
http://kukun-oem.com/2442.php?488F6C08B3C9FBDD5A4B40E282391434538D&t1
Sales Rank: #1 (101912 reviews)
Adobe Acrobat 8.0 Professional
Market price: $449.00
We propose: $79.95
Your profit: $369.05 (80%)
Availability: Available for INSTANT download.
http://kukun-oem.com/2441.php?488F6C08B3C9FBDD5A4B40E282391434538D&t2
Top-ranked item. (25739 reviews)
-- END OF SPAM --
See also more spammer OEM Software sightings:
http://groups.google.com/groups/search?q=%22OEM+Software%22+group%3A*abuse&start=0&scoring=d&
See:
IP 71.195.166.48 c-71-195-166-48.hsd1.ma.comcast.net and
c-71-195-166-48.hsd1.ca.comcast.net
http://www.moensted.dk/spam/?addr=71.195.166.48
http://cbl.abuseat.org/lookup.cgi?ip=71.195.166.48
http://www.spamhaus.org/query/bl?ip=71.195.166.48
http://spamcop.net/w3m?action=checkblock&ip=71.195.166.48
Exploitable Server See: http://www.sorbs.net/lookup.shtml?71.195.166.48
Comcast Cable Communications, Inc. ATT-COMCAST (NET-71-192-0-0-1)
71.192.0.0 - 71.207.255.255
Comcast Cable Communications, Inc. FRESNO-8 (NET-71-195-160-0-1)
71.195.160.0 - 71.195.191.255
NetRange: 71.195.160.0 - 71.195.191.255
CIDR: 71.195.160.0/19
NetName: FRESNO-8
NetHandle: NET-71-195-160-0-1
Parent: NET-71-192-0-0-1
OrgTechHandle: IC161-ARIN
OrgTechName: Comcast Cable Communications Inc
OrgTechPhone: +1-856-317-7200
OrgTechEmail: CNIPEO-Ip-r...@cable.comcast.com
OrgAbuseName: Network Abuse and Policy Observance => it is still only
Observing
More comcast.net sightings:
http://groups.google.com/groups/search?q=comcast.net+group%3A*abuse&start=0&scoring=d&
route: 71.195.160.0/19
descr: Comcast Cable Communications, Inc.
1800 Bishops Gate Blvd
Mt Laurel, NJ 08054
origin: AS33651
mnt-by: MNT-CMCS
changed: tony_...@nospam.cable.comc
ASN: 33651
ASN Name: IANA-RSVD-0
Country (per IP registrar): US [United States]
Country IP Range: 71.192.0.0 to 71.255.255.255
http://www.cidr-report.org/cgi-bin/as-report?as=24863
23 SBL/ROKSO listings for IPs under the responsibility of comcast.net
http://www.spamhaus.org/sbl/listings.lasso?isp=comcast.net
See:
kukun-oem.com IP 203.186.128.18
ns1.srul5.com [203.186.128.18] [TTL=172800] [HK] (OLS IP
222.122.180.189)
ns2.srul5.com [121.31.56.28] [TTL=172800] [CN]
NS records at your nameservers are:
ns1.kukun-oem.com [203.186.128.18] [TTL=3600]
ns2.kukun-oem.com [121.31.56.28] [TTL=3600]
kukun-oem.com has no MX records
SOA record [TTL=2560] is:
Primary nameserver: ns1.kukun-oem.com
Hostmaster E-mail address: hostm...@kukun-oem.com
Serial #: 1168122920
http://www.moensted.dk/spam/?addr=203.186.128.18
http://www.spamhaus.org/query/bl?ip=203.186.128.18
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL49748
203.186.128.18/32 is listed on the Spamhaus Block List (SBL)
04-Jan-2007 09:33 GMT | SR02
12 SBL/ROKSO listings for IPs under the responsibility of ctihk.com
http://www.spamhaus.org/sbl/listings.lasso?isp=ctihk.com
More 203.186.128.18 sightings:
http://groups.google.com/groups/search?q=
203.186.128.18+group%3A*abuse&start=0&scoring=d&
203.186.128.18 PTR record: 203186128018.ctinets.com
inetnum: 203.186.128.16 - 203.186.128.31
netname: HK82COM
country: HK
descr: HK82.com - Tsuen Wan
admin-c: CH134-AP
tech-c: SL113-AP
status: ASSIGNED NON-PORTABLE
changed: ken...@ctihk.com 20031028
mnt-by: MAINT-HK-CTI
source: APNIC
person: CTINETS HOSTMASTER
person: Sam Leung
nic-hdl: SL113-AP
e-mail: fio...@ctihk.com
changed: hostm...@ctihk.com 20040707
mnt-by: MAINT-HK-CTI
route: 203.186.128.0/24
descr: 9/F Tower I, Grand Century Place
193 Prince Edward Road West, Mongkok
HK
origin: AS9269
mnt-by: MAINT-AS9269
changed: saml...@ctihk.com
ASN: 9269
ASN Name: CTIHK-AS-AP (City Telecom (H.K.) Ltd.)
Country (per IP registrar): HK [Hong Kong]
Country IP Range: 203.186.0.0 to 203.186.255.255
http://www.cidr-report.org/cgi-bin/as-report?as=9269
Let see whois:
Registrar: CAPITAL NETWORKS PTY LTD
Constant spammer support by PacNames sightings:
http://groups.google.com/groups/search?q=PacNames+group%3A*abuse&start=0&scoring=d&
Registrant hiding behind PacNames => shieldedwhois.com
Domain name: KUKUN-OEM.COM
Registrar: PacNames
Referral URL: http://www.pacnames.com/
Domain Registrant: (Private Contact)
(pws.57d8c...@shieldedwhois.com)
Shielded Whois
Shielded WHOIS
PO Box 2076
Arvada CO 80001
US
Telephone: +1.5016348793
Fax:
Administrative, Technical Contact: (Private Contact)
(pws.57d8c...@shieldedwhois.com)
Shielded Whois
Shielded WHOIS
PO Box 2076
Arvada CO 80001
US
Telephone: +1.5016348793
Fax:
Name Server: NS1.SRUL5.COM
Name Server: NS2.SRUL5.COM
Domain creaton date: 2007-01-02 00:59:38.0
Domain expiration date: 2008-01-02 06:14:13.0
More kukun-oem.com sightings:
http://groups.google.com/groups/search?q=kukun-oem.com+group%3A*abuse&start=0&scoring=d&
See also more srul5.com sightings:
http://groups.google.com/groups/search?q=srul5.com+group%3A*abuse&start=0&scoring=d&
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/9a799a2d11de7b58
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.
For a copy of the guidelines to this group, see: