Spamvert:
shoes1wonder.com IP 211.118.190.4
(SBL64135) (at BORANET / dacom.net / LG DACOM / Korea)
ns1.s4455.com IP 218.61.22.239 => Open Proxy, SBL64136
ns2.s4455.com IP 116.199.136.61 => SBL62986
ns3.s4455.com IP 116.199.135.191 => SBL63283
SEE sender identity and headers forgery by spammer spoofing our
domain.
More info below:
====================
X-SID-PRA: [MUNGED]
X-Message-Info: 6sSXyD95QpWgxLzK
+WNYxmlwkXdaWCyNJRIC8OyyBeIqANbRgTGDyA6L20ie+RBLYs5/
zTOlDBPG5I8uRogXcw==
Received: from tomts34-srv.bellnexxia.net ([209.226.175.108]) by bay0-
pamc1-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 6 Apr 2008 10:24:41 -0700
Received: from toip15.srvr.bell.ca ([67.69.240.17])
by toip48.srvr.bell.ca with ESMTP; 06 Apr 2008 12:28:06 -0400
Received: from [MUNGED]
by toip15.srvr.bell.ca with ESMTP; 06 Apr 2008 12:28:03 -0400
Received: (qmail 30024 invoked by uid 110); 6 Apr 2008 12:28:03 -0400
Delivered-To: [MUNGED]
Received: (qmail 29905 invoked from network); 6 Apr 2008 12:28:02
-0400
Received: from 121.246.154.202.static.hyderabad.vsnl.net.in (HELO
server) (121.246.154.202)
by [MUNGED] with SMTP; 6 Apr 2008 12:28:02 -0400
X-Originating-IP: [12.79.9.92]
X-Originating-Email: [[MUNGED]]
X-Sender: [MUNGED]
Message-Id: <20080406145753.4401.qmail@server>
To: <[MUNGED]>
Subject: Brand Name Top Designer Shoes Boots and High Heels Gucci
Prada Chanel & More
From: <[MUNGED]>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Antivirus: avast! (VPS 0631-3, 08/04/2006), Outbound message
X-Antivirus-Status: Clean
Date: Sun, 6 Apr 2008 13:24:41 -0400
Return-Path: anita[#]millennium.ab.ca
X-OriginalArrivalTime: 06 Apr 2008 17:24:42.0161 (UTC)
FILETIME=[19997A10:01C8980B]
Ladies and Gentlemen, Get Ready for..
Thought I would let you know about the Fashion Footwear SPRING Sale!
Men and Women Designer Shoes, Heels, Sandals and Boots, All Half-OFF,
Buy Direct, Forget Department Store Prices, Get Exclusive 2008 Gucci
Prada Chanel, Christian Dior, Dsquared, Versace D&G, Uggs and More!
They Ship International for FREE on all Orders!
http://www.google.com/pagead/iclk?sa=l&ai=ymjjm&num=125003&adurl=http://shoes1wonder.com
Don't Waste any More Time
-- END OF SPAM --
Also More spammer sightings:
http://groups.google.com/groups/search?q=%22Diamond+Watches%22+group%3A*abuse&start=0&scoring=d&
See:
IP 121.246.154.202 121.246.154.202.static.hyderabad.vsnl.net.in
http://www.moensted.dk/spam/?addr=121.246.154.202
Much More vsnl.net.in sightings:
http://groups.google.com/groups/search?q=vsnl.net.in+group%3A*abuse*&qt_s=Search
inetnum: 121.240.0.0 - 121.247.255.255
netname: VSNL-IN
descr: Videsh Sanchar Nigam Ltd - India.
descr: Videsh Sanchar Bhawan, M.G. Road
descr: Fort, Bombay 400001
country: IN
route: 121.240.0.0/13
descr: Route for VSNL
origin: AS4755
mnt-by: MAINT-VSNL-AP
changed: ip.a...@vsnl.co.in
route: 121.246.0.0/15
descr: Pune GDC-VSNL Route Object
origin: AS4755
mnt-by: MAINT-VSNL-IN
changed: ip.a...@vsnl.co.in
route: 121.246.0.0/15
descr: Pune GDC Route Object
origin: AS4755
mnt-by: VSNL-MAINT-MCI
changed: gps...@giasbm01.vsnl.net.in
route: 121.240.0.0/13
descr: Route for VSNL
origin: AS4755
mnt-by: MAINT-VSNL-AP
changed: ip.a...@vsnl.co.in
See:
shoes1wonder.com IP 211.118.190.4
ns1.s4455.com IP 218.61.22.239
ns2.s4455.com IP 116.199.136.61
ns3.s4455.com IP 116.199.135.191
www.shoes1wonder.com has no MX records -> shoes1wonder.com has no MX
records
http://moensted.dk/spam/?addr=211.118.190.4
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=211.118.190.4
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL64135
inetnum: 211.118.0.0 - 211.118.255.255
netname: BORANET-NET-211-118
descr: DACOM Corp.
descr: Facility-based Telecommunication Service Provider
descr: providing Internet leased-ine, on-line service, BLL etc.
country: KR
inetnum: 211.118.0.0 - 211.119.255.255
netname: BORANET-KR
descr: LG DACOM Corporation
[ ISP Organization Information ]
Org Name : LG DACOM Corporation
Service Name : BORANET
Org Address : Seoul Gangnam-gu Yeoksam-dong
Org Detail Address: 706-1
[ ISP IPv4 Admin Contact Information ]
Name : IP Administrator
Phone : +82-2-2089-7755
E-Mail : shki...@chol.com
[ ISP IPv4 Tech Contact Information ]
Name : IP ADMIN
Phone : +82-2-2089-7755
E-mail : dka...@bora.net
[ ISP Network Abuse Contact Information ]
Name : Network Abuse
Phone : +82-2-2089-0101
E-mail : secu...@bora.net
route: 211.118.0.0/15
descr: contact n...@bora.net if necessary
contact whc...@bora.net if necessary
origin: AS3786
mnt-by: MAINT-AS3786
changed: ysj...@bora.net
route: 211.118.0.0/16
descr: contact n...@bora.net if necessary
origin: AS3786
mnt-by: MAINT-AS3786
changed: yunc...@bora.net
Let see whois.paycenter.com.cn:
Domain Name: shoes1wonder.com
Registrant:
liu bin
wu han huoche zhan
410214
Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com
Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Registration Date: 2008-04-03
Update Date: 2008-04-05
Expiration Date: 2009-04-03
Primary DNS: ns1.s4455.com 218.61.22.239
Secondary DNS: ns2.s4455.com 116.199.136.61
More shoes1wonder.com sightings:
http://groups.google.com/groups/search?q=shoes1wonder.com+group%3A*abuse*&qt_s=Search
SEE Also:
hostnames sharing ip with a-records
dayshoesnow1.com
spring08shoe.com
ALSO BY THE SAME SPAMMER:
02shoeyou.com, 08shoea.com, 08shoec.com, 18springshoes.com,
1cooshoe.com, 2008heelshoes.com,
2008shoeboot.com, asoftoke.com, bootshoe1.com,
bottesoft.com, chaatomastersoft.com,
checkshoe1.com, dayshoes1.com, eurocasinoafa.com,
onlinequickdegree.com, shoe1tad.com, shoec08.com,
shoeceleb23.com, shoecoo1.com, shoecoolio.com,
shoes2yous.com, shoes681.com, shoesceleb23.com,
shoescelebs21.com, shoeshos.com, shoetad1.com,
shoetoea.com, shoetos.com, shoewatches1.com,
shoey08.com, shoeyou1.com, shoeyou2.com,
springshoe18.com, thequalitymedsstore.com,
worldultimatecasino.com, wwwstarcasino.com,
youshoe19.com, youshoes2008.com, shoes1wonder.com,
dayshoesnow1.com, etc ...
See also More 21springshoe.com sightings:
http://groups.google.com/groups/search?q=21springshoe.com+group%3A*abuse*&qt_s=Search
See:
ns1.s4455.com IP 218.61.22.239
ns2.s4455.com IP 116.199.136.61
ns3.s4455.com IP 116.199.135.191
ns1.s4455.com has no MX records -> s4455.com has no MX records
http://moensted.dk/spam/?addr=218.61.22.239
http://dsbl.org/listing?218.61.22.239
Open Proxy - http://www.ahbl.org/lookup?ip=218.61.22.239
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL64136
inetnum: 218.60.0.0 - 218.61.255.255
netname: CNCGROUP-LN
country: CN
descr: CNCGROUP Liaoning province network
mntner: MAINT-CNCGROUP-LN
upd-to: men...@online.ln.cn
descr: CNC Liaoning
admin-c: TM626-AP
tech-c: TM626-AP
referral-by: APNIC-HM
auth: CRYPT-PW apvOim4K3mdkU
person: Tao Meng
nic-hdl: TM626-AP
e-mail: ji...@lntelecom.com
mntner: MAINT-CNCGROUP
mnt-nfy: dm...@publicf.bta.net.cn
changed: men...@online.ln.cn
person: Guangyu Zhan
changed: zha...@lntelecom.com
See:
ns2.s4455.com IP 116.199.136.61
http://moensted.dk/spam/?addr=116.199.136.61
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL62986
inetnum: 116.199.135.0 - 116.199.138.255
netname: Newspeed
descr: Shenzhen Newspeed Science and technology Development
Limited company
descr: Shenzhen Mt. Nanshan area Nanhai main road Jinhun
building B2612
country: CN
person: Yang Li
e-mail: Tiet...@k65.net
person: Yongchen Wang
e-mail: g...@21cn.com
changed: ip...@cnnic.cn
person: Yang Li
e-mail: QY...@126.com
person: Yong Li
address: Network Center
address: Heilongjiang University
address: XueFu Road 74
address: Harbin, China
phone: +86 451 6672259
fax-no: +86 451 6672259
e-mail: ji...@hkd.hrbust.edu.cn
nic-hdl: YL10-CN
notify: address-allo...@net.edu.cn
mnt-by: MAINT-NULL
changed: sz...@net.edu.cn
See:
ns3.s4455.com IP 116.199.135.191
http://moensted.dk/spam/?addr=116.199.135.191
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL63283
inetnum: 116.199.135.0 - 116.199.138.255
netname: Newspeed
Let see whois.paycenter.com.cn:
Domain Name:s4455.com
Registrant:
liu bin
wu han huoche zhan
410214
Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com
Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Registration Date: 2008-03-28
Update Date: 2008-03-28
Expiration Date: 2009-03-28
Primary DNS: ns1.s4455.com 218.61.22.239
Secondary DNS: ns2.s4455.com 116.199.136.61
More s4455.com sightings:
http://groups.google.com/groups/search?q=s4455.com+group%3A*abuse*&qt_s=Search
SEE ALSO:
Spammer's BOOKMARK SITE: http://www.celebshoes21.com/
www.celebshoes21.com IP 118.129.65.112 (OLD IP 118.129.65.92,
212.26.146.226)
ns1.talkns.com IP 116.199.136.61
ns2.talkns.com IP 58.253.71.79
ns3.talkns.com IP 116.199.135.191
www.celebshoes21.com has no MX records -> celebshoes21.com has no MX
records
http://moensted.dk/spam/?addr=118.129.65.112
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr=118.129.65.112
inetnum: 118.128.0.0 - 118.131.255.255
netname: BORANET
descr: LG DACOM Corporation
descr: 65-228,DACOM Bldg ,Hangangro 1ga Yongsangu, Seoul
Let see whois.paycenter.com.cn:
Domain Name: celebshoes21.com
Registrant:
liu bin
wu han huoche zhan
410214
Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
cncliup[]21cn.com
Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com
Registration Date: 2008-03-06
Update Date: 2008-03-06
Expiration Date: 2009-03-06
Primary DNS: ns1.talkns.com 116.199.136.61
Secondary DNS: ns2.talkns.com 218.61.22.239
More celebshoes21.com sightings
http://groups.google.com/groups/search?q=celebshoes21.com+group%3A*abuse*&qt_s=Search
See:
ns1.talkns.com IP 116.199.136.61
ns2.talkns.com IP 58.253.71.79
ns3.talkns.com IP 116.199.135.191
Let see whois.paycenter.com.cn:
Domain Name:talkns.com
Registrant:
liu haijun
wu han
321099
Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com
Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Registration Date: 2008-02-25
Update Date: 2008-03-06
Expiration Date: 2009-02-25
Primary DNS: ns1.talkns.com 116.199.136.61
Secondary DNS: ns2.talkns.com 218.61.22.239
More talkns.com sightings
http://groups.google.com/groups/search?q=talkns.com+group%3A*abuse*&qt_s=Search
SEE ORDER SITE:
www.designerscheckout.com IP 118.129.65.112
ns1.nodns2.com IP 116.199.138.24
ns2.nodns2.com IP 116.199.135.191
ns3.nodns2.com IP 116.199.136.61
www.designerscheckout.com has no MX records -> designerscheckout.com
has no MX records
Let see whois.paycenter.com.cn:
Domain Name: designerscheckout.com
Registrant:
liu bin
wu han huoche zhan
410214
Administrative Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecustomersupport[]gmail.com
Technical Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecus...@gmail.com
Billing Contact:
Liang
liu bin
wu han huoche zhan
wu han Beijing 410214
CN
tel: 101 2345678
fax: 101 2345678
prestigecus...@gmail.com
Registration Date: 2008-03-21
Update Date: 2008-03-21
Expiration Date: 2009-03-21
Primary DNS: ns1.nodns2.com 218.61.22.239
Secondary DNS: ns2.nodns2.com 116.199.135.191
See:
ns1.nodns2.com IP 116.199.138.24
ns2.nodns2.com IP 116.199.135.191
ns3.nodns2.com IP 116.199.136.61
Let see whois.paycenter.com.cn:
Domain Name: nodns2.com
Registrant:
liu haijun
wu han
321099
Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com
Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Registration Date: 2008-03-06
Update Date: 2008-03-25
Expiration Date: 2009-03-06
Primary DNS: ns1.nodns2.com 218.61.22.239
Secondary DNS: ns2.nodns2.com 116.199.135.191
See Much More Registrant cncliup[]21cn.com sightings:
http://groups.google.com/groups/search?q=cncliup%4021cn.com+group%3A*abuse*&qt_s=Search
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/d6f2455a26b9f6ef
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/f018f40fc3e699fe
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/e80c45c9f12ad548
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/