-----Original Message----- From: Steven Champeon [mailto:schampeo@hesketh.com] Sent: Monday, May 16, 2005 11:32 AM To: discuss@lists.surbl.org Subject: [SURBL-Discuss] yet another joe job
Please list the following domains:
dnbfbsqs.com SPAMMER ghtnsecn.com SPAMMER rumbumbale.com SPAMMER tnashbsv.com SPAMMER turuntale.com SPAMMER
All but one were already in uribl.com. I added the other ;)
Keep up the good fight Steven!
Can't really help not ;)
More domains just came in today:
aupd.com bnik.com c5t.net d3w.net da9.net ei7.net el9.net f5s.net g3r.net h64.net l73.net lzac.com mq5.net myyv.com nf0.net nlav.com pi11.com pq4.net pqer.com przc.com rgry.com t6i.net uosb.com vf9.net viags.com wlue.com xi4.net yi4.net ymil.com
Looks like a completely different spammer. :(
All DNS provided by:
nserver: ns1.dnsm.net 218.7.120.70 nserver: ns2.dnsm.net 218.7.120.70
And all domains registered to:
owner: Roelf Van der Brug email: admin@taiwanmedialtd.com address: Singel 2 address: Jordaan city: Amsterdam state: -- postal-code: 1015JT country: NL phone: +31 84 220 2586 admin-c: admin@taiwanmedialtd.com#0 tech-c: admin@taiwanmedialtd.com#0 billing-c: admin@taiwanmedialtd.com#0 nserver: ns1.dnsm.net 218.7.120.70 nserver: ns2.dnsm.net 218.7.120.70 created: 2005-04-21 14:11:39 UTC modified: 2005-05-09 10:20:38 UTC expires: 2006-04-21 10:11:39 UTC
-- hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com join us! http://hesketh.com/about/careers/account_manager.html join us! _______________________________________________ Discuss mailing list Discuss@lists.surbl.org http://lists.surbl.org/mailman/listinfo/discuss
All taiwantelco/taiwanmedialtd - also uses addresses in Turkey and telephone numbers in Pakistan. Look at the domain dnst. net for some historic data. Many new domains are registered on a "Bay Drive" in Beverley Hills - zipcodes 90210 and 90211 (no such street exists, except on the TV show, it did) and some in New York and a few other places.
There is some relationship, maybe shared customers. Some of their sites are hosted on the same machines as the multitrade group machines (see the spamhaus records on both).
BTW. The 2 Singel address is a boat slip with no tenant (also the proper postal code for the boat docks is 1013, not 1015). They just switched registrars after Joker marked almost all of their domains as "invalid address". See 900mg. com, aekb. com, b7x. com, cpko. com, dgko. com, and about a hundred more.
Paul Shupak track@plectere.com