-----Original Message----- From: Steven Champeon [mailto:schampeo@hesketh.com] Sent: Monday, May 16, 2005 11:32 AM To: discuss@lists.surbl.org Subject: [SURBL-Discuss] yet another joe job
Please list the following domains:
dnbfbsqs.com SPAMMER ghtnsecn.com SPAMMER rumbumbale.com SPAMMER tnashbsv.com SPAMMER turuntale.com SPAMMER
All but one were already in uribl.com. I added the other ;)
Keep up the good fight Steven!
--Chris
on Mon, May 16, 2005 at 12:19:38PM -0400, Chris Santerre wrote:
-----Original Message----- From: Steven Champeon [mailto:schampeo@hesketh.com] Sent: Monday, May 16, 2005 11:32 AM To: discuss@lists.surbl.org Subject: [SURBL-Discuss] yet another joe job
Please list the following domains:
dnbfbsqs.com SPAMMER ghtnsecn.com SPAMMER rumbumbale.com SPAMMER tnashbsv.com SPAMMER turuntale.com SPAMMER
All but one were already in uribl.com. I added the other ;)
Keep up the good fight Steven!
Can't really help not ;)
More domains just came in today:
aupd.com bnik.com c5t.net d3w.net da9.net ei7.net el9.net f5s.net g3r.net h64.net l73.net lzac.com mq5.net myyv.com nf0.net nlav.com pi11.com pq4.net pqer.com przc.com rgry.com t6i.net uosb.com vf9.net viags.com wlue.com xi4.net yi4.net ymil.com
Looks like a completely different spammer. :(
All DNS provided by:
nserver: ns1.dnsm.net 218.7.120.70 nserver: ns2.dnsm.net 218.7.120.70
And all domains registered to:
owner: Roelf Van der Brug email: admin@taiwanmedialtd.com address: Singel 2 address: Jordaan city: Amsterdam state: -- postal-code: 1015JT country: NL phone: +31 84 220 2586 admin-c: admin@taiwanmedialtd.com#0 tech-c: admin@taiwanmedialtd.com#0 billing-c: admin@taiwanmedialtd.com#0 nserver: ns1.dnsm.net 218.7.120.70 nserver: ns2.dnsm.net 218.7.120.70 created: 2005-04-21 14:11:39 UTC modified: 2005-05-09 10:20:38 UTC expires: 2006-04-21 10:11:39 UTC
on Mon, May 16, 2005 at 06:03:10PM -0400, Steven Champeon wrote:
More domains just came in today:
Also from Roelf:
mfek.com wv6.net
And this one, which is possibly related but registered via nameboy:
xans.net
Registrant Name : Mohammad Khan Registrant Street1 : Kizilelma Caddesi No: 62 Registrant Street2 : Findikzade Registrant City : Istanbul Registrant State/Province : Istanbul Registrant Postal Code : IB Registrant Country : TR
Same DNS servers, though.
on Mon, May 16, 2005 at 06:14:54PM -0400, Steven Champeon wrote:
on Mon, May 16, 2005 at 06:03:10PM -0400, Steven Champeon wrote:
More domains just came in today:
Also from Roelf:
nf0.net
I'll keep feeding domains to you as they come in; I really want to see this guy suffer. :/
on Mon, May 16, 2005 at 06:27:57PM -0400, Steven Champeon wrote:
on Mon, May 16, 2005 at 06:14:54PM -0400, Steven Champeon wrote:
on Mon, May 16, 2005 at 06:03:10PM -0400, Steven Champeon wrote:
More domains just came in today:
Also from Roelf:
ik4.net
Also, the spam URLs redirect to simple-meds.com and online-replica-store.com
on Mon, May 16, 2005 at 06:40:35PM -0400, Steven Champeon wrote:
on Mon, May 16, 2005 at 06:27:57PM -0400, Steven Champeon wrote:
on Mon, May 16, 2005 at 06:14:54PM -0400, Steven Champeon wrote:
on Mon, May 16, 2005 at 06:03:10PM -0400, Steven Champeon wrote:
More domains just came in today:
Also from Roelf:
ibtz.com jubr.com s0ma.com ut6.net val10.com
On Monday, May 16, 2005, 5:19:38 PM, Steven Champeon wrote:
on Mon, May 16, 2005 at 06:40:35PM -0400, Steven Champeon wrote:
on Mon, May 16, 2005 at 06:27:57PM -0400, Steven Champeon wrote:
on Mon, May 16, 2005 at 06:14:54PM -0400, Steven Champeon wrote:
on Mon, May 16, 2005 at 06:03:10PM -0400, Steven Champeon wrote:
More domains just came in today:
Also from Roelf:
Hi Steven, All 42 you mentioned were already listed on various SURBLs. I've added them manually to WS also, so there's on there until we say otherwise:
aupd.com bnik.com c5t.net d3w.net da9.net dnbfbsqs.com ei7.net el9.net f5s.net g3r.net ghtnsecn.com h64.net ibtz.com ik4.net jubr.com l73.net lzac.com mfek.com mq5.net myyv.com nf0.net nlav.com pi11.com pq4.net pqer.com przc.com rgry.com rumbumbale.com s0ma.com t6i.net tnashbsv.com turuntale.com uosb.com ut6.net val10.com vf9.net viags.com wlue.com wv6.net xi4.net yi4.net ymil.com
Jeff C. -- Don't harm innocent bystanders.
Hi!
przc.com rgry.com t6i.net uosb.com vf9.net viags.com wlue.com xi4.net yi4.net ymil.com
Looks like a completely different spammer. :(
All DNS provided by:
nserver: ns1.dnsm.net 218.7.120.70 nserver: ns2.dnsm.net 218.7.120.70
And all domains registered to:
owner: Roelf Van der Brug email: admin@taiwanmedialtd.com address: Singel 2 address: Jordaan city: Amsterdam state: -- postal-code: 1015JT country: NL phone: +31 84 220 2586
We have seen fake registrations before, and this also fits there. Amsterdam is 020. not 084. The PO code fits Amsterdam however.
domain: taiwanmedialtd.com status: lock owner: Mohammad Khan email: admin@taiwanmedialtd.com address: Kizilelma Caddesi No address: Findikzade city: Istanbul
Funny, we have seen that also before.
Bye, Raymond.
-
Chris Santerre -
Jeff Chan -
Raymond Dijkxhoorn -
Steven Champeon