Spam Alert
Full Report:  /VPXL_spam184182.html
Consumed following related reports:
[167253] http://03htt.com/
[184180] http://www.03htt.com/
[184181] http://www.03htt.com
IP Converted: 59.63.41.80
dword = 993995088
hex1 = 0x3b3f2950
hex2 = 0x3b.0x3f.0x29.0x50
oct = 073.077.051.0120
View CIDR AS4134 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4134
"4134 | CN | apnic | 2002-08-01 | CHINANET-BACKBONE No.31,Jin-rong Street"<br />
Extended information for AS4134:
State/Province:
Country: cn
Responsible Domain: chinanet.cn.net
Abuse Email: cncert@cert.org.cn
IP Converted: 124.236.241.91
dword = 2095903067
hex1 = 0x7cecf15b
hex2 = 0x7c.0xec.0xf1.0x5b
oct = 0174.0354.0361.0133
View CIDR AS17672 Report: http://www.cidr-report.org/cgi-bin/as-report?as=17672
"17672 | CN | apnic | 2002-11-18 | CHINATELECOM-HE-AS-AP asn for Hebei Provincial Net of CT"<br />
Extended information for AS17672:
State/Province:
Country: cn
Responsible Domain: chinanet.cn.net
Abuse Email: cncert@cert.org.cn
Changed status to confirmed spam.
Criminal Evidence
See the Spam Wiki entry at http://www.spamtrackers.eu/wiki/index.php?title=VPXL
or from China: http://www.spamtrackers.hk/wiki/index.php?title=VPXL
See the McAfee Site Advisor information at http://siteadvisor.com/sites/03htt.com where you will find a review pointing out the criminal use of this domain as a VPXL spam-brand site.
> 35 TECHNOLOGY CO., LTD (incl. lwloo@35.com,liveperson@35.cn)
REGISTRATION OF THE WEB SITE: 03htt.com
ACTION: To suspend this criminal site which breaks your terms of service, set the domain status to clientHold
> XIN NET TECHNOLOGY CORPORATION / SINO-I (incl. support and abuse@xinnet.com)
REGISTRATION OF THE NAME SERVERS
These name servers are registered by criminals to resolve only illegal web sites. This breaks your terms of service. You can safely suspend them:
ns1.ns-nnppss.com | 59.63.41.80 | N/A | Blacklisted | China | http://www.spamhaus.org/SBL/sbl.lasso?query=SBL65148 | http://www.spamhaus.org/query/bl?ip=59.63.41.80
ns2.ns-nnppss.com | 124.236.241.91 | N/A | Blacklisted | China | http://www.spamhaus.org/SBL/sbl.lasso?query=SBL65127 | http://www.spamhaus.org/query/bl?ip=124.236.241.91
ACTION: To suspend these name servers successfully, follow these steps.
1. set the ns Address records to a non-routable address, such as 127.0.0.1 or 61.61.61.61.
2. Set the domain status to clientUpdateProhibited, clientTransferProhibited, clientDeleteProhibited, and clientHold
> CHINANET-BACKBONE No.31,Jin-rong Street (incl. postmaster@public1.nc.jx.cn,anti-spam@ns.chinanet.cn.net)
IP ADDRESS OF HOST: 59.63.41.80
The IP address of this criminal site is within your allocated address space.
This IP address is currently linked with the following fraudulent, criminal-operated domains:
jg.poisuehba.com A 59.63.41.80
jwn.poisuehba.com A 59.63.41.80
daplenea.com A 59.63.41.80
pisirnea.com A 59.63.41.80
www.hirsutea.com A 59.63.41.80
ns2.ilmuspoia.com A 59.63.41.80
e.paeazia.com A 59.63.41.80
tdwbf.paeazia.com A 59.63.41.80
h.paeazia.com A 59.63.41.80
ki.paeazia.com A 59.63.41.80
k.paeazia.com A 59.63.41.80
o.paeazia.com A 59.63.41.80
fs.paeazia.com A 59.63.41.80
ksgmu.paeazia.com A 59.63.41.80
bznywu.paeazia.com A 59.63.41.80
v.paeazia.com A 59.63.41.80
zikw.paeazia.com A 59.63.41.80
penaurema.com A 59.63.41.80
www.posrgiena.com A 59.63.41.80
ns1.flickona.com A 59.63.41.80
www.gerioipa.com A 59.63.41.80
poisnebra.com A 59.63.41.80
ns1.kimabera.com A 59.63.41.80
www.pooslieira.com A 59.63.41.80
sirhienra.com A 59.63.41.80
www.cityerta.com A 59.63.41.80
ns1.heywiotta.com A 59.63.41.80
ns2.heywiotta.com A 59.63.41.80
ehnho.psoiraua.com A 59.63.41.80
y.psoiraua.com A 59.63.41.80
mueyrya.com A 59.63.41.80
lphldy.lipanec.com A 59.63.41.80
www.mixatec.com A 59.63.41.80
cosaryc.com A 59.63.41.80
fraentyc.com A 59.63.41.80
www.trismohae.com A 59.63.41.80
mienbeiae.com A 59.63.41.80
www.poiceiae.com A 59.63.41.80
mirleiae.com A 59.63.41.80
www.plickae.com A 59.63.41.80
www.forstae.com A 59.63.41.80
alleacce.com A 59.63.41.80
pappecce.com A 59.63.41.80
www.treande.com A 59.63.41.80
posirkaie.com A 59.63.41.80
www.jumpaie.com A 59.63.41.80
www.giankije.com A 59.63.41.80
slemake.com A 59.63.41.80
www.posirake.com A 59.63.41.80
www.fraicke.com A 59.63.41.80
lidaike.com A 59.63.41.80
www.pievale.com A 59.63.41.80
www.xianelle.com A 59.63.41.80
triaple.com A 59.63.41.80
www.fideame.com A 59.63.41.80
ns2.wereane.com A 59.63.41.80
poirceiane.com A 59.63.41.80
oisiane.com A 59.63.41.80
www.posirane.com A 59.63.41.80
www.plizane.com A 59.63.41.80
laipene.com A 59.63.41.80
www.eplahne.com A 59.63.41.80
www.ilixine.com A 59.63.41.80
laplenne.com A 59.63.41.80
www.viasione.com A 59.63.41.80
www.kristanoe.com A 59.63.41.80
crosape.com A 59.63.41.80
www.mivappe.com A 59.63.41.80
www.ocoekare.com A 59.63.41.80
www.plianre.com A 59.63.41.80
ns1.infinity-secure.com A 59.63.41.80
ns2.infinity-secure.com A 59.63.41.80
www.infinity-secure.com A 59.63.41.80
www.swarkise.com A 59.63.41.80
ns1.druitnise.com A 59.63.41.80
ns1.herieapse.com A 59.63.41.80
www.stipillate.com A 59.63.41.80
www.smarholate.com A 59.63.41.80
www.mixaete.com A 59.63.41.80
www.graoiste.com A 59.63.41.80
www.waonste.com A 59.63.41.80
www.jumpste.com A 59.63.41.80
www.miyette.com A 59.63.41.80
www.nubejaue.com A 59.63.41.80
www.oisuiraue.com A 59.63.41.80
nuritaue.com A 59.63.41.80
posimucue.com A 59.63.41.80
www.posekiue.com A 59.63.41.80
www.grahuive.com A 59.63.41.80
www.powarve.com A 59.63.41.80
ns2.pijaixe.com A 59.63.41.80
www.chanmfef.com A 59.63.41.80
www.posorlag.com A 59.63.41.80
nivirag.com A 59.63.41.80
www.nceaoeg.com A 59.63.41.80
www.oisneig.com A 59.63.41.80
www.oosiroig.com A 59.63.41.80
www.psoroalg.com A 59.63.41.80
www.posoralg.com A 59.63.41.80
novieal.com A 59.63.41.80
oisirnao.com A 59.63.41.80
owabeugeo.com A 59.63.41.80
risaeno.com A 59.63.41.80
psoruids.com A 59.63.41.80
flitonies.com A 59.63.41.80
mipoets.com A 59.63.41.80
ACTION: Black-hole the route to this address to prevent further criminal activity
> CHINATELECOM-HE-AS-AP asn for Hebei Provincial Net of CT (incl. hostmaster@hbtele.com,postmaster@hbtele.com,anti-spam@ns.chinanet.cn.net)
IP ADDRESS OF NAMESERVER (ns2.ns-nnppss.com): 124.236.241.91
The IP address of this criminal nameserver is within your allocated address space.
This IP address is currently linked with the following fraudulent, criminal-operated domains:
www.traplica.com A 124.236.241.91
www.oisurgea.com A 124.236.241.91
www.rieakgiea.com A 124.236.241.91
www.pirjioea.com A 124.236.241.91
www.miusshrea.com A 124.236.241.91
ns2.henebsea.com A 124.236.241.91
porlisea.com A 124.236.241.91
www.posortea.com A 124.236.241.91
www.burrheaha.com A 124.236.241.91
www.pposiria.com A 124.236.241.91
www.flicketia.com A 124.236.241.91
posirla.com A 124.236.241.91
www.liavema.com A 124.236.241.91
www.likkena.com A 124.236.241.91
www.liawena.com A 124.236.241.91
flaexina.com A 124.236.241.91
www.micueagoa.com A 124.236.241.91
www.pooslieira.com A 124.236.241.91
www.leaimeta.com A 124.236.241.91
oucmerb.com A 124.236.241.91
www.growthsuperb.com A 124.236.241.91
ousyrb.com A 124.236.241.91
www.noderac.com A 124.236.241.91
www.quwaecc.com A 124.236.241.91
praxecc.com A 124.236.241.91
www.driplicc.com A 124.236.241.91
ns1.faneanic.com A 124.236.241.91
ns2.faneanic.com A 124.236.241.91
www.satewic.com A 124.236.241.91
www.loaphenc.com A 124.236.241.91
www.toarenc.com A 124.236.241.91
mjpphf.cramonasc.com A 124.236.241.91
j.cramonasc.com A 124.236.241.91
www.franeyc.com A 124.236.241.91
almbabed.com A 124.236.241.91
www.kissated.com A 124.236.241.91
www.xoloplod.com A 124.236.241.91
www.poiceiae.com A 124.236.241.91
www.brauxae.com A 124.236.241.91
www.plaenbe.com A 124.236.241.91
www.stilonbe.com A 124.236.241.91
jisbface.com A 124.236.241.91
www.limzarde.com A 124.236.241.91
beusigee.com A 124.236.241.91
klianee.com A 124.236.241.91
biajege.com A 124.236.241.91
www.ppalehe.com A 124.236.241.91
www.kosathe.com A 124.236.241.91
www.raplethe.com A 124.236.241.91
www.ripalthe.com A 124.236.241.91
www.naeosthe.com A 124.236.241.91
www.wokiuhe.com A 124.236.241.91
www.poslpoaie.com A 124.236.241.91
www.unhillie.com A 124.236.241.91
micuesie.com A 124.236.241.91
www.posirake.com A 124.236.241.91
satenke.com A 124.236.241.91
www.cimpale.com A 124.236.241.91
www.kripele.com A 124.236.241.91
www.foarelle.com A 124.236.241.91
www.kratelle.com A 124.236.241.91
www.posiraole.com A 124.236.241.91
www.criample.com A 124.236.241.91
noeparle.com A 124.236.241.91
plisame.com A 124.236.241.91
www.planemme.com A 124.236.241.91
www.cosetmme.com A 124.236.241.91
jullane.com A 124.236.241.91
www.icyarane.com A 124.236.241.91
www.posirane.com A 124.236.241.91
www.plaibne.com A 124.236.241.91
www.brinaene.com A 124.236.241.91
www.kaoaene.com A 124.236.241.91
www.icayreene.com A 124.236.241.91
www.praiene.com A 124.236.241.91
www.kealene.com A 124.236.241.91
www.dapoene.com A 124.236.241.91
www.jmapene.com A 124.236.241.91
www.breqene.com A 124.236.241.91
www.cosatene.com A 124.236.241.91
www.ualtene.com A 124.236.241.91
posirgne.com A 124.236.241.91
www.jumpaine.com A 124.236.241.91
www.swartuine.com A 124.236.241.91
www.plaienne.com A 124.236.241.91
www.alkenne.com A 124.236.241.91
www.doasenne.com A 124.236.241.91
www.iujuenne.com A 124.236.241.91
www.stavenne.com A 124.236.241.91
kcltyn.vinuthoe.com A 124.236.241.91
www.huntoioe.com A 124.236.241.91
www.mijalpe.com A 124.236.241.91
www.lameppe.com A 124.236.241.91
www.poceiarpe.com A 124.236.241.91
www.ocoekare.com A 124.236.241.91
www.laipere.com A 124.236.241.91
www.pkalhre.com A 124.236.241.91
ns2.fissaure.com A 124.236.241.91
ns1.infinity-secure.com A 124.236.241.91
ns2.infinity-secure.com A 124.236.241.91
www.nijuyese.com A 124.236.241.91
byrueaog.com A 124.236.241.91
planeutt.com A 124.236.241.91
ACTION: Black-hole the route to this address to prevent further criminal activity
The criminality of these domain names can be verified using the following SiteAdvisor link format, http://www.siteadvisor.com/lookup/?q=domainname.tld
> China CERT
The IP addresses currently being used to service this domain as a webserver, as well as a nameserver are part of a large spam-brand. The VPXL spam-brand is illegally-operated and well-known for operating using fast-flux botnets, hijacked hosts and other network infrastructures. The IP addresses currently being used by this spam-gang are within your jurisdiction.
ACTION: Please take proper measures to ensure all systems behind 124.236.241.91 and 59.63.41.80 are properly cleaned of all malware, spyware, proper operating system updates are put in place, and then all passwords are changed to be more secure.
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
