ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Chen Yu (AKA Sprincy)

Evidence Menu:

Chen Yu (AKA Sprincy) Index


Country: China
State: Jiangsu
Changshu-based Chen Yu (陈宇) mostly sends digital image retouching and refinishing ("Photo Retouching Services", "Video Editing", etc) spam, but "Application Development" and Textile products spam have also been observed, and some mailings directly advertise spamming services.

Before July 2014 (and since at least Spring 2010) he operated without Internet assets of his own except dropboxes, relying on throwaway webmail accounts, open proxies and open relay sending sources. He hijacked several thousand servers all over the world to have his spam delivered, becoming one of the most serious problem on the Internet and inflicting massive costs to thousands of companies across the world.

After July 2014 he switched to a standard snowshoe distribution method and started to purchase low-cost VPSes from ISPs across the world.


Chen Yu (AKA Sprincy) SBL Listings History
Current SBL Listings
Archived SBL Listings

Comparison: raw Base64 spam vs. rendered ASCII version


First, here's the raw spam with GB2312 charset Subject and Base64 encoded message:
________________________________________________________________________________

Return-Path: <shizaibunanyauanan206@msn.com>
Received: from puremessagevirtual.btac.nsw.edu.au (mail.btac.nsw.edu.au. [165.228.191.174])
by x with ESMTP id bs5si6187830pab.53.2013.07.17.17.30.59
for <x>;
Wed, 17 Jul 2013 17:31:00 -0700 (PDT)
Received: from PC-20121219NOIX (unknown [192.168.10.1])
by puremessagevirtual.btac.nsw.edu.au (Sophos Email Appliance) with ESMTP id A197D6D71C_1E6C457F;
Wed, 17 Jul 2013 16:20:38 +0000 (GMT)
Date: Thu, 18 Jul 2013 00:24:18 +0800
From: "Rick" <shizaibunanyauanan206@msn.com>
To: "x" <x>
Reply-To: <deimagework@163.com>
Subject: =?GB2312?B?UGhvdG8gUmV0b3VjaGluZyBTZXJ2aWNlcw==?=
=?GB2312?B?IC0gUGhvdG8gQ3V0IE91dCAtIFBob3RvIA==?=
=?GB2312?B?RWRpdGluZw==?=
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Type: text/plain;
charset="GB2312"
Content-Transfer-Encoding: base64
Content-Disposition: inline
Message-Id: <20130717162039.A197D6D71C_1E6C457F@puremessagevirtual.btac.nsw.edu.au>

SGksDQoNCldlIGFyZSBvbmUgb2YgdGhlIGJlc3QgZGlnaXRhbCBpbWFnZXMgcmV0b3VjaGluZy9l
ZGl0aW5nIHByb2Zlc3Npb25hbHMgbG9jYXRlZCBpbiBDaGluYS4gV2UgcHJvdmlkZSBhbGwga2lu
ZHMgb2YgaW1hZ2UgZWRpdGluZyBzb2x1dGlvbnMgdG8gZGlmZmVyZW50IGNvbXBhbmllcyBhbGwg
b3ZlciB0aGUgd29ybGQuDQoNCldlIHByb3ZpZGUgYmVzdCBxdWFsaXR5IHNlcnZpY2UgaW4gYmVz
dCBwcmljZS4NCg0KT3VyIGltYWdlIGVkaXRpbmcgc2VydmljZXMgYXJlOiAtDQoNCiAuIEN1dCBv
dXQvbWFza2luZywgY2xpcHBpbmcgcGF0aCwgZGVlcCBldGNoaW5nLCB0cmFuc3BhcmVudCBiYWNr
Z3JvdW5kDQogLiBEdXN0IGNsZWFuaW5nLCBzcG90IGNsZWFuaW5nDQogLiBDb2xvdXIgY29ycmVj
dGlvbiwgYmxhY2sgYW5kIHdoaXRlLCBsaWdodCBhbmQgc2hhZG93cyBldGMuDQogLiBCZWF1dHkg
cmV0b3VjaGluZywgc2tpbiByZXRvdWNoaW5nLCBmYWNlIHJldG91Y2hpbmcsIGJvZHkgcmV0b3Vj
aGluZw0KIC4gRmFzaGlvbi9CZWF1dHkgSW1hZ2UgUmV0b3VjaGluZw0KIC4gUHJvZHVjdCBpbWFn
ZSBSZXRvdWNoaW5nDQogLiBKZXdlbGxlcnkgaW1hZ2UgUmV0b3VjaGluZw0KIC4gUmVhbCBlc3Rh
dGUgaW1hZ2UgUmV0b3VjaGluZw0KIC4gUG9ydHJhaXQgaW1hZ2UgUmV0b3VjaGluZw0KIC4gUmVz
dG9yYXRpb24gYW5kIHJlcGFpciBvbGQgaW1hZ2VzDQogLiBXZWRkaW5nICYgRXZlbnQgQWxidW0g
RGVzaWduLg0KIC4gVmVjdG9yIENvbnZlcnNpb24NCg0KWW91IGNhbiB0cnkgdXMgYnkgc2VuZGlu
ZyBhIHNhbXBsZSBpbWFnZSBmb3IgZnJlZSB0ZXN0IHRvIGp1ZGdlIG91ciBxdWFsaXR5IHdvcmsu
DQoNCldlIGFyZSB3YWl0aW5nIGZvciB5b3VyIHJlcGx5Lg0KDQpUaGFua3MgJiBSZWdhcmRzLA0K
Umljaw0KUm9uZHJ1YW5pbiBJbWFnaW5nIFByb2Zlc3Npb25hbHMNCkNvbnRhY3Q6IHBob3RvY29u
dGFjdEAxMjYuY29tDQoNCg0KDQoNCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0tLS0tLS0tLS0tLS0NCg0KVGhpcyBlLW1haWwgKGFuZCBhbnkgYXR0YWNobWVudHMpIGlzIGNv
bmZpZGVudGlhbCBhbmQgbWF5IGNvbnRhaW4NCnBlcnNvbmFsIHZpZXdzIHdoaWNoIGFyZSBub3Qg
dGhlIHZpZXdzIG9mIHVzLiB1bmxlc3Mgc3BlY2lmaWNhbGx5IHN0YXRlZC4gSWYgeW91IGhhdmUg
cmVjZWl2ZWQNCml0IGluIGVycm9yLCBwbGVhc2UgZGVsZXRlIGl0IGZyb20geW91ciBzeXN0ZW0s
IGRvIG5vdCB1c2UsIGNvcHkgb3INCmRpc2Nsb3NlIHRoZSBpbmZvcm1hdGlvbiBpbiBhbnkgd2F5
IG5vciBhY3QgaW4gcmVsaWFuY2Ugb24gaXQgYW5kDQpub3RpZnkgdGhlIHNlbmRlciBpbW1lZGlh
dGVseS4NCg0KVU5TVUJTQ1JJQkUgSU5TVFJVQ1RJT05TDQpJZiB5b3UgZG8gbm90IHdpc2ggdG8g
cmVjZWl2ZSBvdXIgbmV3c2xldHRlciwgcGxzIHNlbmQgYWRkcmVzcyB0byBpbXJlbW92ZUB5ZWFo
Lm5ldCBmb3IgcmVtb3ZlLg0KQmVmb3JlIHByaW50aW5nIHRoaW5rIGFib3V0IHRoZSBFbnZpcm9u
bWVudC4NCg0KCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAg
CuKAnFRoaXMgZW1haWwgaXMgaW50ZW5kZWQgZm9yIHRoZSBuYW1lZCByZWNpcGllbnRzIG9ubHku
IEl0IG1heSBjb250YWluIGNvcHlyaWdodCBwcm90ZWN0ZWQsIHByaXZpbGVnZWQgYW5kL29yIGNv
bmZpZGVudGlhbCBpbmZvcm1hdGlvbi4gTmFtZWQgcmVjaXBpZW50cyBtYXkgb25seSBjb21tdW5p
Y2F0ZSB0aGlzIG1lc3NhZ2UgdG8gdGhpcmQgcGFydGllcyBpZiBhdXRob3Jpc2VkIHRvIGRvIHNv
LiBJZiB5b3UgYXJlIG5vdCB0aGUgaW50ZW5kZWQgcmVjaXBpZW50IG9mIHRoaXMgY29tbXVuaWNh
dGlvbiBwbGVhc2UgZGVsZXRlIGFsbCBjb3BpZXMgYW5kIGtpbmRseSBub3RpZnkgdGhlIHNlbmRl
ciBieSByZXBseSBlbWFpbCBvciB0ZWxlcGhvbmUgQmlzaG9wIFR5cnJlbGwgQW5nbGljYW4gQ29s
bGVnZSBvbiAwMiA0OTc5IDg0ODQuIFRoZSB2aWV3cyBleHByZXNzZWQgYXJlIHRob3NlIG9mIHRo
ZSBpbmRpdmlkdWFsIHNlbmRlciwgYW5kIG5vdCBuZWNlc3NhcmlseSB0aG9zZSBvZiBCaXNob3Ag
VHlycmVsbCBBbmdsaWNhbiBDb2xsZWdlLiBJdCBpcyB5b3VyIHJlc3BvbnNpYmlsaXR5IHRvIGVu
c3VyZSB0aGF0IHRoaXMgbWVzc2FnZSBhbmQgYW55IGF0dGFjaG1lbnRzIGFyZSBzY2FubmVkIGZv
ciB2aXJ1c2VzLuKAnQrvv7wKVGhpcyBtZXNzYWdlIGhhcyBiZWVuIHNjYW5uZWQgYnkgU29waG9z
IFB1cmUgTWVzc2FnZSBmb3IgVmlydXMgYW5kIFNwYW0uCgo=
________________________________________________________________________________


Now, here is what that gobbledygook looks like when transformed into ASCII text by a mail client:

________________________________________________________________________________

Return-Path: <shizaibunanyauanan206@msn.com>
Received: from puremessagevirtual.btac.nsw.edu.au (mail.btac.nsw.edu.au. [165.228.191.174])
by x with ESMTP id bs5si6187830pab.53.2013.07.17.17.30.59
for <x>;
Wed, 17 Jul 2013 17:31:00 -0700 (PDT)
Received: from puremessagevirtual.btac.nsw.edu.au (localhost.localdomain [127.0.0.1])
by localhost (Email Security Appliance) with SMTP id 2A5596D1B7_1E7366EB;
Thu, 18 Jul 2013 00:27:26 +0000 (GMT)
Received: from PC-20121219NOIX (unknown [192.168.10.1])
by puremessagevirtual.btac.nsw.edu.au (Sophos Email Appliance) with ESMTP id A197D6D71C_1E6C457F;
Wed, 17 Jul 2013 16:20:38 +0000 (GMT)
Date: Thu, 18 Jul 2013 00:24:18 +0800
From: "Rick" <shizaibunanyauanan206@msn.com>
To: "x" <x>
Reply-To: <deimagework@163.com>
Subject: Photo Retouching Services - Photo Cut Out - Photo Editing
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Content-Type: text/plain;
charset="GB2312"
Content-Transfer-Encoding: base64
Content-Disposition: inline
Message-Id: <20130717162039.A197D6D71C_1E6C457F@puremessagevirtual.btac.nsw.edu.au>

Hi,

We are one of the best digital images retouching/editing professionals located in China. We provide all kinds of image editing solutions to different companies all over the world.

We provide best quality service in best price.

Our image editing services are: -

. Cut out/masking, clipping path, deep etching, transparent background
. Dust cleaning, spot cleaning
. Colour correction, black and white, light and shadows etc.
. Beauty retouching, skin retouching, face retouching, body retouching
. Fashion/Beauty Image Retouching
. Product image Retouching
. Jewellery image Retouching
. Real estate image Retouching
. Portrait image Retouching
. Restoration and repair old images
. Wedding & Event Album Design.
. Vector Conversion

You can try us by sending a sample image for free test to judge our quality work.

We are waiting for your reply.

Thanks & Regards,
Rick
Rondruanin Imaging Professionals
Contact: photocontact@126.com




-------------------------------------------------

This e-mail (and any attachments) is confidential and may contain
personal views which are not the views of us. unless specifically stated. If you have received
it in error, please delete it from your system, do not use, copy or
disclose the information in any way nor act in reliance on it and
notify the sender immediately.

UNSUBSCRIBE INSTRUCTIONS
If you do not wish to receive our newsletter, pls send address to imremove@yeah.net for remove.
Before printing think about the Environment.


???This email is intended for the named recipients only. It may contain copyright protected, privileged and/or confidential information. Named recipients may only communicate this message to third parties if authorised to do so. If you are not the intended recipient of this communication please delete all copies and kindly notify the sender by reply email or telephone Bishop Tyrrell Anglican College on 02 4979 8484. The views expressed are those of the individual sender, and not necessarily those of Bishop Tyrrell Anglican College. It is your responsibility to ensure that this message and any attachments are scanned for viruses.???
???
This message has been scanned by Sophos Pure Message for Virus and Spam.

________________________________________________________________________________


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK10010/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy