ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Dedicated Professionals / Curtis Tyree / Kayleigh McSwain

Evidence Menu:

Dedicated Professionals / Curtis Tyree / Kayleigh McSwain Index


Country: United States of America
State: FL
Serial netblock hijacking operation out of Jacksonville, Florida. Works under the guise of several "legitimate" hosts, which are then used to announce hijacked netblocks for sending illegal spam. When caught, simply blames everything on fictitious customers.


Dedicated Professionals / Curtis Tyree / Kayleigh McSwain SBL Listings History
Current SBL Listings
Archived SBL Listings

Connections to Adconion Direct / Sasha Treviso / Blue Crush Technologies


Feds Allege Adconion Employees Hijacked IP Addresses for Spamming

https://krebsonsecurity.com/2019/09/feds-allege-adconion-employees-hijacked-ip-addresses-for-spamming/

--------------------------------------------------------------------------------

The owners of (Dedicated Professionals / Nodes Direct / Server Complete) have repeatedly denied any connection to Adconion Direct, and blamed all the illegal hijacking on fake customers.

Here is some of the proof of the connections between the companies.

For the ranges that were being hijacked, they could not control the delegated nameservers or reverse DNS. However, Dedicated Professionals also registered their own range which did allow them to delegate nameservers:

--------------------------------------------------------------------------------

NetRange: 216.30.144.0 - 216.30.159.255
CIDR: 216.30.144.0/20
NetName: DEDIPRO
NetHandle: NET-216-30-144-0-1
Parent: NET216 (NET-216-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS26044
Organization: Dedicated Professionals, LLC (DPL-79)
RegDate: 2012-12-04
Updated: 2012-12-04
Ref: http://whois.arin.net/rest/net/NET-216-30-144-0-1

OrgName: Dedicated Professionals, LLC
OrgId: DPL-79
Address: 1650 Margaret St.
Address: Suite 302-351
City: Jacksonville
StateProv: FL
PostalCode: 32204
Country: US
RegDate: 2012-11-01
Updated: 2013-02-20
Ref: http://whois.arin.net/rest/org/DPL-79

OrgNOCHandle: DEDIP-ARIN
OrgNOCName: DediPro NOC
OrgNOCPhone: +1-855-246-3334
OrgNOCEmail: noc@dedipros.com
OrgNOCRef: http://whois.arin.net/rest/poc/DEDIP-ARIN

OrgAbuseHandle: DEDIP-ARIN
OrgAbuseName: DediPro NOC
OrgAbusePhone: +1-855-246-3334
OrgAbuseEmail: noc@dedipros.com
OrgAbuseRef: http://whois.arin.net/rest/poc/DEDIP-ARIN

OrgTechHandle: DEDIP-ARIN
OrgTechName: DediPro NOC
OrgTechPhone: +1-855-246-3334
OrgTechEmail: noc@dedipros.com
OrgTechRef: http://whois.arin.net/rest/poc/DEDIP-ARIN

--------------------------------------------------------------------------------

The delegated nameservers for the 216.30.144.0/20 range were:

ns1.dediprons.com
ns2.dediprons.com

--------------------------------------------------------------------------------

Let's take a look at the IP address used for these nameservers and look at any other hostnames that share the same IPs:

ns1.dediprons.com A 193.183.120.120
ns1.fartherhut.com A 193.183.120.120

ns2.dediprons.com A 193.183.120.121
ns2.fartherhut.com A 193.183.120.121

These IP addresses are at InternetVikings, a Swedish ISP also tied to many illegal hijackings.

--------------------------------------------------------------------------------

Who is fartherhut.com registered to?

Domain Name: FARTHERHUT.COM
Registry Registrant ID:
Registrant Name: DOMAIN ADMIN
Registrant Organization: DOMAINADVISORTECH.COM
Registrant Street: PO BOX 660675 #72085
Registrant City: DALLAS
Registrant State/Province: TX
Registrant Postal Code: 75266-0675
Registrant Country: US
Registrant Phone: +1.8179778296
Registrant Email: INFO@DOMAINADVISORTECH.COM

--------------------------------------------------------------------------------

What is DOMAINADVISORTECH.COM? It's a trade name registered in Delaware:

---

County New Castle
Status Terminated
Trade Name DOMAINADVISORTECH.COM
File Number 572258
Formation Date 06/14/2013
Filed Date 09/04/2013
Parent Company CPH RESOURCES, LLC

--------------------------------------------------------------------------------

What is CPH RESOURCES, LLC?

It's a corporation in Wyoming, set up by Adconion Direct's registered agent, Linda Goodman.

---

Name CPH Resources, LLC
Filing ID 2013-000644944
Type Limited Liability Company - Domestic
Status Inactive - Dissolved
Sub Status Archived
Initial Filing 06/07/2013
Standing - Tax Good
Standing - RA Delinquent
Standing - Other Good
Inactive Date 10/23/2017
Term of Duration Perpetual
Formed In Wyoming

Principal Office
711 S. Carson St Ste 4
Carson City, NV 89701
USA

Mailing Address
711 S. Carson St Ste 4
Carson City, NV 89701
USA

---

Adconion Direct's 2013 financial report (page 34) confirms that CPH Resources, LLC is a "Digital Media" subsidiary 100% owned by Adconion Direct. The annual reports for CPH Resources, LLC were filed by:

2014 - Linda Goodman (The Goodman Law Firm)

2015 - Linda Goodman (The Goodman Law Firm)

2016 - Linda Goodman (The Goodman Law Firm)

2017 - Stephen Bruce Lindholm (Amobee)

--------------------------------------------------------------------------------

Now let's go back and take a look at "dediprons.com" and other similar nameservers registered to the Dedicated Professionals PO box address in Jacksonville:

Domain Name: DEDIPRONS.COM
Updated Date: 2014-04-19T07:45:03-05:00
Creation Date: 2013-04-18T20:19:45-05:00
Registrant Name: Domain Manager
Registrant Organization: CNIC
Registrant Street: 1650 Margaret St. Suite 302-35
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32204
Registrant Country: US
Registrant Phone: +1.8552463334
Registrant Email: contact@126.com

Domain servers in listed order:
NS1.DEDIPRONS.COM 193.183.120.120
NS2.DEDIPRONS.COM 193.183.120.121

---

Domain Name: CNICDNS.COM
Updated Date: -001-11-30T00:00:00-06:00
Creation Date: 2013-09-18T21:35:09-05:00
Registrant Name: Domain Manager
Registrant Organization: CNIC
Registrant Street: 1650 Margaret St. Suite 302-35
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32204
Registrant Country: US
Registrant Phone: 1-855-246-3334
Registrant Email: contact@126.com

---

Domain Name: CNISPDNS.COM
Updated Date: 2014-02-13T20:08:14-06:00
Creation Date: 2014-02-13T20:08:13-06:00
Registrant Name: Domain Manager
Registrant Organization: CNIC
Registrant Street: 1650 Margaret St. Suite 302-35
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32204
Registrant Country: US
Registrant Phone: 1-855-246-3334
Registrant Email: contact@126.com

---

Domain Name: KKNETDNS.COM
Updated Date: 2013-11-21T22:36:16-06:00
Creation Date: 2013-11-21T22:36:10-06:00
Registrant Name: Domain Manager
Registrant Organization: CNIC
Registrant Street: 1650 Margaret St. Suite 302-35
Registrant City: Jacksonville
Registrant State/Province: FL
Registrant Postal Code: 32204
Registrant Country: US
Registrant Phone: 1-855-246-3334
Registrant Email: contact@126.com

--------------------------------------------------------------------------------

But, before it was changed to the Margaret Street PO box, it turns out KKNETDNS.COM was originally registered to:

Domain Name: KKNETDNS.COM
Updated Date: 2013-11-21T22:36:16-06:00
Creation Date: 2013-11-21T22:36:10-06:00
Registrant Name: Domain Admin
Registrant Organization: Blue Crush Technologies
Registrant Street: 1608 S. Ashland Ave #65910
Registrant City: Chicago
Registrant State/Province: IL
Registrant Postal Code: 60608-2013
Registrant Country: US
Registrant Phone: +630-599-1339
Registrant Phone Ext:
Registrant Fax: 630-599-1339
Registrant Fax Ext:
Registrant Email: info@bluecrushtechnologies.com

--------------------------------------------------------------------------------

Who is Blue Crush Technologies?

---

Domain bluecrushtechnologies.com

Date Registered: 2012-3-7
Date Modified: 2012-3-7
Expiry Date: 2013-3-7

DNS1: ns-canada.topdns.com
DNS2: ns-uk.topdns.com
DNS3: ns-usa.topdns.com

Registrant
Sasha Treviso info@bluecrushtechnologies.com
1608 S. Ashland Ave #65910
60608 Chicago
United States
Tel: +1.6305991339

Administrative Contact
Sasha Treviso info@bluecrushtechnologies.com
1608 S. Ashland Ave #65910
60608 Chicago
United States
Tel: +1.6305991339

Technical Contact
Sasha Treviso info@bluecrushtechnologies.com
1608 S. Ashland Ave #65910
60608 Chicago
United States
Tel: +1.6305991339

---

Sasha Treviso is Adconion Direct's Senior Director of Marketing.

--------------------------------------------------------------------------------

Blue Crush Technologies is also a trade name registered in Wyoming to "JAK Technologies, LLC"

---

Name Blue Crush Technologies
Filing ID 2011-000613515
Type Trade Name
Status Inactive - Cancelled
Sub Status Archived
Initial Filing 12/22/2011
Standing - Tax Good
Standing - RA Good
Standing - Other Good
Inactive Date 09/24/2012
Term of Duration Expires-12/22/2021

Principal Office:

Mailing Address
970 W Broadway Ste E
PO Box 30000 # 84
Jackson, WY 83002
USA

Applicant:

JAK Technologies, LLC
125 S King St
PO Box 2922
Jackson, WY 83001 USA

Registered:

Date: 12/22/2011
Name: M. Jason Majors
Daytime Phone: (307) 733-4117
Title: Commercial Registered Agent
Email: jason@wyomingcounsel.com

Canceled:

Date: 08/31/2012
Name: M. Jason Majors
Daytime Phone: (307) 733-4117
Title: Commercial Registered Agent
Email: jason@wyomingcounsel.com

--------------------------------------------------------------------------------

Who is JAK Technologies, LLC? It's a Wyoming corporation:

---

Name JAK Technologies, LLC
Filing ID 2011-000612070
Type Limited Liability Company - Domestic
Status Inactive - Dissolved
Sub Status Archived
Initial Filing 11/28/2011
Standing - Tax Good
Standing - RA Good
Standing - Other Good
Inactive Date 07/16/2013
Term of Duration Perpetual
Formed In Wyoming

Principal Office
125 S King St
PO Box 2922
Jackson, WY 83001
USA

Mailing Address
PO Box 2922
Jackson, WY 83001
USA

Registered:

Date: 11/18/2011
Name: M. Jason Majors
Daytime Phone: (307) 733-4117
Title: Commercial Registered Agent
Email: jason@wyomingcounsel.com

Canceled:

Date: 05/29/2013
Name: Linda L. Goodman
Daytime Phone: (619) 233-3535
Title: Dissolution Agent
Email: info@thegoodmanlawfirm.com

---

Adconion Direct's 2013 financial report (page 34) contains the footnote: "JAK Technologies, LLC was placed into members' voluntary liquidation and dissolved in 2013."

--------------------------------------------------------------------------------

Here are links to people complaining about spam related to Blue Crush Techologies:

--------------------------------------------------------------------------------

https://answers.microsoft.com/en-us/windowslive/forum/email/unbelievable-amount-of-spam-from-the-same-company/cfe30790-d77a-4522-b42e-8825c01829f7?msgId=34a55c40-7ce6-4103-b9e4-e2c6af9da94b

---

(Hotmail User's forum)

"Unbelievable Amount of Spam from the Same Company"

Created on July 28, 2012

About 3-4 weeks ago my account got hijacked by a bot, in spite of the multi-layers of protection I use - MSE, MBam, PrevX, Emsisoft, Sandboxie, etc.

They got in via the Hotmail servers, which really sets my teeth on edge.

I got that sorted out, deleted all my contacts and all but one safe sender - I already had everything being directed to junk anyway, yet it still infected me.

That notwithstanding, since the highjacking I have been inundated with spam, most from the same company, a company called: Shining Star Media.

They don't use their own domain to send anything out, so there is no way to stop these from my own actions other than to mark them individually as spam, which already happens.

If you look them up, they seem to be a drop box for spammers, and use multiple virtual domains to send spam on behalf of other companies, although they seem to resolve to a single IP address: 207.15.171.19.

They seem to be in constant trouble as evidenced by the amount of money they have been fined.

Their address is:

Shining Star Media
1608 South Ashland Ave #65910
Chicago, IL 60608-2013
(630) 599-1339

Also:
Blue Crush Technologies
at the same address and phone number

Also:
Sasha Treviso
at the same address and phone number

They look suspiciously as a bulk forwarding service, as noted. The phone number is for only leaving voice messages.

I've been getting SPAM ads from them for all kinds of beneficiaries from AARP and AT&T to Bed Bug Extermination and Cougar Dating, all of which have opt-out links that don't work.

They don't return calls or respond to any form of normal communication.

Their simple filters seems to involve using unique from addresses with long and apparently pseudorandom strings before the @ and domain name, which is to a set of domain names using only graphics that all use the same domain name as the from. However, the server name after the http:// and before the first "." is another long psuedorandom string.

I don't have time to deal with this daily - believe it or not there are other things in this life besides fixing constant Hotmail issues.

Why is it that every other email provider, from Gmail to Yahoo, has identified these people as spammers and done something, yet Microsoft hasn't?

I am getting 30-50, sometimes more, spam emails a day from these morons. I have never gotten more than 4 or 5 true spam emails a day before the highjacking, so don't tell me this is simply coincidence.

Please do something - I am sure I'm not the only person with this issue from this spammer.

After 15+ years with Hotmail, the effort to manage my account, which I use rarely these days, is becoming too much of an effort.

Thanks.

--------------------------------------------------------------------------------

wwwazzup2003 replied on July 30, 2012

I'm having the same issue with them too so I feel your frustrations!!! Sometimes their emails dont get sent to the Junk box so I have to go through the dozens of emails in my inbox as well. I dont see any other way around this except for some computer savvy person to find out their true identities and go after them legally!!!

BTW, I wasn't hijacked thou. I must have gotten on their mailing list after entering a sweepstakes several weeks ago. I also heard that clicking on the unsubscribe links & entering your email addy will only confirm your email is active so they can continue to spam you.

I have tried to contact several of the companies they have advertised. So far I'm hitting dead ends. I figured if I cant contact Shining Star Media, maybe I can contact the companies they advertise & see if their marketing department knows how to get a hold of this company; UNLESS Shining Star Media is advertising their company without their knowledge!

And yes, I gotten info about those as well on top of Jewish Dating Sites & Wen hair care, 1-800 Dentist...the list goes on!!!

--------------------------------------------------------------------------------

WIWindyCtyTPR replied on July 30, 2012

I'm puzzled - I don't enter anything like a sweepstakes, so I have to wonder how they are getting the names.

I never "unsubscribe" for the very reason you cited, it just confirms an active address, unless I know the sender.

BTW, I also tried contacting some of the companies - nothing.

Shining Star is smart - not much we can do except the tedious process of sorting one-by-one.

You can blacklist everything, but they are never sent from the same address twice, so that's not a valid way to fix this problem.

For 1-800 Dentist, as an example, I get the same email virtually every day with a different "from" address.

This morning I had close to 60 Shining Star emails , almost 200 in total over the weekend.

Microsoft is going to have deal with this company at their level, however, I highly doubt they will.

--------------------------------------------------------------------------------

WIWindyCtyTPR replied on July 31, 2012

I think Microsoft has to block the IP address, I'm not sure we can do that locally.

Looking at the other posts about Shining Star, the moderators don't seem to understand how Shining Star operates. They give the same pat answers.

In my inbox this morning, I got numerous new spam messages from a few different "media" companies similar to Shining Star.

This has become a cesspool - my other email accounts from Gmail, as an example, never have these issues.

--------------------------------------------------------------------------------

wwwazzup2003 replied on August 2, 2012

ya I must have misread that! well at least you got 1 of your issues solved! :)

what I found out is you CAN block not only emails but domains too! just go to the block page in hotmail and enter the domains....if you havent noticed, Shining Star does use the same domains, just changes the address part of it. so far, their emailing have slowed down BIG TIME!!

btw, I think its Adconion is the business that is behind the spammer Shining Star Media. Look up Tailput.com domain (1 of the several Shining Star uses) on WhoIs and it will come up as Blue Crush Technologies, not Shining Star Media. Under the contact name, you'll find a girl named Sasha (cant remember the last name). Now go google Sasha and you'll see her profile on LinkedIn. Since her name isn't a popular name I assume its the correct Sasha. Now go look to see what she does for a living...she's the Senior whatever for a EMAIL MARKETING BUSINESS!!!

--------------------------------------------------------------------------------

wwwazzup2003 replied on August 5, 2012

@melissaculp...dont let them win! since i been blocking the domains instead of each email its making me get less & less spam from Shining Star or whatever they call themselfs. Did you look up the info I told you about with Sasha & Adconion?

Block the domains, not just the emails. Even though they have different domains, they do use the same domains often. It will help, trust me!

Also its never wise to ever try to "unsubscribe" to spam if you know they are truly spammers & not just an actual legit company trying to advertise to you. Its there way of finding out your email addy is active... I wasn't getting alot of spam from Shining Star & didnt realize they were fake so I unsubscribed to like the 4th email I got from them. Next thing I know, I was getting dozens & dozens after I unsubscribed to them.

I got their information from WhatIs websites & wrote them a very strong warning email. I stated I knew their ISP, IP, address, server, host, everything & added it to the email to show I had it & stated if they wont stop emailing me I will implement legal actions & used the Spam act & my states RCW laws as reference... I HAVENT GOTTEN ONE EMAIL FROM THEM SINCE!!! However, I have been getting other suspicious emails from others that I havent gotten before & not sure if that is them changing their names & so on. Was going to look up the info & check it out to see if it is.

If you both (MelissaCulp & WindyCtyTPR) is interested in sending Shining Star the same email I sent them to see if it will get them to stop sending you spam, email me so I can forward you the email to send to them. My email addy is the same as my ID name on here... just add the @hotmail.com :)

--------------------------------------------------------------------------------

WIWindyCtyTPR replied on August 6, 2012

wwwazzup,

I did start blocking the domains, and it does help somewhat - I'm now down to about 15-20 a day, rather than the 50-60 I was getting.

I would also like to contact them via your suggestion, indeed.

I also took another route - since I have the same information you have from Whatis, I filed a report with the Illinois Attorney General, where Shining Star is headquartered.

I do live in Illinois, and we have a very consumer-friendly Attorney General who goes after organizations like this with a vengeance.

Yep, please send me the email.

Thanks so much.

BTW, I doubt anybody is going to get any help from MS/Hotmail - they don't seem to grasp the concept of this entire problem, at least from what I've seen under other similar posts here on the forum - they keep giving the same solution over and over again, however, it does nothing to stop these volume spammers.

It's a multiple step process, as we have all discussed in this thread...

--------------------------------------------------------------------------------


http://usaconsumercomplaints.com/miscellaneous/547381-blue-crush-technologies.html

--------------------------------------------------------------------------------

BLUE CRUSH TECHNOLOGIES

This company has multiple fake domains (211) registered from which they send out spams. the address from whois services is the following but it seems to be fake too:

Sasha Treviso
Blue Crush Technologies
1608 S. Ashland Ave #65910
Chicago, IL 60608
US
630-599-1339


the IP addresses associated with them are in the following range:
209.156.181.*

--------------------------------------------------------------------------------

https://groups.google.com/forum/message/raw?msg=news.admin.net-abuse.email/XM7StOXbqeQ/QAkNEownkFkJ

https://groups.google.com/forum/#!topic/news.admin.net-abuse.email/XM7StOXbqeQ

--------------------------------------------------------------------------------

Searched the group posts for anything about this SPAMmer. Didn't find
anything out about them here.

Anyone here have any detailed information to add to what I already
know?

Their address is:
Shining Star Media
1608 South Ashland Ave #65910
Chicago, IL 60608-2013
(630) 599-1339

Also:
Blue Crush Technologies
at the same address and phone number

Also:
Sasha Treviso
at the same address and phone number

The above appears to be a drop-box, looking suspiciously as a part of
a forwarding service at that address. The phone number is for only
leaving voice messages.

I've been getting a gazillion SPAM ads from them for all kinds of
beneficiaries from AARP and AT&T to Bed Bug Extermination and Cougar
Dating, all of which have opt-out links that don't work.

They don't return calls or respond to any form of normal
communication.

Their ploy around simple filters involves using unique from addresses
with long and apparently pseudorandom strings before the @ and domain
name to a set of domain names, using only graphics and putting links
on the graphics that all use the same domain name as the from although
the server name after the http:// and before the first "." is another
long psuedorandom string.

Here are the domains I've gathered so far:
awkwardlysugar.com
easilyshoe.com
fiercelysink.com
foolishlyopinion.com
fourthbat.com
fourthsurprise.com
kindlyjump.com
merrilylead.com
perfectlyhelp.com
promptlydolls.com
rightfullybody.com
safelycactus.com

These are registered to Blue Crush Technologies at the same address
and box as Shining Star Media
with the contact name as
Sasha Treviso
for the bluecrushtechnologies.com domain that is used in the contact
point given as
in...@bluecrushtechnologies.com
in the above 12 domain name registrant information.

Anything anyone else can add???

--------------------------------------------------------------------------------

From: David Ritz <dr...@mindspring.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Shining Star Media - Anyone here know more about them?
Date: Tue, 5 Jun 2012 22:36:42 -0500

All of the domains you listed, appear to resolve to [207.152.171.19].

$ dig ANY awkwardlysugar.com

; <<>> DiG 9.7.3-P3 <<>> ANY awkwardlysugar.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62647
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;awkwardlysugar.com. IN ANY

;; ANSWER SECTION:
awkwardlysugar.com. 171734 IN NS ns4.nameresolve.com.
awkwardlysugar.com. 171734 IN NS ns1.nameresolve.com.
awkwardlysugar.com. 171734 IN NS ns3.nameresolve.com.
awkwardlysugar.com. 171734 IN NS ns2.nameresolve.com.
awkwardlysugar.com. 2534 IN A 207.152.171.19

;; AUTHORITY SECTION:
awkwardlysugar.com. 171734 IN NS ns4.nameresolve.com.
awkwardlysugar.com. 171734 IN NS ns2.nameresolve.com.
awkwardlysugar.com. 171734 IN NS ns1.nameresolve.com.
awkwardlysugar.com. 171734 IN NS ns3.nameresolve.com.

;; ADDITIONAL SECTION:
ns1.nameresolve.com. 162 IN A 66.96.142.146
ns2.nameresolve.com. 162 IN A 65.254.254.170
ns3.nameresolve.com. 162 IN A 66.96.142.148
ns4.nameresolve.com. 162 IN A 65.254.254.172

;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Jun 5 22:28:30 2012
;; MSG SIZE rcvd: 256

$ whois -a n\ \+\ 207.152.171.19 ; date -u
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=207.152.171.19?showDetails=true&showARIN=false&ext=netref2
#


# start

NetRange: 207.152.128.0 - 207.152.191.255
CIDR: 207.152.128.0/18
OriginAS:
NetName: MAI-CIDR-2
NetHandle: NET-207-152-128-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
RegDate: 1996-06-17
Updated: 2001-11-12
Ref: http://whois.arin.net/rest/net/NET-207-152-128-0-1

OrgName: MAI Network Services
OrgId: MAI
Address: 8200 Greensboro Drive
Address: Suite 1400
City: McLean
StateProv: VA
PostalCode: 22102
Country: US
RegDate: 1996-01-29
Updated: 2011-09-27
Ref: http://whois.arin.net/rest/org/MAI

OrgTechHandle: CKN23-ARIN
OrgTechName: No, Contact Known
OrgTechPhone: +1-800-555-1234
OrgTechEmail: nob...@example.com
OrgTechRef: http://whois.arin.net/rest/poc/CKN23-ARIN

OrgAbuseHandle: PW25-ARIN
OrgAbuseName: Wolotsky, Paul
OrgAbusePhone: +1-866-814-9543
OrgAbuseEmail: p...@mcsp.com
OrgAbuseRef: http://whois.arin.net/rest/poc/PW25-ARIN

# end


# start

NetRange: 207.152.171.0 - 207.152.171.255
CIDR: 207.152.171.0/24
OriginAS: AS11951
NetName: NET207-152-171-0
NetHandle: NET-207-152-171-0-1
Parent: NET-207-152-128-0-1
NetType: Reassigned
RegDate: 2010-03-23
Updated: 2010-03-23
Ref: http://whois.arin.net/rest/net/NET-207-152-171-0-1

OrgName: Attic Gold
OrgId: ATTIC-3
Address: 1400 16th St, Ste 400
City: Denver
StateProv: CO
PostalCode: 80202
Country: US
RegDate: 2010-03-23
Updated: 2010-08-03
Ref: http://whois.arin.net/rest/org/ATTIC-3

OrgTechHandle: SPEAR5-ARIN
OrgTechName: Spears, Marco
OrgTechPhone: +1-888-916-4888
OrgTechEmail: msp...@atticgold.net
OrgTechRef: http://whois.arin.net/rest/poc/SPEAR5-ARIN

OrgAbuseHandle: SPEAR5-ARIN
OrgAbuseName: Spears, Marco
OrgAbusePhone: +1-888-916-4888
OrgAbuseEmail: msp...@atticgold.net
OrgAbuseRef: http://whois.arin.net/rest/poc/SPEAR5-ARIN

RAbuseHandle: JGO223-ARIN
RAbuseName: Gonzalez, Jacqui
RAbusePhone: +1-888-839-8809
RAbuseEmail: n...@usfreeweb.com
RAbuseRef: http://whois.arin.net/rest/poc/JGO223-ARIN

# end


#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https://www.arin.net/whois_tou.html
#

Wed Jun 6 03:28:40 UTC 2012

- --
David Ritz <dr...@mindspring.com>
Be kind to animals; kiss a shark.

--------------------------------------------------------------------------------

From: James Lind <sun.u...@gmail.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Shining Star Media - Anyone here know more about them?
Date: Tue, 5 Jun 2012 20:43:58 -0700 (PDT)

Add
shelfFly.com
silentlyrose.com
unexpectedlyeggs.com
which are registered the same as the above 12 and is the origin domain
for the email.
One notable detail is that shelFfly.com appears to be through a
different registrar than the others.

IP addresses for orgin all appear to be from
31.173.xxx.xxx
176.113.xxx.xxx
176.114.xxx.xxx
37.244.xxx.xxx

--------------------------------------------------------------------------------

From: James Lind <sun.u...@gmail.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Shining Star Media - Anyone here know more about them?
Date: Tue, 5 Jun 2012 20:56:46 -0700 (PDT)

Thanks for the info! It saved me a lot of time.
I'm not surprised that they all resolved back to a single IP.
BTW, that IP address, when dropped into a browser, goes to a web page
for a company named, why am I not surprised,
207.15.171.19
a leading provider of database management and direct marketing
solutions... blah blah blah
And, why am I not surprised, the contact link is...
con...@207.15.171.19
No names, addresses or phone numbers
Site appears to be written in PHP

jim

--------------------------------------------------------------------------------

From: James Lind <sun.u...@gmail.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Shining Star Media - Anyone here know more about them?
Date: Tue, 5 Jun 2012 21:01:35 -0700 (PDT)

One other thing,
The web page at
207.15.171.19
gets all of its graphic content from
http://www.masterviewer.com:8081

jim

--------------------------------------------------------------------------------

Date: Wed, 06 Jun 2012 11:17:51 -0400
From: Brian Bebeau <bbe...@computer.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Shining Star Media - Anyone here know more about them?

This is one of those addresses that provides "virtual" addresses
for spammers. Check http://www.earthclassmail.com/Chicago-Address
I have a number of other spammers in my file for that same address
but different box numbers.

RT Mrktng @ #48548
baginvestiga.com

Customer Service @ #64203
leftsidehanger.com
offeryour.com

HeadStartHost @ #84826
stayathomejobsforall.com

Diamond International LLC @ #88862
toloveistobehappy.com
workingtosmile.com
yourfinancialscount.com

So I think it's fairly safe to say that anybody at that address is
a spammer.

--------------------------------------------------------------------------------

From: wwwazz...@gmail.com
Newsgroups: news.admin.net-abuse.email
Subject: Re: Shining Star Media - Anyone here know more about them?
Date: Sat, 28 Jul 2012 14:35:55 -0700 (PDT)

if you look up the shining star number they provide in all the emails, its some mortgage companies fax number! when i entered a few sweepstakes, i suddenly got all these emails... i've receive about 1 or 2 emails from shining star a MINUTE! i cant even click on a normal email cause i have a new incoming email from them & it automatically pushes there email in my preview window...all with different addresses. its no use trying to unsubscribe or call. has anybody had any luck trying to get this so-called spammer to stop?!?!?!

--------------------------------------------------------------------------------


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK12737/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2020 The Spamhaus Project SLU. All rights reserved.
Legal  |  Privacy