ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
MailTrain

Evidence Menu:

MailTrain Index


Country: United States
State: Massachusetts
Spammer and hijacked proxy seller from Amherst Massachusetts, who pretends to be Chinese and hosts 'bullet-proof' servers on hijacked Chinese PCs.


MailTrain SBL Listings History
Current SBL Listings
Archived SBL Listings

MailTrain - buphost.com / winsysmaster.com


www.winsysmaster.com links directly to buphost.com. They tie in to the shangpala.com / allway999.com spam that has plagued ChinaDNS (SBL12027, SBL11946; Nov '03). Look for links to "MailTrain" or "GMailTrain." Note hosting of Robert Soloway's NIM in 61.143.182/24, but also other spammers before him. I think there is another, spammier, host providing the space for those spamhausen. And that deeper spamhaus relates to all these listings for "buphost.com":

61.143.182.40/30 Live chinanet-gd 2003-11-12 07:40:42
SBL12031 buphost.com, kingherbal.biz, dns4u.biz, herbaldns.us

202.104.197.32/27 Live chinanet-gd 2003-11-12 06:15:11
SBL12027 winsysmaster.com: "MailTrain" spamhaus

202.104.197.58/31 live chinanet-gd 2003-10-22 00:00:00
SBL10872 www.cleansweeper.net / timetopurchase.com

218.15.192.6/32 live CHINANET-GD 2003-10-22 00:00:00
SBL10822 panservcn.com, perfect-pricings.com, buphost.net

202.104.197.0/24 live chinanet-gd 2003-11-12 07:35:26
SBL10664 buphost.com, kingherbal.biz, dns4u.biz

202.9.156.32/28 live ddsl.net 2003-10-22 00:00:00
SBL10547 worldsoftwarehouse.com / WORLDDNSSERVICE.COM

218.15.192.0/24 removed chinanet-gd 2003-10-22 00:00:00
SBL10511 direct-cost.net - ironcorehosting.com / nycbulletproof.com



(Note that ironcorehosting.com is also registered in Fuzhou.)



Domain Name:winsysmaster.com
Registrant:
Zhangliang
P.O.Box 162, Fuzhou, Fujian, P. R.China.
350025
¸£ÖÝ
Administrative Contact:
Zhang liang
Zhangliang
P.O.Box 162, Fuzhou, Fujian, P. R.China.
Fuzhou Fujian 350025
China
tel: 86 591 3777166
fax: 86 591 3777066
pope64@hotmail.com
Technical Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
pope64@hotmail.com
Billing Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
pope64@hotmail.com
Registration Date: 2003-03-15
Update Date: 2003-03-15
Expiration Date: 2004-03-15
Primary DNS: ns.xinnetdns.com 211.154.211.88
Secondary DNS: ns.xinnet.cn 211.154.211.89




Domain Name:buphost.com
Registrant:
Zhangliang
No.162 post Box, Fuzhou, Fujian, China
350025
¸£ÖÝ
Administrative Contact:
Zhang liang
Zhangliang
No.162 post Box, Fuzhou, Fujian, China
Fuzhou Fujian 350025
China
tel: 86 591 3777166
fax: 86 591 3777166
zhlight@hotmail.com
Technical Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
admin@i9i.net
Billing Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
peihe@liu.com.cn
Registration Date: 2003-05-01
Update Date: 2003-05-01
Expiration Date: 2004-05-01
Primary DNS: ns.xinnetdns.com 211.154.211.88
Secondary DNS: ns.xinnet.cn 211.154.211.89




Related: iregsoft.com (appear jointly in some spams, same networks, etc.)

Domain Name:iregsoft.com
Registrant:
Fuzhou
NO.162 Post Box,Fuzhou,Fujian,China
350025
¸£ÖÝ
Administrative Contact:
Fuzhou
China
tel:
fax:
zl@e0591.com
Technical Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
peihe@liu.com.cn
Billing Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
peihe@liu.com.cn
Registration Date: 2001-12-03
Update Date: 2002-02-28
Expiration Date: 2003-12-03
Primary DNS: ns.xinnetdns.com 211.154.211.88
Secondary DNS: ns.xinnet.cn 211.154.211.89



http://unsub.iregsoft.com/
http://unsub.iregsoft.com/new/htdocs/index.asp

" µç»°:0591-3789925
EMAIL:webmaster@51reg.net "


Domain Name:51reg.net
Registrant:
Fuzhou Fumanyuan E-Business Co.,Ltd.
Post Box No.162 Fuzhou,Fujian,PRC
350025
¸£ÖÝÊн»Í¨Î÷·ÉϺ£Î÷ºÉ԰дå5×ù108ÊÒ
Administrative Contact:
Zhang liang
Fuzhou Fumanyuan E-Business Co.,Ltd.
Post Box No.162 Fuzhou,Fujian,PRC
Fuzhou Fujian 350025
China
tel: 86 591 3777166
fax: 86 591 3777066
zl@regshareware.com
Technical Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
peihe@liu.com.cn
Billing Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
peihe@liu.com.cn
Registration Date: 2002-03-20
Update Date: 2002-03-20
Expiration Date: 2004-03-20
Primary DNS: ns.xinnetdns.com 211.154.211.88
Secondary DNS: ns.xinnet.cn 211.154.211.89





Spamvertising for midiclass.com/agents/tongke/gmailtrain/chinese/GMailSender.html c. June 2002 ties in "gmailtrain" with tongke.com.

whois.paycenter.com.cn
Domain Name:tongke.net
Registrant:
zhou zhaoqu
baiyunqu
510410
¹ãÖÝÊа×ÔÆÇø»ãÇÈгǻãÇȶþ½Ö155ºÅ602ÊÒ
Administrative Contact:
zhou zhaoqu
zhou zhaoqu
baiyunqu
guangzhou Guangdong 510410
China
tel: 86 20 86260270
fax: 86 20 86260270
xiaokg@public.guangzhou.gd.cn
Technical Contact:
zhou zhaoqu
zhou zhaoqu
baiyunqu
guangzhou Guangdong 510410
China
tel: 86 20 86260270
fax: 86 20 86260270
xiaokg@public.guangzhou.gd.cn
Billing Contact:
zhou zhaoqu
zhou zhaoqu
baiyunqu
guangzhou Guangdong 510410
China
tel: 86 20 86260270
fax: 86 20 86260270
xiaokg@public.guangzhou.gd.cn
Registration Date: 2001-11-11
Update Date: 2001-11-11
Expiration Date: 2004-11-11
Primary DNS: ns.xinnetdns.com 211.154.211.88
Secondary DNS: ns.xinnet.cn 211.154.211.89




And here's some plain old "mailtrain":

<a href=http://www.winsysmaster.com/downloads.html">MailTrain Express</a>

http://www.winsysmaster.com/purchase.html

Subscribe to use our internet marketing flagship software MailTrain Express for a lifetime, the best bulk mail software ever, and TWELVE MILLION newly verified high quality email addresses for one low price of $499. This is a limited time offer.

https://www.paypal.com/affil/pal=sales@BupHost.com

____________________________________________________________

These are probably customers of the spamhaus:

Registrant:
ALLWAY INTERNTERNATIONAL CORP
RM1001 33HU GARDEN Room 1101, 11F Weixing BuildingNZHOU N RD
HAIZHOU CITY CHINA
guangzhou, 510288
CN
Domain name: ALLWAY999.COM
Administrative Contact:
DENG, DENIS dns@east.net
RM1001 33HU GARDEN Room 1101, 11F Weixing BuildingNZHOU N RD
HAIZHOU CITY CHINA
guangzhou, 510288
CN
020-34237371
Technical Contact:
jenves, sui tucows@east.net
zhichun Road, haidian District
#1101,Satellite Building
Beijing, BJ 100081
CN
+86.1082615500 Fax: +86.1068747667
Registration Service Provider:
EAST.NET(china) Co.,Ltd, tucows@east.net
86-10-82615500
86-10-68747667 (fax)
http://b2b.east.net
Registrar of Record: TUCOWS, INC.
Record last updated on 28-May-2003.
Record expires on 27-Oct-2004.
Record Created on 27-Oct-2000.
Domain servers in listed order:
NS2.EAST.NET.CN
NS2.ORINET.NET 202.96.51.9




Domain Name:shangpala.com
Registrant:
WangLue Compute Co.Ld.
room 1510, road yanling
510506
Administrative Contact:
xu xudong
WangLue Compute Co.Ld.
room 1510, road yanling
GuangZhou Guangdong 510506
China
tel: 86 20 87042500
fax: 86 20 87042500
seanxu@greenmidi.com
Technical Contact:
zhou zhaoqu
zhou zhao qu
panyuqu
guangzhou Guangdong 511431
China
tel: 86 020 34544507
fax: 86 020 34544507
xiaokg@public.guangzhou.gd.cn
Billing Contact:
zhou zhaoqu
zhou zhao qu
panyuqu
guangzhou Guangdong 511431
China
tel: 86 020 34544507
fax: 86 020 34544507
xiaokg@public.guangzhou.gd.cn
Registration Date: 2002-11-19
Update Date: 2002-11-19
Expiration Date: 2004-11-19
Primary DNS: ns.xinnetdns.com 211.154.211.88
Secondary DNS: ns.xinnet.cn 211.154.211.89



http://www.shangpala.com/

"email£ºcnzxk@163.com sales@tongke.net zxk313@sina.com
ÍøÖ·£ºhttp://www.tongke.net QQ£º36768830"





Registrant:
WhiskeyBONE
5851 Brushwood Ct
Milford, Ohio 45150
United States
Registered through: GoDaddy.com
Domain Name: BOONEO.COM
Created on: 22-May-03
Expires on: 22-May-04
Last Updated on: 09-Oct-03
Administrative Contact:
Botkin, James OneBedroomApartm@aol.com
WhiskeyBONE
5851 Brushwood Ct
Milford, Ohio 45150
United States
(513) 722-8585 Fax --
Technical Contact:
Botkin, James OneBedroomApartm@aol.com
WhiskeyBONE
5851 Brushwood Ct
Milford, Ohio 45150
United States
(513) 722-8585 Fax --
Domain servers in listed order:
NS3.BUPHOST.COM
NS4.BUPHOST.COM

For support call: 1-877-4-BOONEO(266636) [877-426-6636]

"The newest Internet Marketing Promotional Craze! But don't take our word for it!"

"A note to our customers: the DATABASE glitch has been fixed. You are all now at your respective spots :)"

(hmm...how reliable does that sound?)

http://www.booneo.com/unsub.html
"1999-2003 ClassyGROUP Mail, Inc. 816-777-3120"



____________________________________________________________

Links in usenet spam sent by stephen yeung (stephenyeung@rightime.net) c. July 2002 say:

"This mail is se
nded with GMailTrain
english version: http://train1.onchina.net
chinese ver
sion: http://train2.onchina.net"

Today (Nov 2003), those URLs still work and point to Chinese spamhaus (SBL listing) xilu.com (xiloo.com) with links on to www.zzy.com, http://host.xilu.com/, http://www.xilubbs.com/, http://www.xiluic.com/index.html, and many more.

Not sure what that means, but it is...interesting. Use of "this mail is sended" is idiomatic of this spammer, suggesting possible Chinese language speaker.

____________________________________________________________

http://groups.google.com/groups?q=mailtrain+group:*abuse*&num=100&scoring=d&filter=0

http://groups.google.com/groups?selm=200305091933.h49JX7q21245%40blocker.rscubed.com

http://www.iregsoft.com/
"Index of /
Name Last modified Size Description
------------------------------------------------------------
Parent Directory 13-Nov-2003 13:01 -
_private/ 26-Oct-2003 04:39 -
cgi-bin/ 26-Oct-2003 04:39 -
images/ 26-Oct-2003 04:39 -
postinfo.html 26-Oct-2003 04:39 2k
------------------------------------------------------------
Apache/1.3.29 Server at www.premier-host.net Port 80"



--- reading URL http://www.iregsoft.com/_private/
--- contacting host www.iregsoft.com [218.65.120.163] on port 80

HTTP/1.1 401 Authorization Required
Date: Thu, 13 Nov 2003 19:17:22 GMT
Server: Apache/1.3.29 (Unix) mod_auth_passthrough/1.8 mod_log_bytes/1.2 mod_bwlimited/1.2 PHP/4.3.4 FrontPage/5.0.2.2634 mod_ssl/2.8.16 OpenSSL/0.9.7a
WWW-Authenticate: Basic realm="www.premier-host.net"
Content-Type: text/html; charset=iso-8859-1
X-Cache: MISS from www.premier-host.net
Connection: close
Transfer-Encoding: chunked

24d
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>401 Authorization Required</TITLE>
</HEAD><BODY>
<H1>Authorization Required</H1>
This server could not verify that you
are authorized to access the document
requested. Either you supplied the wrong
credentials (e.g., bad password), or your
browser doesn't understand how to supply
the credentials required.<P>
<P>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.
<HR>
<ADDRESS>Apache/1.3.29 Server at www.premier-host.net Port 80</ADDRESS>
</BODY></HTML>

0


--- connection closed



BeyondDomains.com
Domain name: premier-host.com
Registrant Info:
Premier-Host Online
John Kirchner (premier_host@yahoo.com)
+1.7858209479
FAX: 1
309 S. Phillips
Salina, KS 67401 US
Administrative Info: [same]
Billing Info: [same]
Technical Info: [same]
Status: ACTIVE
Name servers:
DNS1.NAME-SERVICES.COM
DNS2.NAME-SERVICES.COM
DNS3.NAME-SERVICES.COM
DNS4.NAME-SERVICES.COM
DNS5.NAME-SERVICES.COM


http://www.iregsoft.com/postinfo.html
"Web Publishing Information"
The HTML comments in this page contain the configurationinformation that allows users to edit pages in your web using the Microsoft Web Publishing Wizard or programs which use the Microsoft Web Publishing Wizard such as FrontPad using the same username and password they would use if they were authoring with Microsoft FrontPage. Please refer to the Microsoft's Internet SDK for more information on the Web Publishing Wizard APIs. "




DNS silly-buggers games on ChinaDNS.com:

buphost.com NS ns1.fumanyuan.com
buphost.com NS ns2.fumanyuan.com
ns1.fumanyuan.com A 202.104.197.49
ns2.fumanyuan.com A 202.104.197.59

fumanyuan.com NS ns4.chinadns.com
fumanyuan.com NS ns3.chinadns.com
ns4.chinadns.com A 211.154.211.89
ns3.chinadns.com A 211.154.211.88



Domain Name:fumanyuan.com
Registrant:
Fuzhou Fumanyuan greenfood Co.,Ltd.
2-315,Minhui Building,14 Dongjie street,
350001
¸£ÖÝ
Administrative Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
peihe@liu.com.cn
Technical Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
peihe@liu.com.cn
Billing Contact:
liu peihe
liu peihe
No.7 fengtaifufeng road.,beijing
beijing Beijing 100070
China
tel: 86 10 13701136593
fax: 86 10 13701136593
peihe@liu.com.cn
Registration Date: 2000-04-11
Update Date: 2002-03-12
Expiration Date: 2004-04-11
Primary DNS: ns3.xinnet.com 211.154.211.88
Secondary DNS: ns4.xinnet.com 211.154.211.89




| --- DNS lookup for "buphost.com", please wait...
| --- contacting nameserver: 211.154.211.89 [211.154.211.89]
| buphost.com NS ns4.chinadns.com
| buphost.com NS ns3.chinadns.com
| buphost.com NS ns3.chinadns.com
| buphost.com NS ns4.chinadns.com
| ns4.chinadns.com A 211.154.211.89
| ns3.chinadns.com A 211.154.211.88

| --- DNS lookup for "fumanyuan.com", please wait...
| --- contacting nameserver: 211.154.211.89 [211.154.211.89]
| (Authoritative, non-recursive)
| fumanyuan.com A 202.104.197.42
| fumanyuan.com MX 10 mail.fumanyuan.com
| fumanyuan.com SOA
| origin = ns4.chinadns.com
| mail addr = hostmaster@ns4.chinadns.com
| serial = 2002031290
| refresh = 3600 (1 hour)
| retry = 900 (15 mins)
| expire = 720000 (8 days 8 hours)
| minimum ttl = 3600 (1 hour)
| fumanyuan.com NS ns4.chinadns.com
| fumanyuan.com NS ns3.chinadns.com
| fumanyuan.com NS ns4.chinadns.com
| fumanyuan.com NS ns3.chinadns.com
| mail.fumanyuan.com A 202.104.197.42
| ns4.chinadns.com A 211.154.211.89
| ns3.chinadns.com A 211.154.211.88

mail.fumanyuan.com A 202.104.197.42

| telnet 202.104.197.42 25
| ...
| 220 6937.net (IMail 8.00 EVAL 23654-1) NT-ESMTP Server X1

So, is 6937.net a real domain? Yes, it is, and it was registered with DNS by ChinaDNS, and with a series of nested-egg domains with similar names:

| Domain Name:6937.net
|
| Registrant:
| nanhuanxingkejiyouxiangongsi
| nanjingshiyudaojie124hao
| 210007
|
| Administrative Contact:
| huan xing
| nanhuanxingkejiyouxiangongsi
| nanjingshiyudaojie124hao
| najing Jiangsu 210007
| China
| tel: 86 025 4613927
| fax: 86 025 4613665
| abc@6917.com
|
| Technical Contact:
| huan xing
| nanhuanxingkejiyouxiangongsi
| nanjingshiyudaojie124hao
| najing Jiangsu 210007
| China
| tel: 86 025 4613927
| fax: 86 025 4613665
| abc@6917.com
|
| Billing Contact:
| huan xing
| nanhuanxingkejiyouxiangongsi
| nanjingshiyudaojie124hao
| najing Jiangsu 210007
| China
| tel: 86 025 4613927
| fax: 86 025 4613665
| abc@6917.com
|
| Registration Date: 2002-12-06
| Update Date: 2002-12-06
| Expiration Date: 2003-12-06
|
| Primary DNS: ns.xinnetdns.com 211.154.211.88
| Secondary DNS: ns.xinnet.cn 211.154.211.89

Similar 'whois' for 6937.net, 6938.com, 6917.com ...wonder about "69##.[com|net]"



Dec 2003: (see SBL12658 for fingerprint URLs)

Domain Name:email8888.com
Registrant:
China Mail Advertisement Net
No.107,ChuXiong Street,NanKai District,Tianjin
300190
Ìì½òÊÐÄÏ¿ªÇø³þÐÛµÀ107ºÅ
Administrative Contact:
Zhang Shixing
China Mail Advertisement Net
No.107,ChuXiong Street,NanKai District,Tianjin
tianjin Tianjin 300190
China
tel: 86 022 23673149
fax: 86 022 23673149
sysland@263.net
Technical Contact:
water zhai
Tianjin Mild Mama Maternity Infant Products Co.,Ltd
No.2 NanNiWang Road NanKai District Tianjin
tianjin tianjin 300112
China
tel: 86 022 28272767
fax: 86 022 28272767
sysland@263.net
Billing Contact:
Vivian Shang
SYSLAND TECHNOLOGY LIMITED
Room 512,Xiangjiang Road, Hexi district
tianjin tianjin 300201
China
tel: 86 022 28022589
fax: 86 022 28022592
sysland@263.net
Registration Date: 2002-03-05
Update Date: 2002-03-05
Expiration Date: 2004-03-05
Primary DNS: dns1.cncdns.net
Secondary DNS: dns2.cncdns.net



The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK2830/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy