ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Vincent Chan gang

Evidence Menu:

Vincent Chan gang Index


Country: Hong Kong
State:
Vincent Chan and his Chinese partners have been sending spam for years. They mainly do pharmacy, and are able to send out huge amounts daily. They use vast numbers of compromised computers -- for sending, hosting and proxy hijacking. Now seem to be an "oursourced" server obtainer for other spam gangs.


Vincent Chan gang SBL Listings History
Current SBL Listings
Archived SBL Listings

Kuvayev and Chan sharing hosting


Another example how tight spammers are cooperating: here are are Kuvayev and Vincent Chan hosting together!

spamvertized pharma site:

http://viagra-911.com

hosted on a "fast flux" botnet:

ns0.piotiongandesunkdes.com [210.6.35.46] 142.204.89.71
24.122.196.221
24.137.125.124
24.152.128.81
66.171.238.63
66.177.73.244
66.30.202.213
75.5.2.243
76.181.156.212
88.66.51.43
etc.


ns0.gedsactunjerion.com [87.69.26.229]
142.204.89.71
24.122.196.221
24.137.125.124
24.152.128.81
24.236.121.254
24.85.106.232
66.171.238.63
68.121.247.121
75.5.2.243
76.181.156.212



Nameservers:

piotiongandesunkdes.com
daseruiyionkdefunhan.com
caseruikiontungandesun.com
gedsactunjerion.com
kerunhandgunfandesikuntun.com
adesuikintandefunhandesun.com



e-mail contact: xxeqwqqe@hotmail.com

Naming of nameservers and email typical for Kuvayev.



But look at:

ns1.whichsend.cd A 210.6.35.46
redcdplete.cd A 210.6.35.46
simplethingy.cd A 210.6.35.46
www.rxcart.org A 210.6.35.46
divamia.hk A 210.6.35.46
www.parod.hk A 210.6.35.46
liveshare.hk A 210.6.35.46
joyking.hk A 210.6.35.46
www.sunclever.hk A 210.6.35.46
optyfs.hk A 210.6.35.46
dablinks.hk A 210.6.35.46
www.pretgen.com A 210.6.35.46
www.weriesto.com A 210.6.35.46
ns0.piotiongandesunkdes.com A 210.6.35.46



piotiongandesunkdes.com ---> Kuvayev nameserver

rxcart.org ---> Vincent Chan Website (e-mail: vince_stebbi@hotmail.com)

So, a Kuvayev nameserver and a V. Chan webserver are hosted on one IP.


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK7534/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy