- This topic is empty.
-
AuthorPosts
-
September 14, 2006 at 3:25 pm #597004AnonymousInactive
Don’t really know where to put this post.
Anyone know Slotz City Casino? I’m getting a bunch of spam emails from them with fake headers the last few days.
September 15, 2006 at 7:03 am #706122AnonymousInactiveI’ve been getting these too, at least one a day. The spammer uses various domains to host his ad and the whois info on all seems to be fake. There is also no affiliate link since the ad links directly to the casino download exe.
September 15, 2006 at 7:06 am #706123AnonymousInactiveSeptember 15, 2006 at 5:47 pm #706160AnonymousInactiveI’ve gotten 7 so far today for slotzcity plus a new one has just come through from an illiterate no less –
Return-Path:
Received: from qoolhost.com (unknown [201.250.244.243])
by indignant.cnchost.com (ConcentricHost(3.3) MX) with SMTP id 6E31438887A
for; Fri, 15 Sep 2006 11:58:15 -0400 (EDT)
Message-ID:
Date: Sat, 16 Sep 2006 00:28:04 -0800
Reply-To: “Andrion, Cathy”
From: “Joann P. Androlewicz”
MIME-Version: 1.0
To: “Lorraine”
Subject: Re: Fwd: Win real money playing poker online
Content-Type: text/plain;
charset=”us-ascii”
Content-Transfer-Encoding: 8bit
X-JunkMail: NotJunk
X-MFData: [0.134681 v2.3:3 n194 s3024 g37167 b37073 p0.001266 sN8 t0,94668]Come play your favorite ca*ino games online right now.
Fast Payouts, fair gaming, comrehesive support, and completely safe!If you think you’re lucky, then come test your luck against the house!
xxxp://t.moslio.com/al/gil2309
Friends from do would how a ears worry does my i your, how i from day. A
when up, feel try sing what from. My the i i i with, going sad sing, by my
out little going think would of. If i i’ll of help with on key little i
would my, with of sing are stand. Get a, with away day, me, do and, with
little you’re little get of walk walk you i’ll help worry. Your little
when,
not alone my own you a get me i, and a friends be on my. From sing i, get
your you’re love do high with not from it think me. Get, a, friends the to
i’ll lend away love little help from. You’re get song from would your the
to
a high from no your. Ears help, end you a with does if help you of from be
i, and. Not my my day, and song. Sad you out friends out what i’ll do you
you i’ll you, you.September 16, 2006 at 1:36 pm #706205AnonymousInactiveVoovoo sorry for the long delay in answering, I am still working on it. I finally received on my first one today. I won’t bother posting it, so I can take a look closer look. There is a common thread to all of them, that being playtech. Also pay attention to the ConcentricHost(3.3) MX in particular MX.
From what I know thus far mx1.21magic.com is a subdomain. All I have thus far is speculation.
greek39
September 17, 2006 at 1:41 am #706260AnonymousInactiveThat’s perfectly alright Greek – man they just keep coming. I’d love to find out who’s doing this. Now I’m getting disguised e mail from penny stocks claiming to be casinos
September 17, 2006 at 5:41 am #706265AnonymousInactiveAll this spam is coming from or has something to with 21magic.com
greek39
September 17, 2006 at 1:48 pm #706280AnonymousInactiveThanks Greek – I got 2 already this morning claiming to be from eurosports.com and allsports.com. I wonder if I contact those 2 if they will investigate?
Dana
September 17, 2006 at 4:09 pm #706291AnonymousInactiveWithout getting too carried away I decided to run a Multi-Rbl check for 21magic there IP again is 64.34.104.98 their sumdomain is mx1.21magic.com.
I won’t bother posting everything but I found a few that may spike some interest.
{xbl.spamhaus.org………….Illegal 3rd party exploits, including proxies, worms and trojan exploits
{zombie.dnsbl.sorbs.net………List of networks hijacked from their original owners. Some already used for spamming
{web.dnsbl.sorbs.net…………..List of web (WWW) server which have spammer abused vulnerabilities (e.g. FormMail scripts)
{virus-msrbl………………..Hosts found sending virus mails
Just a brief list of what others have reported about 21magic. So be careful with these spam emails.
21 magicic uses these servers
pdns1.ultradns.net 204.74.108.1(US)
ns pdns2.ultradns.net 204.74.109.1(US)
ns pdns3.ultradns.org 199.7.68.1(US)
ns pdns4.ultradns.org 199.7.69.1(US)
ns pdns5.ultradns.info 204.74.114.1(US)
ns pdns6.ultradns.co.uk 204.74.115.1(US)
mx mx1.21magic.com 64.34.104.100
21magic shares the same server as these companies. Don’t draw any conclusions from this list. I will only post a few
xa1wireless.com
xa9.com
xabcdistributing.net
xabebooks.com
xaberdeennews.com
xabrodev.co.uk
xacadia-pharm.com
xacnielsen-iscan.com
xadlon.se
xadp.nl
xadrenalinplayground.com
xadvantageavenue.com
xadvent.com
xadventeurope.com
xadvertising.com
xadvsol.com
xairsoftchat.com
akingump.com
xalexanderhall.co.uk
xalfiereonline.com
xalienware.com
xalleghenyludlum.com
xalleghenytechnologies.com
xallposters.com
xallsaints-eastfinchley.org.uk
xalphabingo.net
xalsmotorhomes.com
xamazon.co.uk
xamazon.com
xameritrade.com
xamtrak.com
xangelwreaths.com
xapualumni.com
xargent.com
xarialsoftware.com.fr
xart.com
xarup.com
xarup.com.au
xatelieraucoin.com
xavery.com
xaveryprintshop.fr
xaxn.com
axntv.de
xb2bpoker.com
xbackstage.com
xbacktrackgroup.com
xbakersfieldbiscuits.com
xxbaldmountainoutfitters.com
xbankrate.com
xbankvisalia.com
xbarefootwine.com
xxbarona.com
xxbatterton-tyack.com
x-holiday-park.co.uk
xbelleville.com
xbenfrankbank.com
xbet365.co.uk
xbetandwin.com
betinternet.com
xbetlem.com
xbicycleretailer.com
xbigbuilder.com
xbigbuilderonline.com
xbillboard.com
xbingolocity.com
xbingozest.com
xbiomedcentral.com
xblackpoolsnooker.co.uk
xblackswanwine.com
xbluebook.com
xbluefly.com
xbnd.com
xbookbinders-cullompton.co.uk
xbpw.com
xbradenton.com
xbreakingfree.co.uk
xbroadbandnational.com
xbrushranchoutfitters.com
xbt-parrots.co.uk
xbtnmag.com
xbudsinc.com
xbusiness.com
xcafecoyoteoldtown.com
xcalottery.com
xcanneslions.com
xcapnetwork.co.ukxcare-expo.com
xcasino-on-net.com
xcasinopartners.com
xcassava.net
xxcathedralconcerts.org.uk
xccelectric.com
xcdab.se
xcdmetrix.com
xcdstomper.com
xcduniverse.com
xchampion-america.com
xchargers.com
xcharlotte.com
xcharlottewoodson.com
xcharter-travel.com
xchaserpills.net
xchemicalzone.co.uk
xchristianity.net
xchristianitytoday.com
xcibcwm.com
xclarendon-suites.co.uk
xclarica.com
xclckmemuc.com
xclifthotel.com
xclubdicecasino.com
xcmt.com
xcndb.com
xcoatedproducts.com
xcollectorsuniverse.com
xcollegebound.net
xxcomedycentral.com
xcommair.com
xcommairbalco.com
xcommercialstate.com
xcompupay.com
xconfmailsite.com
xconfmembermail.com
xconservatives.com
xcontracostatimes.com
xcontrolid.neustar.biz
xcornish-farm-accommodation.co.uk
xcoronado-boathouse.com
xcorp.a9.com
xcountry.com
xcountryclubplaza.com
xcpays.com
xcreamerphysicaltherapy.com
xcsn-kortet.com
xcyberbingo.com
xdallas.com
xdata-ware.co.uk
xdate.com
xdentalplans.com
xdesjardins.com
xdevon-holiday.com
xdevonfarms.net
xdiamondskills.net
xdigitalmarmalade.co.uk
xdirecttrack.com
xdmcontact.com
xdmmanagement.com
xdomai.com
xdtsystems.com
xduet.com
xdullesgreene.com
xduluthnews.com
xdunsley-farm-devon.co.uk
xdusc.co.uk
xdynamic-med.com
xe-hairremoval.com
xe-planning.net
xeacceleration.com
xearthcare.co.uk
xeasterseals.com
xeasybets.com
xedu.com
xeff.org
xeharmony.com
xejgallo.com
xemail.com
xemaildoctor.info
xemcorgroup.com
xemedicine.com
xempireonline.co.uk
xempireonline.com
xen25.com
xenchantedlights.net
xentercasino.com
xenterprisenet.org
xentertainmentudates.com
xentertainmentupdates.com
xentriq.com
xeprize.com
xeprize.net
xetns.org
xeuro-offtrack.com
xeverettstunz.com
xeverythingstartswithe.co.uk
xexeter-accommodation.co.uk
xexmoor-holiday-cottage.co.uk
xexpansys.pl
xexpedia.fr
xexpediamaps.com
xfahrenhype-911.com
xfasson.com
xfeedster.com
xfilmjournal.com
xfinkelsteinlaw.com
xfirefight.co.uk
xfirestonewine.com
xfirstcommunitybankvt.com
xfnbberryville.com
xforbesbest.com
xforex.com
xforteratires.com
xfortwayne.com
xfoxtons.co.uk
xfreebizmag.com
xfreibrothers.com
xfremontbank.com
xfrench-selection.co.uk
xfresca.co.uk
xfriendfinder.com
xfriendlyfairs.net
xfursbygraf.com
xfyravindar.dk
xgaincapital.com
xgallo.com
xgap.com
xgarage-door.com
xgatcombe-farm-devon.co.uk
xglobal.ad.jp
xglobaltestmarket.com
xgmi-mr.com
xgocitykids.com
xgoodyear.com
xgoodyear.com.mx
xxgoodyeardealers.com
xgreatusaflags.com
xxgrouplifedirect.com
xgsionline.com
xgufmail.com
xgvt-journal.com
xhandmark.com
xhardincountybank.com
xharley-davidson.com
xharnessracing.biz
xharoldstevensjewelers.com
xhaywardtravel.co.uk
xhdfsi.com
xhealthdecisions.org
xhealthyadvantage.com
xhendrickscountybank.com
xheritagebankofcommerce.com
xheritageseniorcare.com
xhighertorrfarm.co.uk
xhighracksinc.com
xhmgimg.com
xhog.de
xholdempoker.com
xhollywoodreporter.com
xhomeroom.com
xhomescan.com
xhonda.co.uk
xhondawestinc.com
xhornhill-farmhouse.co.uk
xhospicebythesea.com
xhouseinthesand.com
xhouseonthesand.com
xhousevalues.com
xhsj.co.uk
xhuntingsuccess.com
xhuqa.com
xi-ology.com
xi-sector.com
xiab.org
xiasbet.com
xiata.org
xiatan.org
xicatechnicalsolutions.co.uk
xidahostatesman.com
xiesg.org
xietf.neustar.biz
xietf.org
xifilm.com
ximdb.com
ximninc.com
xiname.com
xinames.net
xinames.org
xindia.com
xinetx.com
xinetx.net
xinfosys.com
xinphonic.com
xintellisync.com
xinternationalsos.com
xinxi.com
xioffer.com
xioim.org.uk
xitsfogo.com
xiwantu.com
xixeurope.com
xxixsolutions.net
xizone.com
xjackandgiulios.com
xjacquielawson.com
xjdedwards.com
xkansascity.com
xkbhomes.com
xkennedy-center.org
xkentdomestic.co.uk
xkey103.co.uk
xkeywordmax.com
xknightridderdigital.com
xknowlimitscoach.com
xkokobeach.com
xkr123.com
xkrabc.com
xkyocera.com
xleadholder.com
xlegalzoom.com
xleonardmsmith.com
xlincup.net
xlinedancing.org.uk
xllamabreeders.co.uk
xllamas.net
xlocateatravelagency.com
xlongoverdue.co.uk
xlookatthegecko.com
xlookuphookup.com
xloudpc.com
xlovatonfarm.co.uk
xltoptout.com
xltpic.com
xm-pesa.com
xmaahdaaheylodge.com
xmadonnahilleldercare.com
xmailer.casino-on-net.com
xmarchofdimes.com
xmarechiaros.com
xmarkthomasmotors.com
xmatch-dating.co.uk
xmaxpower.co.uk
xmcafee.com
xmcom.se
xmedtrade.com
xmeed.com
xmemberlistmail.com
xmembersamerica.com
xmembersoe.com
xmerchantsagainstspam.com
xmercurycenter.com
xmercurynews.com
xmetrokc.gov
xmgroverconnections.com
xmiami.com
xmiamiherald.com
xmilitaryclothing.com
xmiswaco.com
xmkmv.com
xmkssupply.com
xmojo4music.com
xmonografias.com
xmontrosefordnissan.com
xmooserestaurantgroup.com
xmoquet-borde.com
xmotorcyclenews.com
xmountainhardwear.com
xmovielink.com
xmoviemonster.com
xmr-spindle.co.uk
xmsp.ltd.uk
xmtv.com
xmtvi.com
xmungopark.com
xmusiciansguide.com
xmusicmatch.com
xmyaccountcenter.net
xmybookie.com
xmyoldfarmmail.com
xmyoverland.net
xnacersano.org
xnacm.com
xnadaguides.com
xnanpa.com
xnationaljeweler.com
xnaturalspace.com
xnavimedix.com
xneteller.com
xnetplan.co.uk
xnetwise.com
xneulevel.biz
xneulevel.com
xneustar.biz
xneustar.com
xneustar.us
xnewegg.com
xnewwoman.co.uk
nic.us
xnick.com
xnickjr.com
xnightfire.com
xxnjstatehogrally.com
xnoggin.com
xnorwaysavingsbank.com
xnpac.com
xnursingtimes.net
xnysjcommunity.org
xoasys-software.com
xobliquetangent.com
xocconfmailer.com
xomofarm.com
xonestopgecko.com
xonlyconfirmed.com
xonmyoldfarm.com
xopensearch.org
xopinionresearch.com
xoracle.com
xoverlandstorage.com
xozment.com
xpanikhouse.com
xparkers.co.uk
xpastliferegression.co.uk
xplaytech.com
xplaytechgaming.comJust a bit of trivia stuff but in any case some answers lie here. greek39
September 17, 2006 at 4:39 pm #706299AnonymousInactiveVoovoo lets focus on on the above email you received. I will look at the raw domain moslio.com the IP is 80.88.123.236. I took a glance at the site and confirmed this was the correct IP, the download is for 21magic.
There are two other domains sharing this server xhanajason.com
xhopycrus.com these two are common domains share by most of the spam all have been receiving. Lets do a RBL-check to see if there is any malicious activity.This is a brief list what others are saying.
virbl………..sent more than 2 virus in the last 24 hours
virus-msrbl……..Hosts found sending virus mails
web.dnsbl.sorbs.net………server which have spammer abused vulnerabilities (e.g. FormMail scripts)
xbl.spamhaus.org………..Illegal 3rd party exploits, including proxies, worms and trojan exploits
zombie.dnsbl.sorbs.net……. hijacked from their original owners. Some already used for spamming.Any email spam you have been getting do not open or look at. I suggest your run every anti virus and spyware program you have. Do this in safe mode. Also check you start up menu for anything suspecious.
I would for sure block the IP mentioned. There is so much information I would like to post but most is unformatted and in a language very few would understand.
greek39September 20, 2006 at 10:29 pm #706735AnonymousInactiveThanks for all your work Greek!
Dana
-
AuthorPosts