Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[69.174.194.122] [email] Need medicine? All here!

0 views
Skip to first unread message

Marcus Aurelius

unread,
Apr 18, 2006, 5:00:25 AM4/18/06
to
This is a piece of spam that hit a spam trap of mine.

It has been forwarded to NANAS by an automated process.

X-ConnectingHost: 69.174.194.122
Received: from friend (69-174-194-122.albyny.adelphia.net [69.174.194.122])
by mail.munged (8.13.6/8.13.6) with ESMTP id k3I8********33
for <spamtrap@munged>; Tue, 18 Apr 2006 08:00:45 GMT
Message-ID: <000001c662be$29b9f980$0100007f@Bob>
From: "Alexander" <rog...@e-standard.biz>
To: <spamtrap@munged>
Subject: Need medicine? All here!
Date: Tue, 18 Apr 2006 04:00:31 +0100
MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";
boundary="------------ms060807090408000805070204"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

--------------ms060807090408000805070204
Content-Type: multipart/alternative;
boundary="------------ms020902000105000104000005"

--------------ms020902000105000104000005
Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable


--------------ms020902000105000104000005
Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">
<META content=3D"MSHTML 6.00.2900.2180" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><A href=3D"http://ksdfhd.overpace.net/?88318726"><IMG alt=3D"" hspace=3D0=20
src=3D"cid:000301c634d3$5e87f4f0$aa0fa8c0@sanya" align=3Dbaseline=20
border=3D0></A></DIV></BODY></HTML>

--------------ms020902000105000104000005--

--------------ms060807090408000805070204
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

This MIME part was stripped from the original message.

Original MIME type: image/jpeg
Original attachment filename: p.jpg

--------------ms060807090408000805070204--


--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

Marcus Aurelius

unread,
Apr 19, 2006, 12:03:05 AM4/19/06
to
This is a piece of spam that hit a spam trap of mine.

It has been forwarded to NANAS by an automated process.

X-ConnectingHost: 69.62.168.63
Received: from friend (63.168-62-69.ftth.swbr.surewest.net [69.62.168.63])
by mail.munged (8.13.6/8.13.6) with ESMTP id k3J3********53
for <spamtrap@munged>; Wed, 19 Apr 2006 03:29:35 GMT
Message-ID: <000001c66361$7571af00$0100007f@D6Z5HY51>
From: "Ralph" <wil...@perlite.biz>


To: <spamtrap@munged>
Subject: Need medicine? All here!

Date: Tue, 18 Apr 2006 22:29:26 +0100


MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";

boundary="------------ms050202020304030508050600"


X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

--------------ms050202020304030508050600
Content-Type: multipart/alternative;
boundary="------------ms000402020105030705050703"

--------------ms000402020105030705050703


Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable


--------------ms000402020105030705050703


Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">
<META content=3D"MSHTML 6.00.2900.2180" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>

<DIV><A href=3D"http://pvebsg.widthmound.com/?23194094"><IMG alt=3D"" hspace=3D0=20


src=3D"cid:000301c634d3$5e87f4f0$aa0fa8c0@sanya" align=3Dbaseline=20
border=3D0></A></DIV></BODY></HTML>

--------------ms000402020105030705050703--

--------------ms050202020304030508050600


Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

This MIME part was stripped from the original message.

Original MIME type: image/jpeg
Original attachment filename: p.jpg

--------------ms050202020304030508050600--

Marcus Aurelius

unread,
Apr 22, 2006, 6:00:20 PM4/22/06
to
This is a piece of spam that hit a spam trap of mine.

It has been forwarded to NANAS by an automated process.

X-ConnectingHost: 207.224.108.114
Received: from friend (207-224-108-114.omah.qwest.net [207.224.108.114])
by mail.munged (8.13.6/8.13.6) with ESMTP id k3ML********87
for <spamtrap@munged>; Sat, 22 Apr 2006 21:16:58 GMT
Message-ID: <000001c66652$13ab9080$0100007f@PCoftheFuture>
From: "Robert" <geof...@gels.biz>


To: <spamtrap@munged>
Subject: Need medicine? All here!

Date: Sat, 22 Apr 2006 16:16:53 +0100


MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";

boundary="------------ms090705060202090604040400"


X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

--------------ms090705060202090604040400
Content-Type: multipart/alternative;
boundary="------------ms090306030102050707080806"

--------------ms090306030102050707080806


Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable


--------------ms090306030102050707080806


Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">
<META content=3D"MSHTML 6.00.2900.2180" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>

<DIV><A href=3D"http://cnfhel.pillscrew.info/?76787558"><IMG alt=3D"" hspace=3D0=20


src=3D"cid:000301c634d3$5e87f4f0$aa0fa8c0@sanya" align=3Dbaseline=20
border=3D0></A></DIV></BODY></HTML>

--------------ms090306030102050707080806--

--------------ms090705060202090604040400


Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

This MIME part was stripped from the original message.

Original MIME type: image/jpeg
Original attachment filename: p.jpg

--------------ms090705060202090604040400--

Kurtis Rader

unread,
Apr 23, 2006, 12:00:25 PM4/23/06
to
Spam received from a locally blackholed IP address:

220.81.16.98 => 220.64.0.0/11 (KR) Korea
Host 98.16.81.220.in-addr.arpa not found: 3(NXDOMAIN)

Domains in the spam include:

hostprey.info

Valid account names have been replaced with 'valid_user'.
Other recipient addresses are unchanged.
No other munging of the data has occurred.


==========================================================================
| whois hostprey.info |
--------------------------------------------------------------------------
[Querying whois.afilias.info]
[whois.afilias.info]

Domain ID:D13064579-LRMS
Domain Name:HOSTPREY.INFO
Created On:13-Apr-2006 13:20:12 UTC
Last Updated On:13-Apr-2006 13:36:54 UTC
Expiration Date:13-Apr-2007 13:20:12 UTC
Sponsoring Registrar:NamesBeyond.Com (R201-LRMS)
Status:TRANSFER PROHIBITED
Registrant ID:NER2R-PERDJ12693
Registrant Name:Daniel Januj
Registrant Organization:DanielJanuj
Registrant Street1:Dukelskych Hrdinu 40
Registrant Street2:
Registrant Street3:
Registrant City:Prague
Registrant State/Province:Prague
Registrant Postal Code:17000
Registrant Country:CZ
Registrant Phone:+420.266710300
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:nadfa...@yahoo.com
Admin ID:NER2R-PERDJ12693
Admin Name:Daniel Januj
Admin Organization:DanielJanuj
Admin Street1:Dukelskych Hrdinu 40
Admin Street2:
Admin Street3:
Admin City:Prague
Admin State/Province:Prague
Admin Postal Code:17000
Admin Country:CZ
Admin Phone:+420.266710300
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:nadfa...@yahoo.com
Billing ID:NER2R-PERDJ12693
Billing Name:Daniel Januj
Billing Organization:DanielJanuj
Billing Street1:Dukelskych Hrdinu 40
Billing Street2:
Billing Street3:
Billing City:Prague
Billing State/Province:Prague
Billing Postal Code:17000
Billing Country:CZ
Billing Phone:+420.266710300
Billing Phone Ext.:
Billing FAX:
Billing FAX Ext.:
Billing Email:nadfa...@yahoo.com
Tech ID:NER2R-PERDJ12693
Tech Name:Daniel Januj
Tech Organization:DanielJanuj
Tech Street1:Dukelskych Hrdinu 40
Tech Street2:
Tech Street3:
Tech City:Prague
Tech State/Province:Prague
Tech Postal Code:17000
Tech Country:CZ
Tech Phone:+420.266710300
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:nadfa...@yahoo.com
Name Server:NS2.TROPHYSHARE.INFO
Name Server:NS2.GREATDOCK.INFO
Name Server:NS1.TURESPELL.INFO
Name Server:NS1.SIDELOINS.INFO
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:

==========================================================================
| dig -t any hostprey.info |
--------------------------------------------------------------------------

; <<>> DiG 9.2.3rc4 <<>> -t any hostprey.info
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36802
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:
;hostprey.info. IN ANY

;; ANSWER SECTION:
hostprey.info. 600 IN A 82.77.58.68
hostprey.info. 600 IN NS ns3.hostprey.info.
hostprey.info. 600 IN NS ns1.hostprey.info.
hostprey.info. 600 IN NS ns2.hostprey.info.

;; AUTHORITY SECTION:
hostprey.info. 600 IN NS ns2.hostprey.info.
hostprey.info. 600 IN NS ns3.hostprey.info.
hostprey.info. 600 IN NS ns1.hostprey.info.

;; ADDITIONAL SECTION:
ns1.hostprey.info. 600 IN A 82.77.58.68
ns2.hostprey.info. 600 IN A 82.77.58.68
ns3.hostprey.info. 600 IN A 247.116.247.114


==========================================================================
| hostname/whois for 82.77.58.68 (IP address of advertised domain) |
--------------------------------------------------------------------------
82.77.58.68 => 82-77-58-68.oradea.rdsnet.ro

[Querying whois.ripe.net]
[whois.ripe.net]

inetnum: 82.77.56.0 - 82.77.59.255
netname: RO-RDS-ORADEA
descr: Romania Data Systems
descr: Oradea BRanch
country: RO
admin-c: RDS-RIPE
tech-c: RDS-RIPE
status: ASSIGNED PA
mnt-by: AS8708-MNT
mnt-lower: AS8708-MNT
source: RIPE # Filtered

role: Romania Data Systems NOC
address: 71-75 Dr. Staicovici
address: Bucharest / ROMANIA
phone: +40 21 30 10 888
fax-no: +40 21 30 10 892
e-mail: contac...@rdsnet.ro
admin-c: CN19-RIPE
tech-c: CN19-RIPE
tech-c: GEPU1-RIPE
nic-hdl: RDS-RIPE


==========================================================================
| First 25 lines of WhoIs for the sending IP address |
--------------------------------------------------------------------------
[Querying whois.apnic.net]
[Redirected to whois.krnic.net]
[Querying whois.krnic.net]
[whois.krnic.net]
한국인터넷진흥원(NIDA)의 인터넷정보센터(KRNIC)가 제공하는 Whois 서비스 입니다.

query: 220.81.16.98

# KOREAN

조회결과는 아래와 같으며, 실제 정보와 상이할 수 있습니다.

IPv4 주소 : 220.81.16.0-220.81.16.127
네트워크 이름 : KORNET-INFRA000001
연결 ISP명 : KORNET
할당정보공개여부 : N

[ IPv4 사용 기관 정보 ]
기관고유번호 : ORG1600
기관명 : (주)케이티
주소 : 성남시 분당구 정자동
우편 번호 : 463-711

[ 네트워크 담당자 인물 정보 ]
기관명 : KORNET


==========================================================================
| SMTP commands received from spammer (timestamps UTC-8) |
--------------------------------------------------------------------------
2006-04-23 06:09:51 HELO aol.com
2006-04-23 06:09:54 MAIL <bcollent...@aol.com>
2006-04-23 06:09:58 RCPT <valid...@skepticism.us>
2006-04-23 06:10:04 DATA


==========================================================================
| Message as received from spammer (no locally added headers) |
--------------------------------------------------------------------------
Received: from unknown (HELO mx03.listsystemsf.net) (Sun, 23 Apr 2006 19:09:26 +0500)
by group21.345mail.com with SMTP; Sun, 23 Apr 2006 19:09:26 +0500
Received: from external.newsubdomain.com ([Sun, 23 Apr 2006 18:59:06 +0500])
by mmx09.tilkbans.com with SMTP; Sun, 23 Apr 2006 18:59:06 +0500
Received: from mx.reskind.net ([Sun, 23 Apr 2006 18:40:00 +0500])
by asx121.turbo-inline.com with SMTP; Sun, 23 Apr 2006 18:40:00 +0500
Received: from unknown (201.164.189.17)
by mxs.perenter.com with ASMTP; Sun, 23 Apr 2006 18:21:25 +0500
Message-ID: <BADD3922...@aol.com>
Date: Sun, 23 Apr 2006 18:17:32 +0500
From: "Serena" <bcollent...@aol.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:0.9.7) Gecko/20011221
X-Accept-Language: en-us
MIME-Version: 1.0
To: "Stephan" <valid...@skepticism.us>


Subject: Need medicine? All here!

Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 8bit

Suffering from pain, depression or heartburn? We'll help you!


All verified dr@gs collected at one LICENSED online store! Great choice of
wonderful meds to give you long-awaited relief! Operative support, fast
shipping, secure p@yment processing and complete confidentiality!

http://gjtlwr.hostprey.info/?76408018

The store is VERIFIED BY BBB and APPROVED BY VISA!

Marcus Aurelius

unread,
Apr 23, 2006, 3:00:21 PM4/23/06
to
This is a piece of spam that hit a spam trap of mine.

It has been forwarded to NANAS by an automated process.

X-ConnectingHost: 66.236.68.49
Received: from friend (66.236.68.49.ptr.us.xo.net [66.236.68.49])
by mail.munged (8.13.6/8.13.6) with ESMTP id k3NI********73
for <spamtrap@munged>; Sun, 23 Apr 2006 18:26:38 GMT
Message-ID: <000001c66703$81fc5b80$0100007f@your-86339eb2bf>
From: "Philip" <jo...@e-zone-defense.biz>
To: <spamtrap@munged>


Subject: Need medicine? All here!

Date: Sun, 23 Apr 2006 12:26:59 +0100


MIME-Version: 1.0
Content-Type: multipart/related;
type="multipart/alternative";

boundary="------------ms050902060502030201020208"


X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2180
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180

--------------ms050902060502030201020208
Content-Type: multipart/alternative;
boundary="------------ms080807040000050909050300"

--------------ms080807040000050909050300


Content-Type: text/plain;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable


--------------ms080807040000050909050300


Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">
<META content=3D"MSHTML 6.00.2900.2180" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>

<DIV><A href=3D"http://lpuffu.mirenick.net/?70485603"><IMG alt=3D"" hspace=3D0=20


src=3D"cid:000301c634d3$5e87f4f0$aa0fa8c0@sanya" align=3Dbaseline=20
border=3D0></A></DIV></BODY></HTML>

--------------ms080807040000050909050300--

--------------ms050902060502030201020208
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

This MIME part was stripped from the original message.

Original MIME type: image/jpeg
Original attachment filename: p.jpg

--------------ms050902060502030201020208--

0 new messages