Spamvert:
www.seapast.com => botnet
seapast.com Resolved to 221.165.74.218 to 78.106.18.120 to
78.106.37.153 to 78.106.54.103 to 78.106.194.30 to 79.164.234.192 to
85.233.61.104 to 88.134.185.93 to 89.173.132.57 to 89.208.0.42 to
90.151.101.25 to 93.81.69.76 to 93.81.84.21 to 122.122.11.181 to
123.202.189.143 to 123.203.16.5 to 221.127.1.243 to 221.127.20.193 to
221.127.110.138 to 221.127.174.217
ns.xinnetdns.com IP 210.51.170.66 => SBL63236 at cncgroup-bj
ns.xinnet.cn IP 210.51.171.209 => SBL63236 at cncgroup-bj
Title: European Pharmacy (aka Canadian Pharmacy)
stylesheet => css/canadian_pharmacy_2_style.css
WEB:
Å Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.
Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&
Plenty of Forged Certificates and logos as always.
More info below:
==================X-SID-PRA: Ifeanyi Hurley <Ifeanyi-
gret...@contractorsinsuranceagency.com>
X-Message-Info:
6sSXyD95QpWBDvsrLsc3ct8V1jgnnV5J9sI997A8Cy1jWi0ONwrxMd4d2uVA58gyKo4mWJKfuf3btRKu2V8JCA=Received: from tomts30-srv.bellnexxia.net ([209.226.175.104]) by bay0-
pamc1-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 16 Mar 2008 14:52:17 -0700
Received: from toip16.srvr.bell.ca ([67.69.240.18])
by toip44.srvr.bell.ca with ESMTP; 16 Mar 2008 17:52:11 -0400
Received: from [MUNGED]
by toip16.srvr.bell.ca with ESMTP; 16 Mar 2008 17:52:11 -0400
Received: (qmail 9756 invoked by uid 110); 16 Mar 2008 17:52:10 -0400
Delivered-To: [MUNGED]
Received: (qmail 9742 invoked from network); 16 Mar 2008 17:52:10
-0400
Received: from 121.247.125.232.static-hyderabad.vsnl.net.in (HELO ?
220.226.149.53?) (121.247.125.232)
by [MUNGED] with SMTP; 16 Mar 2008 17:52:10 -0400
Message-ID: <000e01c887b0$021fa000$3595e2dc@enterprise4>
From: "Ifeanyi Hurley" <Ifeanyi-
gret...@contractorsinsuranceagency.com>
To: [MUNGED]
Subject: gslocher
Date: Mon, 17 Mar 2008 03:22:19 +05-30
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--------=_NextPart_000_000A_01C887DE.1BD7DC00"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Return-Path: Ifeanyi-...@contractorsinsuranceagency.com
X-OriginalArrivalTime: 16 Mar 2008 21:52:18.0111 (UTC)
FILETIME=[010444F0:01C887B0]
----------=_NextPart_000_000A_01C887DE.1BD7DC00
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
You can treat all kinds of conditions due to hormone deficiency.
Make her tremble with passion!
----------=_NextPart_000_000A_01C887DE.1BD7DC00
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.3199" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT Arial size=3D2>You can treat all kinds of conditions due to
hormone=20
deficiency.</FONT></DIV>
<A href="http://seapast.com">Make her tremble with passion!</A></BODY></HTML>
----------=_NextPart_000_000A_01C887DE.1BD7DC00--
-- END OF SPAM --
See also European Pharmacy sightings:
http://groups.google.com/groups/search?q=%22European+Pharmacy%22+group%3A*abuse*&qt_s=Search
Identical spam as for collectwhole.com, planerise.com => All Botnet
OLD Listing:
SBL61248 - ROK4932 / SBL61418, SBL61896, SBL62483
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932
WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 888-9089, please, keep your order I.D.
every time you make a call
Å Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.
More spammer sightings:
http://groups.google.com/groups/search?q=%22September+70%25%22+group%3A*abuse&start=0&scoring=d&
See:
IP 121.247.125.232 121.247.125.232.static-hyderabad.vsnl.net.in
More mm.pl sightings:
http://groups.google.com/groups/search?q=mm.pl+group%3A*abuse*&qt_s=Search
http://moensted.dk/spam/?addr=121.247.125.232
Listed: 24 time(s)
inetnum: 121.240.0.0 - 121.247.255.255
netname: VSNL-IN
descr: Videsh Sanchar Nigam Ltd - India.
descr: Videsh Sanchar Bhawan, M.G. Road
descr: Fort, Bombay 400001
country: IN
person: IP Administrator
nic-hdl: IA15-AP
e-mail: ip.a...@vsnl.co.in
person: VSNL Tech
nic-hdl: VT43-AP
e-mail: ip....@vsnl.co.in
route: 121.246.0.0/15
descr: Pune GDC-VSNL Route Object
origin: AS4755
mnt-by: MAINT-VSNL-IN
changed: ip.a...@vsnl.co.in
route: 121.246.0.0/15
descr: Pune GDC Route Object
origin: AS4755
mnt-by: VSNL-MAINT-MCI
changed: gps...@giasbm01.vsnl.net.in
route: 121.240.0.0/13
descr: Route for VSNL
origin: AS4755
mnt-by: MAINT-VSNL-AP
changed: ip.a...@vsnl.co.in
AS Name: VSNL-AS Videsh Sanchar Nigam Ltd. Autonomous System
http://www.cidr-report.org/cgi-bin/as-report?as=4755
2 SBL listings for IPs under the responsibility of vsnl.net.in
http://www.spamhaus.org/sbl/listings.lasso?isp=vsnl.net.in
Spamvert:
www.seapast.com => botnet
seapast.com Resolved to 221.165.74.218 to 78.106.18.120 to
78.106.37.153 to 78.106.54.103 to 78.106.194.30 to 79.164.234.192 to
85.233.61.104 to 88.134.185.93 to 89.173.132.57 to 89.208.0.42 to
90.151.101.25 to 93.81.69.76 to 93.81.84.21 to 122.122.11.181 to
123.202.189.143 to 123.203.16.5 to 221.127.1.243 to 221.127.20.193 to
221.127.110.138 to 221.127.174.217
seapast.com has no MX records
ns.xinnetdns.com IP 210.51.170.66
ns.xinnet.cn IP 210.51.171.209
See IP rDNS on botnet:
221.165.74.218 no PTR at KORnet.net / kt.co.kr
78.106.18.120 = 78-106-18-120.broadband.corbina.ru
78.106.37.153 = 78-106-37-153.broadband.corbina.ru
78.106.54.103 = 78-106-54-103.broadband.corbina.ru
78.106.194.30 = 78-106-194-30.broadband.corbina.ru
79.164.234.192 = host-79-164-234-192.qwerty.ru
85.233.61.104 = 85.233.61.104.static.cablesurf.de
88.134.185.93 = 88-134-185-93-dynip.superkabel.de
89.173.132.57 = chello089173132057.chello.sk
89.208.0.42 no PTR at Digital Network JSC / di-net.ru / DINET-AS
90.151.101.25 no PTR at OJSC Uralsvyazinform / USI Uralsviazinform /
mfist.usi.ru
93.81.69.76 = 93-81-69-76.broadband.corbina.ru
93.81.84.21 = 93-81-84-21.broadband.corbina.ru
122.122.11.181 = 122-122-11-181.dynamic.hinet.net
123.202.189.143 = 123202189143.ctinets.com
123.203.16.5 = 123203016005.ctinets.com
221.127.1.243 no PTR at hgc.com.hk / HutchCity.com
221.127.20.193 no PTR at hgc.com.hk / HutchCity.com
221.127.110.138 no PTR at hgc.com.hk / HutchCity.com
221.127.174.217 no PTR at hgc.com.hk / HutchCity.com
Let see whois.paycenter.com.cn:
Domain Name: seapast.com
Registrant:
liu bin
hai kou
891000
Administrative Contact:
liubin
liu bin
hai kou
hai kou Beijing 891000
CN
tel: 898 1234567
fax: 898 1234567
cnclinp[]21cn.com
Technical Contact:
liubin
liu bin
hai kou
hai kou Beijing 891000
CN
tel: 1234567
fax: 1234567
cnc...@21cn.com
Billing Contact:
liubin
liu bin
hai kou
hai kou Beijing 891000
CN
tel: 1234567
fax: 1234567
cnc...@21cn.com
Registration Date: 2008-02-21
Update Date: 2008-02-25
Expiration Date: 2009-02-21
Primary DNS: ns.xinnetdns.com 210.51.170.66
Secondary DNS: ns.xinnet.cn 210.51.171.209
More seapast.com sightings:
http://groups.google.com/groups/search?q=seapast.com+group%3A*abuse*&qt_s=Search
SEE ALSO:
hostnames sharing ip with a-records
059149048223.ctinets.com
aboveslow.com
abovesouth.com
agoeven.com
alsoother.com
alsosave.com
anless.com
answerpart.com
balllong.com
bestpharmspattern.com
bestpillstick.com
boatnew.com
breakwere.com
camesaw.com
catwhat.com
characterusual.com
chiefdance.com
claimyes.com
clothedark.com
conditionread.com
continueus.com
drugsqualitydrive.com
drugsqualityuse.com
drugsqualityvisit.com
energyrail.com
feeddark.com
feethole.com
footsolve.com
forwardtheir.com
halffact.com
happencoast.com
howatom.com
howriver.com
joinelse.com
locatemeant.com
lostwhile.com
loversdrugssign.com
loverspillsscale.com
loverspillweek.com
lowchick.com
magnetwas.com
meds-oneonline.com
meds28.com
meds37.com
meds39.com
meds40.com
medsnewart.com
medstoo.com
mightinch.com
moresection.com
ninebeat.com
noseapple.com
offar.com
oforder.com
ohread.com
oncecondition.com
online-edmeds.com
online-epills.com
onlinedrugsset.com
onlinemedtoward.com
originalrange.com
patternresult.com
pickperson.com
pillloversfather.com
planetmile.com
plazadrugme.com
poemfinal.com
preparepeople.com
processcook.com
qualitydrugleave.com
qualitypharmbetter.com
railnoun.com
ranleg.com
rollspeak.com
sailjoin.com
samegreen.com
sandwhat.com
savesentence.com
sectionsuit.com
serveago.com
sheetcoat.com
shoutmiss.com
sitemedicalgood.com
sitepillscan.com
sixclimb.com
sizesymbol.com
sleepsize.com
southrather.com
systemcrop.com
teachclimb.com
thereseason.com
thoughtnear.com
topdrugscatch.com
topdrugsyard.com
toppharmsfollow.com
toucharrive.com
treequart.com
uplone.com
verybroad.com
werefield.com
wholebusy.com
whyallow.com
domains sharing nameservers
aaiechange.com
actwill.com
atnevez.com
avotecs.com
beenliquid.com
beklom.com
blucpan.com
bonilt.com
breadbaby.com
byche.com
choosedo.com
collectwhole.com
cosamryl.com
doupsto.com
dwointa.com
eyetoear.com
famtriz.com
fedusk.com
flaxoig.com
fomtacap.com
fourblack.com
gotvab.com
growfell.com
guptane.com
istupee.com
kazinr.com
ladylate.com
lainwad.com
lernak.com
locurt.com
lometr.com
lugfeat.com
maianor.com
mainfrom.com
merzut.com
micald.com
miplor.com
moonshort.com
moreplane.com
nameedns.com
nightarrange.com
nolidv.com
nuembrop.com
ofbelieve.com
opicer.com
osterk.com
petork.com
pitebl.com
planerise.com
plogat.com
pumedr.com
raclange.com
rangorp.com
refilp.com
replythey.com
saiegfol.com
sammossguitars.com
sednip.com
shaesol.com
simepa.com
smeriv.com
softsiteprovide.com
soilear.com
soonend.com
sorexan.com
srelom.com
staget.com
steamrun.com
swaneyt.com
swimlet.com
syllabledescribe.com
symatod.com
takinov.com
tendollartech.com
tookjob.com
toutofy.com
tsawlon.com
tunecvim.com
varilo.com
vaseld.com
vokelp.com
wildnumeral.com
willwoman.com
windowit.com
See cnc...@21cn.com sightings:
http://groups.google.com/groups/search?q=%22cnclinp%4021cn.com%22+group%3A*abuse*&qt_s=Search
See:
ns.xinnetdns.com IP 210.51.170.66
http://moensted.dk/spam/?addr=210.51.170.66
http://www.spamhaus.org/query/bl?ip=210.51.170.66
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63236
210.51.160.0/20 is listed on the Spamhaus Block List (SBL)
10-Mar-2008 21:51 GMT | SR02
flowexpo and other bulletproof hosting (escalation)
More than 170 total SBL listings in this /16
inetnum: 210.51.160.0 - 210.51.175.255
netname: CNC-BJ-IDC2
country: CN
descr: Beijing YiZhuang IDC of China Netcom
admin-c: CH140-AP
tech-c: TJ35-AP
status: ALLOCATED NON-PORTABLE
changed: cnci...@china-netcom.com
role: CNCIDC hostmaster
address: No.1,Beihuan Donglu,BDA,Beijing,China
country: CN
phone: +8610 6787 5599
fax-no: +8610 6787 8624
e-mail: cnci...@china-netcom.com
trouble: tech-...@china-netcom.com
person: Tao Jiang
nic-hdl: TJ35-AP
e-mail: bjidc-...@cnc.cn
changed: jian...@cnc.cn
changed: zha...@china-netcom.com
mntner: MAINT-CN-BJIDC
upd-to: bjidc-...@china-netcom.com
route: 210.51.0.0/16
descr: CHINA NETCOM
origin: AS9929
mnt-by: MAINT-AS9929
changed: xu...@china-netcom.com
route: 210.51.0.0/16
descr: CNC Group CncNet
country: CN
origin: AS9929
mnt-by: MAINT-CNCGROUP-RR
changed: ab...@cnc-noc.net
route: 210.51.0.0/16
descr: CNC Route Object
origin: AS9929
member-of: rs-Secondary
mnt-by: CHINANETCOM-MNT
changed: liu...@china-netcom.com
AS Name: CNCNET-CN China Netcom Corp.
http://www.cidr-report.org/cgi-bin/as-report?as=9929
14 SBL/ROKSO listings for IPs under the responsibility of cncgroup-bj
http://www.spamhaus.org/sbl/listings.lasso?isp=cncgroup-bj
So Much More xinnetdns.com sightings:
http://groups.google.com/groups/search?q=xinnetdns.com+group%3A*abuse*&qt_s=Search
See:
ns.xinnet.cn IP 210.51.171.209
http://moensted.dk/spam/?addr=210.51.171.209
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63236
So Much More xinnet.cn sightings:
http://groups.google.com/groups/search?q=xinnet.cn+group%3A*abuse*&qt_s=Search
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/2b0027b4070a07cf
And:
http://groups.google.com/group/news.admin.net-abuse.email/msg/6c15c2b98d46bd38
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/6511468da34ed4f0
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/dec4c60efb5f131a
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/