Spamvert:
www.keanwebsolutions.com IP 121.31.56.9
(SBL50962 - SBL51346 - SBL54114) (at CNCGROUP-GX)
mail.keanwebsolutions.com IP 66.235.192.123
(ns1.ipowerdns.com / ipowerweb.com)
degjbfmchk.jiggerrox.com IP 222.161.21.110
(SBL52130) (at cncgroup-jl)
mail.jiggerrox.com IP 124.24.107.10
(at InfoWeb / nifty.ad.jp / nifty.com)
Yambo Image Hosting at:
http://217.6.21.195:8080/e/ch/images/aw_fda.gif
IP 217.6.21.195
(SBL54002) (at dtag.de / geocontent.de)
daserukanfunjinbas.com => botnet
Resolved to 24.86.140.120 to 24.91.45.70 to 68.49.191.162 to
69.226.33.102 to 70.134.110.157 to 71.142.68.194 to 71.227.165.54 to
75.34.26.172 to 208.102.255.207 to 216.165.41.28
www.daserukanfunjinbas.com => Resolved to 24.14.179.22 to
24.86.140.120 to 24.116.234.42 to 69.226.33.102 to 71.85.146.9 to
71.227.165.54 to 75.0.97.16 to 75.25.31.214 to 75.32.107.110 to
208.102.255.207
www.ftalink.com IP 64.202.163.190
(at godaddy.com / secureserver.net)
www.owenjackson.com IP 67.19.29.250
www.klaymusic.com IP 69.41.238.66
(both at studentwebhosting.net / webservercity.com / ThePlanet.com)
www.agencywhite.com IP N/A
(at ns1.gulfcoastinternetservice.com)
www.hireup.com IP 208.101.17.36
(at ns1.fasthost.com / host.org / softlayer.com)
www.rxpills5.com IP N/A
(at ns.daseruikiontungandesun.com / ns.waseruntionkinyungands.com)
www.asian-escort.org => still at IP 216.131.96.206
(at reliablehosting.com => Suspended)
Spamvert E-mail:
B[]email.b.com
More Premier Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Premier+Pharmacy%22+group%3A*abuse&start=0&scoring=d&
Plenty of Forged Certificates and logos as always.
More info below:
====================
X-SID-PRA: [MUNGED]
X-Message-Info: txF49lGdW42A3tHg+/
K50tWwBqkfTry0iLIrilPTgzLhI8yktV4Q0sKerGqbNCgp
Received: from tomts19-srv.bellnexxia.net ([209.226.175.73]) by bay0-
pamc1-f10.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Tue, 15 May 2007 12:21:14 -0700
Received: from [MUNGED]
by toip19.srvr.bell.ca with ESMTP; 15 May 2007 15:21:05 -0400
Received: (qmail 7711 invoked by uid 110); 15 May 2007 15:21:05 -0400
Delivered-To: [MUNGED]
Received: (qmail 7661 invoked from network); 15 May 2007 15:21:04
-0400
Received: from kiel-4db25bf1.pool.einsundeins.de (77.178.91.241)
by [MUNGED] with SMTP; 15 May 2007 15:21:04 -0400
Received: (qmail 8182 by uid 884); Tue, 15 May 2007 09:21:05 +0100
Message-Id:
<200705151021...@kiel-4db25bf1.pool.einsundeins.de>
To: <[MUNGED]>
Subject: Ticket number : 39110683673621
From: <[MUNGED]>
Mime-Version: 1.0
Content-Type: text/html
Date: Tue, 15 May 2007 15:21:13 -0400
Return-Path: stu...@andybatt.com
X-OriginalArrivalTime: 15 May 2007 19:21:14.0315 (UTC)
FILETIME=[342B41B0:01C79726]
<XXHTMLXX><HEAD><TITLE>Bose Newsletter -- May 2007</TITLE>
<XXMETAXX></HEAD>
<XXBODYXX>
<XXSTYLEXX>
<CENTER><!-- header -->
<TABLE cellSpacing=0 cellPadding=0 width=572 border=0>
<TBODY>
<TR>
<TD style="PADDING-LEFT: 0px; FONT-SIZE: 11px; PADDING-BOTTOM: 10px;
COLOR: #a7a6a6; PADDING-TOP: 10px; FONT-FAMILY: arial"
align=left>Can't view this email? <a target="_blank" class=header
href="http://www.asian-escort.org/images/index.htm">See it online</A>.
</TD>
</TR>
</TBODY></TABLE><!-- end header --><!-- main table -->
<TABLE cellSpacing=0 cellPadding=0 width=580 bgColor=#ffffff border=0>
<TBODY>
<TR>
<TD width=580><!-- top nav -->
<TABLE cellSpacing=0 cellPadding=0 width=580 border=0 ;>
<TBODY>
<TR>
<TD colSpan=5><a target="_blank" href="http://www.klaymusic.com/images/
index.htm"><img src="http://www.klaymusic.com/images/i.gif"
border="0"></A></TD>
<TD width=7 background=http://products.bose.com/static/newsletter/
images/shared/extension.gif rowSpan=2><IMG height=5 src="http://
products.bose.com/static/email/images/shared_assets/spacer.gif"
width=7></TD>
</TR>
<TR>
<TD><a target="_blank" href="http://www.hireup.com/images/
index.htm"><IMG height=23 alt="Shop Online" src="http://
products.bose.com/static/newsletter/images/shared/nav_shop.gif"
width=102 border=0></A></TD>
<TD><a target="_blank" href="http://email.bose.com/cgi-bin24/DM/y/
ndxX0Pa5Vb0Jf50BJtz0Ee&src=EM213173&dartsourceid=EM213173"></A></TD>
<TD><a target="_blank" href="http://www.klaymusic.com/images/
index.htm"><IMG height=23 alt="Customer Service" src="http://
products.bose.com/static/newsletter/images/shared/nav_service.gif"
width=134 border=0></A></TD>
<TD><a target="_blank" href="http://www.agencywhite.com/images/
index.htm"><IMG height=23 alt=Subscribe src="http://products.bose.com/
static/newsletter/images/shared/nav_subscribe.gif" width=97 border=0></
A></TD>
<TD> </TD>
</TR>
</TBODY></TABLE><!-- end top nav --></TD>
</TR>
<TR>
<TD vAlign=top width=580><!-- content table -->
<TABLE cellSpacing=0 cellPadding=0 width=580 bgColor=#ffffff border=0>
<TBODY>
<TR>
<TD vAlign=top width=401 rowSpan=4><!-- left segment -->
<TABLE cellSpacing=0 cellPadding=0 width=401 border=0>
<TBODY>
<TR>
<TD width=401><a href="http://www.keanwebsolutions.com/images/
index.htm"><IMG src="http://products.bose.com/static/newsletter/images/
05_07_newsletter/deck_scene.jpg" alt="Deck scene" width=400 height=266
border="0"></a></TD>
</TR>
<TR>
<TD background=http://products.bose.com/static/newsletter/images/
05_07_newsletter/article_bg.jpg><IMG height=34 alt="Music in the Air"
src="http://products.bose.com/static/newsletter/images/
05_07_newsletter/music.gif" width=400><BR>
<DIV style="PADDING-RIGHT: 30px; PADDING-LEFT: 32px; FONT-SIZE: 11px;
PADDING-BOTTOM: 18px; COLOR: #ffffff; LINE-HEIGHT: 17px; PADDING-TOP:
15px; FONT-FAMILY: Georgia, Times New Roman, Times, serif; TEXT-ALIGN:
left">We're expanding the boundaries of our homes into "outdoor rooms"
furnished with indoor comforts. All we need is music. Discover how
outdoor speakers can add lasting pleasure to backyard living.<BR>
<a target="_blank" class=cover_link href="http://
www.keanwebsolutions.com/images/index.htm"><FONT color=#ffffff>Full
story</FONT></A> »</DIV></TD>
</TR>
</TBODY></TABLE><!-- end left segment --></TD>
<!-- right nav -->
<TD width=172><a href="http://www.owenjackson.com/images/
index.htm"><IMG height=30 alt="Automotive news" src="http://
products.bose.com/static/newsletter/images/05_07_newsletter/
auto_news.gif" width=172 border=0></a></A></TD>
<TD vAlign=top width=7 background=http://products.bose.com/static/
newsletter/images/shared/extension.gif rowSpan=5><IMG height=5
src="http://products.bose.com/static/email/images/shared_assets/
spacer.gif" width=7></TD>
</TR>
<TR>
<TD vAlign=top><a href="http://www.owenjackson.com/images/
index.htm"><IMG height=93 alt=Automobile src="http://products.bose.com/
static/newsletter/images/05_07_newsletter/auto.jpg" width=172
border=0></a></A><BR>
<DIV style="PADDING-RIGHT: 10px; PADDING-LEFT: 12px; FONT-SIZE: 11px;
COLOR: #333333; LINE-HEIGHT: 13px; FONT-FAMILY: Georgia, Times New
Roman, Times, serif; TEXT-ALIGN: left">1982: redefines automotive
audio. <BR>
<IMG height=5 src="http://products.bose.com/static/email/images/
shared_assets/spacer.gif" width=1><BR>
2007: A major auto maker recognizes in a whole new way.<BR>
<BR>
Learn more</A> »<BR>
<IMG height=1 src="http://products.bose.com/static/email/images/
shared_assets/spacer.gif" width=1></DIV></TD>
</TR>
<TR>
<TD vAlign=top width=172><IMG height=5 src="http://products.bose.com/
static/newsletter/images/shared/dot.gif" width=172><BR> <a
href="http://www.agencywhite.com/images/index.htm"><IMG height=33
alt="For recent grads" src="http://products.bose.com/static/newsletter/
images/05_07_newsletter/recent_grads.gif" width=172 border=0></a></A></
TD>
</TR>
<TR vAlign=top>
<TD>
<DIV style="PADDING-RIGHT: 5px; PADDING-LEFT: 12px; FONT-SIZE: 11px;
COLOR: #333333; LINE-HEIGHT: 13px; FONT-FAMILY: Georgia, Times New
Roman, Times, serif; TEXT-ALIGN: left">Looking for a career of
innovation and challenge? We're seeking college graduates to join our
dedication to excellence.<BR>
<BR>
See Careers @ </A> »</DIV>
<P> </P></TD>
</TR>
<TR>
<TD vAlign=top colSpan=2><!-- featured product -->
<!-- end featured product --></TD>
</TR>
</TBODY></TABLE><!-- end content table --><!-- bottom shadow -->
<TABLE cellSpacing=0 cellPadding=0 width=580 border=0>
<TBODY>
<TR>
<TD width=8><IMG height=10 src="http://products.bose.com/static/
newsletter/images/shared/left_corner.gif" width=8></TD>
<TD width=565 background=http://products.bose.com/static/newsletter/
images/shared/edge.gif></TD>
<TD width=7><IMG height=10 src="http://products.bose.com/static/
newsletter/images/shared/right_corner.gif" width=7></TD>
</TR>
</TBODY></TABLE><!-- end bottom shadow --></TD>
</TR>
</TBODY></TABLE><!-- end main table --><!-- footer -->
<TABLE cellSpacing=0 cellPadding=0 width=580 border=0>
<TBODY>
<TR>
<TD background=http://products.bose.com/static/email/images/
shared_assets/dot.gif><IMG height=3 src="http://products.bose.com/
static/email/images/shared_assets/spacer.gif" width=4></TD>
</TR>
<TR>
<TD><!-- shop 3 ways -->
<!-- end shop 3 ways --></TD>
</TR>
<TR>
<TD background=http://products.bose.com/static/email/images/
shared_assets/dot.gif><IMG height=3 src="http://products.bose.com/
static/email/images/shared_assets/spacer.gif" width=4></TD>
</TR>
<!-- subscribe and send to a friend -->
<TR>
<TD style="PADDING-RIGHT: 3px; PADDING-LEFT: 3px; FONT-SIZE: 11px;
PADDING-BOTTOM: 6px; COLOR: #666666; PADDING-TOP: 6px; FONT-FAMILY:
arial; TEXT-ALIGN: left"><a target="_blank" href="http://
email.bose.com/cgi-bin24/DM/y/
ndxX0Pa5Vb0Jf50BJt20ES&src=EM213173&dartsourceid=EM213173"></A> <a
target="_blank" href="http://email.bose.com/cgi-bin24/DM/y/
ndxX0Pa5Vb0Jf50BSbw0ES&src=EM213173&dartsourceid=EM213173"></A></TD>
</TR>
<TR>
<TD background=http://products.bose.com/static/email/images/
shared_assets/dot.gif><IMG height=3 src="http://products.bose.com/
static/email/images/shared_assets/spacer.gif" width=4></TD>
</TR>
<TR>
<TD>
<DIV style="PADDING-RIGHT: 6px; PADDING-LEFT: 6px; FONT-SIZE: 11px;
PADDING-BOTTOM: 6px; COLOR: #666666; PADDING-TOP: 3px; FONT-FAMILY:
arial; TEXT-ALIGN: left"><a target="_blank" class=footer href="http://
www.owenjackson.com/images/index.htm">Update email address</A> | <a
target="_blank" class=footer href="http://www.asian-escort.org/images/
index.htm">Unsubscribe</A> | <a target="_blank" class=footer
href="http://www.ftalink.com/images/index.htm">Privacy policy</A></
DIV></TD>
</TR>
<TR>
<TD background=http://products.bose.com/static/email/images/
shared_assets/dot.gif><IMG height=3 src="http://products.bose.com/
static/email/images/shared_assets/spacer.gif" width=4></TD>
</TR>
<TR>
<TD><!-- add to address book -->
<TABLE cellSpacing=0 cellPadding=8 width=580 border=0>
<TBODY>
<TR>
<TD style="PADDING-RIGHT: 6px; PADDING-LEFT: 6px; FONT-SIZE: 11px;
COLOR: #666666; PADDING-TOP: 3px; FONT-FAMILY: arial; TEXT-ALIGN:
left"><a target="_blank" href="http://email.bose.com/cgi-bin24/DM/y/
ndxX0Pa5Vb0Jf50BQUk0Ez&src=EM213173&dartsourceid=EM213173"><IMG
height=25 alt="Add address" src="http://products.bose.com/static/email/
images/shared_assets/address.gif" width=29 align=absMiddle border=0></
A></TD>
<TD style="PADDING-RIGHT: 6px; PADDING-LEFT: 6px; FONT-SIZE: 11px;
COLOR: #666666; PADDING-TOP: 3px; FONT-FAMILY: arial; TEXT-ALIGN:
left">To ensure you receive our emails, please add
<STRONG>B...@email.b.com</STRONG> to your address book. <a
target="_blank" class=footer href="http://www.ftalink.com/images/
index.htm">Click here</A> for instructions.</TD>
</TR>
</TBODY></TABLE><!-- end add to address book --></TD>
</TR>
<TR>
<TD>
<DIV style="PADDING-RIGHT: 6px; PADDING-LEFT: 6px; FONT-SIZE: 11px;
COLOR: #666666; PADDING-TOP: 3px; FONT-FAMILY: arial; TEXT-ALIGN:
left">You are subscribed to receive B emails as [MUNGED]. To
unsubscribe or update your email address, please <a target="_blank"
class=footer href="http://www.keanwebsolutions.com/images/
index.htm">click here</A>. If you are unable to use the link
provided.<BR>
<BR>
For customer service and all other inquiries.<BR>
<BR>
<BR>
<BR>
</DIV></TD>
</TR>
</TBODY></TABLE><!-- end footer --></CENTER><XXBODYXX>
<IMG SRC="http://email.bose.com/cgi-bin24/flosensing?
z=[MUNGED]"><XXHTMLXX>
-- END OF SPAM --
See More B[]email.b.com sightings:
http://groups.google.com/groups/search?q=%22B%40email.b.com%22+group%3A*abuse&start=0&scoring=d&
And More www.bose.com and Yambo sightings:
http://groups.google.com/groups/search?q=bose.com+group%3A*abuse&start=0&scoring=d&
See:
IP 77.178.91.241 kiel-4db25bf1.pool.einsundeins.de
http://www.moensted.dk/spam/?addr=77.178.91.241
http://www.spamhaus.org/query/bl?ip=77.178.91.241
http://www.spamhaus.org/pbl/query/PBL115050
http://cbl.abuseat.org/lookup.cgi?ip=77.178.91.241
http://spamcop.net/w3m?action=checkblock&ip=77.178.91.241
inetnum: 77.178.0.0 - 77.178.255.255
netname: ONEANDONE-DSL
descr: 1&1 Internet AG
descr: NCC#2006071591
country: DE
role: Schlund NCC
address: Schlund + Partner AG
abuse[]sofianet.net islisted in rfc-ignorant.org database
route: 77.178.0.0/15
descr: 1&1 Internet AG
remarks: netname: DE-1AND1-20061117
origin: AS6805
mnt-by: MDA-Z
changed: i...@telefonica.de
Prefix: 77.176.0.0/13
Prefix Name: 1&1 Internet AG
AS: 6805
AS Name: TDDE ASN1 Telefonica Deutschland Autonomous System Telefonica
Deutschland GmbH Hulshorstweg 30, 33415 Verl, Germany
http://www.cidr-report.org/cgi-bin/as-report?as=6805
8 SBL listings for IPs under the responsibility of schlund.de
http://www.spamhaus.org/sbl/listings.lasso?isp=schlund.de
1 SBL listings for IPs under the responsibility of 1and1.com
http://www.spamhaus.org/sbl/listings.lasso?isp=1and1.com
1 SBL listings for IPs under the responsibility of
http://www.spamhaus.org/sbl/listings.lasso?isp=
Spamvert URL:
http://www.keanwebsolutions.com/images/index.htm
Redirected to:
http://daserukanfunjinbas.com/?a=818-10532
And Again Redirected to:
http://daserukanfunjinbas.com/welcome.php?sid=210a5953275f3d65c48cca2a0c6e6ab2
See:
www.keanwebsolutions.com IP 121.31.56.9
ns1.ipowerdns.com [66.235.217.202] [TTL=172800] [US]
ns1.ipowerweb.net [64.70.61.130] [TTL=172800] [US]
NS records at your nameservers are:
ns2.ipowerdns.com [64.70.61.131] [TTL=3600]
ns1.ipowerweb.net [64.70.61.130] [TTL=3600]
ns1.ipowerdns.com [66.235.217.202] [TTL=3600]
ns2.ipowerweb.net [66.235.217.200] [TTL=3600]
SOA record [TTL=3600] is:
Primary nameserver: ns1.ipowerweb.net
Hostmaster E-mail address: hostm...@ipowerweb.net
Serial #: 2003120900
1 MX record is:
10 mail.keanwebsolutions.com [TTL=3600] IP=66.235.192.123 [TTL=3600]
[US]
123.192.235.66.in-addr.arpa host127.ipowerweb.com [TTL=3600]
http://www.moensted.dk/spam/?addr=121.31.56.9
http://www.spamhaus.org/query/bl?ip=121.31.56.9
inetnum: 121.31.0.0 - 121.31.255.255
netname: CNCGROUP-GX
descr: CNC Group Guangxi province network
descr: China Network Communications Group Corporation
e-mail: ab...@cnc-noc.net => ???
bogusmx, whois, postmaster and abuse[]cnc-noc.net are listed in rfc-
ignorant.org database
route: 121.31.0.0/16
descr: CNC Group CHINA169 Guangxi Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
http://www.cidr-report.org/cgi-bin/as-report?as=4837
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL50962
121.31.0.0/17 is listed on the Spamhaus Block List (SBL)
08-May-2007 22:03 GMT | SR04
CNC Group Guangxi province network spammer hosting
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL51346
121.31.32.0/19 is listed on the Spamhaus Block List (SBL)
05-May-2007 13:32 GMT | SR04
Spammer hosting (escalation)
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL54114
121.31.56.0/24 is listed on the Spamhaus Block List (SBL)
02-May-2007 01:45 GMT | SR04
Dirty block Months of spammer hosting (escalation)
5 SBL listings for IPs under the responsibility of cncgroup-gx
http://www.spamhaus.org/sbl/listings.lasso?isp=cncgroup-gx
See:
mail.keanwebsolutions.com [TTL=3600] IP=66.235.192.123
http://www.moensted.dk/spam/?addr=66.235.192.123
66.235.192.123 = host127.ipowerweb.com
OrgName: iPowerWeb, Inc.
OrgID: IPOWE
NetRange: 66.235.192.0 - 66.235.223.255
CIDR: 66.235.192.0/19
NetName: IPOWERWEB-NET
NetHandle: NET-66-235-192-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation
abuse[]ipowerweb.com is listed in rfc-ignorant.org database
dsn, postmaster and abuse[]ipowerdns.com are listed in rfc-
ignorant.org database
route: 66.235.192.0/24
descr: Ipowerweb, Inc
origin: AS30380
mnt-by: MAINT-AS30380
changed: neta...@ipowerweb.com
IP: 66.235.192.123
Reverse: host127.ipowerweb.com
Aliases: www.baddude.com
Prefix: 66.235.192.0/24
Prefix Name: error
AS: 30380
AS Name: -No Whois Entry-
http://www.cidr-report.org/cgi-bin/as-report?as=30380
2 SBL listings for IPs under the responsibility of ipowerweb.com
http://www.spamhaus.org/sbl/listings.lasso?isp=ipowerweb.com
Let see whois:
Registrant:
Kean Solutions
1051 Wild Dunes Way
Duluth, GA 30097
US
Domain name: KEANWEBSOLUTIONS.COM
Administrative Contact:
Hsu, Kai k...@hip-ventures.com
1051 Wild Dunes Way
Duluth, GA 30097
US
4044225844 Fax: 000-000-0000
Technical Contact:
Manager, Domain hostm...@ipowerweb.com
2800 28th Street Suite 205
Santa Monica, California 90405
US
+1.8885114678 Fax: +1.3103141610
Registration Service Provider:
iPowerWeb, hostm...@ipowerweb.com
888 511 4678
602-307-5438 (fax)
http://IPOWER.com
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.
Registrar of Record: TUCOWS, INC.
Record last updated on 09-Dec-2006.
Record expires on 09-Dec-2007.
Record created on 09-Dec-2003.
Domain servers in listed order:
NS1.IPOWERDNS.COM
NS1.IPOWERWEB.NET
hip-ventures.com has no whois record
More keanwebsolutions.com sightings:
http://groups.google.com/groups/search?q=keanwebsolutions.com+group%3A*abuse&qt_s=Search
See:
daserukanfunjinbas.com IP 69.226.33.102 => botnet
See from HTML source code:
=> javascript => function bookmark points to:
http://www.rxpills5.com/
Also:
daserukanfunjinbas.com => Resolved to 24.86.140.120 to 24.91.45.70 to
68.49.191.162 to 69.226.33.102 to 70.134.110.157 to 71.142.68.194 to
71.227.165.54 to 75.34.26.172 to 208.102.255.207 to 216.165.41.28
www.daserukanfunjinbas.com => Resolved to 24.14.179.22 to
24.86.140.120 to 24.116.234.42 to 69.226.33.102 to 71.85.146.9 to
71.227.165.54 to 75.0.97.16 to 75.25.31.214 to 75.32.107.110 to
208.102.255.207
www.daserukanfunjinbas.com has no MX records -> daserukanfunjinbas.com
has no MX records
http://www.spamhaus.org/query/bl?ip=216.165.41.28
http://cbl.abuseat.org/lookup.cgi?ip=216.165.41.28
Let see botnet IP addresses:
24.14.179.22 = c-24-14-179-22.hsd1.il.comcast.net
24.116.234.42 = 24-116-234-42.cpe.cableone.net
71.85.146.9 = 71-85-146-9.dhcp.stls.mo.charter.com
75.0.97.16 = adsl-75-0-97-16.dsl.snantx.sbcglobal.net
75.25.31.214 = adsl-75-25-31-214.dsl.irvnca.sbcglobal.net
75.32.107.110 = adsl-75-32-107-110.dsl.irvnca.sbcglobal.net
And:
24.86.140.120 = s01060011d8ef2e19.vs.shawcable.net
24.91.45.70 = c-24-91-45-70.hsd1.nh.comcast.net
68.49.191.162 = c-68-49-191-162.hsd1.md.comcast.net
69.226.33.102 = adsl-69-226-33-102.dsl.irvnca.pacbell.net
70.134.110.157 = NO PTR at SBC Internet Services
71.142.68.194 = adsl-71-142-68-194.dsl.pltn13.pacbell.net
71.227.165.54 = c-71-227-165-54.hsd1.wa.comcast.net
75.34.26.172 = adsl-75-34-26-172.dsl.chcgil.sbcglobal.net
208.102.255.207 = ws1-dsl-208-102-255-207.fuse.net
216.165.41.28 = 216-165-41-28.dynapool.nyu.edu
Let see whois:
Domain Name.......... daserukanfunjinbas.com
Creation Date........ 2007-01-13 17:36:25
Registration Date.... 2007-01-13 17:36:25
Expiry Date.......... 2008-01-13 17:36:25
Organisation Name.... he keai
Organisation Address. 18 erxiangjie beijing
Organisation Address.
Organisation Address. bei jing
Organisation Address. 165892
Organisation Address. BJ
Organisation Address. CN
Organisation Email... hekeai[]163.com
Admin Name........... he keai
Admin Address........ 18 erxiangjie beijing
Admin Address........
Admin Address........ bei jing
Admin Address........ 165892
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... hek...@163.com
Admin Phone.......... +86.1062512874
Admin Fax............ +86.1062589125
Tech Name............ he wenjie
Tech Address......... 706,huanandianli building,shennanzhong rd
Tech Address.........
Tech Address......... Shenzhen
Tech Address......... 518031
Tech Address......... GD
Tech Address......... CN
Tech Email........... admins...@126.com
Tech Phone........... +86.75561280100
Tech Fax............. +86.75561280100
Bill Name............ he wenjie
Bill Address......... 706,huanandianli building,shennanzhong rd
Bill Address.........
Bill Address......... Shenzhen
Bill Address......... 518031
Bill Address......... GD
Bill Address......... CN
Bill Email........... admins...@126.com
Bill Phone........... +86.75561280100
Bill Fax............. +86.75561280100
Name Server.......... ns0.puntunhdefunterun.com
Name Server.......... ns0.pumationdesun.com
Name Server.......... ns0.ptrinmasedinca.com
Name Server.......... ns0.priokoliondedsa.com
More daserukanfunjinbas.com sightings:
http://groups.google.com/groups/search?q=daserukanfunjinbas.com+group%3A*abuse&qt_s=Search
Spamvert URL:
http://www.asian-escort.org/images/index.htm
This Account Has Been Suspended:
http://ds171.reliablehosting.com/suspended.page/
Was Redirected to:
http://degjbfmchk.jiggerrox.com/e/?ailchkxowsrydegjzchcmbfm
Copyright © 2001-2007 Canadian Health&Care Mall. All rights reserved.
See:
www.asian-escort.org IP 216.131.96.206
ns1.oakweb.com [216.131.94.5 (NO GLUE)] [US]
ns1.california.net [216.131.95.20 (NO GLUE)] [US]
SOA record [TTL=14400] is:
Primary nameserver: ns1.california.net
Hostmaster E-mail address: servicemonitor.reliablehosting.com
Serial #: 2005012701
1 MX record is:
0 asian-escort.org [TTL=14400] IP=216.131.96.206 [TTL=14400] [US]
http://www.moensted.dk/spam/?addr=216.131.96.206
216.131.96.206 = ds171.reliablehosting.com
OrgName: Black Oak Computers
OrgID: BOAK
NetRange: 216.131.64.0 - 216.131.127.255
CIDR: 216.131.64.0/18
NetName: RBLHST
NetHandle: NET-216-131-64-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation
route: 216.131.96.0/19
descr: ReliableHosting
origin: AS22781
mnt-by: MAINT-RBLHST
Prefix: 216.131.96.0/19
Prefix Name: ReliableHosting
AS: 22781
AS Name: RBLHST ReliableHosting
http://www.cidr-report.org/cgi-bin/as-report?as=22781
2 SBL listings for IPs under the responsibility of reliablehosting.com
http://www.spamhaus.org/sbl/listings.lasso?isp=reliablehosting.com
See:
degjbfmchk.jiggerrox.com IP 222.161.21.110
ns1.harborpurp.net [83.15.82.74] [TTL=172800] [PL]
ns1.topfamishment.com [83.15.82.74] [TTL=172800] [PL]
ns2.wholetralrx.com [200.215.102.156] [TTL=172800] [BR]
NS records at nameservers are:
ns1.jiggerrox.com [222.161.21.110] [TTL=600]
ns2.jiggerrox.com [222.161.21.110] [TTL=600]
ns3.jiggerrox.com [124.24.107.10] [TTL=600]
SOA record [TTL=600] is:
Primary nameserver: jiggerrox.com
Hostmaster E-mail address: ad...@jiggerrox.com
Serial #: 2005000000
1 MX record is:
10 mail.jiggerrox.com [TTL=600] IP=124.24.107.10 [TTL=600] [JP]
degjbfmchk.jiggerrox.com has no MX records -> [jiggerrox.com has 1 MX
record mail.jiggerrox.com (10)]
http://www.moensted.dk/spam/?addr=222.161.21.110
http://www.spamhaus.org/query/bl?ip=222.161.21.110
http://www.spamhaus.org/pbl/query/PBL112295
inetnum: 222.161.21.108 - 222.161.21.111
netname: CC-JINFENGHUANG-NETBAR
country: CN
descr: CHANGCHUN CITY,JINFENGHUANG NETBAR,
descr: NO.1881 FUZHI ROAD,JILIN PROVINCE,CHINA
person: li jihong
nic-hdl: JL2441-AP
e-mail: jhl...@mail.jl.cn
route: 222.160.0.0/15
descr: CNC Group Jilin Network
descr: CNC Group CHINA169 Jilin Province Network
origin: AS4837
mnt-by: MAINT-AS4837
changed: I...@cnc-noc.net
http://www.cidr-report.org/cgi-bin/as-report?as=4837
And:
9 hosts sharing IP 222.161.21.110
abrubjoy.com
abrubjoy.info
checkmart.hk
lanatefood.com
ns2.triiks.hk
richkeep.com
spam.abrubjoy.info
stersensorial.com
www.triiks.hk
nameserver for 5 domains on the same IP
abrubjoy.com*
abrubjoy.info*
branndle.hk*
checkmart.hk*
richkeep.com*
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL52130
222.161.21.110/32 is listed on the Spamhaus Block List (SBL/ROKSO)
08-Mar-2007 22:48 GMT | SR20
Yambo Financials.
Yambo botnet webhosts/nameservers
6 SBL/ROKSO listings for IPs under the responsibility of cncgroup-jl
http://www.spamhaus.org/sbl/listings.lasso?isp=cncgroup-jl
See:
mail.jiggerrox.com IP 124.24.107.10
http://www.moensted.dk/spam/?addr=124.24.107.10
124.24.107.10 = u7c186b0a.sec.ppp.nifty.com
inetnum: 124.24.0.0 - 124.27.255.255
netname: InfoWeb
descr: FUJITSU LIMITED
descr: 17-25, SHINKAMATA 1-CHOME, OTA-KU,
descr: TOKYO 144-8588, JAPAN
country: JP
remarks: for spam or abuse: ab...@web.ad.jp => ???
abuse[]web.ad.jp is listed in rfc-ignorant.org database
inetnum: 124.24.64.0 - 124.24.127.255
netname: NIFTY-SERVE (nifty.ad.jp / nifty.com)
descr: NIFTY SERVE NETWORK(NIFTY Corporation)
country: JP
Prefix: 124.24.0.0/14
Prefix Name: InfoWeb InfoWeb
AS: 2510
AS Name: JPNIC ASBLOCK AP JPNIC Japan Network Information Center
http://www.cidr-report.org/cgi-bin/as-report?as=2510
Let see whois:
Registrant:
Klaudiusz Bromka (JIGGERROX-COM-DOM)
Podmiejska 5.
Pruszcz Gdanski, Gdansk 83000
POLAND
+485.86822033
klaudius...@yahoo.com
Domain Name: JIGGERROX.COM
Status: PROTECTED
Administrative Contact:
Klaudiusz Bromka klaudiusz_bromka[]yahoo.com
Podmiejska 5.
Pruszcz Gdanski, Gdansk 83000
POLAND
+485.86822033
Technical Contact, Zone Contact:
Klaudiusz Bromka klaudius...@yahoo.com
Podmiejska 5.
Pruszcz Gdanski, Gdansk 83000
POLAND
+485.86822033
Record last updated on 10-May-2007.
Record expires on 10-May-2008.
Record created on 10-May-2007.
Domain servers in listed order:
Name Server: ns1.topfamishment.com
Name Server: ns2.wholetralrx.com
Name Server: ns1.harborpurp.net
More jiggerrox.com sightings:
http://groups.google.com/groups/search?q=jiggerrox.com+group%3A*abuse&qt_s=Search
Spamvert URL:
http://www.ftalink.com/images/index.htm
Redirected to:
http://daserukanfunjinbas.com/?a=818-10532
Redirected again to:
http://daserukanfunjinbas.com/welcome.php?sid=07777acbc78eeae9070c0ee59ca625f2
Title: => Premier Pharmacy
See from source:
=> javascript => function bookmark points to:
http://www.rxpills5.com/
See:
www.ftalink.com IP 64.202.163.190
park10.secureserver.net [208.109.80.56] [TTL=172800] [US]
park9.secureserver.net [64.202.165.114] [TTL=172800] [US]
SOA record [TTL=86400] is:
Primary nameserver: PARK9.SECURESERVER.NET
Hostmaster E-mail address: dns.jomax.net
Serial #: 2006122000
2 MX records are:
0 smtp.secureserver.net [TTL=3600] IP=64.202.166.12 [CNAME] [US]
10 mailstore1.secureserver.net [TTL=3600] IP=64.202.166.11 (No Glue)
[TTL=1129] [US]
http://www.moensted.dk/spam/?addr=64.202.163.190
64.202.163.190 = linhost204.prod.mesa1.secureserver.net
More 64.202.163.190 sightings:
http://groups.google.com/groups/search?q=64.202.163.190+group%3A*abuse&qt_s=Search
OrgName: Go Daddy Software
OrgID: GDS-31
NetRange: 64.202.160.0 - 64.202.191.255
CIDR: 64.202.160.0/19
NetName: GO-DADDY-SOFTWARE-INC
NetHandle: NET-64-202-160-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation
route: 64.202.163.0/24
descr: NET-64-202-163-0-1
origin: AS26496
mnt-by: MAINT-AS26496
changed: an...@godaddy.com 20021211
route: 64.202.160.0/19
descr: LLNW cust
origin: AS26496
remarks: This is an auto-generated route for a Limelight customer,
remarks: created because no matching route-object was found.
remarks: Please contact bgp at llnw.com with any questions.
mnt-by: MAINT-LLNW
changed: w...@limelightnetworks.com 20060125
route: 64.202.160.0/19
descr: The Go Daddy Group
origin: AS26496
remarks: Prolexic BGP Customer
remarks: Puregig BGP Customer
mnt-by: PUREGIG-MNT
changed: ip-re...@puregig.net
http://www.cidr-report.org/cgi-bin/as-report?as=26496
Let see whois:
Registrant:
Godaddy Software
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260
United States
Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: FTALINK.COM
Created on: 20-Dec-06
Expires on: 06-Dec-07
Last Updated on:
Administrative Contact:
domains for sale, Godaddy Software domains4sale[]godaddy.com
Godaddy Software
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260
United States
480-505-8800 Fax -- 480-505-8844
Technical Contact:
domains for sale, Godaddy Software domain...@godaddy.com
Godaddy Software
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260
United States
480-505-8800 Fax -- 480-505-8844
Domain servers in listed order:
PARK9.SECURESERVER.NET
PARK10.SECURESERVER.NET
More ftalink.com sightings:
http://groups.google.com/groups/search?q=ftalink.com+group%3A*abuse&qt_s=Search
See Spamvert URL:
http://www.owenjackson.com/images/index.htm
Redirected to:
http://daserukanfunjinbas.com/welcome.php?sid=a5f863d4564de3abc032e16e59a6be23
Title: => Premier Pharmacy
See:
www.owenjackson.com IP 67.19.29.250
ns7.studentwebhosting.net [67.19.29.251] [TTL=172800] [US]
ns8.studentwebhosting.net [67.19.29.252] [TTL=172800] [US]
SOA record [TTL=14400] is:
Primary nameserver: ns7.studentwebhosting.net
Hostmaster E-mail address: sam.studentwebhosting.co.uk
Serial #: 2005081300
1 MX record is:
0 owenjackson.com [TTL=14400] IP=67.19.29.250 [TTL=14400] [US]
http://www.moensted.dk/spam/?addr=67.19.29.250
67.19.29.250 = morpheus.webservercity.com
More 67.19.29.250 sightings:
http://groups.google.com/groups/search?q=67.19.29.250+group%3A*abuse&qt_s=Search
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
NetRange: 67.18.0.0 - 67.19.255.255
CIDR: 67.18.0.0/15
NetName: NETBLK-THEPLANET-BLK-11
NetHandle: NET-67-18-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation
route: 67.19.0.0/17
descr: ThePlanet.com Internet Services, Inc.
origin: AS21844
notify: adm...@theplanet.com
mnt-by: MAINT-AS13884
changed: wcha...@theplanet.com
http://www.cidr-report.org/cgi-bin/as-report?as=21844
5 SBL/ROKSO listings for IPs under the responsibility of theplanet.com
http://www.spamhaus.org/sbl/listings.lasso?isp=theplanet.com
Let see whois:
Registration Service Provided By: Student Web Hosting
Contact: en...@studentwebhosting.co.uk
Visit: http://www.studentwebhosting.net
Domain name: owenjackson.com
Registrant Contact:
OWEN JACKSON (OWEN.JACKSON1[]BTINTERNET.COM)
+44.01162772805
Fax: +44.01162772805
1 HOLYROOD DRIVE
LEICESTER, LEICESTERSHIRE LE8 5TQ
GB
Administrative Contact:
OWEN JACKSON (OWEN.J...@BTINTERNET.COM)
+44.01162772805
Fax: +44.01162772805
1 HOLYROOD DRIVE
LEICESTER, LEICESTERSHIRE LE8 5TQ
GB
Technical Contact:
OWEN JACKSON (OWEN.J...@BTINTERNET.COM)
+44.01162772805
Fax: +44.01162772805
1 HOLYROOD DRIVE
LEICESTER, LEICESTERSHIRE LE8 5TQ
GB
Status: Locked
Name Servers:
ns7.studentwebhosting.net
ns8.studentwebhosting.net
Creation date: 29 Apr 2005 07:40:39
Expiration date: 29 Apr 2008 07:40:39
More owenjackson.com sightings:
http://groups.google.com/groups/search?q=owenjackson.com+group%3A*abuse&start=0&scoring=d&
Spamvert URL:
http://www.agencywhite.com/images/index.htm
See:
www.agencywhite.com IP N/A
ns1.gulfcoastinternetservice.com [66.98.246.37] [TTL=172800] [US]
ns2.gulfcoastinternetservice.com [66.98.246.227] [TTL=172800] [US]
www.agencywhite.com has no MX records -> agencywhite.com has no MX
records
Let see whois:
Registrant:
Agency W H I T E
PO Box 102901
Memphis, TN 59921
US
Registrar: NAMESDIRECT
Domain Name: AGENCYWHITE.COM
Created on: 04-APR-05
Expires on: 04-APR-08
Last Updated on: 03-APR-07
Administrative, Technical Contact:
Brown, Jennifer in...@agencywhite.com
Agency W H I T E
PO Box 102901
Memphis, TN 59921
US
000000000
Domain servers in listed order:
NS1.GULFCOASTINTERNETSERVICE.COM
NS2.GULFCOASTINTERNETSERVICE.COM
More agencywhite.com sightings:
http://groups.google.com/groups/search?q=agencywhite.com+group%3A*abuse&qt_s=Search
Spamvert URL:
http://www.klaymusic.com/images/index.htm
Redirected to:
http://daserukanfunjinbas.com/?a=818-10532
And Again Redirected to:
http://daserukanfunjinbas.com/welcome.php?sid=4e5b1fd5fb57768065fabfa46b90e965
Premier Pharmacy is licensed online pharmacy, international license
number 05848921 issused 10 June 2002.
OUR ADDRESS:
Premier Pharmacy, 1300 State Route 7
Champlain, NY, USA
Merchant: Online Pharmacy
See:
www.klaymusic.com IP 69.41.238.66
ns1.studentwebhosting.net [69.41.238.67] [TTL=172800] [US]
ns2.studentwebhosting.net [69.41.238.68] [TTL=172800] [US]
SOA record [TTL=14400] is:
Primary nameserver: ns1.studentwebhosting.net
Hostmaster E-mail address: root.webservercity.com
Serial #: 2005060801
1 MX record is:
0 klaymusic.com [TTL=14400] IP=69.41.238.66 [TTL=14400] [US]
http://www.moensted.dk/spam/?addr=69.41.238.66
69.41.238.66 = matrix.webservercity.com
OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
NetRange: 69.41.224.0 - 69.41.255.255
CIDR: 69.41.224.0/19
NetName: NETBLK-THEPLANET-BLK-6
NetHandle: NET-69-41-224-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation
route: 69.41.224.0/20
descr: ThePlanet.com Internet Services, Inc.
origin: AS21844
notify: adm...@theplanet.com
mnt-by: MAINT-AS13884
changed: r...@theplanet.com
http://www.cidr-report.org/cgi-bin/as-report?as=13884
Le see whois:
Registration Service Provided By: Student Web Hosting
Contact: en...@studentwebhosting.co.uk
Visit: http://www.studentwebhosting.net
Domain name: klaymusic.com
Registrant Contact:
Klay
Paul Maddick (PAULOFKLAY[]HOTMAIL.COM)
+44.7810328400
Fax: +44.7810328400
Estuary View
Dawlish, Devon EX7 0NA
GB
Administrative Contact:
Klay
Paul Maddick (PAULO...@HOTMAIL.COM)
+44.7810328400
Fax: +44.7810328400
Estuary View
Dawlish, Devon EX7 0NA
GB
Technical Contact:
Klay
Paul Maddick (PAULO...@HOTMAIL.COM)
+44.7810328400
Fax: +44.7810328400
Estuary View
Dawlish, Devon EX7 0NA
GB
Status: Locked
Name Servers:
ns1.studentwebhosting.net
ns2.studentwebhosting.net
Creation date: 08 Jun 2005 11:22:24
Expiration date: 08 Jun 2007 11:22:24
More klaymusic.com sightings:
http://groups.google.com/groups/search?q=klaymusic.com+group%3A*abuse&qt_s=Search
SEE Spamvert URL:
http://www.hireup.com/images/index.htm
Redirected to:
http://daserukanfunjinbas.com/welcome.php?sid=10c00f3d27dc17da8958b4fbf1a4125a
See:
www.hireup.com IP 208.101.17.36
ns1.fasthost.com [216.180.225.171] [TTL=172800] [US]
ns2.fasthost.com [63.247.77.151] [TTL=172800] [US]
NS records at nameservers are:
ns1.host.org [216.180.225.172] [TTL=86400]
ns2.host.org [63.247.77.132] [TTL=86400]
SOA record [TTL=86400] is:
Primary nameserver: ns1.host.org
Hostmaster E-mail address: host101.capital-web.com
Serial #: 2007011701
1 MX record is:
0 hireup.com [TTL=14400] IP=208.101.17.36 [TTL=14400] [US]
http://www.moensted.dk/spam/?addr=208.101.17.36
OrgName: SoftLayer Technologies Inc.
OrgID: SOFTL
NetRange: 208.101.0.0 - 208.101.63.255
CIDR: 208.101.0.0/18
NetName: SOFTLAYER-NETBLOCK3
NetHandle: NET-208-101-0-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Allocation
route: 208.101.0.0/18
descr: SoftLayer Technologies Inc. - dal01 netblock2
origin: AS36351
notify: n...@softlayer.com
mnt-by: MAINT-AS36351
changed: ipa...@softlayer.com
IP: 208.101.17.36
Reverse: host.org
Aliases:
antilleanhouse.com
intergalacticplanetregistry.com
Prefix: 208.101.0.0/18
Prefix Name: SoftLayer Technologies Inc dal01 netblock2
AS: 36351
AS Name: SOFTLAYER SoftLayer Technologies Inc
http://www.cidr-report.org/cgi-bin/as-report?as=36351
Let see whois:
Domain: hireup.com
Registration provider: DotRegistrations.com
Registrant
Management Development Systems, LLC
D...@HireUp.com
32352 Ascension Road
Dana Point, CA 92629 US
+1.1111111111
(FAX)
Administrative
Del Still
Del J. Still
Del[]HireUp.com
32352 Ascension Road
Dana Point, Ca 92629 US
+1.9496611669
(FAX)
Billing
Del Still
Del J. Still
D...@HireUp.com
32352 Ascension Road
Dana Point, Ca 92629 US
+1.9496611669
(FAX)
Technical
Del Still
Del J. Still
D...@HireUp.com
32352 Ascension Road
Dana Point, Ca 92629 US
+1.9496611669
(FAX)
Record created on November 24, 1996
Record last updated on October 25, 2006
Record expires on November 23, 2007
Domain Name Servers:
NS1.FASTHOST.COM
NS2.FASTHOST.COM
More hireup.com sightings:
http://groups.google.com/groups/search?q=hireup.com+group%3A*abuse&start=0&scoring=d&
See:
www.rxpills5.com IP N/A
ns.daseruikiontungandesun.com [72.52.193.81] [TTL=172800] [US]
ns.waseruntionkinyungands.com [218.80.178.28] [TTL=172800] [CN]
www.rxpills5.com has no MX records -> rxpills5.com has no MX records
Let see whois:
Domain Name.......... rxpills5.com
Creation Date........ 2007-04-17 22:38:49
Registration Date.... 2007-04-17 22:38:49
Expiry Date.......... 2008-04-17 22:38:49
Organisation Name.... Wang Mingmiao
Organisation Address. SH
Organisation Address.
Organisation Address. SH
Organisation Address. 100021
Organisation Address. SH
Organisation Address. CN
Admin Name........... Wang Mingmiao
Admin Address........ SH
Admin Address........
Admin Address........ SH
Admin Address........ 100021
Admin Address........ SH
Admin Address........ CN
Admin Email.......... xxeqwqqe[]hotmail.com
Admin Phone.......... +86.1076885547
Admin Fax............ +86.1076885547
Tech Name............ Wang Mingmiao
Tech Address......... SH
Tech Address.........
Tech Address......... SH
Tech Address......... 100021
Tech Address......... SH
Tech Address......... CN
Tech Email........... xxeq...@hotmail.com
Tech Phone........... +86.1076885547
Tech Fax............. +86.1076885547
Bill Name............ Wang Mingmiao
Bill Address......... SH
Bill Address.........
Bill Address......... SH
Bill Address......... 100021
Bill Address......... SH
Bill Address......... CN
Bill Email........... xxeq...@hotmail.com
Bill Phone........... +86.1076885547
Bill Fax............. +86.1076885547
Name Server.......... ns.waseruntionkinyungands.com
Name Server.......... ns.daseruikiontungandesun.com
See:
ns.daseruikiontungandesun.com IP 72.52.193.81
ns.daseruikiontungandesun.com has no MX records ->
daseruikiontungandesun.com has no MX records
http://www.moensted.dk/spam/?addr=72.52.193.81
OrgName: Liquid Web, Inc.
OrgID: LQWB
NetRange: 72.52.128.0 - 72.52.255.255
CIDR: 72.52.128.0/17
NetName: LIQUIDWEB-6
NetHandle: NET-72-52-128-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation
route: 72.52.192.0/18
descr: Liquid Web Inc
4210 S. Creyts Rd
Lansing, MI 48917
origin: AS32244
mnt-by: MAINT-LQWB
changed: ipa...@liquidweb.com
http://www.cidr-report.org/cgi-bin/as-report?as=32244
Also:
ns.daseruikiontungandesun.com
a 60.12.192.90(CN)
nameserver for 10 domains
asipaboxip.com
basedrunjahsin.com
guihgzybira.com
hadrx.com
hodrx.com
klunarisafoneterra.com
ledrx.com
rx47.com
s-rx.net
tedrx.com
http://www.moensted.dk/spam/?addr=60.12.192.90
inetnum: 60.12.0.0 - 60.12.255.255
netname: CNCGROUP-ZJ
descr: CNC Group Zhejiang province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN
route: 60.12.0.0/16
descr: CNC Group ZheJiang Network
origin: AS4837
mnt-by: MAINT-AS4837
changed: I...@cnc-noc.net
http://www.cidr-report.org/cgi-bin/as-report?as=4837
More 60.12.192.90 sightings:
http://groups.google.com/groups/search?q=60.12.192.90+group%3A*abuse&qt_s=Search
14 SBL/ROKSO listings for IPs under the responsibility of CHINANET-ZJ
http://www.spamhaus.org/sbl/listings.lasso?isp=CHINANET-ZJ
Let see whois:
Domain Name.......... daseruikiontungandesun.com
Creation Date........ 2006-12-15 17:56:28
Registration Date.... 2006-12-15 17:56:28
Expiry Date.......... 2007-12-15 17:56:28
Organisation Name.... Wang Mingmiao
Organisation Address. SH
Organisation Address.
Organisation Address. SH
Organisation Address. 100021
Organisation Address. SH
Organisation Address. CN
Admin Name........... Wang Mingmiao
Admin Address........ SH
Admin Address........
Admin Address........ SH
Admin Address........ 100021
Admin Address........ SH
Admin Address........ CN
Admin Email.......... xxeqwqqe[]hotmail.com
Admin Phone.......... +86.1076885547
Admin Fax............ +86.1076885547
Tech Name............ Wang Mingmiao
Tech Address......... SH
Tech Address.........
Tech Address......... SH
Tech Address......... 100021
Tech Address......... SH
Tech Address......... CN
Tech Email........... xxeq...@hotmail.com
Tech Phone........... +86.1076885547
Tech Fax............. +86.1076885547
Bill Name............ Wang Mingmiao
Bill Address......... SH
Bill Address.........
Bill Address......... SH
Bill Address......... 100021
Bill Address......... SH
Bill Address......... CN
Bill Email........... xxeq...@hotmail.com
Bill Phone........... +86.1076885547
Bill Fax............. +86.1076885547
Name Server.......... ns0.kerunhandgunfandesikuntun.com
Name Server.......... ns0.adesuikintandefunhandesun.com
More daseruikiontungandesun.com sightings:
http://groups.google.com/groups/search?q=daseruikiontungandesun.com+group%3A*abuse&start=0&scoring=d&
See also more kerunhandgunfandesikuntun.com sightings:
http://groups.google.com/groups/search?q=kerunhandgunfandesikuntun.com+group%3A*abuse&start=0&scoring=d&
See:
ns.waseruntionkinyungands.com IP 218.80.178.28
also
203.191.148.182()
nameserver for 7 domains on this IP
basedrunjahsin.com
hadrx.com
klunarisafoneterra.com
ledrx.com
rx47.com
s-rx.net
tedrx.com
http://www.moensted.dk/spam/?addr=218.80.178.28
http://www.spamhaus.org/query/bl?ip=218.80.178.28
http://www.spamhaus.org/pbl/query/PBL114603
inetnum: 218.78.0.0 - 218.83.255.255
netname: CHINANET-SH
descr: CHINANET Shanghai province network
descr: Data Communication Division
descr: China Telecom
country: CN
changed: din...@cndata.com
route: 218.80.0.0/14
descr: Chinanet Shanghai
origin: AS4812
notify: ip-a...@mail.online.sh.cn
mnt-by: MAINT-AS4812
changed: sh-a...@8163.net.cn
http://www.cidr-report.org/cgi-bin/as-report?as=4812
And:
http://www.moensted.dk/spam/?addr=203.191.148.182
inetnum: 203.191.144.0 - 203.191.159.255
netname: EDONGNET
descr: Edong Network
country: CN
person: Hato Yu
nic-hdl: HY230-AP
e-mail: ha...@edong.com
address: Floor 4, NO.399, North Fute Road, Free Trade
Zone,Shanghai,China.
abuse[]edong.com IS listed in rfc-ignorant.org database
IP: 203.191.148.182
Aliases:
ns0.daserunhgenfunyanderunjans.com
ns.waseruntionkinyungands.com
ns for
basedrunjahsin.com
hadrx.com
klunarisafoneterra.com
ledrx.com
ns.waseruntionkinyungands.com
ns0.daserunhgenfunyanderunjans.com
rx47.com
s-rx.net
tedrx.com
5 SBL/ROKSO listings for IPs under the responsibility of edong.com
http://www.spamhaus.org/sbl/listings.lasso?isp=edong.com
More 203.191.148.182 sightings:
http://groups.google.com/groups/search?q=203.191.148.182+group%3A*abuse&qt_s=Search
Let see whois:
Domain Name.......... waseruntionkinyungands.com
Creation Date........ 2006-12-15 17:56:31
Registration Date.... 2006-12-15 17:56:31
Expiry Date.......... 2007-12-15 17:56:31
Organisation Name.... Wang Mingmiao
Organisation Address. SH
Organisation Address.
Organisation Address. SH
Organisation Address. 100021
Organisation Address. SH
Organisation Address. CN
Admin Name........... Wang Mingmiao
Admin Address........ SH
Admin Address........
Admin Address........ SH
Admin Address........ 100021
Admin Address........ SH
Admin Address........ CN
Admin Email.......... xxeqwqqe[]hotmail.com
Admin Phone.......... +86.1076885547
Admin Fax............ +86.1076885547
Tech Name............ Wang Mingmiao
Tech Address......... SH
Tech Address.........
Tech Address......... SH
Tech Address......... 100021
Tech Address......... SH
Tech Address......... CN
Tech Email........... xxeq...@hotmail.com
Tech Phone........... +86.1076885547
Tech Fax............. +86.1076885547
Bill Name............ Wang Mingmiao
Bill Address......... SH
Bill Address.........
Bill Address......... SH
Bill Address......... 100021
Bill Address......... SH
Bill Address......... CN
Bill Email........... xxeq...@hotmail.com
Bill Phone........... +86.1076885547
Bill Fax............. +86.1076885547
Name Server.......... ns0.kerunhandgunfandesikuntun.com
Name Server.......... ns0.adesuikintandefunhandesun.com
More waseruntionkinyungands.com sightings:
http://groups.google.com/groups/search?q=waseruntionkinyungands.com+group%3A*abuse&qt_s=Search
SEE Yambo Image Hosting at:
http://217.6.21.195:8080/e/ch/images/aw_fda.gif
OUR ADDRESS:
Main Office (headquarters)
2110 Oak Aly Monroe,
LA 71201-3659ICS
International Certified Stocks
12, Kasturba Gandhi Marg
New Delhi , India 110 001
Canadian Health&Care Mall is licenced by Minnesota Board of Pharmacy
http://217.6.21.195:8080/e/ch/images/license.jpg
STATE OF MINNESOTA
Minnesota board of pharmacy
DRUG RESELLING LICENSE
Canadian Health&Care Mall Corp.
2110 Oak Aly
Monroe, LA 71201-3659
LICENSE NO 02724941
IP 217.6.21.195
http://www.moensted.dk/spam/?addr=217.6.21.195
http://www.spamhaus.org/query/bl?ip=217.6.21.195
More 217.6.21.195 sightings:
http://groups.google.com/groups/search?q=217.6.21.195+group%3A*abuse&start=0&scoring=d&
inetnum: 217.6.21.192 - 217.6.21.199
netname: GEOCONTENT-MAGDEBURG-NET
descr: GeoContent Gmbh
country: DE
person: Aicke Damrau
address: GeoContent Gmbh
address: Goethestr. 49
address: 39108 Magdeburg
address: DE
phone: +49391400020
e-mail: dam...@geocontent.de
whois, postmaster and abuse[]dtag.de are listed in rfc-ignorant.org
database
abuse[]telekom.de is listed in rfc-ignorant.org database
route: 217.0.0.0/13
descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
member-of: AS3320:RS-PA-TELEKOM
mnt-by: DTAG-RR
changed: r...@NIC.DTAG.DE 20000728
source: RIPE
changed: r...@TE142.T-COM.XX 20040615
http://www.cidr-report.org/cgi-bin/as-report?as=3320
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL54002
217.6.21.195/32 is listed on the Spamhaus Block List (SBL/ROKSO)
27-Apr-2007 15:16 GMT | SR20
Yambo Financials.
Yambo botnet image proxying/hosting (compromised sytems)
9 SBL/ROKSO listings for IPs under the responsibility of dtag.de
http://www.spamhaus.org/sbl/listings.lasso?isp=dtag.de
6 SBL/ROKSO listings for IPs under the responsibility of telekom.de
http://www.spamhaus.org/sbl/listings.lasso?isp=telekom.de
See:
products.bose.com Resolved to bose.com to IP 128.167.142.36
[products.bose.com has 3 MX records smtpgw01.bose.com (10)
smtpgw02.bose.com (10) smtpgw03.bose.com (10)]
http://www.moensted.dk/spam/?addr=128.167.142.36
See:
email.bose.com IP 216.73.89.100
[email.bose.com has 4 MX records inc24smtp1.ddc.dartmail.net (10)
cl6bak1smtp1.ddc.dartmail.net (30) cl6bak1smtp2.ddc.dartmail.net (30)
cl6bak2smtp1.ddc.dartmail.net (40)]
2 domains sharing mailservers with email.bose.com
dartmail.net => ?!
ddc.dartmail.net => ?!
11 domains sharing nameservers with email.bose.com
20.221.62.in-addr.arpa
ddc.dartmail.net => ?!
edc.dartmail.net => ?!
flonetwork.com => ?!
interests.cox.com
news.c-rewards.com
news.cr-news.com
news.crnewsletter.com
newsletter.handbag.com
newsletter.photoways.com
newsletter.pixdiscount.com
Sharing space with dartmail.net and flonetwork.com => 127.0.0.1
abuse[]flonetwork.com is listed in rfc-ignorant.org database
See more abuse and ignorance sightings:
http://groups.google.com/groups/search?q=dartmail+group%3A*abuse&start=0&scoring=d&
http://www.moensted.dk/spam/?addr=216.73.89.100
OrgName: Double Click, Inc.
OrgID: DOUBLE-3
NetRange: 216.73.80.0 - 216.73.95.255
CIDR: 216.73.80.0/20
NetName: DOUBLECLICK-NET
NetHandle: NET-216-73-80-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.DOUBLECLICK.NET
NameServer: NS2.DOUBLECLICK.NET
NameServer: NS3.DOUBLECLICK.NET
NameServer: NS4.DOUBLECLICK.NET
route: 216.73.80.0/20
descr: DoubleClick Digital Advertising
descr: DOUBLECLICK-FR
mnt-routes: MNT-AS6432
origin: AS6432
mnt-by: MNT-AS6432
changed: net...@doubleclick.net
RTechHandle: AN1068-ARIN
RTechName: Ng, Alex
RTechPhone: +1-212-683-0001
RTechEmail: a...@doubleclick.net
http://www.cidr-report.org/cgi-bin/as-report?as=6432
1 SBL listings for IPs under the responsibility of doubleclick.net
http://www.spamhaus.org/sbl/listings.lasso?isp=doubleclick.net
4 SBL listings for IPs under the responsibility of google.com
http://www.spamhaus.org/sbl/listings.lasso?isp=google.com
See also more identical spam sightings with email.bose.com:
http://groups.google.com/groups/search?q=email.bose.com+group%3A*abuse&start=0&scoring=d&
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/0827b157cb221a8f
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.
For a copy of the guidelines to this group, see: