Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [drugs - Canadian Pharmacy botnet] [24.91.171.171] (hundredanger.hk / canadianpharmsupport.com / piotiongandesunkdes.com / chitionkdetunlionpsa.com / fionkunjerunhedase.com / gedsactunjerion.com) Purchase meds with us and enjoy the life to the full.

0 views
Skip to first unread message

TomezNet

unread,
Jun 14, 2007, 10:30:19 AM6/14/07
to
Received From:
IP 24.91.171.171 c-24-91-171-171.hsd1.ma.comcast.net
(at comcast.com)

Spamvert:
hundredanger.hk => botnet
hundredanger.hk Resolved to 61.10.246.24 to 64.175.33.241 to
66.177.73.244 to 68.37.211.7 to 68.124.61.186 to 69.85.185.181 to
75.35.21.45 to 77.182.67.58 to 80.136.112.87 to 82.131.4.48 to
89.178.37.182 to 89.178.135.13 to 90.224.28.63 to 124.244.214.102 to
211.74.105.3 to 218.190.86.117 to 218.252.72.87 to 218.254.48.142 to
218.254.221.157 to 221.124.239.60

© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

Web spamvert contact:
canadianpharmsupport.com IP N/A (OLD IP 82.146.53.121)

Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&

See Forged dates in the headers back to 2003.
Plenty of Forged Certificates and logos as always.

Much More info below:
====================

Return-Path: <arthu...@sbcglobal.net>
Delivered-To: [MUNGED]
X-Spam-Flag: YES
Received: (qmail 21938 invoked from network); 12 Jun 2007 21:03:00
-0400
Received: from c-24-91-171-171.hsd1.ma.comcast.net (HELO macceau-
rene.hsd1.ma.comcast.net.) (24.91.171.171)
by [MUNGED] with SMTP; 12 Jun 2007 21:03:00 -0400
Return-Path: <arthu...@sbcglobal.net>
Received: from 207.115.21.24 (HELO sbcmx5.prodigy.net)
by [MUNGED] with esmtp (L10),08/F?6C /H+P*T)
id [MUNGED]
for [MUNGED]; Sat, 8 Mar 2003 01:48:28 +0300
From: "Christine Heaps" <arthu...@sbcglobal.net>
To: <[MUNGED]>
Subject: *****SPAM***** Purchase meds with us and enjoy the life to
the full.
Date: Sat, 8 Mar 2003 01:48:28 +0300
Message-ID: <01c2e514$d0fa33c0$6c822ecf@arthurchen>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Thread-Index: Aca6Q9A86JV'/+1B2+F?0C*IJ9H*Z4==
X-Spam-Prev-Subject: Purchase meds with us and enjoy the life to the
full.

There's a lot of information online but people continue to ask us
whether they can trust online drugstores.
Canadian «CanadianPharmacy» drugstore offers their customers
internationally certified quality generic medications produced from
the best raw materials.

Canadian.»CanadianPharmacy» drugstore offers a great selection of
best quality certified generic medicines at absolutely low prices.

http://hundredanger.hk

We hope this information will help you to solve your health
problems.

Christine Heaps

-- END OF SPAM --

WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 787-1711, please, keep your order I.D.
every time you make a call.

Contact us:
Also you may send us an e-mail.
You will get an answer ASAP. Customer Support (click here to mail us
sup...@canadianpharmsupport.com)

See support[]canadianpharmsupport.com sightings"
http://groups.google.com/groups/search?q=%22support%40canadianpharmsupport.com%22+group%3A*abuse&qt_s=Search

See:
IP 24.91.171.171 c-24-91-171-171.hsd1.ma.comcast.net

http://www.moensted.dk/spam/?addr=24.91.171.171
http://www.spamhaus.org/query/bl?ip=24.91.171.171
http://www.spamhaus.org/pbl/query/PBL115466
http://cbl.abuseat.org/lookup.cgi?ip=24.91.171.171

Much More comcast.net sightings:
http://groups.google.com/groups/search?q=comcast.net+group%3A*abuse&start=0&scoring=d&

Comcast Cable Communications Holdings, Inc RW2-NORTHEAST-2
(NET-24-91-0-0-1)
24.91.0.0 - 24.91.255.255
Comcast Cable Communications Holdings, Inc. BOSTON-7
(NET-24-91-0-0-2)
24.91.0.0 - 24.91.255.255

CustName: Comcast Cable Communications Holdings, Inc.
NetRange: 24.91.0.0 - 24.91.255.255
CIDR: 24.91.0.0/16
NetName: BOSTON-7
NetHandle: NET-24-91-0-0-2
Parent: NET-24-91-0-0-1
NetType: Reassigned

route: 24.91.128.0/17
descr: Comcast Cable Communications, Inc.
1800 Bishops Gate Blvd
Mt Laurel, NJ 08054
origin: AS7015
mnt-by: MNT-CMCS
changed: tony_...@spam-free.cable.comcast.com
Prefix: 24.91.128.0/17
Prefix Name: Comcast Cable Communications, Inc 1800 Bishops Gate Blvd
Mt Laurel, NJ 08054
AS: 7015
AS Name: ATT-BBND-A AT&T Broadband
http://www.cidr-report.org/cgi-bin/as-report?as=7015

28 SBL/ROKSO listings for IPs under the responsibility of comcast.net
http://www.spamhaus.org/sbl/listings.lasso?isp=comcast.net

Spamvert URL:
http://hundredanger.hk/

Redirected to:
http://www.hundredanger.hk/

See:
hundredanger.hk => botnet

NS0.GEDSACTUNJERION.COM [69.136.80.156 (NO GLUE)] [US]
NS0.FIONKUNJERUNHEDASE.COM [218.255.58.58 (NO GLUE)] [HK]
NS0.PIOTIONGANDESUNKDES.COM [89.178.242.166 (NO GLUE)] [RU]
NS0.CHITIONKDETUNLIONPSA.COM [221.124.239.60 (NO GLUE)] [HK]

NS records at nameservers are:
ns0.fionkunjerunhedase.com [218.255.242.12] [TTL=300]
ns0.piotiongandesunkdes.com [218.253.152.67] [TTL=300]
ns0.chitionkdetunlionpsa.com [71.194.127.235] [TTL=300]
ns0.gedsactunjerion.com [82.81.101.157] [TTL=300]

www.hundredanger.hk has no MX records -> hundredanger.hk has no MX
records

SOA record [TTL=300] is:
Primary nameserver: ns0.gedsactunjerion.com
Hostmaster E-mail address:
Serial #: 0

4 MX records are (duplicate MX records):
ns0.fionkunjerunhedase.com. and ns0.piotiongandesunkdes.com. both
resolve to 0.0.0.0.
ns0.fionkunjerunhedase.com. and ns0.chitionkdetunlionpsa.com. both
resolve to 0.0.0.0.
ns0.fionkunjerunhedase.com. and ns0.gedsactunjerion.com. both resolve
to 0.0.0.0.
ns0.piotiongandesunkdes.com. and ns0.chitionkdetunlionpsa.com. both
resolve to 0.0.0.0.
ns0.piotiongandesunkdes.com. and ns0.gedsactunjerion.com. both resolve
to 0.0.0.0.
ns0.chitionkdetunlionpsa.com. and ns0.gedsactunjerion.com. both
resolve to 0.0.0.0.

www.hundredanger.hk A record is:
www.hundredanger.hk A 221.124.239.60 [TTL=300] [HK]
www.hundredanger.hk A 61.10.246.24 [TTL=300] [HK]
www.hundredanger.hk A 62.65.221.178 [TTL=300] [EE]
www.hundredanger.hk A 64.175.33.241 [TTL=300] [US]
www.hundredanger.hk A 66.177.73.244 [TTL=300] [US]
www.hundredanger.hk A 68.37.211.7 [TTL=300] [US]
www.hundredanger.hk A 69.85.185.181 [TTL=300] [US]
www.hundredanger.hk A 75.35.21.45 [TTL=300] [US]
www.hundredanger.hk A 77.182.67.58 [TTL=300] [DE]
www.hundredanger.hk A 80.136.112.87 [TTL=300] [DE]
www.hundredanger.hk A 80.232.198.115 [TTL=300] [LV]
www.hundredanger.hk A 89.178.37.182 [TTL=300] [RU]
www.hundredanger.hk A 89.178.135.13 [TTL=300] [RU]

a 203.203.35.55(TW) 203-203-35-55.cable.dynamic.giga.net.tw
a 218.190.86.117(HK)
a 218.254.221.157(HK) cm218-254-221-157.hkcable.com.hk
a 218.254.48.142(HK) cm218-254-48-142.hkcable.com.hk
a 218.255.229.89(HK) cm218-255-229-89.hkcable.com.hk
a 221.124.239.60(HK)
a 59.149.21.223(HK) 059149021223.ctinets.com
a 64.175.33.241(US) adsl-64-175-33-241.dsl.pltn13.pacbell.net
a 66.61.89.1(US) cpe-66-61-89-1.neo.res.rr.com
a 68.37.211.7(US) c-68-37-211-7.hsd1.nj.comcast.net
a 69.136.80.156(US) c-69-136-80-156.hsd1.nj.comcast.net
a 71.194.127.235(US) c-71-194-127-235.hsd1.il.comcast.net and
c-71-194-127-235.hsd1.in.comcast.net
a 77.182.67.58() essn-4db6433a.pool.einsundeins.de
a 80.136.112.87(DE) p50887057.dip.t-dialin.net
a 80.232.198.115(LV)
a 84.61.14.209(DE) dslb-084-061-014-209.pools.arcor-ip.net
a 89.178.131.41(RU) 89-178-131-41.broadband.corbina.ru
a 89.178.37.182(RU) 89-178-37-182.broadband.corbina.ru
a 89.245.71.163() i59f547a3.versanet.de
a 90.224.28.63() 90-224-28-63-no112.tbcn.telia.com

ns ns0.chitionkdetunlionpsa.com 76.104.139.174(US)
ns ns0.fionkunjerunhedase.com 208.120.41.135(US)
ns ns0.gedsactunjerion.com 69.229.238.218(US)
ns ns0.piotiongandesunkdes.com 24.238.187.40(US)

8 hosts sharing ip with hundredanger.hk
059149021223.ctinets.com
anystood.hk
basicrx.org
inzqe.downobserve.hk
kaylane.hk
neighborled.hk
topfinal.hk
www.chartheld.hk

76.104.139.174 = c-76-104-139-174.hsd1.wa.comcast.net
208.120.41.135 = user-387gac7.cable.mindspring.com
69.229.238.218 = adsl-69-229-238-218.dsl.scrm01.pacbell.net
24.238.187.40 = user-0cetep8.cable.mindspring.com

Let see whois:
Domain Name: HUNDREDANGER.HK
Contract Version: HKDNR latest version

Registrant Contact Information:
Holder English Name (It should be the same as your legal name on your
HKID card or other relevant documents): MR TOM SAMSSON
Holder Chinese Name:
Email: suesa...@hotmail.com
Domain Name Commencement Date: 05-06-2007
Country: US
Expiry Date: 05-06-2008
Re-registration Status: Complete
Name of Registrar: HKDNR
Account Name: HK1905541T

Technical Contact:
First name: TOM
Last name: SAMSSON
Company Name: TOM SAMSSON

Name Servers Information:
NS0.FIONKUNJERUNHEDASE.COM
NS0.GEDSACTUNJERION.COM
NS0.PIOTIONGANDESUNKDES.COM
NS0.CHITIONKDETUNLIONPSA.COM

More hundredanger.hk sightings:
http://groups.google.com/groups/search?q=hundredanger.hk+group%3A*abuse&qt_s=Search

SEE Also more NS sightings:
More CHITIONKDETUNLIONPSA.COM sightings:
http://groups.google.com/groups/search?q=CHITIONKDETUNLIONPSA.COM+group%3A*abuse&start=0&scoring=d&

More fionkunjerunhedase.com sightings:
http://groups.google.com/groups/search?q=fionkunjerunhedase.com+group%3A*abuse&start=0&scoring=d&

More gedsactunjerion.com sightings:
http://groups.google.com/groups/search?q=gedsactunjerion.com+group%3A*abuse&start=0&scoring=d&

More piotiongandesunkdes.com sightings:
http://groups.google.com/groups/search?q=piotiongandesunkdes.com+group%3A*abuse&start=0&scoring=d&

See:
canadianpharmsupport.com IP N/A (OLD IP 82.146.53.121)
ns3.cnmsn.com [207.106.235.80] [TTL=172800] [US]
ns4.cnmsn.com [205.209.167.5] [TTL=172800] [US]

SOA record [TTL=600] is:
Primary nameserver: ns4.cnmsn.com
Hostmaster E-mail address: dnsc...@bizcn.com
Serial #: 1177550570

1 MX record is:
10 mail.canadianpharmsupport.com [TTL=600] IP=82.146.53.121 [TTL=600]
[LU]

121.53.146.82.in-addr.arpa mydomain.com [TTL=3599]

mail.canadianpharmsupport.com claims to be host sl-2.fastservice.com
[but that host is at 208.254.26.139 (may be cached), not
82.146.53.121]

2 domains sharing mailservers with canadianpharmsupport.com:
generalpharmservice.com
pharmsupport.us

7 domains sharing nameservers with canadianpharmsupport.com:
0838.com
farstec.net
fight-aids.cn
irhandicraft.net
registeria.com
thecanadapills.com
yamanayakkabi.com

It was the same IP as for: mail.globalpharmsupport.com

More 82.146.53.121 sightings:
http://groups.google.com/groups/search?q=82.146.53.121+group%3A*abuse&qt_s=Search

82.146.53.121 = mydomain.com (SINGAPORE)

http://www.moensted.dk/spam/?addr=81.177.38.5

More 81.177.38.5 sightings:
http://groups.google.com/groups/search?q= 81.177.38.5+group
%3A*abuse&qt_s=Search

No PTR records exist for 81.177.38.5
at ns.rt-comm.ru / rtcomm.ru

inetnum: 81.177.38.0 - 81.177.39.255
netname: IN-TELECOM
descr: IN-Telecom Ltd. - modern service-provider
status: ASSIGNED PA
notify: in...@serverbox.ru
notify: i-sh...@list.ru
notify: l...@rtcomm.ru
mnt-by: AS8342-MNT
changed: r...@rtcomm.ru
notify: ab...@serverbox.ru => ???

postmaster and abuse[]serverbox.ru are listed in rfc-ignorant.org
database

person: Natalya I Lisnyak
address: IN-Telecom Limited
address: Dekabristov str., 10-72
address: 614022 Perm
address: Russia
phone: +7 3422 774365
fax-no: +7 3422 931076
e-mail: i-sh...@list.ru
abuse-mailbox: in...@in-telecom.ru => ???

postmaster and abuse[]in-telecom.ru are listed in rfc-ignorant.org
database

route: 81.176.0.0/15
descr: RTCOMM-RU
origin: AS8342
notify: n...@rtcomm.ru
mnt-by: AS8342-MNT
changed: r...@rt.ru
ASN: 8342
ASN Name: RTCOMM-AS (RTComm.RU Autonomous System)
Country (per IP registrar): RU [Russian Federation]
Country IP Range: 81.176.0.0 to 81.177.255.255
Country fraud profile: High
http://www.cidr-report.org/cgi-bin/as-report?as=8342

2 SBL listings for IPs under the responsibility of rtcomm.ru
http://www.spamhaus.org/sbl/listings.lasso?isp=rtcomm.ru

abuse[]rt.ru is listed in rfc-ignorant.org database

Let see whois:
Domain name: canadianpharmsupport.com

Registrant Contact:
CanadianRX ltd
Alan Tompson root[]canadianpharmsupport.com
4169264684 fax:
208 Douglas Dr
Toronto Toronto M4W 2B8
ca

Administrative Contact:
Alan Tompson ro...@canadianpharmsupport.com
4169264684 fax:
208 Douglas Dr
Toronto Toronto M4W 2B8
ca

Technical Contact:
Alan Tompson ro...@canadianpharmsupport.com
4169264684 fax:
208 Douglas Dr
Toronto Toronto M4W 2B8
ca

Billing Contact:
Alan Tompson ro...@canadianpharmsupport.com
4169264684 fax:
208 Douglas Dr
Toronto Toronto M4W 2B8
ca

DNS:
ns3.cnmsn.com
ns4.cnmsn.com

Created: 2007-04-25
Expires: 2008-04-25

See more canadianpharmsupport.com sightings:
http://groups.google.com/groups/search?q=canadianpharmsupport.com+group%3A*abuse&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/42419b8b3a44b416

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/58967757e2b95545

Cheers, Tomez


--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages