Spamvert:
hundredanger.hk => botnet
hundredanger.hk Resolved to 61.10.246.24 to 64.175.33.241 to
66.177.73.244 to 68.37.211.7 to 68.124.61.186 to 69.85.185.181 to
75.35.21.45 to 77.182.67.58 to 80.136.112.87 to 82.131.4.48 to
89.178.37.182 to 89.178.135.13 to 90.224.28.63 to 124.244.214.102 to
211.74.105.3 to 218.190.86.117 to 218.252.72.87 to 218.254.48.142 to
218.254.221.157 to 221.124.239.60
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.
Web spamvert contact:
canadianpharmsupport.com IP N/A (OLD IP 82.146.53.121)
Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&
See Forged dates in the headers back to 2003.
Plenty of Forged Certificates and logos as always.
Much More info below:
====================
Return-Path: <arthu...@sbcglobal.net>
Delivered-To: [MUNGED]
X-Spam-Flag: YES
Received: (qmail 21938 invoked from network); 12 Jun 2007 21:03:00
-0400
Received: from c-24-91-171-171.hsd1.ma.comcast.net (HELO macceau-
rene.hsd1.ma.comcast.net.) (24.91.171.171)
by [MUNGED] with SMTP; 12 Jun 2007 21:03:00 -0400
Return-Path: <arthu...@sbcglobal.net>
Received: from 207.115.21.24 (HELO sbcmx5.prodigy.net)
by [MUNGED] with esmtp (L10),08/F?6C /H+P*T)
id [MUNGED]
for [MUNGED]; Sat, 8 Mar 2003 01:48:28 +0300
From: "Christine Heaps" <arthu...@sbcglobal.net>
To: <[MUNGED]>
Subject: *****SPAM***** Purchase meds with us and enjoy the life to
the full.
Date: Sat, 8 Mar 2003 01:48:28 +0300
Message-ID: <01c2e514$d0fa33c0$6c822ecf@arthurchen>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
Thread-Index: Aca6Q9A86JV'/+1B2+F?0C*IJ9H*Z4==
X-Spam-Prev-Subject: Purchase meds with us and enjoy the life to the
full.
There's a lot of information online but people continue to ask us
whether they can trust online drugstores.
Canadian «CanadianPharmacy» drugstore offers their customers
internationally certified quality generic medications produced from
the best raw materials.
Canadian.»CanadianPharmacy» drugstore offers a great selection of
best quality certified generic medicines at absolutely low prices.
We hope this information will help you to solve your health
problems.
Christine Heaps
-- END OF SPAM --
WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 787-1711, please, keep your order I.D.
every time you make a call.
Contact us:
Also you may send us an e-mail.
You will get an answer ASAP. Customer Support (click here to mail us
sup...@canadianpharmsupport.com)
See support[]canadianpharmsupport.com sightings"
http://groups.google.com/groups/search?q=%22support%40canadianpharmsupport.com%22+group%3A*abuse&qt_s=Search
See:
IP 24.91.171.171 c-24-91-171-171.hsd1.ma.comcast.net
http://www.moensted.dk/spam/?addr=24.91.171.171
http://www.spamhaus.org/query/bl?ip=24.91.171.171
http://www.spamhaus.org/pbl/query/PBL115466
http://cbl.abuseat.org/lookup.cgi?ip=24.91.171.171
Much More comcast.net sightings:
http://groups.google.com/groups/search?q=comcast.net+group%3A*abuse&start=0&scoring=d&
Comcast Cable Communications Holdings, Inc RW2-NORTHEAST-2
(NET-24-91-0-0-1)
24.91.0.0 - 24.91.255.255
Comcast Cable Communications Holdings, Inc. BOSTON-7
(NET-24-91-0-0-2)
24.91.0.0 - 24.91.255.255
CustName: Comcast Cable Communications Holdings, Inc.
NetRange: 24.91.0.0 - 24.91.255.255
CIDR: 24.91.0.0/16
NetName: BOSTON-7
NetHandle: NET-24-91-0-0-2
Parent: NET-24-91-0-0-1
NetType: Reassigned
route: 24.91.128.0/17
descr: Comcast Cable Communications, Inc.
1800 Bishops Gate Blvd
Mt Laurel, NJ 08054
origin: AS7015
mnt-by: MNT-CMCS
changed: tony_...@spam-free.cable.comcast.com
Prefix: 24.91.128.0/17
Prefix Name: Comcast Cable Communications, Inc 1800 Bishops Gate Blvd
Mt Laurel, NJ 08054
AS: 7015
AS Name: ATT-BBND-A AT&T Broadband
http://www.cidr-report.org/cgi-bin/as-report?as=7015
28 SBL/ROKSO listings for IPs under the responsibility of comcast.net
http://www.spamhaus.org/sbl/listings.lasso?isp=comcast.net
Spamvert URL:
http://hundredanger.hk/
Redirected to:
http://www.hundredanger.hk/
See:
hundredanger.hk => botnet
NS0.GEDSACTUNJERION.COM [69.136.80.156 (NO GLUE)] [US]
NS0.FIONKUNJERUNHEDASE.COM [218.255.58.58 (NO GLUE)] [HK]
NS0.PIOTIONGANDESUNKDES.COM [89.178.242.166 (NO GLUE)] [RU]
NS0.CHITIONKDETUNLIONPSA.COM [221.124.239.60 (NO GLUE)] [HK]
NS records at nameservers are:
ns0.fionkunjerunhedase.com [218.255.242.12] [TTL=300]
ns0.piotiongandesunkdes.com [218.253.152.67] [TTL=300]
ns0.chitionkdetunlionpsa.com [71.194.127.235] [TTL=300]
ns0.gedsactunjerion.com [82.81.101.157] [TTL=300]
www.hundredanger.hk has no MX records -> hundredanger.hk has no MX
records
SOA record [TTL=300] is:
Primary nameserver: ns0.gedsactunjerion.com
Hostmaster E-mail address:
Serial #: 0
4 MX records are (duplicate MX records):
ns0.fionkunjerunhedase.com. and ns0.piotiongandesunkdes.com. both
resolve to 0.0.0.0.
ns0.fionkunjerunhedase.com. and ns0.chitionkdetunlionpsa.com. both
resolve to 0.0.0.0.
ns0.fionkunjerunhedase.com. and ns0.gedsactunjerion.com. both resolve
to 0.0.0.0.
ns0.piotiongandesunkdes.com. and ns0.chitionkdetunlionpsa.com. both
resolve to 0.0.0.0.
ns0.piotiongandesunkdes.com. and ns0.gedsactunjerion.com. both resolve
to 0.0.0.0.
ns0.chitionkdetunlionpsa.com. and ns0.gedsactunjerion.com. both
resolve to 0.0.0.0.
www.hundredanger.hk A record is:
www.hundredanger.hk A 221.124.239.60 [TTL=300] [HK]
www.hundredanger.hk A 61.10.246.24 [TTL=300] [HK]
www.hundredanger.hk A 62.65.221.178 [TTL=300] [EE]
www.hundredanger.hk A 64.175.33.241 [TTL=300] [US]
www.hundredanger.hk A 66.177.73.244 [TTL=300] [US]
www.hundredanger.hk A 68.37.211.7 [TTL=300] [US]
www.hundredanger.hk A 69.85.185.181 [TTL=300] [US]
www.hundredanger.hk A 75.35.21.45 [TTL=300] [US]
www.hundredanger.hk A 77.182.67.58 [TTL=300] [DE]
www.hundredanger.hk A 80.136.112.87 [TTL=300] [DE]
www.hundredanger.hk A 80.232.198.115 [TTL=300] [LV]
www.hundredanger.hk A 89.178.37.182 [TTL=300] [RU]
www.hundredanger.hk A 89.178.135.13 [TTL=300] [RU]
a 203.203.35.55(TW) 203-203-35-55.cable.dynamic.giga.net.tw
a 218.190.86.117(HK)
a 218.254.221.157(HK) cm218-254-221-157.hkcable.com.hk
a 218.254.48.142(HK) cm218-254-48-142.hkcable.com.hk
a 218.255.229.89(HK) cm218-255-229-89.hkcable.com.hk
a 221.124.239.60(HK)
a 59.149.21.223(HK) 059149021223.ctinets.com
a 64.175.33.241(US) adsl-64-175-33-241.dsl.pltn13.pacbell.net
a 66.61.89.1(US) cpe-66-61-89-1.neo.res.rr.com
a 68.37.211.7(US) c-68-37-211-7.hsd1.nj.comcast.net
a 69.136.80.156(US) c-69-136-80-156.hsd1.nj.comcast.net
a 71.194.127.235(US) c-71-194-127-235.hsd1.il.comcast.net and
c-71-194-127-235.hsd1.in.comcast.net
a 77.182.67.58() essn-4db6433a.pool.einsundeins.de
a 80.136.112.87(DE) p50887057.dip.t-dialin.net
a 80.232.198.115(LV)
a 84.61.14.209(DE) dslb-084-061-014-209.pools.arcor-ip.net
a 89.178.131.41(RU) 89-178-131-41.broadband.corbina.ru
a 89.178.37.182(RU) 89-178-37-182.broadband.corbina.ru
a 89.245.71.163() i59f547a3.versanet.de
a 90.224.28.63() 90-224-28-63-no112.tbcn.telia.com
ns ns0.chitionkdetunlionpsa.com 76.104.139.174(US)
ns ns0.fionkunjerunhedase.com 208.120.41.135(US)
ns ns0.gedsactunjerion.com 69.229.238.218(US)
ns ns0.piotiongandesunkdes.com 24.238.187.40(US)
8 hosts sharing ip with hundredanger.hk
059149021223.ctinets.com
anystood.hk
basicrx.org
inzqe.downobserve.hk
kaylane.hk
neighborled.hk
topfinal.hk
www.chartheld.hk
76.104.139.174 = c-76-104-139-174.hsd1.wa.comcast.net
208.120.41.135 = user-387gac7.cable.mindspring.com
69.229.238.218 = adsl-69-229-238-218.dsl.scrm01.pacbell.net
24.238.187.40 = user-0cetep8.cable.mindspring.com
Let see whois:
Domain Name: HUNDREDANGER.HK
Contract Version: HKDNR latest version
Registrant Contact Information:
Holder English Name (It should be the same as your legal name on your
HKID card or other relevant documents): MR TOM SAMSSON
Holder Chinese Name:
Email: suesa...@hotmail.com
Domain Name Commencement Date: 05-06-2007
Country: US
Expiry Date: 05-06-2008
Re-registration Status: Complete
Name of Registrar: HKDNR
Account Name: HK1905541T
Technical Contact:
First name: TOM
Last name: SAMSSON
Company Name: TOM SAMSSON
Name Servers Information:
NS0.FIONKUNJERUNHEDASE.COM
NS0.GEDSACTUNJERION.COM
NS0.PIOTIONGANDESUNKDES.COM
NS0.CHITIONKDETUNLIONPSA.COM
More hundredanger.hk sightings:
http://groups.google.com/groups/search?q=hundredanger.hk+group%3A*abuse&qt_s=Search
SEE Also more NS sightings:
More CHITIONKDETUNLIONPSA.COM sightings:
http://groups.google.com/groups/search?q=CHITIONKDETUNLIONPSA.COM+group%3A*abuse&start=0&scoring=d&
More fionkunjerunhedase.com sightings:
http://groups.google.com/groups/search?q=fionkunjerunhedase.com+group%3A*abuse&start=0&scoring=d&
More gedsactunjerion.com sightings:
http://groups.google.com/groups/search?q=gedsactunjerion.com+group%3A*abuse&start=0&scoring=d&
More piotiongandesunkdes.com sightings:
http://groups.google.com/groups/search?q=piotiongandesunkdes.com+group%3A*abuse&start=0&scoring=d&
See:
canadianpharmsupport.com IP N/A (OLD IP 82.146.53.121)
ns3.cnmsn.com [207.106.235.80] [TTL=172800] [US]
ns4.cnmsn.com [205.209.167.5] [TTL=172800] [US]
SOA record [TTL=600] is:
Primary nameserver: ns4.cnmsn.com
Hostmaster E-mail address: dnsc...@bizcn.com
Serial #: 1177550570
1 MX record is:
10 mail.canadianpharmsupport.com [TTL=600] IP=82.146.53.121 [TTL=600]
[LU]
121.53.146.82.in-addr.arpa mydomain.com [TTL=3599]
mail.canadianpharmsupport.com claims to be host sl-2.fastservice.com
[but that host is at 208.254.26.139 (may be cached), not
82.146.53.121]
2 domains sharing mailservers with canadianpharmsupport.com:
generalpharmservice.com
pharmsupport.us
7 domains sharing nameservers with canadianpharmsupport.com:
0838.com
farstec.net
fight-aids.cn
irhandicraft.net
registeria.com
thecanadapills.com
yamanayakkabi.com
It was the same IP as for: mail.globalpharmsupport.com
More 82.146.53.121 sightings:
http://groups.google.com/groups/search?q=82.146.53.121+group%3A*abuse&qt_s=Search
82.146.53.121 = mydomain.com (SINGAPORE)
http://www.moensted.dk/spam/?addr=81.177.38.5
More 81.177.38.5 sightings:
http://groups.google.com/groups/search?q= 81.177.38.5+group
%3A*abuse&qt_s=Search
No PTR records exist for 81.177.38.5
at ns.rt-comm.ru / rtcomm.ru
inetnum: 81.177.38.0 - 81.177.39.255
netname: IN-TELECOM
descr: IN-Telecom Ltd. - modern service-provider
status: ASSIGNED PA
notify: in...@serverbox.ru
notify: i-sh...@list.ru
notify: l...@rtcomm.ru
mnt-by: AS8342-MNT
changed: r...@rtcomm.ru
notify: ab...@serverbox.ru => ???
postmaster and abuse[]serverbox.ru are listed in rfc-ignorant.org
database
person: Natalya I Lisnyak
address: IN-Telecom Limited
address: Dekabristov str., 10-72
address: 614022 Perm
address: Russia
phone: +7 3422 774365
fax-no: +7 3422 931076
e-mail: i-sh...@list.ru
abuse-mailbox: in...@in-telecom.ru => ???
postmaster and abuse[]in-telecom.ru are listed in rfc-ignorant.org
database
route: 81.176.0.0/15
descr: RTCOMM-RU
origin: AS8342
notify: n...@rtcomm.ru
mnt-by: AS8342-MNT
changed: r...@rt.ru
ASN: 8342
ASN Name: RTCOMM-AS (RTComm.RU Autonomous System)
Country (per IP registrar): RU [Russian Federation]
Country IP Range: 81.176.0.0 to 81.177.255.255
Country fraud profile: High
http://www.cidr-report.org/cgi-bin/as-report?as=8342
2 SBL listings for IPs under the responsibility of rtcomm.ru
http://www.spamhaus.org/sbl/listings.lasso?isp=rtcomm.ru
abuse[]rt.ru is listed in rfc-ignorant.org database
Let see whois:
Domain name: canadianpharmsupport.com
Registrant Contact:
CanadianRX ltd
Alan Tompson root[]canadianpharmsupport.com
4169264684 fax:
208 Douglas Dr
Toronto Toronto M4W 2B8
ca
Administrative Contact:
Alan Tompson ro...@canadianpharmsupport.com
4169264684 fax:
208 Douglas Dr
Toronto Toronto M4W 2B8
ca
Technical Contact:
Alan Tompson ro...@canadianpharmsupport.com
4169264684 fax:
208 Douglas Dr
Toronto Toronto M4W 2B8
ca
Billing Contact:
Alan Tompson ro...@canadianpharmsupport.com
4169264684 fax:
208 Douglas Dr
Toronto Toronto M4W 2B8
ca
DNS:
ns3.cnmsn.com
ns4.cnmsn.com
Created: 2007-04-25
Expires: 2008-04-25
See more canadianpharmsupport.com sightings:
http://groups.google.com/groups/search?q=canadianpharmsupport.com+group%3A*abuse&qt_s=Search
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/42419b8b3a44b416
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/58967757e2b95545
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.
For a copy of the guidelines to this group, see: