Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [drugs - Canadian Pharmacy botnet] [Open Proxy - 189.133.26.147] (toppillscollect.com - medicalplacehope.com / markuzapilod.com / rubakopesanm.com / rumbaponukas.com / biknasufadupo.com / bizcn.com) RE: September 70% OFF

0 views
Skip to first unread message

TomezNet

unread,
Sep 17, 2007, 4:31:07 PM9/17/07
to
Received From:
IP 189.133.26.147 dsl-189-133-26-147.prod-infinitum.com.mx
(at reduno.com.mx / uninet.net.mx)

Spamvert botnet:
toppillscollect.com => botnet
toppillscollect.com Resolved to IP 124.198.25.68 to 80.178.124.47 to
80.178.157.239 to 81.198.35.132 to 82.81.156.160 to 84.108.184.179 to
84.109.105.212 to 88.154.35.140 to 88.155.186.164 to 89.1.199.109 to
89.139.120.26 to 89.176.77.56 to 89.212.127.228

Spamvert Image Hosting URL:
http://www.medicalplacehope.com/1.gif

Image hosting:
medicalplacehope.com => botnet

www.medicalplacehope.com Resolved to IP 58.188.138.236 to
59.149.47.103 to 81.4.193.90 to 82.131.63.43 to 122.24.131.190 to
164.8.221.10 to 210.96.194.180 to 211.172.223.162 to 218.190.86.227 to
221.125.110.250 to 221.125.246.101 to 221.126.9.193 to 221.127.172.67
to 221.127.174.242 to 221.188.177.98

Title: Canadian Pharmacy

WEB:
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&

See sender identity and headers forgery by spammer.

Plenty of Forged Certificates and logos as always.

Much More info below:
====================

X-SID-PRA: Viagra.com Inc <[MUNGED]>
X-Message-Info: 6sSXyD95QpVx16YzUZ0rgUGDjwUWFNDBvZDOBFNJLIvihHB0ii/
NiBYh1dEpjfT/BlLirbERh6MZzUmdQmtRAw==
Received: from tomts3-srv.bellnexxia.net ([209.226.175.115]) by bay0-
pamc1-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 16 Sep 2007 18:27:22 -0700
Received: from [MUNGED]
by toip15.srvr.bell.ca with ESMTP; 16 Sep 2007 21:27:15 -0400
Received: (qmail 18073 invoked by uid 110); 16 Sep 2007 19:23:36 -0400
Delivered-To: [MUNGED]
Received: (qmail 17978 invoked from network); 16 Sep 2007 19:23:36
-0400
Received: from dsl-189-133-26-147.prod-infinitum.com.mx
(189.133.26.147)
by [MUNGED] with SMTP; 16 Sep 2007 19:23:36 -0400
Received: from Sands (10.19.16.19) by dsl-189-133-26-147.prod-
infinitum.com.mx (PowerMTA(TM) v3.2r4) id [MUNGED] for <[MUNGED]>;
Sun, 16 Sep 2007 06:23:26 -0600
Message-Id: <200709160023...@dsl-189-133-26-147.prod-
infinitum.com.mx>
To: <[MUNGED]>
Subject: RE: September 70% OFF
From: Viagra.com Inc <[MUNGED]>
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Date: Sun, 16 Sep 2007 21:32:01 -0400
Return-Path: anita[]mountain.net
X-OriginalArrivalTime: 17 Sep 2007 01:27:22.0828 (UTC)
FILETIME=[E5A550C0:01C7F8C9]

<style>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
</head>
<body>
<table width="600" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<table width="600" border="0" cellpadding="0" cellspacing="0"
background="http://images.mxk.com/images/email/notice2_02.jpg">
<tr>
<td width="600" height="9" colspan="2"><img src="http://
images.fhn.com/images/email/notice2_01.jpg" width="600" height="9"
alt=""></td>
</tr>
<tr>
<td width="458" style="font: 12px Verdana; color: #212121; text-
align: left; padding: 10px 20px;">
<span style="font-weight: bold; font-size: 22px; color:
#6387af;">pub <span style="font-size: 14px;">Message from Patrica
Basford</span></span><br/><br/>
Hi Mike,<br/><br/>
You have a oav message from Patrica Basford. You can view the
message at the following location:<br/><br/>
<span style="font-weight: bold; font-size: 14px;"><a href="http://
www.cug.com/friend/mail/displayInbox.do?loginid=PNMMIYXKATDA25547680&smid=20070831_100_3VBYTTIw3PvBD0SyKHyw-1113102006">View
Message&raquo;</a></span><br/><br/>
Thank you for joining us,<br>the <b>rtr</b> team
</td>
<td width="142">
<table width="100" border="0" cellpadding="0" cellspacing="0"
align="center">
<tr>
<td align="center">
<a href="http://www.ope.com/friend/mail/displayInbox.do?
loginid=PNMMIYXKATDA25547680&smid=20070831_100_3VBYTTIw3PvBD0SyKHyw-1113102006"><img
src="http://images.wzm.com/images/nophoto_girl_100.gif" border="0"></
a>
</td>
</tr>
</table>
</style>
<center>
<a href="http://www.toppillscollect.com"><img src="http://
www.medicalplacehope.com/1.gif">
<style>
</td>
</tr>
<tr>
<td width="600" height="9" colspan="2"><img src="http://
images.ney.com/images/email/notice2_03.jpg" width="600" height="9"
alt=""></td>
</tr>
</table>
</td>
</tr>
</table>
<table width="600">
<tr>
<td style="text-align: center; font: 10px Verdana; color: #a7a7a7;
padding-left: 10px;">
<span style="color:
#333;">------------------------------------------------------</
span><br/>
Copyright 2002-2006 fvm Networks, Inc. All rights reserved.<br/>
P.O. Box 31118, San Francisco, CA 94131, USA<br/>
<a href="http://www.hhy.com/friend/displayPrivacy.do">Privacy
Policy</a> | <a href="http://www.jcm.com/friend/account/
displayEditAcct.do?loginid=PNMMIYXKATDA25547680">Unsubscribe</a> | <a
href="http://www.ugn.com/friend/displayTOS.do">Terms of Service</a>
<img src="http://www.nsh.com/friend/to.do?
loginid=PNMMIYXKATDA25547680&smid=20070831_100_3VBYTTIw3PvBD0SyKHyw-1113102006"
align="absmiddle" border="0" height="20" width="1">
</td>
</tr>
</table>
</body>
</html>
</style>

-- END OF SPAM --

toppillscollect.com is a replacement for directmedmass.com

medicalplacehope.com is a replacement for onlinepillact.com

WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 787-1711, please, keep your order I.D.
every time you make a call.
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

See also Viagra.com Inc sightings:
http://groups.google.com/groups/search?q=%22Viagra.com+Inc%22+group%3A*abuse&start=0&scoring=d&

See:
IP 189.133.26.147 dsl-189-133-26-147.prod-infinitum.com.mx

http://moensted.dk/spam/?addr=189.133.26.147
http://cbl.abuseat.org/lookup.cgi?ip=189.133.26.147

inetnum: 189.133.26/24
status: reallocated
owner: Gestión de direccionamiento UniNet
ownerid: MX-GDUN-LACNIC
nic-hdl: DCA
person: GESTION DE CAMBIOS
e-mail: gcc...@REDUNO.COM.MX

postmaster and abuse[]prod-infinitum.com.mx are listed in rfc-
ignorant.org database
whois, postmaster and abuse[]uninet.net.mx are listed in rfc-
ignorant.org database
whois, postmaster and abuse[]reduno.com.mx are listed in rfc-
ignorant.org database

route: 189.133.0.0/19
descr: INFINITUM
origin: AS8151
mnt-by: TELMEX-MNT
changed: n...@reduno.com.mx
AS Name: Uninet S.A. de C.V.
http://www.cidr-report.org/cgi-bin/as-report?as=8151

3 SBL listings for IPs under the responsibility of C
http://www.spamhaus.org/sbl/listings.lasso?isp=prod-infinitum.com.mx

19 SBL/ROKSO listings for IPs under the responsibility of
uninet.net.mx
http://www.spamhaus.org/sbl/listings.lasso?isp=uninet.net.mx

Spamver URL:
http://toppillscollect.com/

See:
toppillscollect.com => botnet
toppillscollect.com Resolved to IP 124.198.25.68 to 80.178.124.47 to
80.178.157.239 to 81.198.35.132 to 82.81.156.160 to 84.108.184.179 to
84.109.105.212 to 88.154.35.140 to 88.155.186.164 to 89.1.199.109 to
89.139.120.26 to 89.176.77.56 to 89.212.127.228

ns0.biknasufadupo.com [121.200.140.244] [TTL=172800] [JP]
ns0.rubakopesanm.com [89.176.77.56] [TTL=172800] [CZ]

NS records at nameservers are:
ns0.markuzapilod.com [69.231.219.90] [TTL=300]
ns0.rubakopesanm.com [206.74.129.248] [TTL=300]
ns0.rumbaponukas.com [85.179.106.4] [TTL=300]
ns0.biknasufadupo.com [81.95.182.51] [TTL=300]

OLD
ns0.biknasufadupo.com [221.126.9.147] [TTL=172800] [HK]
ns0.rubakopesanm.com [87.228.108.10] [TTL=172800] [RU]

NS records at nameservers are:
ns0.markuzapilod.com [88.154.250.232] [TTL=300]
ns0.rubakopesanm.com [87.228.108.10] [TTL=300]
ns0.rumbaponukas.com [125.231.209.82] [TTL=300]
ns0.biknasufadupo.com [221.126.9.147] [TTL=300]

NEW:
SOA record [TTL=300] is:
Primary nameserver: toppillscollect.com
Hostmaster E-mail address: 124.198.25.68
Serial #: 2093357380

www.toppillscollect.com A records are:

www.toppillscollect.com A 124.198.25.68 [TTL=300] [KR]
www.toppillscollect.com A 80.178.124.47 [TTL=300] [IL]
www.toppillscollect.com A 80.178.157.239 [TTL=300] [IL]
www.toppillscollect.com A 81.198.35.132 [TTL=300] [LV]
www.toppillscollect.com A 82.81.156.160 [TTL=300] [IL]
www.toppillscollect.com A 84.108.184.179 [TTL=300] [IL]
www.toppillscollect.com A 84.109.105.212 [TTL=300] [IL]
www.toppillscollect.com A 88.154.35.140 [TTL=300] [IL]
www.toppillscollect.com A 88.155.186.164 [TTL=300] [IL]
www.toppillscollect.com A 89.1.199.109 [TTL=300] [IL]
www.toppillscollect.com A 89.139.120.26 [TTL=300] [IL]
www.toppillscollect.com A 89.176.77.56 [TTL=300] [CZ]
www.toppillscollect.com A 89.212.127.228 [TTL=300] [SI]

SEE ALSO:
domains sharing nameservers
shortslow.com
claimcoast.com
drugslovetown.com
electricmay.com
gladfarm.com
rangecarry.com
medsits.com
pills33.com

Let see whois.bizcn.com:
Domain name: toppillscollect.com

Domain Name: TOPPILLSCOLLECT.COM
Registrar: BIZCN.COM, INC.
Whois Server: whois.bizcn.com
Referral URL: http://www.bizcn.com
Name Server: NS0.BIKNASUFADUPO.COM
Name Server: NS0.RUBAKOPESANM.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 19-jun-2007
Creation Date: 19-jun-2007
Expiration Date: 19-jun-2008

Last update of whois database: Mon, 17 Sep 2007 19:19:07 UTC

More toppillscollect.com sightings:
http://groups.google.com/groups/search?q=toppillscollect.com+group%3A*abuse&qt_s=Search

Also much more bizcn.com spam support sightings:
http://groups.google.com/groups/search?q=bizcn.com+group%3A*abuse&start=0&scoring=d&

See Image hosting URL:
http://www.medicalplacehope.com/1.gif

See:
medicalplacehope.com => botnet

www.medicalplacehope.com Resolved to IP 58.188.138.236 to
59.149.47.103 to 81.4.193.90 to 82.131.63.43 to 122.24.131.190 to
164.8.221.10 to 210.96.194.180 to 211.172.223.162 to 218.190.86.227 to
221.125.110.250 to 221.125.246.101 to 221.126.9.193 to 221.127.172.67
to 221.127.174.242 to 221.188.177.98

ns0.biknasufadupo.com [221.127.174.242] [TTL=172800] [HK]
ns0.rubakopesanm.com [218.254.85.16] [TTL=172800] [HK]

NS records at nameservers are:
ns0.rumbaponukas.com [85.179.106.4] [TTL=300]
ns0.biknasufadupo.com [81.95.182.51] [TTL=300]
ns0.markuzapilod.com [69.231.219.90] [TTL=300]
ns0.rubakopesanm.com [206.74.129.248] [TTL=300]

OLD:
ns0.biknasufadupo.com [221.126.9.147] [TTL=172800] [HK]
ns0.rubakopesanm.com [87.228.108.10] [TTL=172800] [RU]

NS records at nameservers are:
ns0.markuzapilod.com [88.154.250.232] [TTL=300]
ns0.rubakopesanm.com [87.228.108.10] [TTL=300]
ns0.rumbaponukas.com [125.231.209.82] [TTL=300]
ns0.biknasufadupo.com [221.126.9.147] [TTL=300]

NEW:
SOA record [TTL=300] is:
Primary nameserver: ns0.rubakopesanm.com
Hostmaster E-mail address:
Serial #: 0

www.medicalplacehope.com A 123.202.169.220 [TTL=300] [HK]
www.medicalplacehope.com A 164.8.221.10 [TTL=300] [EU]
www.medicalplacehope.com A 210.96.194.180 [TTL=300] [KR]
www.medicalplacehope.com A 211.172.223.162 [TTL=300] [KR]
www.medicalplacehope.com A 221.126.9.193 [TTL=300] [HK]
www.medicalplacehope.com A 221.127.5.60 [TTL=300] [HK]
www.medicalplacehope.com A 221.127.35.29 [TTL=300] [HK]
www.medicalplacehope.com A 221.127.110.188 [TTL=300] [HK]
www.medicalplacehope.com A 221.127.172.67 [TTL=300] [HK]
www.medicalplacehope.com A 221.127.174.242 [TTL=300] [HK]
www.medicalplacehope.com A 58.188.138.236 [TTL=300] [JP]
www.medicalplacehope.com A 59.149.47.103 [TTL=300] [HK]
www.medicalplacehope.com A 61.10.122.23 [TTL=300] [HK]

Let see whois.bizcn.com:
Domain Name: MEDICALPLACEHOPE.COM
Registrar: BIZCN.COM, INC.
Whois Server: whois.bizcn.com
Referral URL: http://www.bizcn.com
Name Server: NS0.BIKNASUFADUPO.COM
Name Server: NS0.RUBAKOPESANM.COM
Status: clientDeleteProhibited
Status: clientTransferProhibited
Updated Date: 19-jun-2007
Creation Date: 19-jun-2007
Expiration Date: 19-jun-2008

Last update of whois database: Mon, 17 Sep 2007 19:26:32 UTC

Domain name: medicalplacehope.com

Registrant Contact:
RxPlaza
John Lynge rx[]rxplazaquiet.com
5704487761 fax:
632 Pleasant View Drive
Pleasant Mount PA 18453
us

Administrative Contact:
John Lynge r...@rxplazaquiet.com
5704487761 fax:
632 Pleasant View Drive
Pleasant Mount PA 18453
us

Technical Contact:
John Lynge r...@rxplazaquiet.com
5704487761 fax:
632 Pleasant View Drive
Pleasant Mount PA 18453
us

Billing Contact:
John Lynge r...@rxplazaquiet.com
5704487761 fax:
632 Pleasant View Drive
Pleasant Mount PA 18453
us

DNS:
ns0.rubakopesanm.com
ns0.biknasufadupo.com

Created: 2007-06-19
Expires: 2008-06-19

More medicalplacehope.com sightings:
http://groups.google.com/groups/search?q=medicalplacehope.com+group%3A*abuse&qt_s=Search

See also Registrant contact at rxplazaquiet.com sightings:
http://groups.google.com/groups/search?q=rxplazaquiet.com+group%3A*abuse&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/ae0a8cc1a8b9e918

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/304b0dc256d9e615

Cheers, Tomez


--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages