Spamvert:
edgeadd.com => botnet
www.edgeadd.com Resolved to 222.100.5.23 to 61.58.184.213 to
67.166.150.21 to 68.50.244.32 to 69.14.247.212 to 69.86.213.81 to
69.245.174.253 to 70.224.193.160 to 70.230.156.188 to 71.170.85.91 to
74.128.136.74 to 78.107.254.193 to 79.120.63.96 to 88.206.173.5 to
91.67.116.143 to 99.165.13.206 to 123.203.26.174 to 125.215.119.150 to
210.106.5.55 to 219.240.79.58 to 222.13.234.163
www.edgeadd.com has no MX records -> edgeadd.com has no MX records
Title: European Pharmacy (aka Canadian Pharmacy)
WEB:
© Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.
Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&
Plenty of Forged Certificates and logos as always.
SEE sender identity and headers forgery by spammer spoofing our
domain.
Much More info below:
==================Return-path: <[MUNGED]>
Received: from p57b9d832.dip.t-dialin.net ([87.185.216.50])
by iota-beta.com with smtp (Exim 4.63)
(envelope-from <[MUNGED]>)
id 1JfXWm-0005kU-SK
for [MUNGED]; Sat, 29 Mar 2008 04:39:26 -0500
X-Originating-IP: [87.185.216.50]
X-Originating-Email: [[MUNGED]]
X-Sender: [MUNGED]
Received: (qmail 3479 by uid 559); Sat, 29 Mar 2008 10:39:09 +0100
Message-Id: <200803291139...@p57B9D832.dip.t-dialin.net>
To: <[MUNGED]>
From: <[MUNGED]>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-Spam-Status: Yes, score=10.0
X-Spam-Score: 100
X-Spam-Bar: ++++++++++
X-Spam-Report: *REMOVED*
X-Spam-Flag: YES
Subject: ***SPAM*** March 84 % Off!
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
</head>
<style>
<body>
<table width="600" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<!-- Notice: If this text is displayed, your email client cannot
display properly the format we've sent you. You may want to consider
upgrading to a more recent version of your email client. If you would
like to receive only plain text messages, please reply to this message
and put "Change to text" in the subject.-->
</HEAD>
<BODY>
<TABLE border="0" align="center" width="610" cellPadding="0"
cellSpacing="0">
<TBODY>
<TR>
<td width="610" height="39" valign="top">
<div align="right">
<img src="http://kanaweb.cmxv.com/
notifications/events/ccs_epay/images/opw.gif" width="610" height="51"
border="0"></div>
</td>
</TR>
<tr>
<td height="1"><img src="http://kanaweb.wiat.com/
notifications/events/ccs_epay/images/qpur.gif" width="610"
height="1"></td>
</tr>
<TR>
<td width="135"> </td>
</TR>
<TR>
<TD>
<FONT size="2" face="Arial, Helvetica, sans-serif">
Dear Elvin Pacheco,<br>
<br>
Thank you for scheduling your recent credit card payment online. Your
payment will post to your account on 550058656727/01/2008. <BR>
<BR>
Now that you're making your payment online, are you aware of all the
convenient ways you can manage your account online? <BR>
<BR>
Just log in to www.jbvq.com today. Using the "I'd like to..." links
for your credit card account, you can access more than a dozen
features, including links to:
<UL>
<LI>
<B>See Statements</B> - View your statement and choose to stop
receiving paper statements.</LI>
</style>
<center>
<a href="http://www.edgeadd.com"><img src="http://www.edgeadd.com/
1.gif">
<style>
<LI>
<B>Manage automatic payments</B> - Set up monthly payments to be made
automatically.</LI>
<LI>
<B>Transfer a balance</B> - Transfer a balance to your credit card
account.</LI>
<LI>
<B>Go to Free Alerts</B> - Schedule alerts to be reminded of key
account activity.</LI>
</UL>
You can also view past payments you have made online by
logging on to www.nxmc.com and clicking "See payment history" under
"I'd like to ..." . <BR>
<BR>
If you have any problems or questions, please call the
Customer Service number on the back of your credit card. <BR>
<BR>
Thanks again for using online payments. <br>
<br>
Sincerely, <br>
Cardmember Services </FONT>
</TD>
</TR>
</TBODY>
</TABLE>
<TABLE border="0" align="center" width="610" cellPadding="0"
cellSpacing="0">
<tr>
<td height="1"><img src="http://kanaweb.munr.com/
notifications/events/ccs_epay/images/gntf.gif" width="610"
height="1"></td>
</tr>
<TR>
<TD>
<br>
<FONT size="1" face="Arial, Helvetica, sans-
serif">
This email was sent to: [MUNGED]<br>
</style>
-- END OF SPAM --
See also European Pharmacy sightings:
http://groups.google.com/groups/search?q=%22European+Pharmacy%22+group%3A*abuse*&qt_s=Search
OLD Listing:
SBL61248 - ROK4932 / SBL61418, SBL61896, SBL62483
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932
WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 888-9089, please, keep your order I.D.
every time you make a call
© Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.
Contact:
Also you may send us an e-mail.
You will get an answer ASAP. Customer Support (click here to mail us
sup...@canadianmedicationsupport.com)
More spammer sightings:
http://groups.google.com/groups/search?q=%22September+70%25%22+group%3A*abuse&start=0&scoring=d&
More canadianmedicationsupport.com sightings:
http://groups.google.com/groups/search?q=canadianmedicationsupport.com+group%3A*abuse*&qt_s=Search
See:
IP 87.185.216.50 p57b9d832.dip.t-dialin.net
http://moensted.dk/spam/?addr=87.185.216.50
Currently Sending Spam SORBS-ZOMBIE/WEB/SOCKS/MISC ... etc
See: http://www.sorbs.net/lookup.shtml?87.185.216.50
abuse[]t-dialin.net is listed in rfc-ignorant.org database
inetnum: 87.160.0.0 - 87.186.159.255
netname: DTAG-DIAL21
descr: Deutsche Telekom AG
country: DE
route: 87.128.0.0/10
descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
member-of: AS3320:RS-PA-TELEKOM
mnt-by: DTAG-RR
source: RIPE
changed: b...@nic.dtag
SEE:
Spamvert:
edgeadd.com => botnet
www.edgeadd.com Resolved to 222.100.5.23 to 61.58.184.213 to
67.166.150.21 to 68.50.244.32 to 69.14.247.212 to 69.86.213.81 to
69.245.174.253 to 70.224.193.160 to 70.230.156.188 to 71.170.85.91 to
74.128.136.74 to 78.107.254.193 to 79.120.63.96 to 88.206.173.5 to
91.67.116.143 to 99.165.13.206 to 123.203.26.174 to 125.215.119.150 to
210.106.5.55 to 219.240.79.58 to 222.13.234.163
DNS with NEW IP's:
ns0.nameedns.com IP 211.168.219.196
ns0.nameedns1.com IP 211.172.214.146
ns0.renewwdns.com IP 123.202.89.194
ns0.renewwdns1.com IP 124.49.113.109
www.edgeadd.com has no MX records -> edgeadd.com has no MX records
See IP rDNS on botnet:
222.100.5.23 no PTR at KORNET / kt.co.kr / Korea
61.58.184.213 = 61-58-184-213.nty.dynamic.lsc.net.tw
67.166.150.21 = c-67-166-150-21.hsd1.ca.comcast.net
68.50.244.32 = c-68-50-244-32.hsd1.dc.comcast.net
69.14.247.212 = d14-69-212-247.try.wideopenwest.com
69.86.213.81 = user-12ldlah.cable.mindspring.com
69.245.174.253 = c-69-245-174-253.hsd1.in.comcast.net
70.224.193.160 = ppp-70-224-193-160.dsl.applwi.ameritech.net
70.230.156.188 = adsl-70-230-156-188.dsl.stlsmo.sbcglobal.net
71.170.85.91 = static-71-170-85-91.dllstx.fios.verizon.net
74.128.136.74 = 74-128-136-74.dhcp.insightbb.com
78.107.254.193 = endal.dialup.corbina.ru
79.120.63.96 no PTR at TI-BB / ti.ru / Russia
88.206.173.5 = 88-206-173-5.highlandnet.se
91.67.116.143 no PTR at KABEL-DEUTSCHLAND / kabel-bb.de
99.165.13.206 = adsl-99-165-13-206.dsl.lsan03.sbcglobal.net
123.203.26.174 = 123203026174.ctinets.com
125.215.119.150 = opt-125-215-119-150.client.pikara.ne.jp
210.106.5.55 no PTR at DREAMPLUS-AS-KR DreamcityMedia / Korea
219.240.79.58 no PTR at HANARO / HANANET / Korea
222.13.234.163 = zq234163.ppp.dion.ne.jp
AND for DNS servers:
IP 211.168.219.196 no PTR at BORANET / LG DACOM / Korea
IP 203.210.40.116 no PTR at Vitssen-INFRA / GSD / tbroad.com / Korea
IP 211.172.214.146 no PTR at KNCTV / gsgbi.co.kr / Korea
IP 123.202.89.194 = 123202089194.ctinets.com
IP no PTR at HANANET-HIGHBAN-INTERNETCLUBTZ / hanaro.com / Korea
IP 124.49.113.109 no PTR at Xpeed / powercomm.com / Korea
IP 219.240.79.58 no PTR at HANARO / HANANET / Korea
OLDER:
221.127.143.95 no PTR at Hutchison / hgc.com.hk
24.38.202.179 = static-host-24-38-202-179.patmedia.net
61.15.245.139 = cm61-15-245-139.hkcable.com.hk
61.58.184.213 = 61-58-184-213.nty.dynamic.lsc.net.tw
68.50.244.32 = c-68-50-244-32.hsd1.dc.comcast.net
69.14.247.212 = d14-69-212-247.try.wideopenwest.com
69.86.213.81 = user-12ldlah.cable.mindspring.com
69.245.174.253 = c-69-245-174-253.hsd1.in.comcast.net
70.127.55.82 = 82-55.127-70.tampabay.res.rr.com
70.230.156.188 = adsl-70-230-156-188.dsl.stlsmo.sbcglobal.net
71.170.85.91 = static-71-170-85-91.dllstx.fios.verizon.net
74.128.136.74 = 74-128-136-74.dhcp.insightbb.com
90.183.115.170 = 170.115.broadband16.iol.cz
118.167.172.215 = 118-167-172-215.dynamic.hinet.net
124.51.106.155 no PTR at Xpeed / powercomm.com / Korea
125.215.119.234 = opt-125-215-119-234.client.pikara.ne.jp
193.150.211.127 = c193-150-211-127.bredband.comhem.se
210.106.5.55 no PTR at DREAMPLUS / nowcom.co.kr / Korea
211.193.118.198 no PTR at KORNET / kt.co.kr / Korea
219.240.79.58 no PTR at HANARO / HANANET / Korea
AND:
24.38.202.179 = static-host-24-38-202-179.patmedia.net
78.129.0.123 = host-78-129-0-123.brutele.be
220.74.128.26 no PTR at KORNET / kt.co.kr / Korea
88.134.185.93 = 88-134-185-93-dynip.superkabel.de
Let see whois.paycenter.com.cn:
Domain Name: edgeadd.com
Registrant:
li hao
hai kou
891000
Administrative Contact:
haohao
li hao
hai kou
hai kou Beijing 891000
CN
tel: 898 1234567
fax: 898 1234567
yayun22[]163.com
Technical Contact:
haohao
li hao
hai kou
hai kou Beijing 891000
CN
tel: 1234567
fax: 1234567
yay...@163.com
Billing Contact:
haohao
li hao
hai kou
hai kou Beijing 891000
CN
tel: 1234567
fax: 1234567
yay...@163.com
Registration Date: 2008-03-14
Update Date: 2008-03-26
Expiration Date: 2009-03-14
Primary DNS: ns0.RENEWWDNS.com 24.38.202.179
Secondary DNS: ns0.NAMEEDNS.com 194.108.105.17
More edgeadd.com sightings:
http://groups.google.com/groups/search?q=edgeadd.com+group%3A*abuse*&qt_s=Search
SEE ALSO:
hostnames sharing ip with a-records
*.reasontire.com
allowyellow.com
assortmentandspecie.com
basicshore.com
bestmonbuy.com
brothercold.com
colonyusual.com
companychild.com
directpillshuman.com
earcandlesonline.com
energyfromwate.com
exampleopposite.com
filltown.com
fixyourmusic.com
genericcialisbest.com
gonepass.com
greatmonrxshop.com
hardearly.com
high-quality-shop.com
inchyou.cn
juiceandfruit.com
jumpchief.com
keyassortmen.com
leskavsuba.com
letterclock.com
mayorder.com
meds-all.com
meds-ca.com
meds-world.com
meds34.com
metalhuge.com
minetold.com
mixturejo.com
monrxbuy.com
monrxshopdirect.com
monrxshopworld.com
moresecond.com
mudesire.com
muhope.com
murxshope.com
mustwife.com
myv.woodbefore.com
naturalrxshop.com
nightif.com
ojefyc.reasontire.com
paragraphhand.com
perfectionandassortmen.com
perfectmixtur.com
pills-world.com
planetreply.com
pleaseselect.com
reasontire.com
ringrequire.com
ropedollar.com
ropeminute.com
runpractice.com
rxnicse.com
rxnicsite.com
rxsblog.com
rxshoppingonline.com
rxstoreware.com
rxsweb.com
sadoremamok.com
saltbring.com
siterxpills.com
studycrease.com
suchout.com
teethexperiment.com
tenminutetan.com
theirfear.com
theportalshop.com
thousandkind.com
tradevowel.com
watersingle.com
wateryoursou.com
wearcause.com
willclock.com
wonderfulassortmen.com
woodsugar.com
www.abovespecial.com
yesresult.cn
domains using this as nameserver
domains sharing nameservers
aaiechange.com
actwill.com
atnevez.com
avotecs.com
beenliquid.com
beklom.com
blucpan.com
bonilt.com
breadbaby.com
byche.com
choosedo.com
collectwhole.com
colonyusual.com
cosamryl.com
doupsto.com
dwointa.com
earcandlesonline.com
eyetoear.com
famtriz.com
fedusk.com
flaxoig.com
fomtacap.com
fourblack.com
fruitlot.com
gotvab.com
growfell.com
guptane.com
inchyou.cn
istupee.com
kazinr.com
ladylate.com
lainwad.com
lernak.com
locurt.com
lometr.com
lugfeat.com
maianor.com
mainfrom.com
merzut.com
micald.com
miplor.com
moonshort.com
moreplane.com
nameedns.com
nightarrange.com
nolidv.com
nuembrop.com
ofbelieve.com
opicer.com
osterk.com
overheart.com
petork.com
pitebl.com
planerise.com
plogat.com
pumedr.com
raclange.com
railweather.com
rangorp.com
reasontire.com
refilp.com
replythey.com
runpractice.com
saiegfol.com
sammossguitars.com
seapast.com
sednip.com
selectcell.cn
shaesol.com
simepa.com
smeriv.com
softsiteprovide.com
soilear.com
soonend.com
sorexan.com
srelom.com
staget.com
steamrun.com
swaneyt.com
swimlet.com
syllabledescribe.com
symatod.com
takinov.com
tendollartech.com
theirfear.com
tookjob.com
toutofy.com
tradevowel.com
tsawlon.com
tunecvim.com
varilo.com
vaseld.com
vokelp.com
wildnumeral.com
willbed.com
willwoman.com
windowit.com
woodsugar.com
wouldmillion.com
wouldmusic.com
wrongsame.com
yesresult.cn
(only showing 100 results)
More nameedns.com sightings:
http://groups.google.com/groups/search?q=nameedns.com+group%3A*abuse*&qt_s=Search
More nameedns1.com sightings:
http://groups.google.com/groups/search?q=nameedns1.com+group%3A*abuse*&qt_s=Search
More renewwdns.com sightings:
http://groups.google.com/groups/search?q=renewwdns.com+group%3A*abuse*&qt_s=Search
More renewwdns1.com sightings:
http://groups.google.com/groups/search?q=renewwdns1.com+group%3A*abuse*&qt_s=Search
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/2d53ed5de9231d2e
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/de16aa972aa64ea2
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/d7139d9a0774b624
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/32af2972d6b5278b
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/