Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [drugs - Canadian Pharmacy botnet] [207.115.20.70] (directpillshuman.com / nameedns.com / nameedns1.com / renewwdns.com / renewwdns1.com / canadianmedicationsupport.com / geocities.com) April Offers: Vigria_ENLARGMENT_Cialas_Phentmine $1.21

4 views
Skip to first unread message

TomezNet

unread,
Apr 7, 2008, 1:46:58 PM4/7/08
to
Received From:
IP 207.115.20.70 flpi101.sbcis.sbc.com
(at AT&T / sbcglobal.net / swbell.net / prodigy.net)

Spamvert URL:
http://geocities.com/clevelandmalone916/

Redirected to:
http://directpillshuman.com/

www.directpillshuman.com => botnet
directpillshuman.com Resolved to 219.240.79.58 to 24.14.101.18 to
24.38.202.179 to 61.58.184.213 to 68.50.244.32 to 69.86.213.81 to
69.245.174.253 to 70.230.156.188 to 71.170.85.91 to 72.153.218.59 to
78.106.67.189 to 78.107.254.193 to 82.114.220.175 to 82.212.52.144 to
88.206.173.63 to 91.89.168.75 to 93.80.51.153 to 93.80.60.26 to
93.80.94.71 to 118.166.128.22

ns0.nameedns.com IP 211.168.219.196
ns0.nameedns1.com IP 211.172.214.146
ns0.renewwdns.com IP 123.202.89.194
ns0.renewwdns1.com IP 124.49.113.109

Title: European Pharmacy (aka Canadian Pharmacy)

WEB:
Å  Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.

Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&

Plenty of Forged Certificates and logos as always.

Much More info below:
==================X-SID-PRA: Ted Jordan <phkch[]sbcglobal.net>
X-Message-Info:
6sSXyD95QpU400jrNVYKFQOP49i5426jJEki34gVBGdO1ORnIv4G4vxwRl/
Ikm3Jv3wpZq2IdoudKJCvrE/GHg=Received: from tomts48-srv.bellnexxia.net ([209.226.175.192]) by bay0-
pamc1-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sat, 5 Apr 2008 13:17:05 -0700
Received: from toip20.srvr.bell.ca ([67.69.240.22])
by toip30.srvr.bell.ca with ESMTP; 05 Apr 2008 16:17:00 -0400
Received: from [MUNGED]
by toip20.srvr.bell.ca with ESMTP; 05 Apr 2008 16:16:58 -0400
Received: (qmail 7446 invoked by uid 110); 5 Apr 2008 16:16:54 -0400
Delivered-To: [MUNGED]
Received: (qmail 7439 invoked from network); 5 Apr 2008 16:16:53 -0400
Received: from flpi101.sbcis.sbc.com (HELO flpi101.prodigy.net)
(207.115.20.70)
by [MUNGED] with SMTP; 5 Apr 2008 16:16:53 -0400
X-ORBL: [75.37.95.188]
Received: from vbnxlb (adsl-75-37-95-188.dsl.pltn13.sbcglobal.net
[75.37.95.188])
by flpi101.prodigy.net (8.13.8 out.dk.spool/8.13.8) with SMTP id
m35Jk6tJ023852;
Sat, 5 Apr 2008 13:16:04 -0700
Message-ID: <000401c89759$863bab00$7436b761@vbnxlb>
From: "Ted Jordan" <phkch[]sbcglobal.net>
To: "<[MUNGED]>
<[MUNGED]>
<[MUNGED]>
<[MUNGED]>
<[MUNGED]>
<[MUNGED]>
<[MUNGED]>
<[MUNGED]>
<[MUNGED]>
Subject: April Offers: Vigria_ENLARGMENT_Cialas_Phentmine $1.21
Date: Sat, 05 Apr 2008 15:13:34 -0500
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset="iso-8859-1";
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869
Return-Path: phkch[]sbcglobal.net
X-OriginalArrivalTime: 05 Apr 2008 20:17:05.0378 (UTC)
FILETIME=[04396420:01C8975A]

Fast delivery.
http://geocities.com/clevelandmalone916/

-- END OF SPAM --

See also European Pharmacy sightings:
http://groups.google.com/groups/search?q=%22European+Pharmacy%22+group%3A*abuse*&qt_s=Search

OLD Listing:
SBL61248 - ROK4932 / SBL61418, SBL61896, SBL62483

http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932

WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 888-9089, please, keep your order I.D.
every time you make a call
Å  Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.

Contact:
Also you may send us an e-mail.
You will get an answer ASAP. Customer Support (click here to mail us
sup...@canadianmedicationsupport.com)

More spammer sightings:
http://groups.google.com/groups/search?q=%22September+70%25%22+group%3A*abuse&start=0&scoring=d&

More canadianmedicationsupport.com sightings:
http://groups.google.com/groups/search?q=canadianmedicationsupport.com+group%3A*abuse*&qt_s=Search

See:
IP 207.115.20.70 flpi101.sbcis.sbc.com

http://moensted.dk/spam/?addr=207.115.20.70

OrgName: AT&T Internet Services
OrgID: SIS-80
Address: 2701 N. Central Expwy # 2205.15
City: Richardson
StateProv: TX
PostalCode: 75080
Country: US

NetRange: 207.115.0.0 - 207.115.63.255
CIDR: 207.115.0.0/18
NetName: NET-192-207-105-0-1
NetHandle: NET-207-115-0-0-1
Parent: NET-207-0-0-0-0
NetType: Direct Allocation
NameServer: NS1.ATTDNS.COM
NameServer: NS3.ATTDNS.COM
NameServer: NS2.ATTDNS.COM

route: 207.115.16.0/20
descr: ATT ITOIS FRFDCA60
origin: AS6348
tech-c: Bob Musolino
mnt-by: MAINT-AS1698
changed: rga...@prodigy.net
changed: vb2...@sbc.com
changed: rx1...@att.net

SEE:
www.directpillshuman.com => botnet
directpillshuman.com Resolved to 219.240.79.58 to 24.14.101.18 to
24.38.202.179 to 61.58.184.213 to 68.50.244.32 to 69.86.213.81 to
69.245.174.253 to 70.230.156.188 to 71.170.85.91 to 72.153.218.59 to
78.106.67.189 to 78.107.254.193 to 82.114.220.175 to 82.212.52.144 to
88.206.173.63 to 91.89.168.75 to 93.80.51.153 to 93.80.60.26 to
93.80.94.71 to 118.166.128.22

ns0.nameedns.com IP 211.168.219.196
ns0.nameedns1.com IP 211.172.214.146
ns0.renewwdns.com IP 123.202.89.194
ns0.renewwdns1.com IP 124.49.113.109

www.directpillshuman.com has no MX records -> directpillshuman.com has
no MX records

See IP rDNS on botnet:
219.240.79.58 no PTR at HANARO / HANANET / Korea
24.14.101.18 = c-24-14-101-18.hsd1.il.comcast.net
24.38.202.179 = static-host-24-38-202-179.patmedia.net
61.58.184.213 = 61-58-184-213.nty.dynamic.lsc.net.tw
68.50.244.32 = c-68-50-244-32.hsd1.dc.comcast.net
69.86.213.81 = user-12ldlah.cable.mindspring.com
69.245.174.253 = c-69-245-174-253.hsd1.in.comcast.net
70.230.156.188 = adsl-70-230-156-188.dsl.stlsmo.sbcglobal.net
71.170.85.91 = static-71-170-85-91.dllstx.fios.verizon.net
72.153.218.59 = adsl-153-218-59.mia.bellsouth.net
78.106.67.189 = 78-106-67-189.broadband.corbina.ru
78.107.254.193 = endal.dialup.corbina.ru
82.114.220.175 = ipad175.customer.medialine.cz
82.212.52.144 = hsi-kbw-082-212-052-144.hsi.kabelbw.de
88.206.173.63 = 88-206-173-63.highlandnet.se
91.89.168.75 no PTR at KabelBW / byteaction.de
93.80.51.153 = 93-80-51-153.broadband.corbina.ru
93.80.60.26 = 93-80-60-26.broadband.corbina.ru
93.80.94.71 = 93-80-94-71.broadband.corbina.ru
118.166.128.22 = 118-166-128-22.dynamic.hinet.net

AND:
IP 211.168.219.196 no PTR at BORANET / LG DACOM / Korea
IP 203.210.40.116 no PTR at Vitssen-INFRA / GSD / tbroad.com / Korea
IP 211.172.214.146 no PTR at KNCTV / gsgbi.co.kr / Korea
IP 123.202.89.194 = 123202089194.ctinets.com
IP no PTR at HANANET-HIGHBAN-INTERNETCLUBTZ / hanaro.com / Korea
IP 124.49.113.109 no PTR at Xpeed / powercomm.com / Korea
IP 219.240.79.58 no PTR at HANARO / HANANET / Korea

www.directpillshuman.com has no MX records -> directpillshuman.com has
no MX records

Let see whois.paycenter.com.cn:
Domain Name: directpillshuman.com

Registrant:
Martin Li
Fujian
112188

Administrative Contact:
MartinLi
Martin Li
Fujian
Xiamen Fujian 112188
CN
tel: 101 8786665
fax: 101 8786665
martin[]21cn.com => NEW

Technical Contact:
MartinLi
Martin Li
Fujian
Xiamen Fujian 112188
CN
tel: 8786665
fax: 8786665
mar...@21cn.com

Billing Contact:
MartinLi
Martin Li
Fujian
Xiamen Fujian 112188
CN
tel: 8786665
fax: 8786665
mar...@21cn.com

Registration Date: 2008-03-06
Update Date: 2008-03-18
Expiration Date: 2009-03-06

Primary DNS: ns0.RENEWWDNS.com 78.94.93.210
Secondary DNS: ns0.NAMEEDNS.com 125.182.105.26

More directpillshuman.com sightings:
http://groups.google.com/groups/search?q=directpillshuman.com+group%3A*abuse*&qt_s=Search

SEE ALSO:
hostnames sharing ip with a-records
*.chancetoo.com
*.head-of-epharmacy.com
18meds.com
aamorphous.com
aangakikam.com
aasansabag.com
aassupload.com
adaev.gonebox.com
andconsider.com
atnevez.com
beklom.com
bigbonger.com
blucpan.com
bonilt.com
branchform.com
brownarrive.com
canadian-meds-world.com
carryelse.com
chancetoo.com
controlbread.com
copyarrange.com
cosamryl.com
dagespo.com
decidecompany.com
doctorpart.com
doupsto.com
drugtoplocate.com
dwointa.com
earcandlesonline.com
eggready.com
filltown.com
fixforall.com
friendlake.com
goneline.com
goodtimescasino.com
gotvab.com
grewthose.com
head-of-epharmacy.com
highqualitypharm.com
istupee.com
kazinr.com
laymoment.com
limits-on-freedom.com
locatecoast.com
lometr.com
lovemedssign.com
macesont.com
maianor.com
mayorder.com
medruijinhasedunkingans.com
meds5.com
micald.com
millioncover.com
miplor.com
monthfarm.com
moonbefore.com
nolidv.com
ns0.xazeyunhdefunja.com
opicer.com
petork.com
pharmacy-saving.com
pitebl.com
pleaseselect.com
plogat.com
refilp.com
ropedollar.com
rxnic.com
saderuikuntunyesdea.com
sambinos.com
sectiononce.com
sednip.com
seedbeat.com
sendwide.com
setunit.com
sevenhappy.com
shaesol.com
smeriv.com
soundgave.com
spammer.head-of-epharmacy.com
srelom.com
staget.com
static-host-24-38-202-179.patmedia.net
stonesingle.com
studydecimal.com
subtracthat.com
takinov.com
thegolffix.com
thousandseveral.com
toptall.com
toutofy.com
treehuge.com
tripheat.com
tunecvim.com
twoevery.com
typechair.com
typelook.com
unittrip.com
uz.wrongsame.com
woodsugar.com
wrongsame.com
yourfishingear.com
(only showing 100 results)

More nameedns.com sightings:
http://groups.google.com/groups/search?q=nameedns.com+group%3A*abuse*&qt_s=Search

More nameedns1.com sightings:
http://groups.google.com/groups/search?q=nameedns1.com+group%3A*abuse*&qt_s=Search

More renewwdns.com sightings:
http://groups.google.com/groups/search?q=renewwdns.com+group%3A*abuse*&qt_s=Search

More renewwdns1.com sightings:
http://groups.google.com/groups/search?q=renewwdns1.com+group%3A*abuse*&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.email/msg/83df9a75a123645e

And:
http://groups.google.com/group/news.admin.net-abuse.email/browse_thread/thread/b954923637316fdb/efecf5dda73fe039#efecf5dda73fe039

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/759359adfc45d074

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/49642b0bd30a4c3a

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/beeafb7813256b0f

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/

0 new messages