Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [drugs - Canadian Pharmacy] [77.66.142.248] (roundpast.com / xinnet.cn / xinnetdns.com) February 75% OFF

0 views
Skip to first unread message

TomezNet

unread,
Feb 18, 2008, 12:31:01 PM2/18/08
to
Received From:
IP 77.66.142.248 (ce3-ats32.aaanet.ru)
(at CTS/ICOMM Node)

Spamvert:
www.roundpast.com IP 79.135.165.6
(SBL61248 - ROK4932 / SBL61418, SBL61896, SBL62483) (at
sistemnet.com.tr / sistemnettelekom.com.tr / AbdAllah / ttnet.net.tr)

Title: Canadian Pharmacy

WEB:
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&

See sender identity and headers forgery by spammer.

Plenty of Forged Certificates and logos as always.

More info below:
==================X-SID-PRA: [MUNGED]
X-Message-Info: 6sSXyD95QpXqpMW/oc4I
+29u5PapHVk0wZ00diM3yrMajevwS4uoSJbEILrPUkCeyMSYiTnuT2gQE0pGRyOTGw=Received: from tomts48-srv.bellnexxia.net ([209.226.175.192]) by bay0-
pamc1-f4.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 17 Feb 2008 10:22:18 -0800
Received: from [MUNGED]
by toip24.srvr.bell.ca with ESMTP; 17 Feb 2008 13:22:05 -0500
Received: (qmail 17523 invoked by uid 110); 17 Feb 2008 13:22:05 -0500
Delivered-To: [MUNGED]
Received: (qmail 16343 invoked from network); 17 Feb 2008 13:22:04
-0500
Received: from unknown (HELO ce3-ats32.aaanet.ru) (77.66.142.248)
by [MUNGED] with SMTP; 17 Feb 2008 13:22:04 -0500
X-Mailer: CME-V6.5.4.3; MSN
Return-Path: communication...@cimail15.msn.com
Received: (qmail 12502 by uid 763); Fri, 11 Jan 2008 09:22:11 +0300
Message-Id: <2008011112221...@ce3-ats32.aaanet.ru>
To: <[MUNGED]>
Subject: February 75% OFF
From: <[MUNGED]>
MIME-Version: 1.0
Content-Type: text/html; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Date: Sun, 17 Feb 2008 13:22:18 -0500
X-OriginalArrivalTime: 17 Feb 2008 18:22:18.0911 (UTC)
FILETIME=[07BDEAF0:01C87192]

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://
www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html dir="ltr">
<head>
<title>Windows Live Hotmail Print Message</title>
</head>
<style>
<img src="http://track.msadcenter.fqf.com/ufbjwqw_ovatpimxtn.gif&o=1"
width=0 height=0>
<table cellpadding=0 cellspacing=0 width=600 align=center>
<tr>
<td><img src="http://track.msadcenter.tkj.com/beccvhz-
ovatpimxtn.gif" border=0></td>
</tr>
<tr>
<td class=EC_container bgcolor="#F2F2F2">
<table cellpadding=0 cellspacing=0 width="100%">
<tr>
<td> <div align=center>
<meta http-equiv=Content-Type content="text/html; charset=unicode">
<meta name=Generator content="Microsoft SafeHTML">

<title>Untitled Document</title>

<center>

<a href="http://track.msadcenter.woj.com/wwfdtge_ovatpimxtn.html"
target="_blank">Click here to get enrolled for your oagc !</a><br><br>
<img src="http://track.msadcenter.lvp.com/qlooaza-ovatpimxtn.gif"
border=0 usemap="#Map">

<map name=Map id=Map>
<area shape=rect coords="282,157,497,265" href="http://
track.msadcenter.yrd.com/bzreick_ovatpimxtn.html" target="_blank">
<area shape=rect coords="282,264,498,374" href="http://
track.msadcenter.klk.com/eubwmrr_ovatpimxtn.html" target="_blank">
</map>
<br><a href="http://track.msadcenter.edw.com/tevkzuk_ovatpimxtn.html"
target="_blank">Click here to get enrolled for your jrzy !</a>
</center>
</style>
<center>
<a href="http://www.roundpast.com"><img src="http://www.roundpast.com/
1.gif">
<style>
</div>
</td>
</tr>
<tr>
<td class=EC_legal>
<strong>About this mailing: </strong><br>
You are receiving this e-mail because you subscribed to MSN Featured
Offers. Microsoft respects your privacy. If you do not wish to receive
this MSN Featured Offers e-mail, please click the "Unsubscribe" link
below. This will not unsubscribe you from e-mail communications from
third-party advertisers that may appear in MSN Feature Offers. This
shall not constitute an offer by MSN. MSN shall not be responsible or
liable for the advertisers' content nor any of the goods or service
advertised. Prices and item availability subject to change without
notice.<br><br>

©2008 Microsoft | <a href="http://track.msadcenter.qdn.com/
tevkzuc_ovatpimxtn.html" target="_blank">Unsubscribe</a> | <a
href="http://track.msadcenter.nke.com/nodznrp_ovatpimxtn.html"
target="_blank">More Newsletters</a> | <a href="http://
track.msadcenter.wof.com/bzreicr_ovatpimxtn.html"
target="_blank">Privacy</a><br><br>
Corporation, One Microsoft Way, Redmond, WA 98052
</td>
</tr>
</table>
</td>
</tr>
</table>
</div>
</div>
</div>
</body>
</style>

-- END OF SPAM --

More spammer sightings:
http://groups.google.com/groups/search?q=%22September+70%25%22+group%3A*abuse&start=0&scoring=d&

SEE sender identity and headers forgery by spammer spoofing our
domain.

WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 787-1711, please, keep your order I.D.
every time you make a call.
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

See also Viagra.com Inc sightings:
http://groups.google.com/groups/search?q=%22Viagra.com+Inc%22+group%3A*abuse&start=0&scoring=d&

See:
IP 77.66.142.248 (ce3-ats32.aaanet.ru)

http://moensted.dk/spam/?addr=77.66.142.248

More aaanet.ru sightings:
http://groups.google.com/groups/search?q=aaanet.ru+group%3A*abuse&start=0&scoring=d&

inetnum: 77.66.138.0 - 77.66.143.255
netname: ROSTOV-GSPD-NET
descr: IP address space for Rostov-on-Don Regional Data
exchange Network
country: Russia [RU]
address: Digital Telephone Lines
address: 215/3, Stachky av.,
address: 344091 Rostov-on-Don
e-mail: kuts...@aaanet.ru
e-mail: thu...@aaanet.ru
e-mail: add...@aaanet.ru
e-mail: mi...@aaanet.ru

route: 77.66.128.0/20
descr: RU-CTSRND route
origin: AS6767
mnt-by: AS6767-MNT
changed: m...@aaanet.ru
AS Name: RU-CTSRND-AS Rostov-on-Don CTS/ICOMM Node
http://www.cidr-report.org/cgi-bin/as-report?as=6767

See:
www.roundpast.com IP 79.135.165.6
ns.xinnet.cn IP 210.51.171.209
ns.xinnetdns.com IP 210.51.170.66

www.roundpast.com has no MX records -> roundpast.com has no MX records

http://moensted.dk/spam/?addr=79.135.165.6
http://www.spamhaus.org/query/bl?ip=79.135.165.6

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61248
79.135.165.0/29 is listed on the Spamhaus Block List (SBL/ROKSO)

18-Dec-2007 23:18 GMT | SR20

Leo Kuvayev / BadCow.
Canadian Pharmacy nameservers/web hosts (AbdAllah)
79.135.165.2-79.135.165.6:
on ttnet.net.tr(turktelekom.com.tr),telekom.gov.tr/AbdAllah Internet

Main Info:
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61418
79.135.165.0/24 is listed on the Spamhaus Block List (SBL)

13-Jan-2008 11:05 GMT | SR22

AbdAllah_Internet - Ukrainian cybercrime hosting

One of the world's worst cybercrime, spam, virus, phishing hosting
gang.

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL61896
79.135.165.6/32 is listed on the Spamhaus Block List (SBL)

13-Jan-2008 11:04 GMT | SR22

NS1.HOLDSURFACE.COM / NS1.NSDOM.COM

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL62483
79.135.160.0/20 is listed on the Spamhaus Block List (SBL)

11-Jan-2008 19:34 GMT | SR12

AbdAllah_Internet - Ukrainian cybercrime hosting

22 SBL/ROKSO listings for IPs under the responsibility of
sistemnet.com.tr
http://www.spamhaus.org/sbl/listings.lasso?isp=sistemnet.com.tr

Let see whois.paycenter.com.cn:
Domain Name: roundpast.com

Registrant:
ding dan
xi an
320002

Administrative Contact:
liubing
ding dan
xi an
xi an Beijing 320002
CN
tel: 101 2345678
fax: 101 2345678
cnclinp[]21cn.com

Technical Contact:
liubing
ding dan
xi an
xi an Beijing 320002
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Billing Contact:
liubing
ding dan
xi an
xi an Beijing 320002
CN
tel: 2345678
fax: 2345678
cnc...@21cn.com

Registration Date: 2008-01-16
Update Date: 2008-02-12
Expiration Date: 2009-01-16

Primary DNS: ns.xinnet.cn 210.51.171.209
Secondary DNS: ns.xinnetdns.com 210.51.170.66

More roundpast.com sightings:
http://groups.google.com/groups/search?q=roundpast.com+group%3A*abuse&start=0&scoring=d&

hostnames sharing ip with a-records
*.newmoonpro.com
*.orderself.com
newmoonpro.com
ns1.suffixafter.com
orderself.com
rupbg.newmoonpro.com
www.orderself.com

domains using this as nameserver
receivewill.com

inetnum: 79.135.165.0 - 79.135.166.255
netname: Sistemnet-Telecom-Blackholed-IP
country: TR
person: Selcuk BAYDUT
address: Sistemnet Telecom
address: Buyukdere Rd.
address: Muselles St.
address: Santa Plaza 3th Floor Esentepe
address: Istanbul - Turkey
e-mail: sel...@sistemnet.com.tr
e-mail: clo...@sistemnet.co.uk

route: 79.135.160.0/19
descr: Sistemnet Telecom
origin: AS44097
mnt-by: Sistem-Net-MNT
changed: fi...@sistemnet.com.tr
AS Name: TTNET TTnet Autonomous System
http://www.cidr-report.org/cgi-bin/as-report?as=9121

40 SBL/ROKSO listings for IPs under the responsibility of ttnet.net.tr
http://www.spamhaus.org/sbl/listings.lasso?isp=ttnet.net.tr

More spammer recent sightings:
http://groups.google.com/groups/search?q=February+75%25+OFF+group%3A*abuse&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/browse_thread/thread/11c0a039b80c4e93/2ab369e028bf9080#2ab369e028bf9080

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/7f587d35d2b7fe49

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/4425369cd1f08f74

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/

0 new messages