Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [drugs - Canadian Pharmacy botnet] [83.29.18.182] (topmedsnow.com - fractionthen.com / gggfjdjhgghg.com / sdgyfer8yioi.com / ashjdggfgafdg.com / dsjfhgwyutuyu.com / markuzapilod.com / rubakopesanm.com / bizcn.com) RE: September 70% OFF

0 views
Skip to first unread message

TomezNet

unread,
Sep 19, 2007, 8:30:13 AM9/19/07
to
Received From:
IP 83.29.18.182 boc182.neoplus.adsl.tpnet.pl
(at TPNET / telekomunikacja.pl)

Spamvert botnet:
www.topmedsnow.com => botnet
topmedsnow.com Resolved to IP 123.202.169.72 to 202.132.105.246 to
203.186.31.188 to 218.170.62.204 to 218.190.213.161 to 221.125.110.250
to 221.126.238.42 to 221.127.5.2 to 61.10.122.23 to 61.21.204.28 to
81.200.122.106 to 82.131.19.228 to 82.240.154.185

Spamvert Image Hosting URL:
http://www.fractionthen.com/1.gif

fractionthen.com => botnet

www.fractionthen.com Resolved to IP 123.202.207.45 to 124.102.76.17 to
124.198.25.68 to 193.95.200.94 to 210.96.194.180 to 210.96.207.77 to
221.163.252.222 to 58.89.245.119 to 58.91.160.153 to 59.148.152.126 to
61.10.122.23 to 88.139.186.59 to 91.127.81.109 to 221.126.247.95 to
69.228.150.112 to 82.131.19.228 to 121.137.164.146 to 123.202.186.12
to 202.132.105.246 to
83.135.74.2

Title: Canadian Pharmacy

WEB:
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&

See sender identity and headers forgery by spammer.

Plenty of Forged Certificates and logos as always.

Much More info below:
====================

X-SID-PRA: Viagra.com Inc <[MUNGED]>
X-Message-Info: 6sSXyD95QpXFOJ+llGsU/7Bp+hdXmfoO9q+8MnvVL32vht97/
Z2rPnN/zacFe8T5cFpM0kn3r9VR63hadHWiPA==
Received: from tomts17-srv.bellnexxia.net ([209.226.175.71]) by bay0-
pamc1-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Tue, 18 Sep 2007 14:18:14 -0700
Received: from [MUNGED]
by toip15.srvr.bell.ca with ESMTP; 18 Sep 2007 17:17:57 -0400
Received: (qmail 3449 invoked by uid 110); 18 Sep 2007 14:33:40 -0400
Delivered-To: [MUNGED]
Received: (qmail 3426 invoked from network); 18 Sep 2007 14:33:39
-0400
Received: from boc182.neoplus.adsl.tpnet.pl (83.29.18.182)
by [MUNGED] with SMTP; 18 Sep 2007 14:33:39 -0400
Received: from Sandra Lowery (10.14.11.14) by
boc182.neoplus.adsl.tpnet.pl (PowerMTA(TM) v3.2r4) id hfp03o03d72j71
for <[MUNGED]>; Tue, 18 Sep 2007 08:34:02 +0100
Message-Id: <200709180934...@boc182.neoplus.adsl.tpnet.pl>
To: <[MUNGED]>
Subject: RE: September 70% OFF
From: Viagra.com Inc <[MUNGED]>
MIME-Version: 1.0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
Date: Tue, 18 Sep 2007 17:18:14 -0400
Return-Path: bbrinley[]minimoves.com
X-OriginalArrivalTime: 18 Sep 2007 21:18:14.0765 (UTC)
FILETIME=[6CBB69D0:01C7FA39]

<style>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;
charset=iso-8859-1">
</head>
<body>
<table width="600" border="0" cellpadding="0" cellspacing="0">
<tr>
<td>
<table width="600" border="0" cellpadding="0" cellspacing="0"
background="http://images.ezw.com/images/email/notice2_02.jpg">
<tr>
<td width="600" height="9" colspan="2"><img src="http://
images.zap.com/images/email/notice2_01.jpg" width="600" height="9"
alt=""></td>
</tr>
<tr>
<td width="458" style="font: 12px Verdana; color: #212121; text-
align: left; padding: 10px 20px;">
<span style="font-weight: bold; font-size: 22px; color:
#6387af;">nec <span style="font-size: 14px;">Message from Patrica
Basford</span></span><br/><br/>
Hi Mike,<br/><br/>
You have a irk message from Patrica Basford. You can view the
message at the following location:<br/><br/>
<span style="font-weight: bold; font-size: 14px;"><a href="http://
www.bgb.com/friend/mail/displayInbox.do?loginid=PNMMIYXKATDA25547680&smid=20070831_100_3VBYTTIw3PvBD0SyKHyw-1113102006">View
Message»</a></span><br/><br/>
Thank you for joining us,<br>the <b>mad</b> team
</td>
<td width="142">
<table width="100" border="0" cellpadding="0" cellspacing="0"
align="center">
<tr>
<td align="center">
<a href="http://www.mno.com/friend/mail/displayInbox.do?
loginid=PNMMIYXKATDA25547680&smid=20070831_100_3VBYTTIw3PvBD0SyKHyw-1113102006"><img
src="http://images.scc.com/images/nophoto_girl_100.gif" border="0"></
a>
</td>
</tr>
</table>
</style>
<center>
<a href="http://www.topmedsnow.com"><img src="http://
www.fractionthen.com/1.gif">
<style>
</td>
</tr>
<tr>
<td width="600" height="9" colspan="2"><img src="http://
images.gly.com/images/email/notice2_03.jpg" width="600" height="9"
alt=""></td>
</tr>
</table>
</td>
</tr>
</table>
<table width="600">
<tr>
<td style="text-align: center; font: 10px Verdana; color: #a7a7a7;
padding-left: 10px;">
<span style="color:
#333;">------------------------------------------------------</
span><br/>
Copyright 2002-2006 war Networks, Inc. All rights reserved.<br/>
P.O. Box 31118, San Francisco, CA 94131, USA<br/>
<a href="http://www.itj.com/friend/displayPrivacy.do">Privacy
Policy</a> | <a href="http://www.gas.com/friend/account/
displayEditAcct.do?loginid=PNMMIYXKATDA25547680">Unsubscribe</a> | <a
href="http://www.hka.com/friend/displayTOS.do">Terms of Service</a>
<img src="http://www.rup.com/friend/to.do?
loginid=PNMMIYXKATDA25547680&smid=20070831_100_3VBYTTIw3PvBD0SyKHyw-1113102006"
align="absmiddle" border="0" height="20" width="1">
</td>
</tr>
</table>
</body>
</html>
</style>

-- END OF SPAM --

topmedsnow.com is a replacement for nearlocate.com,
toppillscollect.com and directmedmass.com

fractionthen.com is a replacement for sawread.com,
medicalplacehope.com and onlinepillact.com

WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 787-1711, please, keep your order I.D.
every time you make a call.
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

See also Viagra.com Inc sightings:
http://groups.google.com/groups/search?q=%22Viagra.com+Inc%22+group%3A*abuse&start=0&scoring=d&

See:
IP 83.29.18.182 boc182.neoplus.adsl.tpnet.pl

http://moensted.dk/spam/?addr=83.29.18.182
http://dsbl.org/listing?83.29.18.182
Spam source - http://wpbl.info/record?ip=83.29.18.182
http://www.uceprotect.net/rblcheck.php?ipr=83.29.18.182

Much more tpnet.pl sightings:
http://groups.google.com/groups/search?q=TPNET+group%3A*abuse&start=0&scoring=d&

inetnum: 83.29.0.0 - 83.29.255.255
netname: NEOSTRADA-ADSL
descr: Neostrada Plus
descr: Krakow
country: PL
role: TP S.A. Hostmaster
address: TP S.A.
address: ul. Nowogrodzka 47A
address: 00-695 Warszawa
address: Poland
phone: +48 22 6225182
fax-no: +48 22 6225182
remarks: Network problems -> hostm...@telekomunikacja.pl
remarks: DNS problems -> d...@telekomunikacja.pl
remarks: Routing problems -> regi...@tpnet.pl
remarks: Abuse and spam notification ->
ab...@telekomunikacja.pl => what for???
remarks: ab...@tpnet.pl => what for???

route: 83.24.0.0/13
descr: TPNET
origin: AS5617
mnt-by: AS5617-MNT
source: RIPE
changed: pawel.k...@telekomunikacja.pl
AS Name: TPNET Polish Telecom_s commercial IP network
http://www.cidr-report.org/cgi-bin/as-report?as=5617

19 SBL/ROKSO listings for IPs under the responsibility of tpnet.pl
http://www.spamhaus.org/sbl/listings.lasso?isp=tpnet.pl

Spamver URL:
http://www.nearlocate.com/

See:
www.topmedsnow.com => botnet
topmedsnow.com Resolved to IP 123.202.169.72 to 202.132.105.246 to
203.186.31.188 to 218.170.62.204 to 218.190.213.161 to 221.125.110.250
to 221.126.238.42 to 221.127.5.2 to 61.10.122.23 to 61.21.204.28 to
81.200.122.106 to 82.131.19.228 to 82.240.154.185

ns0.dsjfhgwyutuyu.com [125.231.229.26] [TTL=172800] [TW]
ns0.gggfjdjhgghg.com [124.102.76.17] [TTL=172800] [JP]

NS records at nameservers are:
ns0.gggfjdjhgghg.com [221.127.172.67] [TTL=300]
ns0.sdgyfer8yioi.com [89.178.60.48] [TTL=300]
ns0.ashjdggfgafdg.com [221.124.196.204] [TTL=300]
ns0.dsjfhgwyutuyu.com [210.96.194.180] [TTL=300]

SOA record [TTL=300] is:
Primary nameserver: ns0.sdgyfer8yioi.com
Hostmaster E-mail address:
Serial #: 0

www.topmedsnow.com A records are:

www.topmedsnow.com A 123.202.169.72 [TTL=300] [HK]
www.topmedsnow.com A 202.132.105.246 [TTL=300] [TW]
www.topmedsnow.com A 203.186.31.188 [TTL=300] [HK]
www.topmedsnow.com A 218.170.62.204 [TTL=300] [TW]
www.topmedsnow.com A 218.190.213.161 [TTL=300] [HK]
www.topmedsnow.com A 221.125.110.250 [TTL=300] [HK]
www.topmedsnow.com A 221.126.238.42 [TTL=300] [HK]
www.topmedsnow.com A 221.127.5.2 [TTL=300] [HK]
www.topmedsnow.com A 61.10.122.23 [TTL=300] [HK]
www.topmedsnow.com A 61.21.204.28 [TTL=300] [JP]
www.topmedsnow.com A 81.200.122.106 [TTL=300] [RU]
www.topmedsnow.com A 82.131.19.228 [TTL=300] [EE]
www.topmedsnow.com A 82.240.154.185 [TTL=300] [FR]

SEE ALSO IP rDNS:
123.202.169.72 = 123202169072.ctinets.com
202.132.105.246 => at ttn.com.tw / TAIWAN
203.186.31.188 = 203186031188.ctinets.com
218.170.62.204 = 218-170-62-204.dynamic.hinet.net
218.190.213.161 => Hutchison / hgc.com.hk
221.125.110.250 => Hutchison / hgc.com.hk
221.126.238.42 => Hutchison / hgc.com.hk
221.127.5.2 => Hutchison / hgc.com.hk
61.10.122.23 = cm61-10-122-23.hkcable.com.hk
61.21.204.28 = 61-21-204-28.rev.home.ne.jp
81.200.122.106 = host-81-200-122-106.starnet.ru
82.131.19.228 = ip228.cab19.mus.starman.ee
82.240.154.185 = lau06-3-82-240-154-185.fbx.proxad.net

NS:
125.231.229.26 = 125-231-229-26.dynamic.hinet.net
124.102.76.17 = p1017-ipbf1610marunouchi.tokyo.ocn.ne.jp
221.127.172.67 => Hutchison / hgc.com.hk
89.178.60.48 = 89-178-60-48.broadband.corbina.ru
221.124.196.204 => Hutchison / hgc.com.hk
210.96.194.180 => AT bora.net / KOREA

Let see whois.bizcn.com:
Domain name: topmedsnow.com

Registrant Contact:
Valuable Pharm inc.
Douglas C. Shimer valuable[]88.com
17144321902 fax:
3194 Cape Verde Place
Costa Mesa CA 92626
us

Administrative Contact:
Douglas C. Shimer valu...@88.com
17144321902 fax:
3194 Cape Verde Place
Costa Mesa CA 92626
us

Technical Contact:
Douglas C. Shimer valu...@88.com
17144321902 fax:
3194 Cape Verde Place
Costa Mesa CA 92626
us

Billing Contact:
Douglas C. Shimer valu...@88.com
17144321902 fax:
3194 Cape Verde Place
Costa Mesa CA 92626
us

DNS:
ns0.gggfjdjhgghg.com
ns0.dsjfhgwyutuyu.com

Created: 2007-06-05
Expires: 2008-06-05

More topmedsnow.com sightings:
http://groups.google.com/groups/search?q=topmedsnow.com+group%3A*abuse&qt_s=Search

Also much more bizcn.com spam support sightings:
http://groups.google.com/groups/search?q=bizcn.com+group%3A*abuse&start=0&scoring=d&

See Image hosting URL:
http://www.sawread.com/1.gif

See:
www.fractionthen.com => botnet

www.fractionthen.com Resolved to IP 123.202.207.45 to 124.102.76.17 to
124.198.25.68 to 193.95.200.94 to 210.96.194.180 to 210.96.207.77 to
221.163.252.222 to 58.89.245.119 to 58.91.160.153 to 59.148.152.126 to
61.10.122.23 to 88.139.186.59 to 91.127.81.109 to 221.126.247.95 to
69.228.150.112 to 82.131.19.228 to 121.137.164.146 to 123.202.186.12
to 202.132.105.246 to
83.135.74.2

ns0.markuzapilod.com [84.160.206.85] [TTL=172800] [DE]
ns0.rubakopesanm.com [59.148.152.126] [TTL=172800] [HK]

NS records at nameservers are:
fractionthen.com. [221.126.247.95] [221.163.252.222] [58.89.245.119]
[58.91.160.153] [59.148.152.126] [61.10.122.23] [69.228.150.112]
[82.131.19.228] [121.137.164.146] [123.202.186.12] [123.202.207.45]
[124.102.76.17] [202.132.105.246] [210.96.194.180] [210.96.207.77]
[TTL=300]
fractionthen.com. [221.126.247.95] [221.163.252.222] [58.89.245.119]
[58.91.160.153] [59.148.152.126] [61.10.122.23] [69.228.150.112]
[82.131.19.228] [121.137.164.146] [123.202.186.12] [123.202.207.45]
[124.102.76.17] [202.132.105.246] [210.96.194.180] [210.96.207.77]
[TTL=300]
fractionthen.com. [221.126.247.95] [221.163.252.222] [58.89.245.119]
[58.91.160.153] [59.148.152.126] [61.10.122.23] [69.228.150.112]
[82.131.19.228] [121.137.164.146] [123.202.186.12] [123.202.207.45]
[124.102.76.17] [202.132.105.246] [210.96.194.180] [210.96.207.77]
[TTL=300]
fractionthen.com. [221.126.247.95] [221.163.252.222] [58.89.245.119]
[58.91.160.153] [59.148.152.126] [61.10.122.23] [69.228.150.112]
[82.131.19.228] [121.137.164.146] [123.202.186.12] [123.202.207.45]
[124.102.76.17] [202.132.105.246] [210.96.194.180] [210.96.207.77]
[TTL=300]
fractionthen.com. [221.126.247.95] [221.163.252.222] [58.89.245.119]
[58.91.160.153] [59.148.152.126] [61.10.122.23] [69.228.150.112]
[82.131.19.228] [121.137.164.146] [123.202.186.12] [123.202.207.45]
[124.102.76.17] [202.132.105.246] [210.96.194.180] [210.96.207.77]
[TTL=300]
fractionthen.com. [221.126.247.95] [221.163.252.222] [58.89.245.119]
[58.91.160.153] [59.148.152.126] [61.10.122.23] [69.228.150.112]
[82.131.19.228] [121.137.164.146] [123.202.186.12] [123.202.207.45]
[124.102.76.17] [202.132.105.246] [210.96.194.180] [210.96.207.77]
[TTL=300]
fractionthen.com. [221.126.247.95] [221.163.252.222] [58.89.245.119]
[58.91.160.153] [59.148.152.126] [61.10.122.23] [69.228.150.112]
[82.131.19.228] [121.137.164.146] [123.202.186.12] [123.202.207.45]
[124.102.76.17] [202.132.105.246] [210.96.194.180] [210.96.207.77]
[TTL=300]

SOA record [TTL=300] is:
Primary nameserver: ns0.rubakopesanm.com
Hostmaster E-mail address:
Serial #: 0

www.fractionthen.com A records are:

www.fractionthen.com A 123.202.207.45 [TTL=300] [HK]
www.fractionthen.com A 124.102.76.17 [TTL=300] [JP]
www.fractionthen.com A 124.198.25.68 [TTL=300] [KR]
www.fractionthen.com A 193.95.200.94 [TTL=300] [SI]
www.fractionthen.com A 210.96.194.180 [TTL=300] [KR]
www.fractionthen.com A 210.96.207.77 [TTL=300] [KR]
www.fractionthen.com A 221.163.252.222 [TTL=300] [KR]
www.fractionthen.com A 58.89.245.119 [TTL=300] [JP]
www.fractionthen.com A 58.91.160.153 [TTL=300] [JP]
www.fractionthen.com A 59.148.152.126 [TTL=300] [HK]
www.fractionthen.com A 61.10.122.23 [TTL=300] [HK]
www.fractionthen.com A 88.139.186.59 [TTL=300] [FR]
www.fractionthen.com A 91.127.81.109 [TTL=300] [SK]

fractionthen.com A records are:

fractionthen.com A 221.126.247.95 [TTL=300]
fractionthen.com A 221.163.252.222 [TTL=300]
fractionthen.com A 58.89.245.119 [TTL=300]
fractionthen.com A 58.91.160.153 [TTL=300]
fractionthen.com A 59.148.152.126 [TTL=300]
fractionthen.com A 61.10.122.23 [TTL=300]
fractionthen.com A 69.228.150.112 [TTL=300]
fractionthen.com A 82.131.19.228 [TTL=300]
fractionthen.com A 121.137.164.146 [TTL=300]
fractionthen.com A 123.202.186.12 [TTL=300]
fractionthen.com A 123.202.207.45 [TTL=300]
fractionthen.com A 124.102.76.17 [TTL=300]
fractionthen.com A 202.132.105.246 [TTL=300]

SEE ALSO:
domains sharing nameservers
shortslow.com
claimcoast.com
drugslovetown.com
electricmay.com
gladfarm.com
rangecarry.com
medsits.com
pills33.com
toppillscollect.com
sawread.com

SEE ALSO IP rDNS:
123.202.207.45 = 123202207045.ctinets.com
124.102.76.17 = p1017-ipbf1610marunouchi.tokyo.ocn.ne.jp
124.198.25.68 => HAIonNet / kornet.net / KOREA
193.95.200.94 = bsn-95-200-94.dial-up.dsl.siol.net
210.96.194.180 => at bora.net / KOREA
210.96.207.77 => at bora.net / KOREA
221.163.252.222 => at kornet.net / KIXS-AS-KR / KOREA
58.89.245.119 = 58-89-245-119.nasicnet.com
58.91.160.153 = p4153-ipad211funabasi.chiba.ocn.ne.jp
59.148.152.126 = 059148152126.ctinets.com
61.10.122.23 = cm61-10-122-23.hkcable.com.hk
88.139.186.59 = 88-139-186-59.adslgp.cegetel.net
91.127.81.109 = adsl-dyn109.91-127-81.t-com.sk
221.126.247.95 => Hutchison / hgc.com.hk
221.163.252.222 => KORNET / KIXS-AS-KR Korea
58.89.245.119 = 58-89-245-119.nasicnet.com
58.91.160.153 = p4153-ipad211funabasi.chiba.ocn.ne.jp
59.148.152.126 = 059148152126.ctinets.com
61.10.122.23 = cm61-10-122-23.hkcable.com.hk
69.228.150.112 = adsl-69-228-150-112.dsl.irvnca.pacbell.net
82.131.19.228 = ip228.cab19.mus.starman.ee
121.137.164.146 => KORNET / KIXS-AS-KR Korea
123.202.186.12 = 123202186012.ctinets.com
123.202.207.45 = 123202207045.ctinets.com
124.102.76.17 = p1017-ipbf1610marunouchi.tokyo.ocn.ne.jp
202.132.105.246 => ttn.com.tw / TAIWAN
83.135.74.2 = i53874A02.versanet.de

Let see whois.bizcn.com:
Domain name: fractionthen.com

Registrant Contact:
globox
David Snyder ceo[]fairover.com
2253361198 fax:
P.O. Box 2906
Baton Rouge LA 70821
us

Administrative Contact:
David Snyder c...@fairover.com
2253361198 fax:
P.O. Box 2906
Baton Rouge LA 70821
us

Technical Contact:
David Snyder c...@fairover.com
2253361198 fax:
P.O. Box 2906
Baton Rouge LA 70821
us

Billing Contact:
David Snyder c...@fairover.com
2253361198 fax:
P.O. Box 2906
Baton Rouge LA 70821
us

DNS:
ns0.rubakopesanm.com
ns0.markuzapilod.com

Created: 2007-07-10
Expires: 2008-07-10

More fractionthen.com sightings:
http://groups.google.com/groups/search?q=fractionthen.com+group%3A*abuse&qt_s=Search

See also Registrant E-mail contact at fairover.com sightings:
http://groups.google.com/groups/search?q=fairover.com+group%3A*abuse&qt_s=Search

See also Registrant E-mail contact at atomplease.com sightings:
http://groups.google.com/groups/search?q=atomplease.com+group%3A*abuse&qt_s=Search

Let see whois.bizcn.com:
Domain name: fairover.com

Registrant Contact:
globox
David Snyder ceo[]fairover.com
2253361198 fax:
P.O. Box 2906
Baton Rouge LA 70821
us

Administrative Contact:
David Snyder c...@fairover.com
2253361198 fax:
P.O. Box 2906
Baton Rouge LA 70821
us

Technical Contact:
David Snyder c...@fairover.com
2253361198 fax:
P.O. Box 2906
Baton Rouge LA 70821
us

Billing Contact:
David Snyder c...@fairover.com
2253361198 fax:
P.O. Box 2906
Baton Rouge LA 70821
us

DNS:
ns0.rumbaponukas.com
ns0.markuzapilod.com

SEE:
ns0.gggfjdjhgghg.com IP 221.127.172.67

no PTR at Hutchison / hgc.com.hk

Let see whois.dns.com.cn:
Domain Name.......... gggfjdjhgghg.com
Creation Date........ 2007-08-27 22:40:48
Registration Date.... 2007-08-27 22:40:48
Expiry Date.......... 2008-08-27 22:40:48
Organisation Name.... he keai
Organisation Address. 18 erxiangjie beijing
Organisation Address.
Organisation Address. bei jing
Organisation Address. 165892
Organisation Address. BJ
Organisation Address. CN

Admin Name........... he keai
Admin Address........ 18 erxiangjie beijing
Admin Address........
Admin Address........ bei jing
Admin Address........ 165892
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... hek...@163.com
Admin Phone.......... +86.1062512874
Admin Fax............ +86.1062589125

Tech Name............ he sir
Tech Address......... shennanzhong rd
Tech Address.........
Tech Address......... Shenzhen
Tech Address......... 518031
Tech Address......... GD
Tech Address......... CN
Tech Email........... admins...@126.com
Tech Phone........... +86.75583233325
Tech Fax............. +86.75583233325

Bill Name............ he sir
Bill Address......... shennanzhong rd
Bill Address.........
Bill Address......... Shenzhen
Bill Address......... 518031
Bill Address......... GD
Bill Address......... CN
Bill Email........... admins...@126.com
Bill Phone........... +86.75583233325
Bill Fax............. +86.75583233325
Name Server.......... ns2.dns.com.cn
Name Server.......... ns1.dns.com.cn

More gggfjdjhgghg.com sightings:
http://groups.google.com/groups/search?q=gggfjdjhgghg.com+group%3A*abuse&qt_s=Search

See:
ns0.sdgyfer8yioi.com IP 89.178.60.48

89.178.60.48 = 89-178-60-48.broadband.corbina.ru

Let see whois.dns.com.cn:
Domain Name.......... sdgyfer8yioi.com
Creation Date........ 2007-08-27 22:40:41
Registration Date.... 2007-08-27 22:40:41
Expiry Date.......... 2008-08-27 22:40:41
Organisation Name.... he keai
Organisation Address. 18 erxiangjie beijing
Organisation Address.
Organisation Address. bei jing
Organisation Address. 165892
Organisation Address. BJ
Organisation Address. CN

Admin Name........... he keai
Admin Address........ 18 erxiangjie beijing
Admin Address........
Admin Address........ bei jing
Admin Address........ 165892
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... hek...@163.com
Admin Phone.......... +86.1062512874
Admin Fax............ +86.1062589125

Tech Name............ he sir
Tech Address......... shennanzhong rd
Tech Address.........
Tech Address......... Shenzhen
Tech Address......... 518031
Tech Address......... GD
Tech Address......... CN
Tech Email........... admins...@126.com
Tech Phone........... +86.75583233325
Tech Fax............. +86.75583233325

Bill Name............ he sir
Bill Address......... shennanzhong rd
Bill Address.........
Bill Address......... Shenzhen
Bill Address......... 518031
Bill Address......... GD
Bill Address......... CN
Bill Email........... admins...@126.com
Bill Phone........... +86.75583233325
Bill Fax............. +86.75583233325
Name Server.......... ns2.dns.com.cn
Name Server.......... ns1.dns.com.cn

More sdgyfer8yioi.com sightings:
http://groups.google.com/groups/search?q=sdgyfer8yioi.com+group%3A*abuse&start=0&scoring=d&

See:
ns0.ashjdggfgafdg.com IP 221.124.196.204

221.124.196.204 => Hutchison / hgc.com.hk

Let see whois.dns.com.cn:
Domain Name.......... ashjdggfgafdg.com
Creation Date........ 2007-08-27 22:41:01
Registration Date.... 2007-08-27 22:41:01
Expiry Date.......... 2008-08-27 22:41:01
Organisation Name.... he keai
Organisation Address. 18 erxiangjie beijing
Organisation Address.
Organisation Address. bei jing
Organisation Address. 165892
Organisation Address. BJ
Organisation Address. CN

Admin Name........... he keai
Admin Address........ 18 erxiangjie beijing
Admin Address........
Admin Address........ bei jing
Admin Address........ 165892
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... hek...@163.com
Admin Phone.......... +86.1062512874
Admin Fax............ +86.1062589125

Tech Name............ he sir
Tech Address......... shennanzhong rd
Tech Address.........
Tech Address......... Shenzhen
Tech Address......... 518031
Tech Address......... GD
Tech Address......... CN
Tech Email........... admins...@126.com
Tech Phone........... +86.75583233325
Tech Fax............. +86.75583233325

Bill Name............ he sir
Bill Address......... shennanzhong rd
Bill Address.........
Bill Address......... Shenzhen
Bill Address......... 518031
Bill Address......... GD
Bill Address......... CN
Bill Email........... admins...@126.com
Bill Phone........... +86.75583233325
Bill Fax............. +86.75583233325
Name Server.......... ns2.dns.com.cn
Name Server.......... ns1.dns.com.cn

More ashjdggfgafdg.com sightings:
http://groups.google.com/groups/search?q=ashjdggfgafdg.com+group%3A*abuse&qt_s=Search

See:
ns0.dsjfhgwyutuyu.com IP 210.96.194.180

210.96.194.180 => AT bora.net / KOREA

Let see whois.dns.com.cn:
Domain Name.......... dsjfhgwyutuyu.com
Creation Date........ 2007-08-27 22:40:54
Registration Date.... 2007-08-27 22:40:54
Expiry Date.......... 2008-08-27 22:40:54
Organisation Name.... he keai
Organisation Address. 18 erxiangjie beijing
Organisation Address.
Organisation Address. bei jing
Organisation Address. 165892
Organisation Address. BJ
Organisation Address. CN

Admin Name........... he keai
Admin Address........ 18 erxiangjie beijing
Admin Address........
Admin Address........ bei jing
Admin Address........ 165892
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... hek...@163.com
Admin Phone.......... +86.1062512874
Admin Fax............ +86.1062589125

Tech Name............ he sir
Tech Address......... shennanzhong rd
Tech Address.........
Tech Address......... Shenzhen
Tech Address......... 518031
Tech Address......... GD
Tech Address......... CN
Tech Email........... admins...@126.com
Tech Phone........... +86.75583233325
Tech Fax............. +86.75583233325

Bill Name............ he sir
Bill Address......... shennanzhong rd
Bill Address.........
Bill Address......... Shenzhen
Bill Address......... 518031
Bill Address......... GD
Bill Address......... CN
Bill Email........... admins...@126.com
Bill Phone........... +86.75583233325
Bill Fax............. +86.75583233325
Name Server.......... ns2.dns.com.cn
Name Server.......... ns1.dns.com.cn

More dsjfhgwyutuyu.com sightings:
http://groups.google.com/groups/search?q=dsjfhgwyutuyu.com+group%3A*abuse&qt_s=Search

See:
ns0.markuzapilod.com IP 84.160.206.85

84.160.206.85 = p54A0CE55.dip.t-dialin.net

Let see whois.paycenter.com.cn:
Domain Name:markuzapilod.com


Registrant:
Wang Ming
Shang Hai
610021

Administrative Contact:
Wang Ming
Wang Ming
Shang Hai
Shang Hai Shanghai 610021
China
tel: 86 021 59986552
fax: 86 021 59986552
df...@hotmail.com

Technical Contact:
Wang Ming
Wang Ming
Shang Hai
Shang Hai Shanghai 610021
China
tel: 86 021 59986552
fax: 86 021 59986552
df...@hotmail.com

Billing Contact:
Wang Ming
Wang Ming
Shang Hai
Shang Hai Shanghai 610021
China
tel: 86 021 59986552
fax: 86 021 59986552
df...@hotmail.com

Registration Date: 2007-06-04
Update Date: 2007-06-04
Expiration Date: 2008-06-04

Primary DNS: ns0.markuzapilod.com 218.252.159.181
Secondary DNS: ns1.markuzapilod.com 77.41.82.63

More markuzapilod.com sightings:
http://groups.google.com/groups/search?q=markuzapilod.com+group%3A*abuse&start=0&scoring=d&

See:
ns0.rubakopesanm.com IP 59.148.152.126

59.148.152.126 = 059148152126.ctinets.com

Let see whois.paycenter.com.cn:
Domain Name:rubakopesanm.com


Registrant:
Wang Ming
Shang Hai
610021

Administrative Contact:
Wang Ming
Wang Ming
Shang Hai
Shang Hai Shanghai 610021
China
tel: 86 021 59986552
fax: 86 021 59986552
df...@hotmail.com

Technical Contact:
Wang Ming
Wang Ming
Shang Hai
Shang Hai Shanghai 610021
China
tel: 86 021 59986552
fax: 86 021 59986552
df...@hotmail.com

Billing Contact:
Wang Ming
Wang Ming
Shang Hai
Shang Hai Shanghai 610021
China
tel: 86 021 59986552
fax: 86 021 59986552
df...@hotmail.com

Registration Date: 2007-06-04
Update Date: 2007-06-04
Expiration Date: 2008-06-04

Primary DNS: ns0.rubakopesanm.com 59.148.152.126
Secondary DNS: ns1.rubakopesanm.com 220.105.162.105

More rubakopesanm.com sightings:
http://groups.google.com/groups/search?q=rubakopesanm.com+group%3A*abuse&start=0&scoring=d&

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/ae0a8cc1a8b9e918

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/6cd26c793e4a5c23

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/304b0dc256d9e615

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/17cd1878f9bd53ba

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/1db3147bc2411d77

Cheers, Tomez


--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages