Spamvert:
niiq.hk IP 219.158.69.114
(SBL51496 - ROK3095) (at cncgroup-cn)
NEW Yambo Pharmacy domain image hosting on Yahoo:
http://misopril.net/p/images/bbb02.gif
Resolved misopril.net to 68.142.212.117 to 68.142.212.118 to
68.142.212.119 to 68.142.212.139 to 68.142.212.140 to 68.142.212.141
More Yambo MyCanadianPharmacy aka MyCanadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22MyCanadianPharmacy%22+group%3A*abuse&start=0&scoring=d&
Plenty of Forged Certificates and logos as always.
More info below:
====================
X-SID-PRA: Greg Simons <dwperth...@perthcomedy.com>
X-Message-Info: txF49lGdW43Wz7Dpnq8XSp440Bm6uRZo+trxnjvvMvM=
Received: from tomts21-srv.bellnexxia.net ([209.226.175.183]) by bay0-
pamc1-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 25 Feb 2007 08:54:00 -0800
Received: from [MUNGED]
by toip23.srvr.bell.ca with ESMTP; 25 Feb 2007 11:53:46 -0500
Received: (qmail 11981 invoked by uid 110); 25 Feb 2007 11:53:46 -0500
Delivered-To: 17-[MUNGED]
Received: (qmail 11965 invoked from network); 25 Feb 2007 11:53:45
-0500
Received: from unknown (HELO reb.hsd1.ga.comcast.net.) (76.97.4.205)
by [MUNGED] with SMTP; 25 Feb 2007 11:53:45 -0500
Return-Path: <dwperth...@perthcomedy.com>
Received: from 202.174.100.170 (HELO perthcomedy.com)
by [MUNGED] with esmtp (C6+D/;6-;2/5 'Z@L)
id JF8V7,-Y1H2A,-AN
for [MUNGED]; Mon, 19 Feb 2007 23:30:59 +0300
From: "Greg Simons" <dwperth...@perthcomedy.com>
To: <[MUNGED]>
Subject: fwd:Forget about fake medicines!
Date: Mon, 19 Feb 2007 23:30:59 +0300
Message-ID: <01c7547e$02eb8370$6c822ecf@dwperthcomedym>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0006_01C75454.1A157B70"
X-Mailer: Microsoft Office Outlook, Build 11.0.6353
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4963.1700
Thread-Index: Aca6Q>+:0;J-)+>O',0>7//V)()O92==
X-OriginalArrivalTime: 25 Feb 2007 16:54:00.0558 (UTC)
FILETIME=[8C34A8E0:01C758FD]
This is a multi-part message in MIME format.
------=_NextPart_000_0006_01C75454.1A157B70
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Dear,Still buying your medications in the USA? Take advantage of our
low prices and save on your medications! Buy your drugs in Canada!
Customer service people there are always friendly and helpful. Real
professionals, I must admit. You don't have to worry, every piece of
information you leave them will remain strictly confidential. Make
order and your medications will arrive quickly and safely. http://niiq.hkWith
us you will always get what you paid for.Best regards,Greg Simons
------=_NextPart_000_0006_01C75454.1A157B70
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office"
xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word" xmlns=3D"http://www.w3.org/TR/REC-
html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
charset=3Diso-8859-1">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered
medium)">
</head>
<body>
<html>
<body bgcolor=3D"#FFFFFF" link=3D"#6F7AC8">
<p><font face=3D"Verdana" size=3D"2" color=3D"#000000"><b>Dear</b>,</
font><=
/p>
<p><font face=3D"Verdana" size=3D"2">Still buying your medications in
the U=
SA? Take advantage of our low prices and save on your medications! <a
href=
=3D"http://niiq.hk">Buy your drugs in Canada</a>!</font></p>
<p><font face=3D"Verdana" size=3D"2">Customer service people there are
alwa=
ys friendly and helpful. Real professionals, I must admit. You don't
have t=
o worry, every piece of information you leave them will remain
strictly con=
fidential. </font></p>
<p><font face=3D"Verdana" size=3D"2"><a href=3D"http://
niiq.hk"><b>Make ord=
er and your medications will arrive quickly and safely.</b></a><br>
<b>http=
://niiq.hk</b></font></p>
<p><font face=3D"Verdana" size=3D"2">With us you will always get what
you p=
aid for.</font></p>
<p><font face=3D"Verdana" size=3D"2">Best regards,<br>Greg Simons</
font></p=
>
</body>
</html>
</body>
</html>
------=_NextPart_000_0006_01C75454.1A157B70--
-- END OF SPAM --
See:
IP 76.97.4.205
http://www.moensted.dk/spam/?addr=76.97.4.205
http://www.spamhaus.org/query/bl?ip=76.97.4.205
http://www.spamhaus.org/pbl/query/PBL114763
OrgName: Comcast Cable Communications, Inc.
OrgID: CMCS
NetRange: 76.96.0.0 - 76.111.255.255
CIDR: 76.96.0.0/12
NetName: JUMPSTART-5
NetHandle: NET-76-96-0-0-1
Parent: NET-76-0-0-0-0
NetType: Direct Allocation
NameServer: DNS.INFLOW.PA.BO.COMCAST.NET
NameServer: DNS.CMC.CO.DENVER.COMCAST.NET
route: 76.97.0.0/16
descr: Comcast Cable Communications, Inc.
1800 Bishops Gate Blvd
Mt Laurel, NJ 08054
origin: AS7725
mnt-by: MNT-CMCS
changed: tony_...@nospam.cable.comcast.net
Prefix: 76.97.0.0/16
Prefix Name: error
AS: 7725
AS Name: MEDIA1-CAB MediaOne
http://www.cidr-report.org/cgi-bin/as-report?as=7725
22 SBL/ROKSO listings for IPs under the responsibility of comcast.net
http://www.spamhaus.org/sbl/listings.lasso?isp=comcast.net
See:
niiq.hk IP 219.158.69.114
NS2.TRANSITSTARS.COM [64.94.117.200 (NO GLUE)] [*A]
NS1.OURBOYCOT.COM [63.223.11.14 (NO GLUE)] [*A]
NS1.PERCEIVABLENUT.COM [63.223.11.14 (NO GLUE)] [*A]
NS2.GRISAILLESAG.COM [210.34.0.101 (NO GLUE)] [*P]
niiq.hk has no MX records
http://www.moensted.dk/spam/?addr=219.158.69.114
http://www.spamhaus.org/query/bl?ip=219.158.69.114
inetnum: 219.158.0.0 - 219.158.255.255
netname: CNCGROUP
country: CN
descr: CNC group
role: CNCGroup Hostmaster
e-mail: ab...@cnc-noc.net => ???
whois, bogusmx, postmaster and abuse[]cnc-noc.net are listed in rfc-
ignorant.org database
Prefix: 219.158.69.0/24
ASN: 4837
ASN Name: China Network Communications Group China Network
Communications (CNC Group)
Country (per IP registrar): *P [[APNIC Unlisted]]
Country IP Range: 219.0.0.0 to 219.255.255.255
http://www.cidr-report.org/cgi-bin/as-report?as=4837
Aliases:
eum.suprapturousz.com
ns1.suprapturousz.com
ns2.suprapturousz.com
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL51496
219.158.69.114/32 is listed on the Spamhaus Block List (SBL/ROKSO)
20-Feb-2007 16:21 GMT | SR22
Yambo Financials
Spam webhosting - miqa.hk
1 SBL/ROKSO listings for IPs under the responsibility of cncgroup-cn
http://www.spamhaus.org/sbl/listings.lasso?isp=cncgroup-cn
Let see whois:
Domain Name: NIIQ.HK
Contract Version: HKDNR latest version
Registrant Contact Information:
Holder English Name (It should be the same as your legal name on your
HKID card or other relevant documents): MIKOQ LOP
Holder Chinese Name:
Email: lancaste...@gmail.com
Domain Name Commencement Date: 2007-02-10
Country: US
Expiry Date: 2008-02-10
Re-registration Status: Complete
Name of Registrar: HKDNR
Account Name: HK1813750T
Technical Contact:
First name: JOHN
Last name: SMITH
Company Name: MIKOQ LOP
Name Servers Information:
NS1.PERCEIVABLENUT.COM
NS2.TRANSITSTARS.COM
NS1.OURBOYCOT.COM
NS2.GRISAILLESAG.COM
More niiq.hk sightings:
http://groups.google.com/groups/search?q=niiq.hk+group%3A*abuse
SEE Yambo Pharmacy domain image hosting on Yahoo:
Resolved misopril.net to 68.142.212.117 to 68.142.212.118 to
68.142.212.119 to 68.142.212.139 to 68.142.212.140 to 68.142.212.141
yns1.yahoo.com [66.218.71.205] [TTL=172800] [*A]
yns2.yahoo.com [216.109.116.20] [TTL=172800] [*A]
NS records at nameservers are:
yns2.yahoo.com [216.109.116.20] [TTL=86400]
ns8.san.yahoo.com [66.218.71.205] [TTL=86400]
ns9.san.yahoo.com [216.109.116.20] [TTL=86400]
yns1.yahoo.com [66.218.71.205] [TTL=86400]
SOA record [TTL=600] is:
Primary nameserver: hidden-master.yahoo.com
Hostmaster E-mail address: geo-support.yahoo-inc.com
www.misopril.net A record is:
www.misopril.net CNAME premium10.geo.yahoo8.akadns.net [TTL=600]
misopril.net A 68.142.212.137 [TTL=600]
misopril.net A 68.142.212.138 [TTL=600]
misopril.net A 68.142.212.139 [TTL=600]
misopril.net A 68.142.212.140 [TTL=600]
misopril.net A 68.142.212.141 [TTL=600]
misopril.net A 68.142.212.117 [TTL=600]
Let see whois:
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Domain Name.......... misopril.net
Creation Date........ 2007-01-31
Registration Date.... 2007-01-31
Expiry Date.......... 2008-01-31
Organisation Name.... John Haas
Organisation Address. 8015 Studley Rd.
Organisation Email... seppress87[]yahoo.com
Organisation Address. Mechanicsville
Organisation Address. 23116
Organisation Address. VA
Organisation Address. UNITED STATES
Admin Name........... John Haas
Admin Address........ 8015 Studley Rd.
Admin Address........
Admin Address........ Mechanicsville
Admin Address........ 23116
Admin Address........ VA
Admin Address........ UNITED STATES
Admin Email.......... seppr...@yahoo.com
Admin Phone.......... +1.8047308375
Admin Fax............
Tech Name............ YahooDomains TechContact
Tech Address......... 701 First Ave.
Tech Address.........
Tech Address......... Sunnyvale
Tech Address......... 94089
Tech Address......... CA
Tech Address......... UNITED STATES
Tech Email........... domai...@YAHOO-INC.COM
Tech Phone........... +1.6198813096
Tech Fax.............
Name Server.......... yns1.yahoo.com
Name Server.......... yns2.yahoo.com
See:
NS2.TRANSITSTARS.COM IP 64.94.117.200
NS2.TRANSITSTARS.COM has no MX records -> TRANSITSTARS.COM has no MX
records
http://www.moensted.dk/spam/?addr=64.94.117.200
No PTR records exist for 64.94.117.200
ns2.sef.pnap.net / ns2.pnap.net / internap.com
More 64.94.117.200 sightings:
http://groups.google.com/groups/search?q=64.94.117.200+group%3A*abuse&start=0&scoring=d&
No PTR records exist for 64.94.117.200
at ns1.sef.pnap.net / ns2.pnap.net / internap.com
Internap Network Services PNAP-05-2000 (NET-64-94-0-0-1)
64.94.0.0 - 64.95.255.255
DOTSTER INC INAP-SEF-DOTSTER-7067 (NET-64-94-117-192-1)
64.94.117.192 - 64.94.117.223
OrgName: DOTSTER INC
OrgID: DOTST-1
NetRange: 64.94.117.192 - 64.94.117.223
CIDR: 64.94.117.192/27
NetName: INAP-SEF-DOTSTER-7067
NetHandle: NET-64-94-117-192-1
Parent: NET-64-94-0-0-1
NetType: Reassigned
route: 64.94.112.0/20
descr: PNAP-SEF
SEF PNAP
origin: AS14744
mnt-by: INAP-MAINT-RADB
changed: dun...@internap.com
ASN: 14744
ASN Name: INTERNAP-BLOCK-4
Country (per IP registrar): US [United States]
Country IP Range: 64.94.0.0 to 64.95.255.255
http://www.cidr-report.org/cgi-bin/as-report?as=14744
1 SBL/ROKSO listings for IPs under the responsibility of dotster.com
http://www.spamhaus.org/sbl/listings.lasso?isp=dotster.com
20 SBL/ROKSO listings for IPs under the responsibility of internap.com
http://www.spamhaus.org/sbl/listings.lasso?isp=internap.com
More transitstars.com sightings:
http://groups.google.com/groups/search?q=TRANSITSTARS.COM+group%3A*abuse&start=0&scoring=d&
See:
NS1.OURBOYCOT.COM IP 63.223.11.14
NS1.OURBOYCOT.COM has no MX records -> [OURBOYCOT.COM has 1 MX record
mail.OURBOYCOT.COM (10)]
http://www.moensted.dk/spam/?addr=63.223.11.14
http://www.spamhaus.org/query/bl?ip=63.223.11.14
http://www.apews.org/?page=test&C=104&E=102293&ip=63.223.11.14
No PTR records exist for 63.223.11.14
at ns3.wvfiber.net / ns.cais.com / pccwglobal.com
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL49084
63.223.11.14/32 is listed on the Spamhaus Block List (SBL/ROKSO)
02-Feb-2007 00:49 GMT | SR21
Yambo Financials
Spam DNS Server
13 SBL/ROKSO listings for IPs under the responsibility of
pccwglobal.com
http://www.spamhaus.org/sbl/listings.lasso?isp=pccwglobal.com
More ourboycot.com sightings:
http://groups.google.com/groups/search?q=OURBOYCOT.COM+group%3A*abuse&start=0&scoring=d
See:
NS1.PERCEIVABLENUT.COM IP 63.223.11.14
NS1.PERCEIVABLENUT.COM has no MX records -> [PERCEIVABLENUT.COM has 1
MX record mail.PERCEIVABLENUT.COM (10)]
http://www.moensted.dk/spam/?addr=63.223.11.14
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL49084
No PTR records exist for 63.223.11.14
at ns1.wvfiber.net / ns.cais.com / pccwglobal.com
More perceivablenut.com sightings:
http://groups.google.com/groups/search?q=PERCEIVABLENUT.COM+group%3A*abuse&start=0&scoring=d&
See:
NS2.GRISAILLESAG.COM IP 210.34.0.101 (OLD IP 199.243.242.9)
NS2.GRISAILLESAG.COM has no MX records -> [GRISAILLESAG.COM has 1 MX
record mail.GRISAILLESAG.COM (10)]
http://www.moensted.dk/spam/?addr=210.34.0.101
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL48902
210.34.0.101/32 is listed on the Spamhaus Block List (SBL/ROKSO)
10-Dec-2006 15:44 GMT | SR20
Yambo Financials.
Yambo nameserver (compromised system)
4 SBL/ROKSO listings for IPs under the responsibility of net.edu.cn
http://www.spamhaus.org/sbl/listings.lasso?isp=net.edu.cn
More grisaillesag.com sightings:
http://groups.google.com/groups?q=GRISAILLESAG.COM+group%3A*abuse&start=0&scoring=d&
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/18085860f0436034
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.
For a copy of the guidelines to this group, see: