Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [drugs - Canadian Pharmacy botnet] [189.131.49.208] (stationweather.hk - fionkunjerunhedase.com / chitionkdetunlionpsa.com / gedsactunjerion.com / piotiongandesunkdes.com) Re:

0 views
Skip to first unread message

TomezNet

unread,
Jun 21, 2007, 12:30:27 AM6/21/07
to
Received From:
IP 189.131.49.208 dsl-189-131-49-208.prod-infinitum.com.mx
(at UNINET.NET.MX)

Spamvert:
stationweather.hk => botnet
www.stationweather.hk Resolved to 59.31.23.204 to 61.10.232.211 to
61.92.213.12 to 61.93.34.166 to 61.93.76.4 to 61.93.121.70 to
66.177.73.244 to 71.194.127.235 to 75.39.167.153 to 75.74.177.144 to
124.48.139.21 to 194.249.87.205 to 203.80.80.164 to 210.6.96.17 to
218.253.152.67 to 218.253.161.52 to 218.254.100.35 to 220.121.183.150
to 221.126.88.10 to 221.127.239.11

WEB:
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&

Plenty of Forged Certificates and logos as always.

More info below:
====================

Return-Path: <principl...@seimitsu.com>
Delivered-To: [MUNGED]
Received: (qmail 25934 invoked from network); 19 Jun 2007 16:19:22
-0400
Received: from dsl-189-131-49-208.prod-infinitum.com.mx (HELO
smtp-02.servidoresdns.net) (189.131.49.208)
by [MUNGED] with SMTP; 19 Jun 2007 16:19:22 -0400
Return-Path: <principl...@seimitsu.com>
Received: from 68.208.144.9 (HELO mail.seimitsu.com)
by [MUNGED] with esmtp (>,QE?E3K?X'/ O?0-9W)
id =4?3NZ--G6.G*-)4
for [MUNGED]; Tue, 19 Jun 2007 20:19:15 +0360
From: "Ullin Hend" <principl...@seimitsu.com>
To: [MUNGED]
Subject: Re:
Date: Tue, 19 Jun 2007 20:19:15 +0360
Message-ID: <01c7b2af$1b5b7cf0$6c822ecf@principlingruskin>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0006_01C7B27C.D0C10CF0"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Thread-Index: Aca6Q1I2S35J4/X>DK19Z7:H'8J0T9==

<head>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html;
charset=Windows-1252">
<meta name=Generator content="Microsoft Word 11 (filtered medium)">
</head>
<body>
<BODY text=#000000 bgColor=#ffffff>
<font size="3" face="Times New Roman"><p align="center"><font
color="#0000ff" size="6"><strong>VIAGRA</strong></font></p>
<p align="center">If you have a problem getting or keeping an
erection, your sex life can suffer. <br />You should know that
you&rsquo;re not alone. In fact, more than half of all men over 40 <br/
>have difficulties getting or maintaining an erection. This issue,
also called <br />erectile dysfunction, occurs with younger men as
well!</p>
<p align="center">You should know there is something you can do about
it. <br />Join the millions of men who have already <strong>improved
their sex lives with VIAGRA</strong>!</p>
<p align="center"><a href="http://stationweather.hk"><font
size="4"><strong>VISIT STORE ONLINE!</strong></font></a></p></font>
</BODY>
</body>
</html>

-- END OF SPAM --

Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 787-1711, please, keep your order I.D.
every time you make a call.
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

Contact us:
Also you may send us an e-mail.
You will get an answer ASAP. Customer Support (click here to mail us
sup...@canadianpharmsupport.com)

See support[]canadianpharmsupport.com sightings"
http://groups.google.com/groups/search?q=%22support%40canadianpharmsupport.com%22+group%3A*abuse&qt_s=Search

See:
IP 189.131.49.208 dsl-189-131-49-208.prod-infinitum.com.mx

http://www.moensted.dk/spam/?addr=189.131.49.208
http://www.spamhaus.org/query/bl?ip=189.131.49.208
http://cbl.abuseat.org/lookup.cgi?ip=189.131.49.208
http://spamcop.net/w3m?action=checkblock&ip=189.131.49.208

More prod-infinitum.com.mx sightings:
http://groups.google.com/groups/search?q=prod-infinitum.com.mx+group%3A*abuse&start=0&scoring=d&

inetnum: 189.128/11
status: reallocated
owner: Uninet S.A. de C.V.
ownerid: MX-USCV4-LACNIC
responsible: Gestión de cambios y configuraciones
address: Periferico Sur, 3190,
address: 01900 - Ciudad de México - DF
country: MX
nic-hdl: DCA
person: GESTION DE CAMBIOS
e-mail: gcc...@REDUNO.COM.MX

postmaster and abuse[]prod-infinitum.com.mx are listed in rfc-
ignorant.org database
whois, postmaster and abuse[]UNINET.NET.MX are listed in rfc-
ignorant.org database

Prefix: 189.131.32.0/19
Prefix Name: error
AS: 8151
AS Name: MX-USCV5-LACNIC UniNet S.A. de C.V.
http://www.cidr-report.org/cgi-bin/as-report?as=8151

See:
stationweather.hk => botnet
www.stationweather.hk Resolved to 59.31.23.204 to 61.10.232.211 to
61.92.213.12 to 61.93.34.166 to 61.93.76.4 to 61.93.121.70 to
66.177.73.244 to 71.194.127.235 to 75.39.167.153 to 75.74.177.144 to
124.48.139.21 to 194.249.87.205 to 203.80.80.164 to 210.6.96.17 to
218.253.152.67 to 218.253.161.52 to 218.254.100.35 to 220.121.183.150
to 221.126.88.10 to 221.127.239.11

NS0.PIOTIONGANDESUNKDES.COM [NO GLUE; No A record]
NS0.FIONKUNJERUNHEDASE.COM [NO GLUE; No A record]
NS0.GEDSACTUNJERION.COM [NO GLUE; No A record]
NS0.CHITIONKDETUNLIONPSA.COM [NO GLUE; No A record]

ns ns0.chitionkdetunlionpsa.com 76.104.139.174(US)
ns ns0.fionkunjerunhedase.com 208.120.41.135(US)
ns ns0.gedsactunjerion.com 69.229.238.218(US)
ns ns0.piotiongandesunkdes.com 24.238.187.40(US)

76.104.139.174 = c-76-104-139-174.hsd1.wa.comcast.net
208.120.41.135 = user-387gac7.cable.mindspring.com
69.229.238.218 = adsl-69-229-238-218.dsl.scrm01.pacbell.net
24.238.187.40 = user-0cetep8.cable.mindspring.com

www.stationweather.hk has no MX records -> stationweather.hk has no MX
records

Let see whois:
Domain Name: STATIONWEATHER.HK
Contract Version: HKDNR latest version

Registrant Contact Information:
Holder English Name (It should be the same as your legal name on your
HKID card or other relevant documents): MR TIM FLOCK
Holder Chinese Name:
Email: KeltieMM...@aol.com (KeltieMM...@aol.com)
Domain Name Commencement Date: 16-06-2007
Country: US
Expiry Date: 16-06-2008
Re-registration Status: Complete
Name of Registrar: HKDNR
Account Name: HK1913641T

Technical Contact:
First name: TIM
Last name: FLOCK
Company Name: TIM FLOCK

Name Servers Information:
Name Servers Information:
NS0.FIONKUNJERUNHEDASE.COM
NS0.GEDSACTUNJERION.COM
NS0.PIOTIONGANDESUNKDES.COM
NS0.CHITIONKDETUNLIONPSA.COM

SEE Also more NS sightings:
More chitionkdetunlionpsa.com sightings:
http://groups.google.com/groups/search?q=chitionkdetunlionpsa.com+group%3A*abuse&start=0&scoring=d&

More fionkunjerunhedase.com sightings:
http://groups.google.com/groups/search?q=fionkunjerunhedase.com+group%3A*abuse&start=0&scoring=d&

More gedsactunjerion.com sightings:
http://groups.google.com/groups/search?q=gedsactunjerion.com+group%3A*abuse&start=0&scoring=d&

More piotiongandesunkdes.com sightings:
http://groups.google.com/groups/search?q=piotiongandesunkdes.com+group%3A*abuse&start=0&scoring=d&

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/6086b02bd07c7de4

Cheers, Tomez


--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages