Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [drugs - Canadian Pharmacy botnet] [81.190.251.233] (planerise.com / xinnetdns.com / xinnet.cn) dorpfrev

0 views
Skip to first unread message

TomezNet

unread,
Mar 17, 2008, 4:50:39 AM3/17/08
to
Received From:
IP 81.190.251.233 host-81-190-251-233.elk.mm.pl
(at multimedia.pl)

Spamvert:
www.planerise.com => botnet
planerise.com Resolved to 222.167.107.60 to 61.18.238.54 to
62.65.242.135 to 67.183.235.161 to 70.60.107.6 to 77.41.64.76 to
79.113.53.182 to 81.5.108.219 to 84.38.183.238 to 86.101.19.93 to
88.134.185.93 to 89.173.132.57 to 122.122.11.181 to 123.203.16.5 to
218.49.163.158 to 221.127.4.101 to 221.127.111.51 to 221.127.174.217
to 221.127.245.82 to 221.163.215.145

ns.xinnetdns.com IP 210.51.170.66 => SBL63236 at cncgroup-bj
ns.xinnet.cn IP 210.51.171.209 => SBL63236 at cncgroup-bj

Title: European Pharmacy (aka Canadian Pharmacy)
stylesheet => css/canadian_pharmacy_2_style.css

WEB:
© Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.

Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&

Plenty of Forged Certificates and logos as always.

More info below:
==================X-SID-PRA: Tarciso Ingelsson <douzie`m...@newcosmos-cn.com>
X-Message-Info: 6sSXyD95QpX930UeRvk5K9RPjvY7o0zELPyYiEiAovmSYZHLGS6o
+1ZM2aDQ3U2jZ4S24FGzwWB2o+xjqmsgjg=Received: from tomts1-srv.bellnexxia.net ([209.226.175.113]) by bay0-
pamc1-f2.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Mon, 17 Mar 2008 00:02:04 -0700
Received: from toip21.srvr.bell.ca ([67.69.240.23])
by toip27.srvr.bell.ca with ESMTP; 17 Mar 2008 03:01:56 -0400
Received: from [MUNGED]
by toip21.srvr.bell.ca with ESMTP; 17 Mar 2008 03:01:54 -0400
Received: (qmail 17793 invoked by uid 110); 17 Mar 2008 03:01:54 -0400
Delivered-To: [MUNGED]
Received: (qmail 17784 invoked from network); 17 Mar 2008 03:01:54
-0400
Received: from host-81-190-251-233.elk.mm.pl (81.190.251.233)
by [MUNGED] with SMTP; 17 Mar 2008 03:01:54 -0400
Message-ID: <000801c887fc$ccb6a790$e9fbbe51@lechu192b66a0b>
From: "Tarciso Ingelsson" <douzie`m...@newcosmos-cn.com>
To: [MUNGED]
Subject: dorpfrev
Date: Mon, 17 Mar 2008 08:02:01 +0100
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="--------=_NextPart_000_0004_01C88805.2E7B0F90"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.3138
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3198
Return-Path: douzie`m...@newcosmos-cn.com
X-OriginalArrivalTime: 17 Mar 2008 07:02:04.0882 (UTC)
FILETIME=[CEAA1320:01C887FC]

----------=_NextPart_000_0004_01C88805.2E7B0F90
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

Your PE size really matters for her!
Huge holiday discounts for PE_enlargement and ED_treatment!
----------=_NextPart_000_0004_01C88805.2E7B0F90
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=3Diso-8859-1">
<META content=3D"MSHTML 6.00.2900.3199" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#ffffff>
<DIV><FONT Arial size=2>Your PE size really matters for her!</FONT></DIV>
<A href="http://planerise.com">Huge holiday discounts for PE_enlargement and=20
ED_treatment!</A></BODY></HTML>
----------=_NextPart_000_0004_01C88805.2E7B0F90--

-- END OF SPAM --

See also European Pharmacy sightings:
http://groups.google.com/groups/search?q=%22European+Pharmacy%22+group%3A*abuse*&qt_s=Search

Identical spam as for collectwhole.com => botnet

OLD Listing:
SBL61248 - ROK4932 / SBL61418, SBL61896, SBL62483

http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932

WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 888-9089, please, keep your order I.D.
every time you make a call
© Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.

More spammer sightings:
http://groups.google.com/groups/search?q=%22September+70%25%22+group%3A*abuse&start=0&scoring=d&

See:
IP 81.190.251.233 host-81-190-251-233.elk.mm.pl

More mm.pl sightings:
http://groups.google.com/groups/search?q=mm.pl+group%3A*abuse*&qt_s=Search

http://moensted.dk/spam/?addr=81.190.251.233
Bad host, no cookie - see http://njabl.org/lookup?81.190.251.233
http://dsbl.org/listing?81.190.251.233
http://spamcop.net/w3m?action=checkblock&ip=81.190.251.233

inetnum: 81.190.248.0 - 81.190.251.255
netname: MULTIMEDIA
descr: Multimedia Polska S. A.
descr: Cable Internet Voice Provider
descr: Node Malbork
country: PL
person: Aleksander Dziedzic
address: Multimedia Polska Sp. z o.o.
address: ul. Tadeusza Wendy 7/9
address: 81-341 Gdynia
address: POLAND
phone: +48 17 7886988
fax-no: +48 17 7887702
e-mail: adzi...@ptc.pl

postmaster and abuse[]multimedia.pl are listed in rfc-ignorant.org
database
postmaster and abuse[]mm.pl are listed in rfc-ignorant.org database

route: 81.190.248.0/21
descr: Networks in Poland
origin: AS30824
notify: l...@multimedia.pl
mnt-by: SZELSAT-MNT
changed: p.s...@multimedia.pl
AS Name: MULTIMEDIA-AS Multimedia Polska Sp.z o.o.
http://www.cidr-report.org/cgi-bin/as-report?as=21021
AS Name: MULTIMEDIA-AS-2 Multimedia Polska Sp.z o.o.
http://www.cidr-report.org/cgi-bin/as-report?as=30824

Spamvert:
www.planerise.com => botnet
planerise.com Resolved to 222.167.107.60 to 61.18.238.54 to
62.65.242.135 to 67.183.235.161 to 70.60.107.6 to 77.41.64.76 to
79.113.53.182 to 81.5.108.219 to 84.38.183.238 to 86.101.19.93 to
88.134.185.93 to 89.173.132.57 to 122.122.11.181 to 123.203.16.5 to
218.49.163.158 to 221.127.4.101 to 221.127.111.51 to 221.127.174.217
to 221.127.245.82 to 221.163.215.145

collectwhole.com has no MX records

ns.xinnetdns.com IP 210.51.170.66
ns.xinnet.cn IP 210.51.171.209

See IP rDNS on botnet:
222.167.107.60 = cm222-167-107-60.hkcable.com.hk
61.18.238.54 = cm61-18-238-54.hkcable.com.hk
62.65.242.135 = pc135.host50.starman.ee
67.183.235.161 = c-67-183-235-161.hsd1.wa.comcast.net
70.60.107.6 = rrcs-70-60-107-6.midsouth.biz.rr.com
77.41.64.76 = host-77-41-64-76.qwerty.ru
79.113.53.182 = 79-113-53-182.rdsnet.ro
81.5.108.219 no PTR at mipt.ru / MIPT-TELECOM-VPN-2-NET
84.38.183.238 = ktk183.238.ktkarvina.cz
86.101.19.93 = catv-5665135d.catv.broadband.hu
88.134.185.93 = 88-134-185-93-dynip.superkabel.de
89.173.132.57 = chello089173132057.chello.sk
122.122.11.181 = 122-122-11-181.dynamic.hinet.net
123.203.16.5 = 123203016005.ctinets.com
218.49.163.158 no PTR at HANANET / hanaro.com / step.or.kr
221.127.4.101 no PTR at hgc.com.hk / HutchCity.com
221.127.111.51 no PTR at hgc.com.hk / HutchCity.com
221.127.174.217 no PTR at hgc.com.hk / HutchCity.com
221.127.245.82 no PTR at hgc.com.hk / HutchCity.com
221.163.215.145 no PTR at KORnet.net / kt.co.kr

Let see whois.paycenter.com.cn:
Domain Name: planerise.com

Registrant:
liu bin
hai kou
891000

Administrative Contact:
liubin
liu bin
hai kou
hai kou Beijing 891000
CN
tel: 898 1234567
fax: 898 1234567
cnclinp[]21cn.com

Technical Contact:
liubin
liu bin
hai kou
hai kou Beijing 891000
CN
tel: 1234567
fax: 1234567
cnc...@21cn.com

Billing Contact:
liubin
liu bin
hai kou
hai kou Beijing 891000
CN
tel: 1234567
fax: 1234567
cnc...@21cn.com

Registration Date: 2008-02-21
Update Date: 2008-02-25
Expiration Date: 2009-02-21

Primary DNS: ns.xinnetdns.com 210.51.170.66
Secondary DNS: ns.xinnet.cn 210.51.171.209

More planerise.com sightings:
http://groups.google.com/groups/search?q=planerise.com+group%3A*abuse*&qt_s=Search

SEE ALSO:
hostnames sharing ip with a-records
*.mp3for-you.com
*.positionself.com
*.speakplant.com
abovesouth.com
adaev.gonebox.com
answerpart.com
ballnature.com
batweight.com
bestpharmspattern.com
bestpillscanadian.com
bestpillstick.com
breakwere.com
c-67-183-235-161.hsd1.wa.comcast.net
carryelse.com
clothedark.com
continueus.com
countclimb.com
dayprobable.com
decimalbell.com
drugsqualityvisit.com
exceptboat.com
fearking.com
feeddark.com
feethole.com
fillvary.com
finishown.com
firstclassmed.com
greatpharmonline.com
guidebuild.com
halffact.com
headfloor.com
iu.chancetoo.com
locatemeant.com
loversdrugssign.com
loverspillsscale.com
loverspillweek.com
majorroll.com
manymagnet.com
meds-oneonline.com
mightinch.com
moreyet.com
mp3for-you.com
mytopratedpharmacy.com
ninebeat.com
noisedoes.com
oceancarry.com
offar.com
oforder.com
oncecondition.com
online-edmeds.com
onlinedrugsset.com
patternresult.com
pharmsworld.com
pillloversfather.com
plainlarge.com
positionself.com
poundmay.com
preparepeople.com
ranleg.com
ratherthin.com
risecheck.com
rivervary.com
rx-works.com
rxnic.com
sailjoin.com
samegreen.com
selfoh.com
serveago.com
sevenrow.com
sitemedicalgood.com
sitepillscan.com
sizesymbol.com
songsince.com
southrather.com
spammer.chancetoo.com
spammer.head-of-epharmacy.com
spammer.speakplant.com
thevisualear.com
thousandseveral.com
tookkeep.com
top-canadian.com
topdrugscatch.com
topdrugsyard.com
toppharmsfollow.com
topqualitymedications.com
topqualitypills.com
topratedonlinepharms.com
topratedrxmeds.com
topratedrxpharms.com
toprxcanadianpharm.com
toucharrive.com
trackfair.com
treequart.com
ufaok.positionself.com
unittrip.com
uplone.com
valuablemedscanadian.com
valuablemedsrx.com
valuablerxpharmacy.com
werefield.com
whatshore.com
windowit.com

domains sharing nameservers
aaiechange.com
actwill.com
atnevez.com
avotecs.com
beenliquid.com
beklom.com
blucpan.com
bonilt.com
breadbaby.com
byche.com
choosedo.com
collectwhole.com
cosamryl.com
doupsto.com
dwointa.com
eyetoear.com
famtriz.com
fedusk.com
flaxoig.com
fomtacap.com
fourblack.com
gotvab.com
growfell.com
guptane.com
istupee.com
kazinr.com
ladylate.com
lainwad.com
lernak.com
locurt.com
lometr.com
lugfeat.com
maianor.com
mainfrom.com
merzut.com
micald.com
miplor.com
moonshort.com
moreplane.com
nameedns.com
nightarrange.com
nolidv.com
nuembrop.com
ofbelieve.com
opicer.com
osterk.com
petork.com
pitebl.com
plogat.com
pumedr.com
raclange.com
rangorp.com
refilp.com
replythey.com
saiegfol.com
sammossguitars.com
sednip.com
shaesol.com
simepa.com
smeriv.com
softsiteprovide.com
soilear.com
soonend.com
sorexan.com
srelom.com
staget.com
steamrun.com
swaneyt.com
swimlet.com
syllabledescribe.com
symatod.com
takinov.com
tendollartech.com
tookjob.com
toutofy.com
tsawlon.com
tunecvim.com
varilo.com
vaseld.com
vokelp.com
wildnumeral.com
willwoman.com
windowit.com

See cnc...@21cn.com sightings:
http://groups.google.com/groups/search?q=%22cnclinp%4021cn.com%22+group%3A*abuse*&qt_s=Search

See:
ns.xinnetdns.com IP 210.51.170.66

http://moensted.dk/spam/?addr=210.51.170.66
http://www.spamhaus.org/query/bl?ip=210.51.170.66

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63236
210.51.160.0/20 is listed on the Spamhaus Block List (SBL)

10-Mar-2008 21:51 GMT | SR02

flowexpo and other bulletproof hosting (escalation)
More than 170 total SBL listings in this /16

inetnum: 210.51.160.0 - 210.51.175.255
netname: CNC-BJ-IDC2
country: CN
descr: Beijing YiZhuang IDC of China Netcom
admin-c: CH140-AP
tech-c: TJ35-AP
status: ALLOCATED NON-PORTABLE
changed: cnci...@china-netcom.com
role: CNCIDC hostmaster
address: No.1,Beihuan Donglu,BDA,Beijing,China
country: CN
phone: +8610 6787 5599
fax-no: +8610 6787 8624
e-mail: cnci...@china-netcom.com
trouble: tech-...@china-netcom.com
person: Tao Jiang
nic-hdl: TJ35-AP
e-mail: bjidc-...@cnc.cn
changed: jian...@cnc.cn
changed: zha...@china-netcom.com
mntner: MAINT-CN-BJIDC
upd-to: bjidc-...@china-netcom.com

route: 210.51.0.0/16
descr: CHINA NETCOM
origin: AS9929
mnt-by: MAINT-AS9929
changed: xu...@china-netcom.com

route: 210.51.0.0/16
descr: CNC Group CncNet
country: CN
origin: AS9929
mnt-by: MAINT-CNCGROUP-RR
changed: ab...@cnc-noc.net

route: 210.51.0.0/16
descr: CNC Route Object
origin: AS9929
member-of: rs-Secondary
mnt-by: CHINANETCOM-MNT
changed: liu...@china-netcom.com
AS Name: CNCNET-CN China Netcom Corp.
http://www.cidr-report.org/cgi-bin/as-report?as=9929

14 SBL/ROKSO listings for IPs under the responsibility of cncgroup-bj
http://www.spamhaus.org/sbl/listings.lasso?isp=cncgroup-bj

So Much More xinnetdns.com sightings:
http://groups.google.com/groups/search?q=xinnetdns.com+group%3A*abuse*&qt_s=Search

See:
ns.xinnet.cn IP 210.51.171.209

http://moensted.dk/spam/?addr=210.51.171.209
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL63236

So Much More xinnet.cn sightings:
http://groups.google.com/groups/search?q=xinnet.cn+group%3A*abuse*&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/2b0027b4070a07cf

And:
http://groups.google.com/group/news.admin.net-abuse.email/msg/6c15c2b98d46bd38

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/6511468da34ed4f0

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/

0 new messages