Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [drugs - Canadian Pharmacy botnet] [82.229.47.106] (fothesnow.com / aotheholiday.com / prettydesert.com / fopns.com / canadianmedicationsupport.com) ------ Cheap Drugs, Free 4 or 12 pills ViagraAtFREE, over 100 medications to pick from dof bpet whg16e

0 views
Skip to first unread message

TomezNet

unread,
Apr 10, 2008, 1:26:22 PM4/10/08
to
Received From:
IP 82.229.47.106 sml13-1-82-229-47-106.fbx.proxad.net
(at FR-PROXAD-ADSL)

Spamvert URL:
http://beee.fothesnow.com

beee.fothesnow.com => botnet
beee.fothesnow.com Resolved to fothesnow.com to 76.118.104.61 to
78.88.149.68 to 80.99.163.155 to 88.157.86.40 to 89.176.242.105 to
92.243.200.41 to 125.141.88.145 to 213.22.235.220 to 194.208.93.200 to
62.245.114.120 to 71.138.18.109 to 85.186.180.171 to 125.0.6.71 to
190.53.148.170

Redirected to:
http://prettydesert.com

prettydesert.com IP 123.111.50.177
(at HANANET / hanaro.com / Korea)

Title: European Pharmacy (aka Canadian Pharmacy)

WEB:
© Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.

Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&

Plenty of Forged Certificates and logos as always.

Much More info below:
==================X-SID-PRA: Salvatore Gunn <salvatore.gunn_df[]midohio.net>
X-Message-Info: 6sSXyD95QpW7uhWn3PSsnTGUH3/
uFAGv2BxOHYoonb88aDWn02IIy7MikXPEulcPyQIAsUnqrwco44hFCKdosg=Received: from tomts3-srv.bellnexxia.net ([209.226.175.115]) by bay0-
pamc1-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Wed, 9 Apr 2008 08:54:41 -0700
Received: from toip19.srvr.bell.ca ([67.69.240.21])
by toip52.srvr.bell.ca with ESMTP; 09 Apr 2008 11:54:28 -0400
Received: from [MUNGED]
by toip19.srvr.bell.ca with ESMTP; 09 Apr 2008 11:54:24 -0400
Received: (qmail 24484 invoked by uid 110); 9 Apr 2008 11:54:24 -0400
Delivered-To: [MUNGED]
Received: (qmail 24476 invoked from network); 9 Apr 2008 11:54:24
-0400
Received: from sml13-1-82-229-47-106.fbx.proxad.net (HELO peflzcc)
(82.229.47.106)
by [MUNGED] with SMTP; 9 Apr 2008 11:54:24 -0400
X-Sender: <salvatore.gunn_df[]midohio.net>
Subject: ------ Cheap Drugs, Free 4 or 12 pills ViagraAtFREE, over 100
medications to pick from dof bpet whg16e
Date: Wed, 09 Apr 2008 08:03:55 -0700
Message-ID: <1207753...@midohio.net>
From: "Salvatore Gunn" <salvatore.gunn_df[]midohio.net>
To: <[MUNGED]>
Bcc: <[MUNGED]>
Reply-To: "Salvatore Gunn" <salvatore.gunn_df[]midohio.net>
In-Reply-To: <eb0801c89663$4139b7ee$3d7fce02@7cuue73>
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
Return-Path: salvatore.gunn_df[]midohio.net
X-OriginalArrivalTime: 09 Apr 2008 15:54:41.0760 (UTC)
FILETIME=[05F2EE00:01C89A5A]


Free 4 or 12 ViagraPills with any purchase

its 100% FREE, no gimmick

Use the free pills to satisfy your woman

We have over 100 meds to choose from

http://beee.fothesnow.com

-- END OF SPAM --

See also European Pharmacy sightings:
http://groups.google.com/groups/search?q=%22European+Pharmacy%22+group%3A*abuse*&qt_s=Search

OLD Listing:
SBL61248 - ROK4932 / SBL61418, SBL61896, SBL62483

http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932

WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 888-9089, please, keep your order I.D.
every time you make a call
© Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.

Contact:
Also you may send us an e-mail.
You will get an answer ASAP. Customer Support (click here to mail us
sup...@canadianmedicationsupport.com)

More spammer sightings:
http://groups.google.com/groups/search?q=%22September+70%25%22+group%3A*abuse&start=0&scoring=d&

More canadianmedicationsupport.com sightings:
http://groups.google.com/groups/search?q=canadianmedicationsupport.com+group%3A*abuse*&qt_s=Search

See:
IP 82.229.47.106 sml13-1-82-229-47-106.fbx.proxad.net

http://moensted.dk/spam/?addr=82.229.47.106

Currently Sending Spam SORBS-ZOMBIE/WEB/SOCKS/MISC ... etc
See: http://www.sorbs.net/lookup.shtml?82.229.47.106
http://cbl.abuseat.org/lookup.cgi?ip=82.229.47.106

inetnum: 82.229.46.0 - 82.229.47.255
netname: FR-PROXAD-ADSL
descr: Proxad / Free SAS
descr: Static pool (Freebox)
descr: stmarcel-1 (marseille2)
descr: NCC#2003105812
country: FR
role: Administrative Contact for ProXad
address: Free SAS / ProXad
address: 8, rue de la Ville L'Eveque
address: 75008 Paris

route: 82.224.0.0/11
descr: ProXad network / Free SAS
descr: Paris, France
origin: AS12322
notify: ripe-...@proxad.net
mnt-by: PROXAD-MNT
changed: nhyvern...@corp.free.fr
AS Name: PROXAD AS for Proxad/Free ISP
http://www.cidr-report.org/cgi-bin/as-report?as=12322

SEE:
beee.fothesnow.com => botnet
beee.fothesnow.com Resolved to fothesnow.com to 76.118.104.61 to
78.88.149.68 to 80.99.163.155 to 88.157.86.40 to 89.176.242.105 to
92.243.200.41 to 125.141.88.145 to 213.22.235.220 to 194.208.93.200 to
62.245.114.120 to 71.138.18.109 to 85.186.180.171 to 125.0.6.71 to
190.53.148.170

ns1.aotheholiday.com IP 66.130.104.103
ns2.aotheholiday.com IP 58.146.196.178
ns3.aotheholiday.com IP 68.60.148.135
ns4.aotheholiday.com IP 69.70.199.122

beee.fothesnow.com has no MX records -> fothesnow.com has no MX
records

See IP rDNS on botnet:
76.118.104.61 = c-76-118-104-61.hsd1.ma.comcast.net
78.88.149.68 = 078088149068.jaw.vectranet.pl / vectranet.pl
80.99.163.155 = catv-5063a39b.catv.broadband.hu
88.157.86.40 = rev-88-157-86-40.tvtel.pt
89.176.242.105 = rb5dk105.net.upc.cz / UPC Ceska
92.243.200.41 = user-92-243-200-41.ktkadan.cz / losan.cz
125.141.88.145 = no PTR at KORNET / kt.co.kr / Korea
213.22.235.220 = a213-22-235-220.cpe.netcabo.pt
194.208.93.200 = 194-208-093-200.tele.net / TELEPORT
62.245.114.120 = r2ay120.net.upc.cz / mistral.cz
71.138.18.109 - ppp-71-138-18-109.dsl.frs2ca.pacbell.net
85.186.180.171 = no PTR at ASTRAL / upc.ro
125.0.6.71 = ymgt107071.catv.ppp.infoweb.ne.jp
190.53.148.170 = no PTR at Newcom Limited / amnetcorp.com

AND:
IP 66.130.104.103 = modemcable103.104-130-66.mc.videotron.ca
IP 58.146.196.178 = no PTR at YOUNGDOONG / HANARO / onybs.co.kr /
YBS / Korea
IP 68.60.148.135 = c-68-60-148-135.hsd1.mi.comcast.net
IP 69.70.199.122 = modemcable122.199-70-69.mc.videotron.ca

SEE ALSO:
hostnames sharing ip with a-records
diturn.com
dpeclipse.com
ebgerry.com
fhthesame.com
mgtelling.com
rb5dk105.net.upc.cz
vhresidual.com

domains sharing nameservers
aotheholiday.com
beothparties.com
cflastmonth.com
cmconfidence.com
cotheamerican.com
diturn.com
dpeclipse.com
ebgerry.com
enandwho.com
fhthesame.com
mrlong22.com
sabyknock.com
sdwasin.com
sefirstplace.com
sharkansas.com
tritsown.com
vgisstill.com
vhresidual.com
winasabur.com
xcarkans.com

Let see whois.dns.com.cn:
Domain Name.......... fothesnow.com
Creation Date........ 2008-03-22 21:16:10
Registration Date.... 2008-03-22 21:16:10
Expiry Date.......... 2009-03-22 21:16:10
Organisation Name.... Wang Sanshui
Organisation Address. Chengdu
Organisation Address.
Organisation Address. Chengdu
Organisation Address. 610000
Organisation Address. SC
Organisation Address. CN

Admin Name........... Wang Sanshui
Admin Address........ Chengdu
Admin Address........
Admin Address........ Chengdu
Admin Address........ 610000
Admin Address........ SC
Admin Address........ CN
Admin Email.......... wmiao[]yahoo.com
Admin Phone.......... +86.13898778834
Admin Fax............ +86.13898778834

Tech Name............ Wang Sanshui
Tech Address......... Chengdu
Tech Address.........
Tech Address......... Chengdu
Tech Address......... 610000
Tech Address......... SC
Tech Address......... CN
Tech Email........... wm...@yahoo.com
Tech Phone........... +86.13898778834
Tech Fax............. +86.13898778834

Bill Name............ Wang Sanshui
Bill Address......... Chengdu
Bill Address.........
Bill Address......... Chengdu
Bill Address......... 610000
Bill Address......... SC
Bill Address......... CN
Bill Email........... wm...@yahoo.com
Bill Phone........... +86.13898778834
Bill Fax............. +86.13898778834
Name Server.......... ns4.aotheholiday.com
Name Server.......... ns3.aotheholiday.com
Name Server.......... ns2.aotheholiday.com
Name Server.......... ns1.aotheholiday.com

More wm...@yahoo.com sightings:
http://groups.google.com/groups/search?q=wmiao%40yahoo.com+group%3A*abuse*&qt_s=Search

SEE:
ns1.aotheholiday.com IP 66.130.104.103
ns2.aotheholiday.com IP 58.146.196.178
ns3.aotheholiday.com IP 68.60.148.135
ns4.aotheholiday.com IP 69.70.199.122

ns1.aotheholiday.com has no MX records -> aotheholiday.com has no MX
records

Let see whois.dns.com.cn:
Domain Name.......... aotheholiday.com
Creation Date........ 2007-11-27 09:56:48
Registration Date.... 2007-11-27 09:56:48
Expiry Date.......... 2008-11-27 09:56:48
Organisation Name.... Ma Linlin
Organisation Address. Beijing
Organisation Address.
Organisation Address. Beijing
Organisation Address. 210001
Organisation Address. BJ
Organisation Address. CN

Admin Name........... Ma Linlin
Admin Address........ Beijing
Admin Address........
Admin Address........ Beijing
Admin Address........ 210001
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... dfeeexxdf[]163.com
Admin Phone.......... +86.13076885511
Admin Fax............ +86.13076885511

Tech Name............ Ma Linlin
Tech Address......... Beijing
Tech Address.........
Tech Address......... Beijing
Tech Address......... 210001
Tech Address......... BJ
Tech Address......... CN
Tech Email........... dfee...@163.com
Tech Phone........... +86.13076885511
Tech Fax............. +86.13076885511

Bill Name............ Ma Linlin
Bill Address......... Beijing
Bill Address.........
Bill Address......... Beijing
Bill Address......... 210001
Bill Address......... BJ
Bill Address......... CN
Bill Email........... dfee...@163.com
Bill Phone........... +86.13076885511
Bill Fax............. +86.13076885511
Name Server.......... ns2.aotheholiday.com
Name Server.......... ns1.aotheholiday.com
Name Server.......... ns3.aotheholiday.com
Name Server.......... ns4.aotheholiday.com

More aotheholiday.com sightings:
http://groups.google.com/groups/search?q=aotheholiday.com+group%3A*abuse*&qt_s=Search

SEE Spamvert URL source code:

HTTP/1.1 302 Found
Date: Wed, 09 Apr 2008 16:21:52 GMT
Server: Apache/2.0.59 (FreeBSD) PHP/4.4.4 with Suhosin-Patch
X-Powered-By: PHP/4.4.4
Location: http://prettydesert.com
Content-Length: 0
Connection: close
Content-Type: text/html

Redirected to:
http://prettydesert.com

prettydesert.com IP 123.111.50.177

ns1.fopns.com IP 116.199.138.24
ns2.fopns.com IP 221.122.64.14
ns3.fopns.com IP 58.83.8.6
ns4.fopns.com IP 116.199.135.168

prettydesert.com has no MX records

http://moensted.dk/spam/?addr=123.111.50.177
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr 3.111.50.177

inetnum: 123.111.0.0 - 123.111.255.255
netname: HANANET
descr: Hanaro Telecom
descr: Shindongah Bldg, 43, Taepyeongno2-ga, Jung-gu,Seoul

IPv4 Address : 123.111.48.0-123.111.63.255
Network Name : HANANET-INFRA
Connect ISP Name : HANANET
Registration Date : 20070419
Publishes : Y

[ Organization Information ]
Organization ID : ORG3930
Org Name : Hanaro Telecom Inc.
Address : Yeoeuido-dong Yeongdeungpo-gu SEOUL
Detail Address : 17-7 Asia One Bldg.
Zip Code : 150-874

[ Technical Contact Information ]
Name : IP manager
Org Name : Hanaro Telecom Inc.
Address : Yeoeuido-dong Yeongdeungpo-gu SEOUL
Detail Address : 17-7 Asia One Bldg.
Zip Code : 150-874
Phone : +82-2-106-2
E-Mail : ip-...@hanaro.com

route: 123.111.0.0/16
descr: proxy for HANARO TELECOM route
origin: AS9318
mnt-by: MAINT-HANARO
changed: ce-su...@us.ntt.net
AS Name: HANARO-AS Hanaro Telecom Inc.
http://www.cidr-report.org/cgi-bin/as-report?as=9318

SEE ALSO:
hostnames sharing ip with a-records
burnnumber.com
butradio.com
freshfine.com
indapills.com
meatknow.com
oilcount.com
powersuffix.com
printfollow.com
provecolor.com
stilltrack.com
tallfather.com
theirbread.com
twentymarket.com
watchtire.com
willmain.com

domains sharing nameservers
aeinoe.com
afterkindsss.com
ainomw.com
alextreelove.com
appht.com
applefollow.com
att77.com
beforecatred.com
beforessskind.com
blueredcat.com
bombcatred.com
brighthad.com
burnhit.com
catlovered.com
cedrtr.com
cianl.com
columnstream.com
credfot.com
dadony.com
detoyg.com
doanie.com
eionad.com
eniske.com
eomars.com
ertmko.com
eurocasinoael.com
eurocasinoafa.com
fillalexhead.com
fillbice.com
flipmencool.com
flipsssbonk.com
flowfakes.com
flywatches.com
foorker.com
fopns.com
gaienis.com
gempotty.com
gluestuckcat.com
goldwatchdirect.com
goodmoneypig.com
greatpigmoney.com
greencatred.com
headalexman.com
ialexmore.com
ieonse.com
indapills.com
joealexnight.com
justwatchz.com
kapdfot.com
kassty.com
keepwhyme.com
kimalextree.com
lawdstr.com
lawoyg.com
ldioon.com
legbott.com
leisuretimewatches.com
lovetreecat.com
maiok.com
manbestcool.com
mikpotf.com
misnit.com
moneypiggood.com
moressslove.com
mostsssbark.com
mseio.com
multiplybell.com
nowcatpurple.com
nowssstim.com
nuoroh.com
osnien.com
panmenwalk.com
pillcatgreen.com
powudat.com
proud3ms.com
purpluecat.com
qionh.com
rutjop.com
slampigmoney.com
soofanb.com
supa-watches.com
tailssspin.com
thebigwatches.com
theyalexless.com
timefoly.com
timepigmoney.com
toforthree.com
treealexbop.com
treessspig.com
uaaut.com
underredtree.com
waerer.com
waodt.com
watchwildworld.com
wealexmore.com
woanetu.com
womentreepan.com
xedter.com
xoieh.com
yellowpincat.com
yethappy.com
(only showing 100 results)

Let see whois.paycenter.com.cn:
Domain Name: prettydesert.com

Registrant:
wang qiang
yi xing shi yi cheng zheng dong shan xi lu 24 hao
214206

Administrative Contact:
wangqiang
wang qiang
yi xing shi yi cheng zheng dong shan xi lu 24 hao
yixing Jiangsu 214206
CN
tel: 510 87950311
fax: 510 87950311
pengxiongjun2[]163.com

Technical Contact:
wangqiang
wang qiang
yi xing shi yi cheng zheng dong shan xi lu 24 hao
yixing Jiangsu 214206
CN
tel: 87950311
fax: 87950311
pengxi...@163.com

Billing Contact:
wangqiang
wang qiang
yi xing shi yi cheng zheng dong shan xi lu 24 hao
yixing Jiangsu 214206
CN
tel: 87950311
fax: 87950311
pengxi...@163.com

Registration Date: 2008-02-05
Update Date: 2008-02-18
Expiration Date: 2009-02-05

Primary DNS: ns1.fopns.com 116.199.139.5
Secondary DNS: ns2.fopns.com 221.122.64.14

More pengxi...@163.com sightings:
http://groups.google.com/groups/search?q=pengxiongjun2%40163.com+group%3A*abuse*&qt_s=Search

SEE:
ns1.fopns.com IP 116.199.138.24
ns2.fopns.com IP 221.122.64.14
ns3.fopns.com IP 58.83.8.6
ns4.fopns.com IP 116.199.135.168

ns1.fopns.com has no MX records -> fopns.com has no MX records

Let see whois.paycenter.com.cn:
Domain Name: fopns.com

Registrant:
liu haijun
wu han
321099

Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com

Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com

Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com

Registration Date: 2008-02-14
Update Date: 2008-02-14
Expiration Date: 2009-02-14

Primary DNS: ns1.fopns.com 116.199.139.5
Secondary DNS: ns2.fopns.com 221.122.64.14

More fopns.com sightings:
http://groups.google.com/groups/search?q=fopns.com+group%3A*abuse*&qt_s=Search

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/d7139d9a0774b624

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/32af2972d6b5278b

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/2cb48defc6490ff7

Cheers, Tomez

--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/

0 new messages