Spamvert URL:
http://beee.fothesnow.com
beee.fothesnow.com => botnet
beee.fothesnow.com Resolved to fothesnow.com to 76.118.104.61 to
78.88.149.68 to 80.99.163.155 to 88.157.86.40 to 89.176.242.105 to
92.243.200.41 to 125.141.88.145 to 213.22.235.220 to 194.208.93.200 to
62.245.114.120 to 71.138.18.109 to 85.186.180.171 to 125.0.6.71 to
190.53.148.170
Redirected to:
http://prettydesert.com
prettydesert.com IP 123.111.50.177
(at HANANET / hanaro.com / Korea)
Title: European Pharmacy (aka Canadian Pharmacy)
WEB:
© Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.
Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&
Plenty of Forged Certificates and logos as always.
Much More info below:
==================X-SID-PRA: Salvatore Gunn <salvatore.gunn_df[]midohio.net>
X-Message-Info: 6sSXyD95QpW7uhWn3PSsnTGUH3/
uFAGv2BxOHYoonb88aDWn02IIy7MikXPEulcPyQIAsUnqrwco44hFCKdosg=Received: from tomts3-srv.bellnexxia.net ([209.226.175.115]) by bay0-
pamc1-f5.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Wed, 9 Apr 2008 08:54:41 -0700
Received: from toip19.srvr.bell.ca ([67.69.240.21])
by toip52.srvr.bell.ca with ESMTP; 09 Apr 2008 11:54:28 -0400
Received: from [MUNGED]
by toip19.srvr.bell.ca with ESMTP; 09 Apr 2008 11:54:24 -0400
Received: (qmail 24484 invoked by uid 110); 9 Apr 2008 11:54:24 -0400
Delivered-To: [MUNGED]
Received: (qmail 24476 invoked from network); 9 Apr 2008 11:54:24
-0400
Received: from sml13-1-82-229-47-106.fbx.proxad.net (HELO peflzcc)
(82.229.47.106)
by [MUNGED] with SMTP; 9 Apr 2008 11:54:24 -0400
X-Sender: <salvatore.gunn_df[]midohio.net>
Subject: ------ Cheap Drugs, Free 4 or 12 pills ViagraAtFREE, over 100
medications to pick from dof bpet whg16e
Date: Wed, 09 Apr 2008 08:03:55 -0700
Message-ID: <1207753...@midohio.net>
From: "Salvatore Gunn" <salvatore.gunn_df[]midohio.net>
To: <[MUNGED]>
Bcc: <[MUNGED]>
Reply-To: "Salvatore Gunn" <salvatore.gunn_df[]midohio.net>
In-Reply-To: <eb0801c89663$4139b7ee$3d7fce02@7cuue73>
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: 8bit
Return-Path: salvatore.gunn_df[]midohio.net
X-OriginalArrivalTime: 09 Apr 2008 15:54:41.0760 (UTC)
FILETIME=[05F2EE00:01C89A5A]
Free 4 or 12 ViagraPills with any purchase
its 100% FREE, no gimmick
Use the free pills to satisfy your woman
We have over 100 meds to choose from
-- END OF SPAM --
See also European Pharmacy sightings:
http://groups.google.com/groups/search?q=%22European+Pharmacy%22+group%3A*abuse*&qt_s=Search
OLD Listing:
SBL61248 - ROK4932 / SBL61418, SBL61896, SBL62483
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932
WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 888-9089, please, keep your order I.D.
every time you make a call
© Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.
Contact:
Also you may send us an e-mail.
You will get an answer ASAP. Customer Support (click here to mail us
sup...@canadianmedicationsupport.com)
More spammer sightings:
http://groups.google.com/groups/search?q=%22September+70%25%22+group%3A*abuse&start=0&scoring=d&
More canadianmedicationsupport.com sightings:
http://groups.google.com/groups/search?q=canadianmedicationsupport.com+group%3A*abuse*&qt_s=Search
See:
IP 82.229.47.106 sml13-1-82-229-47-106.fbx.proxad.net
http://moensted.dk/spam/?addr=82.229.47.106
Currently Sending Spam SORBS-ZOMBIE/WEB/SOCKS/MISC ... etc
See: http://www.sorbs.net/lookup.shtml?82.229.47.106
http://cbl.abuseat.org/lookup.cgi?ip=82.229.47.106
inetnum: 82.229.46.0 - 82.229.47.255
netname: FR-PROXAD-ADSL
descr: Proxad / Free SAS
descr: Static pool (Freebox)
descr: stmarcel-1 (marseille2)
descr: NCC#2003105812
country: FR
role: Administrative Contact for ProXad
address: Free SAS / ProXad
address: 8, rue de la Ville L'Eveque
address: 75008 Paris
route: 82.224.0.0/11
descr: ProXad network / Free SAS
descr: Paris, France
origin: AS12322
notify: ripe-...@proxad.net
mnt-by: PROXAD-MNT
changed: nhyvern...@corp.free.fr
AS Name: PROXAD AS for Proxad/Free ISP
http://www.cidr-report.org/cgi-bin/as-report?as=12322
SEE:
beee.fothesnow.com => botnet
beee.fothesnow.com Resolved to fothesnow.com to 76.118.104.61 to
78.88.149.68 to 80.99.163.155 to 88.157.86.40 to 89.176.242.105 to
92.243.200.41 to 125.141.88.145 to 213.22.235.220 to 194.208.93.200 to
62.245.114.120 to 71.138.18.109 to 85.186.180.171 to 125.0.6.71 to
190.53.148.170
ns1.aotheholiday.com IP 66.130.104.103
ns2.aotheholiday.com IP 58.146.196.178
ns3.aotheholiday.com IP 68.60.148.135
ns4.aotheholiday.com IP 69.70.199.122
beee.fothesnow.com has no MX records -> fothesnow.com has no MX
records
See IP rDNS on botnet:
76.118.104.61 = c-76-118-104-61.hsd1.ma.comcast.net
78.88.149.68 = 078088149068.jaw.vectranet.pl / vectranet.pl
80.99.163.155 = catv-5063a39b.catv.broadband.hu
88.157.86.40 = rev-88-157-86-40.tvtel.pt
89.176.242.105 = rb5dk105.net.upc.cz / UPC Ceska
92.243.200.41 = user-92-243-200-41.ktkadan.cz / losan.cz
125.141.88.145 = no PTR at KORNET / kt.co.kr / Korea
213.22.235.220 = a213-22-235-220.cpe.netcabo.pt
194.208.93.200 = 194-208-093-200.tele.net / TELEPORT
62.245.114.120 = r2ay120.net.upc.cz / mistral.cz
71.138.18.109 - ppp-71-138-18-109.dsl.frs2ca.pacbell.net
85.186.180.171 = no PTR at ASTRAL / upc.ro
125.0.6.71 = ymgt107071.catv.ppp.infoweb.ne.jp
190.53.148.170 = no PTR at Newcom Limited / amnetcorp.com
AND:
IP 66.130.104.103 = modemcable103.104-130-66.mc.videotron.ca
IP 58.146.196.178 = no PTR at YOUNGDOONG / HANARO / onybs.co.kr /
YBS / Korea
IP 68.60.148.135 = c-68-60-148-135.hsd1.mi.comcast.net
IP 69.70.199.122 = modemcable122.199-70-69.mc.videotron.ca
SEE ALSO:
hostnames sharing ip with a-records
diturn.com
dpeclipse.com
ebgerry.com
fhthesame.com
mgtelling.com
rb5dk105.net.upc.cz
vhresidual.com
domains sharing nameservers
aotheholiday.com
beothparties.com
cflastmonth.com
cmconfidence.com
cotheamerican.com
diturn.com
dpeclipse.com
ebgerry.com
enandwho.com
fhthesame.com
mrlong22.com
sabyknock.com
sdwasin.com
sefirstplace.com
sharkansas.com
tritsown.com
vgisstill.com
vhresidual.com
winasabur.com
xcarkans.com
Let see whois.dns.com.cn:
Domain Name.......... fothesnow.com
Creation Date........ 2008-03-22 21:16:10
Registration Date.... 2008-03-22 21:16:10
Expiry Date.......... 2009-03-22 21:16:10
Organisation Name.... Wang Sanshui
Organisation Address. Chengdu
Organisation Address.
Organisation Address. Chengdu
Organisation Address. 610000
Organisation Address. SC
Organisation Address. CN
Admin Name........... Wang Sanshui
Admin Address........ Chengdu
Admin Address........
Admin Address........ Chengdu
Admin Address........ 610000
Admin Address........ SC
Admin Address........ CN
Admin Email.......... wmiao[]yahoo.com
Admin Phone.......... +86.13898778834
Admin Fax............ +86.13898778834
Tech Name............ Wang Sanshui
Tech Address......... Chengdu
Tech Address.........
Tech Address......... Chengdu
Tech Address......... 610000
Tech Address......... SC
Tech Address......... CN
Tech Email........... wm...@yahoo.com
Tech Phone........... +86.13898778834
Tech Fax............. +86.13898778834
Bill Name............ Wang Sanshui
Bill Address......... Chengdu
Bill Address.........
Bill Address......... Chengdu
Bill Address......... 610000
Bill Address......... SC
Bill Address......... CN
Bill Email........... wm...@yahoo.com
Bill Phone........... +86.13898778834
Bill Fax............. +86.13898778834
Name Server.......... ns4.aotheholiday.com
Name Server.......... ns3.aotheholiday.com
Name Server.......... ns2.aotheholiday.com
Name Server.......... ns1.aotheholiday.com
More wm...@yahoo.com sightings:
http://groups.google.com/groups/search?q=wmiao%40yahoo.com+group%3A*abuse*&qt_s=Search
SEE:
ns1.aotheholiday.com IP 66.130.104.103
ns2.aotheholiday.com IP 58.146.196.178
ns3.aotheholiday.com IP 68.60.148.135
ns4.aotheholiday.com IP 69.70.199.122
ns1.aotheholiday.com has no MX records -> aotheholiday.com has no MX
records
Let see whois.dns.com.cn:
Domain Name.......... aotheholiday.com
Creation Date........ 2007-11-27 09:56:48
Registration Date.... 2007-11-27 09:56:48
Expiry Date.......... 2008-11-27 09:56:48
Organisation Name.... Ma Linlin
Organisation Address. Beijing
Organisation Address.
Organisation Address. Beijing
Organisation Address. 210001
Organisation Address. BJ
Organisation Address. CN
Admin Name........... Ma Linlin
Admin Address........ Beijing
Admin Address........
Admin Address........ Beijing
Admin Address........ 210001
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... dfeeexxdf[]163.com
Admin Phone.......... +86.13076885511
Admin Fax............ +86.13076885511
Tech Name............ Ma Linlin
Tech Address......... Beijing
Tech Address.........
Tech Address......... Beijing
Tech Address......... 210001
Tech Address......... BJ
Tech Address......... CN
Tech Email........... dfee...@163.com
Tech Phone........... +86.13076885511
Tech Fax............. +86.13076885511
Bill Name............ Ma Linlin
Bill Address......... Beijing
Bill Address.........
Bill Address......... Beijing
Bill Address......... 210001
Bill Address......... BJ
Bill Address......... CN
Bill Email........... dfee...@163.com
Bill Phone........... +86.13076885511
Bill Fax............. +86.13076885511
Name Server.......... ns2.aotheholiday.com
Name Server.......... ns1.aotheholiday.com
Name Server.......... ns3.aotheholiday.com
Name Server.......... ns4.aotheholiday.com
More aotheholiday.com sightings:
http://groups.google.com/groups/search?q=aotheholiday.com+group%3A*abuse*&qt_s=Search
SEE Spamvert URL source code:
HTTP/1.1 302 Found
Date: Wed, 09 Apr 2008 16:21:52 GMT
Server: Apache/2.0.59 (FreeBSD) PHP/4.4.4 with Suhosin-Patch
X-Powered-By: PHP/4.4.4
Location: http://prettydesert.com
Content-Length: 0
Connection: close
Content-Type: text/html
Redirected to:
http://prettydesert.com
prettydesert.com IP 123.111.50.177
ns1.fopns.com IP 116.199.138.24
ns2.fopns.com IP 221.122.64.14
ns3.fopns.com IP 58.83.8.6
ns4.fopns.com IP 116.199.135.168
prettydesert.com has no MX records
http://moensted.dk/spam/?addr=123.111.50.177
Blocked due to spam, see http://korea.services.net/blocked.phtml?addr 3.111.50.177
inetnum: 123.111.0.0 - 123.111.255.255
netname: HANANET
descr: Hanaro Telecom
descr: Shindongah Bldg, 43, Taepyeongno2-ga, Jung-gu,Seoul
IPv4 Address : 123.111.48.0-123.111.63.255
Network Name : HANANET-INFRA
Connect ISP Name : HANANET
Registration Date : 20070419
Publishes : Y
[ Organization Information ]
Organization ID : ORG3930
Org Name : Hanaro Telecom Inc.
Address : Yeoeuido-dong Yeongdeungpo-gu SEOUL
Detail Address : 17-7 Asia One Bldg.
Zip Code : 150-874
[ Technical Contact Information ]
Name : IP manager
Org Name : Hanaro Telecom Inc.
Address : Yeoeuido-dong Yeongdeungpo-gu SEOUL
Detail Address : 17-7 Asia One Bldg.
Zip Code : 150-874
Phone : +82-2-106-2
E-Mail : ip-...@hanaro.com
route: 123.111.0.0/16
descr: proxy for HANARO TELECOM route
origin: AS9318
mnt-by: MAINT-HANARO
changed: ce-su...@us.ntt.net
AS Name: HANARO-AS Hanaro Telecom Inc.
http://www.cidr-report.org/cgi-bin/as-report?as=9318
SEE ALSO:
hostnames sharing ip with a-records
burnnumber.com
butradio.com
freshfine.com
indapills.com
meatknow.com
oilcount.com
powersuffix.com
printfollow.com
provecolor.com
stilltrack.com
tallfather.com
theirbread.com
twentymarket.com
watchtire.com
willmain.com
domains sharing nameservers
aeinoe.com
afterkindsss.com
ainomw.com
alextreelove.com
appht.com
applefollow.com
att77.com
beforecatred.com
beforessskind.com
blueredcat.com
bombcatred.com
brighthad.com
burnhit.com
catlovered.com
cedrtr.com
cianl.com
columnstream.com
credfot.com
dadony.com
detoyg.com
doanie.com
eionad.com
eniske.com
eomars.com
ertmko.com
eurocasinoael.com
eurocasinoafa.com
fillalexhead.com
fillbice.com
flipmencool.com
flipsssbonk.com
flowfakes.com
flywatches.com
foorker.com
fopns.com
gaienis.com
gempotty.com
gluestuckcat.com
goldwatchdirect.com
goodmoneypig.com
greatpigmoney.com
greencatred.com
headalexman.com
ialexmore.com
ieonse.com
indapills.com
joealexnight.com
justwatchz.com
kapdfot.com
kassty.com
keepwhyme.com
kimalextree.com
lawdstr.com
lawoyg.com
ldioon.com
legbott.com
leisuretimewatches.com
lovetreecat.com
maiok.com
manbestcool.com
mikpotf.com
misnit.com
moneypiggood.com
moressslove.com
mostsssbark.com
mseio.com
multiplybell.com
nowcatpurple.com
nowssstim.com
nuoroh.com
osnien.com
panmenwalk.com
pillcatgreen.com
powudat.com
proud3ms.com
purpluecat.com
qionh.com
rutjop.com
slampigmoney.com
soofanb.com
supa-watches.com
tailssspin.com
thebigwatches.com
theyalexless.com
timefoly.com
timepigmoney.com
toforthree.com
treealexbop.com
treessspig.com
uaaut.com
underredtree.com
waerer.com
waodt.com
watchwildworld.com
wealexmore.com
woanetu.com
womentreepan.com
xedter.com
xoieh.com
yellowpincat.com
yethappy.com
(only showing 100 results)
Let see whois.paycenter.com.cn:
Domain Name: prettydesert.com
Registrant:
wang qiang
yi xing shi yi cheng zheng dong shan xi lu 24 hao
214206
Administrative Contact:
wangqiang
wang qiang
yi xing shi yi cheng zheng dong shan xi lu 24 hao
yixing Jiangsu 214206
CN
tel: 510 87950311
fax: 510 87950311
pengxiongjun2[]163.com
Technical Contact:
wangqiang
wang qiang
yi xing shi yi cheng zheng dong shan xi lu 24 hao
yixing Jiangsu 214206
CN
tel: 87950311
fax: 87950311
pengxi...@163.com
Billing Contact:
wangqiang
wang qiang
yi xing shi yi cheng zheng dong shan xi lu 24 hao
yixing Jiangsu 214206
CN
tel: 87950311
fax: 87950311
pengxi...@163.com
Registration Date: 2008-02-05
Update Date: 2008-02-18
Expiration Date: 2009-02-05
Primary DNS: ns1.fopns.com 116.199.139.5
Secondary DNS: ns2.fopns.com 221.122.64.14
More pengxi...@163.com sightings:
http://groups.google.com/groups/search?q=pengxiongjun2%40163.com+group%3A*abuse*&qt_s=Search
SEE:
ns1.fopns.com IP 116.199.138.24
ns2.fopns.com IP 221.122.64.14
ns3.fopns.com IP 58.83.8.6
ns4.fopns.com IP 116.199.135.168
ns1.fopns.com has no MX records -> fopns.com has no MX records
Let see whois.paycenter.com.cn:
Domain Name: fopns.com
Registrant:
liu haijun
wu han
321099
Administrative Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 273 2129092
fax: 273 2129092
cncliup[]21cn.com
Technical Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Billing Contact:
liuhaijun
liu haijun
wu han
wu han Hubei 321099
CN
tel: 2129092
fax: 2129092
cnc...@21cn.com
Registration Date: 2008-02-14
Update Date: 2008-02-14
Expiration Date: 2009-02-14
Primary DNS: ns1.fopns.com 116.199.139.5
Secondary DNS: ns2.fopns.com 221.122.64.14
More fopns.com sightings:
http://groups.google.com/groups/search?q=fopns.com+group%3A*abuse*&qt_s=Search
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/d7139d9a0774b624
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/32af2972d6b5278b
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/2cb48defc6490ff7
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/