Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [drugs - Canadian Pharmacy botnet] [76.171.206.223] (catcentury.hk - chitionkdetunlionpsa.com / fionkunjerunhedase.com / gedsactunjerion.com / piotiongandesunkdes.com) Re:

0 views
Skip to first unread message

TomezNet

unread,
Jun 20, 2007, 11:31:14 PM6/20/07
to
Received From:
IP 76.171.206.223 cpe-76-171-206-223.socal.res.rr.com

Spamvert:
www.catcentury.hk => botnet
www.catcentury.hk Resolved to 59.31.23.204 to 59.149.26.171 to
61.10.232.211 to 61.15.41.183 to 61.15.58.34 to 61.18.62.152 to
61.92.213.12 to 61.93.34.166 to 61.93.121.70 to 61.238.20.167 to
66.61.89.1 to 71.194.127.235 to 75.74.177.144 to 124.48.139.21 to
203.203.35.55 to 218.255.202.53 to 219.70.28.114 to 220.121.183.150 to
221.127.17.71 to 221.127.239.11

WEB:
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&

Plenty of Forged Certificates and logos as always.

More info below:
====================

X-SID-PRA: Wally HANSEN <markingsw...@mail.kurabe.co.jp>
X-Message-Info: txF49lGdW43l7UOhW8gnNpl+7uFxFGpx3L6rkVVkrrF+ZYA/
LWCLhT5VbcmOJ/BN
Received: from tomts10-srv.bellnexxia.net ([209.226.175.54]) by bay0-
pamc1-f10.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Wed, 20 Jun 2007 14:36:38 -0700
Received: from [MUNGED]
by toip18.srvr.bell.ca with ESMTP; 20 Jun 2007 14:37:36 -0400
Received: (qmail 32679 invoked by uid 110); 20 Jun 2007 14:37:36 -0400
Delivered-To: [MUNGED]
Received: (qmail 23732 invoked from network); 20 Jun 2007 14:36:48
-0400
Received: from cpe-76-171-206-223.socal.res.rr.com (HELO user-
rgzkxlydyr.socal.rr.com) (76.171.206.223)
by [MUNGED] with SMTP; 20 Jun 2007 14:36:48 -0400
Return-Path: <markingsw...@mail.kurabe.co.jp>
Received: from 219.113.31.13 (HELO mail.mail.kurabe.co.jp)
by [MUNGED] with esmtp ('-U-8Y(AZ W/'=;0)
id -6@7A/-8)BN94-8)
for [MUNGED]; Wed, 20 Jun 2007 18:28:00 +0480
Message-ID: <01c7b368$bbaa7670$6c822ecf@markingswhorehouse>
From: "Wally HANSEN" <markingsw...@mail.kurabe.co.jp>
To: <[MUNGED]>
Subject: Re:
Date: Wed, 20 Jun 2007 18:28:00 +0480
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0007_01C7B32E.0F4B9E70"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2670
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2670
X-OriginalArrivalTime: 20 Jun 2007 21:36:39.0064 (UTC)
FILETIME=[15C49180:01C7B383]

This is a multi-part message in MIME format.

------=_NextPart_000_0007_01C7B32E.0F4B9E70
Content-Type: text/plain;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

VIAGRAIf you have a problem getting or keeping an
erection, your sex life can suffer. You should know that
you&rsquo;re not alone. In fact, more than half of all men over 40
have dif=
ficulties getting or maintaining an erection. This issue, also called
erect=
ile dysfunction, occurs with younger men as
well!You should know there is something you can do about
it. Join the millions of men who have already improved
their sex lives with VIAGRA!VISIT STORE ONLINE!
------=_NextPart_000_0007_01C7B32E.0F4B9E70
Content-Type: text/html;
charset="iso-8859-2"
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html;
charset=3Diso-8859-2">
<META content=3D"MSHTML 6.00.2900.2670" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY>
<BODY text=3D#000000 bgColor=3D#ffffff>
<font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font
color=3D"#0000ff" size=3D"6"><strong>VIAGRA</strong></font></p>
<p align=3D"center">If you have a problem getting or keeping an
erection, your sex life can suffer. <br /> You should know that
you&rsquo;re not alone. In fact, more than half of all men over 40 <br/
>have difficulties getting or maintaining an erection. This issue,
also called <br /> erectile dysfunction, occurs with younger men as
well!</p>
<p align=3D"center">You should know there is something you can do
about it. <br />
Join the millions of men who have already <strong>improved their sex
lives with VIAGRA</strong>!</p>
<p align=3D"center"><a href=3D"http://catcentury.hk"><font
size=3D"4"><strong> VISIT STORE ONLINE!</strong></font></a></p></font>
</BODY>
</BODY></HTML>

------=_NextPart_000_0007_01C7B32E.0F4B9E70--

-- END OF SPAM --

According to WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 787-1711, please, keep your order I.D.
every time you make a call.
© Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.

Contact us:
Also you may send us an e-mail.
You will get an answer ASAP. Customer Support (click here to mail us
sup...@canadianpharmsupport.com)

See support[]canadianpharmsupport.com sightings"
http://groups.google.com/groups/search?q=%22support%40canadianpharmsupport.com%22+group%3A*abuse&qt_s=Search

See:
IP 76.171.206.223 cpe-76-171-206-223.socal.res.rr.com

http://www.moensted.dk/spam/?addr=76.171.206.223
http://www.spamhaus.org/query/bl?ip=76.171.206.223
http://cbl.abuseat.org/lookup.cgi?ip=76.171.206.223
http://spamcop.net/w3m?action=checkblock&ip=76.171.206.223

So Much More rr.com sightings:
http://groups.google.com/groups/search?q=rr.com+group%3A*abuse&start=0&scoring=d&

OrgName: Road Runner HoldCo LLC
OrgID: RRWE
NetRange: 76.168.0.0 - 76.175.255.255
CIDR: 76.168.0.0/13
NetName: RRACI
NetHandle: NET-76-168-0-0-1
Parent: NET-76-0-0-0-0
NetType: Direct Allocation

Prefix: 76.168.0.0/14
Prefix Name: error
AS: 7757
AS Name: RoadRunner RS RR Comcast LA
http://www.cidr-report.org/cgi-bin/as-report?as=7757

See:
www.catcentury.hk => botnet
www.catcentury.hk Resolved to 59.31.23.204 to 59.149.26.171 to
61.10.232.211 to 61.15.41.183 to 61.15.58.34 to 61.18.62.152 to
61.92.213.12 to 61.93.34.166 to 61.93.121.70 to 61.238.20.167 to
66.61.89.1 to 71.194.127.235 to 75.74.177.144 to 124.48.139.21 to
203.203.35.55 to 218.255.202.53 to 219.70.28.114 to 220.121.183.150 to
221.127.17.71 to 221.127.239.11

NS0.PIOTIONGANDESUNKDES.COM [NO GLUE; No A record]
NS0.FIONKUNJERUNHEDASE.COM [NO GLUE; No A record]
NS0.GEDSACTUNJERION.COM [NO GLUE; No A record]
NS0.CHITIONKDETUNLIONPSA.COM [NO GLUE; No A record]

ns ns0.chitionkdetunlionpsa.com 76.104.139.174(US)
ns ns0.fionkunjerunhedase.com 208.120.41.135(US)
ns ns0.gedsactunjerion.com 69.229.238.218(US)
ns ns0.piotiongandesunkdes.com 24.238.187.40(US)

76.104.139.174 = c-76-104-139-174.hsd1.wa.comcast.net
208.120.41.135 = user-387gac7.cable.mindspring.com
69.229.238.218 = adsl-69-229-238-218.dsl.scrm01.pacbell.net
24.238.187.40 = user-0cetep8.cable.mindspring.com

www.catcentury.hk has no MX records -> catcentury.hk has no MX records

Let see whois:
Domain Name: CATCENTURY.HK
Contract Version: HKDNR latest version

Registrant Contact Information:
Holder English Name (It should be the same as your legal name on your
HKID card or other relevant documents): MR JOSEPH MCCRELESS
Holder Chinese Name:
Email: Kim_A...@hotmail.com (Kim_A_Leach[]hotmail.com)
Domain Name Commencement Date: 16-06-2007
Country: US
Expiry Date: 16-06-2008
Re-registration Status: Complete
Name of Registrar: HKDNR
Account Name: HK1913832T

Technical Contact:
First name: JOSEPH
Last name: MCCRELESS
Company Name: JOSEPH MCCRELESS

Name Servers Information:
NS0.FIONKUNJERUNHEDASE.COM
NS0.GEDSACTUNJERION.COM
NS0.PIOTIONGANDESUNKDES.COM
NS0.CHITIONKDETUNLIONPSA.COM

SEE Also more NS sightings:
More chitionkdetunlionpsa.com sightings:
http://groups.google.com/groups/search?q=chitionkdetunlionpsa.com+group%3A*abuse&start=0&scoring=d&

More fionkunjerunhedase.com sightings:
http://groups.google.com/groups/search?q=fionkunjerunhedase.com+group%3A*abuse&start=0&scoring=d&

More gedsactunjerion.com sightings:
http://groups.google.com/groups/search?q=gedsactunjerion.com+group%3A*abuse&start=0&scoring=d&

More piotiongandesunkdes.com sightings:
http://groups.google.com/groups/search?q=piotiongandesunkdes.com+group%3A*abuse&start=0&scoring=d&

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/bdd399028adaabc3

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/31404aa00626e260

And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/1447190638f378cd

Cheers, Tomez


--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages