Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

[email] [drugs - Yambo] [77.178.91.241] (keanwebsolutions.com / jiggerrox.com / daserukanfunjinbas.com / 202.142.21.6 / ftalink.com / owenjackson.com / agencywhite.com / hireup.com / xpills5.com / asian-escort.org / daseruikiontungandesun.com / waseruntionkinyungands.com / rxpills5.com) Ticket number : 39110683673621

1 view
Skip to first unread message

TomezNet

unread,
May 17, 2007, 7:00:22 AM5/17/07
to
Received From:
IP 77.178.91.241 kiel-4db25bf1.pool.einsundeins.de
(at schlund.com / schlund.de / 1und1.de / 1und1.com / 1and1.com)

Spamvert:
www.keanwebsolutions.com IP 121.31.56.9
(SBL50962 - SBL51346 - SBL54114) (at CNCGROUP-GX)
mail.keanwebsolutions.com IP 66.235.192.123
(ns1.ipowerdns.com / ipowerweb.com)

degjbfmchk.jiggerrox.com IP 222.161.21.110
(SBL52130) (at cncgroup-jl)
mail.jiggerrox.com IP 124.24.107.10
(at InfoWeb / nifty.ad.jp / nifty.com)

Yambo Image Hosting at:
http://217.6.21.195:8080/e/ch/images/aw_fda.gif

IP 217.6.21.195
(SBL54002) (at dtag.de / geocontent.de)

daserukanfunjinbas.com => botnet
Resolved to 24.86.140.120 to 24.91.45.70 to 68.49.191.162 to
69.226.33.102 to 70.134.110.157 to 71.142.68.194 to 71.227.165.54 to
75.34.26.172 to 208.102.255.207 to 216.165.41.28

www.daserukanfunjinbas.com => Resolved to 24.14.179.22 to
24.86.140.120 to 24.116.234.42 to 69.226.33.102 to 71.85.146.9 to
71.227.165.54 to 75.0.97.16 to 75.25.31.214 to 75.32.107.110 to
208.102.255.207

www.ftalink.com IP 64.202.163.190
(at godaddy.com / secureserver.net)

www.owenjackson.com IP 67.19.29.250
www.klaymusic.com IP 69.41.238.66
(both at studentwebhosting.net / webservercity.com / ThePlanet.com)

www.agencywhite.com IP N/A
(at ns1.gulfcoastinternetservice.com)

www.hireup.com IP 208.101.17.36
(at ns1.fasthost.com / host.org / softlayer.com)

www.rxpills5.com IP N/A
(at ns.daseruikiontungandesun.com / ns.waseruntionkinyungands.com)

www.asian-escort.org => still at IP 216.131.96.206
(at reliablehosting.com => Suspended)

Spamvert E-mail:
B[]email.b.com

More Premier Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Premier+Pharmacy%22+group%3A*abuse&start=0&scoring=d&

Plenty of Forged Certificates and logos as always.

More info below:
====================

X-SID-PRA: [MUNGED]
X-Message-Info: txF49lGdW42A3tHg+/
K50tWwBqkfTry0iLIrilPTgzLhI8yktV4Q0sKerGqbNCgp
Received: from tomts19-srv.bellnexxia.net ([209.226.175.73]) by bay0-
pamc1-f10.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Tue, 15 May 2007 12:21:14 -0700
Received: from [MUNGED]
by toip19.srvr.bell.ca with ESMTP; 15 May 2007 15:21:05 -0400
Received: (qmail 7711 invoked by uid 110); 15 May 2007 15:21:05 -0400
Delivered-To: [MUNGED]
Received: (qmail 7661 invoked from network); 15 May 2007 15:21:04
-0400
Received: from kiel-4db25bf1.pool.einsundeins.de (77.178.91.241)
by [MUNGED] with SMTP; 15 May 2007 15:21:04 -0400
Received: (qmail 8182 by uid 884); Tue, 15 May 2007 09:21:05 +0100
Message-Id:
<200705151021...@kiel-4db25bf1.pool.einsundeins.de>
To: <[MUNGED]>
Subject: Ticket number : 39110683673621
From: <[MUNGED]>
Mime-Version: 1.0
Content-Type: text/html
Date: Tue, 15 May 2007 15:21:13 -0400
Return-Path: stu...@andybatt.com
X-OriginalArrivalTime: 15 May 2007 19:21:14.0315 (UTC)
FILETIME=[342B41B0:01C79726]

<XXHTMLXX><HEAD><TITLE>Bose Newsletter -- May 2007</TITLE>
<XXMETAXX></HEAD>
<XXBODYXX>
<XXSTYLEXX>

<CENTER><!-- header -->
<TABLE cellSpacing=0 cellPadding=0 width=572 border=0>
<TBODY>
<TR>
<TD style="PADDING-LEFT: 0px; FONT-SIZE: 11px; PADDING-BOTTOM: 10px;
COLOR: #a7a6a6; PADDING-TOP: 10px; FONT-FAMILY: arial"
align=left>Can't view this email? <a target="_blank" class=header
href="http://www.asian-escort.org/images/index.htm">See it online</A>.
</TD>
</TR>
</TBODY></TABLE><!-- end header --><!-- main table -->
<TABLE cellSpacing=0 cellPadding=0 width=580 bgColor=#ffffff border=0>
<TBODY>
<TR>
<TD width=580><!-- top nav -->
<TABLE cellSpacing=0 cellPadding=0 width=580 border=0 ;>
<TBODY>
<TR>
<TD colSpan=5><a target="_blank" href="http://www.klaymusic.com/images/
index.htm"><img src="http://www.klaymusic.com/images/i.gif"
border="0"></A></TD>

<TD width=7 background=http://products.bose.com/static/newsletter/
images/shared/extension.gif rowSpan=2><IMG height=5 src="http://
products.bose.com/static/email/images/shared_assets/spacer.gif"
width=7></TD>
</TR>

<TR>
<TD><a target="_blank" href="http://www.hireup.com/images/
index.htm"><IMG height=23 alt="Shop Online" src="http://
products.bose.com/static/newsletter/images/shared/nav_shop.gif"
width=102 border=0></A></TD>

<TD><a target="_blank" href="http://email.bose.com/cgi-bin24/DM/y/
ndxX0Pa5Vb0Jf50BJtz0Ee&src=EM213173&dartsourceid=EM213173"></A></TD>

<TD><a target="_blank" href="http://www.klaymusic.com/images/
index.htm"><IMG height=23 alt="Customer Service" src="http://
products.bose.com/static/newsletter/images/shared/nav_service.gif"
width=134 border=0></A></TD>

<TD><a target="_blank" href="http://www.agencywhite.com/images/
index.htm"><IMG height=23 alt=Subscribe src="http://products.bose.com/
static/newsletter/images/shared/nav_subscribe.gif" width=97 border=0></
A></TD>

<TD> </TD>
</TR>
</TBODY></TABLE><!-- end top nav --></TD>
</TR>

<TR>
<TD vAlign=top width=580><!-- content table -->
<TABLE cellSpacing=0 cellPadding=0 width=580 bgColor=#ffffff border=0>
<TBODY>
<TR>
<TD vAlign=top width=401 rowSpan=4><!-- left segment -->
<TABLE cellSpacing=0 cellPadding=0 width=401 border=0>
<TBODY>
<TR>
<TD width=401><a href="http://www.keanwebsolutions.com/images/
index.htm"><IMG src="http://products.bose.com/static/newsletter/images/
05_07_newsletter/deck_scene.jpg" alt="Deck scene" width=400 height=266
border="0"></a></TD>
</TR>

<TR>
<TD background=http://products.bose.com/static/newsletter/images/
05_07_newsletter/article_bg.jpg><IMG height=34 alt="Music in the Air"
src="http://products.bose.com/static/newsletter/images/
05_07_newsletter/music.gif" width=400><BR>

<DIV style="PADDING-RIGHT: 30px; PADDING-LEFT: 32px; FONT-SIZE: 11px;
PADDING-BOTTOM: 18px; COLOR: #ffffff; LINE-HEIGHT: 17px; PADDING-TOP:
15px; FONT-FAMILY: Georgia, Times New Roman, Times, serif; TEXT-ALIGN:
left">We're expanding the boundaries of our homes into "outdoor rooms"
furnished with indoor comforts. All we need is music. Discover how
outdoor speakers can add lasting pleasure to backyard living.<BR>
<a target="_blank" class=cover_link href="http://
www.keanwebsolutions.com/images/index.htm"><FONT color=#ffffff>Full
story</FONT></A> »</DIV></TD>
</TR>
</TBODY></TABLE><!-- end left segment --></TD>
<!-- right nav -->
<TD width=172><a href="http://www.owenjackson.com/images/
index.htm"><IMG height=30 alt="Automotive news" src="http://
products.bose.com/static/newsletter/images/05_07_newsletter/
auto_news.gif" width=172 border=0></a></A></TD>

<TD vAlign=top width=7 background=http://products.bose.com/static/
newsletter/images/shared/extension.gif rowSpan=5><IMG height=5
src="http://products.bose.com/static/email/images/shared_assets/
spacer.gif" width=7></TD>
</TR>

<TR>
<TD vAlign=top><a href="http://www.owenjackson.com/images/
index.htm"><IMG height=93 alt=Automobile src="http://products.bose.com/
static/newsletter/images/05_07_newsletter/auto.jpg" width=172
border=0></a></A><BR>

<DIV style="PADDING-RIGHT: 10px; PADDING-LEFT: 12px; FONT-SIZE: 11px;
COLOR: #333333; LINE-HEIGHT: 13px; FONT-FAMILY: Georgia, Times New
Roman, Times, serif; TEXT-ALIGN: left">1982: redefines automotive
audio. <BR>
<IMG height=5 src="http://products.bose.com/static/email/images/
shared_assets/spacer.gif" width=1><BR>
2007: A major auto maker recognizes in a whole new way.<BR>
<BR>
Learn more</A> »<BR>
<IMG height=1 src="http://products.bose.com/static/email/images/
shared_assets/spacer.gif" width=1></DIV></TD>
</TR>

<TR>
<TD vAlign=top width=172><IMG height=5 src="http://products.bose.com/
static/newsletter/images/shared/dot.gif" width=172><BR> <a
href="http://www.agencywhite.com/images/index.htm"><IMG height=33
alt="For recent grads" src="http://products.bose.com/static/newsletter/
images/05_07_newsletter/recent_grads.gif" width=172 border=0></a></A></
TD>
</TR>

<TR vAlign=top>
<TD>
<DIV style="PADDING-RIGHT: 5px; PADDING-LEFT: 12px; FONT-SIZE: 11px;
COLOR: #333333; LINE-HEIGHT: 13px; FONT-FAMILY: Georgia, Times New
Roman, Times, serif; TEXT-ALIGN: left">Looking for a career of
innovation and challenge? We're seeking college graduates to join our
dedication to excellence.<BR>
<BR>
See Careers @ </A> »</DIV>
<P> </P></TD>
</TR>

<TR>
<TD vAlign=top colSpan=2><!-- featured product -->
<!-- end featured product --></TD>
</TR>
</TBODY></TABLE><!-- end content table --><!-- bottom shadow -->
<TABLE cellSpacing=0 cellPadding=0 width=580 border=0>
<TBODY>
<TR>
<TD width=8><IMG height=10 src="http://products.bose.com/static/
newsletter/images/shared/left_corner.gif" width=8></TD>

<TD width=565 background=http://products.bose.com/static/newsletter/
images/shared/edge.gif></TD>

<TD width=7><IMG height=10 src="http://products.bose.com/static/
newsletter/images/shared/right_corner.gif" width=7></TD>
</TR>
</TBODY></TABLE><!-- end bottom shadow --></TD>
</TR>
</TBODY></TABLE><!-- end main table --><!-- footer -->
<TABLE cellSpacing=0 cellPadding=0 width=580 border=0>
<TBODY>
<TR>
<TD background=http://products.bose.com/static/email/images/
shared_assets/dot.gif><IMG height=3 src="http://products.bose.com/
static/email/images/shared_assets/spacer.gif" width=4></TD>
</TR>

<TR>
<TD><!-- shop 3 ways -->
<!-- end shop 3 ways --></TD>
</TR>

<TR>
<TD background=http://products.bose.com/static/email/images/
shared_assets/dot.gif><IMG height=3 src="http://products.bose.com/
static/email/images/shared_assets/spacer.gif" width=4></TD>
</TR>
<!-- subscribe and send to a friend -->
<TR>
<TD style="PADDING-RIGHT: 3px; PADDING-LEFT: 3px; FONT-SIZE: 11px;
PADDING-BOTTOM: 6px; COLOR: #666666; PADDING-TOP: 6px; FONT-FAMILY:
arial; TEXT-ALIGN: left"><a target="_blank" href="http://
email.bose.com/cgi-bin24/DM/y/
ndxX0Pa5Vb0Jf50BJt20ES&src=EM213173&dartsourceid=EM213173"></A> <a
target="_blank" href="http://email.bose.com/cgi-bin24/DM/y/
ndxX0Pa5Vb0Jf50BSbw0ES&src=EM213173&dartsourceid=EM213173"></A></TD>
</TR>

<TR>
<TD background=http://products.bose.com/static/email/images/
shared_assets/dot.gif><IMG height=3 src="http://products.bose.com/
static/email/images/shared_assets/spacer.gif" width=4></TD>
</TR>

<TR>
<TD>
<DIV style="PADDING-RIGHT: 6px; PADDING-LEFT: 6px; FONT-SIZE: 11px;
PADDING-BOTTOM: 6px; COLOR: #666666; PADDING-TOP: 3px; FONT-FAMILY:
arial; TEXT-ALIGN: left"><a target="_blank" class=footer href="http://
www.owenjackson.com/images/index.htm">Update email address</A> | <a
target="_blank" class=footer href="http://www.asian-escort.org/images/
index.htm">Unsubscribe</A> | <a target="_blank" class=footer
href="http://www.ftalink.com/images/index.htm">Privacy policy</A></
DIV></TD>
</TR>

<TR>
<TD background=http://products.bose.com/static/email/images/
shared_assets/dot.gif><IMG height=3 src="http://products.bose.com/
static/email/images/shared_assets/spacer.gif" width=4></TD>
</TR>

<TR>
<TD><!-- add to address book -->
<TABLE cellSpacing=0 cellPadding=8 width=580 border=0>
<TBODY>
<TR>
<TD style="PADDING-RIGHT: 6px; PADDING-LEFT: 6px; FONT-SIZE: 11px;
COLOR: #666666; PADDING-TOP: 3px; FONT-FAMILY: arial; TEXT-ALIGN:
left"><a target="_blank" href="http://email.bose.com/cgi-bin24/DM/y/
ndxX0Pa5Vb0Jf50BQUk0Ez&src=EM213173&dartsourceid=EM213173"><IMG
height=25 alt="Add address" src="http://products.bose.com/static/email/
images/shared_assets/address.gif" width=29 align=absMiddle border=0></
A></TD>

<TD style="PADDING-RIGHT: 6px; PADDING-LEFT: 6px; FONT-SIZE: 11px;
COLOR: #666666; PADDING-TOP: 3px; FONT-FAMILY: arial; TEXT-ALIGN:
left">To ensure you receive our emails, please add
<STRONG>B...@email.b.com</STRONG> to your address book. <a
target="_blank" class=footer href="http://www.ftalink.com/images/
index.htm">Click here</A> for instructions.</TD>
</TR>
</TBODY></TABLE><!-- end add to address book --></TD>
</TR>

<TR>
<TD>
<DIV style="PADDING-RIGHT: 6px; PADDING-LEFT: 6px; FONT-SIZE: 11px;
COLOR: #666666; PADDING-TOP: 3px; FONT-FAMILY: arial; TEXT-ALIGN:
left">You are subscribed to receive B emails as [MUNGED]. To
unsubscribe or update your email address, please <a target="_blank"
class=footer href="http://www.keanwebsolutions.com/images/
index.htm">click here</A>. If you are unable to use the link
provided.<BR>
<BR>
For customer service and all other inquiries.<BR>
<BR>
<BR>
<BR>
</DIV></TD>
</TR>
</TBODY></TABLE><!-- end footer --></CENTER><XXBODYXX>

<IMG SRC="http://email.bose.com/cgi-bin24/flosensing?
z=[MUNGED]"><XXHTMLXX>

-- END OF SPAM --

See More B[]email.b.com sightings:
http://groups.google.com/groups/search?q=%22B%40email.b.com%22+group%3A*abuse&start=0&scoring=d&

And More www.bose.com and Yambo sightings:
http://groups.google.com/groups/search?q=bose.com+group%3A*abuse&start=0&scoring=d&

See:
IP 77.178.91.241 kiel-4db25bf1.pool.einsundeins.de

http://www.moensted.dk/spam/?addr=77.178.91.241
http://www.spamhaus.org/query/bl?ip=77.178.91.241
http://www.spamhaus.org/pbl/query/PBL115050
http://cbl.abuseat.org/lookup.cgi?ip=77.178.91.241
http://spamcop.net/w3m?action=checkblock&ip=77.178.91.241

inetnum: 77.178.0.0 - 77.178.255.255
netname: ONEANDONE-DSL
descr: 1&1 Internet AG
descr: NCC#2006071591
country: DE
role: Schlund NCC
address: Schlund + Partner AG

abuse[]sofianet.net islisted in rfc-ignorant.org database

route: 77.178.0.0/15
descr: 1&1 Internet AG
remarks: netname: DE-1AND1-20061117
origin: AS6805
mnt-by: MDA-Z
changed: i...@telefonica.de

Prefix: 77.176.0.0/13
Prefix Name: 1&1 Internet AG
AS: 6805
AS Name: TDDE ASN1 Telefonica Deutschland Autonomous System Telefonica
Deutschland GmbH Hulshorstweg 30, 33415 Verl, Germany
http://www.cidr-report.org/cgi-bin/as-report?as=6805

8 SBL listings for IPs under the responsibility of schlund.de
http://www.spamhaus.org/sbl/listings.lasso?isp=schlund.de

1 SBL listings for IPs under the responsibility of 1and1.com
http://www.spamhaus.org/sbl/listings.lasso?isp=1and1.com

1 SBL listings for IPs under the responsibility of
http://www.spamhaus.org/sbl/listings.lasso?isp=

Spamvert URL:
http://www.keanwebsolutions.com/images/index.htm

Redirected to:
http://daserukanfunjinbas.com/?a=818-10532

And Again Redirected to:
http://daserukanfunjinbas.com/welcome.php?sid=210a5953275f3d65c48cca2a0c6e6ab2

See:
www.keanwebsolutions.com IP 121.31.56.9
ns1.ipowerdns.com [66.235.217.202] [TTL=172800] [US]
ns1.ipowerweb.net [64.70.61.130] [TTL=172800] [US]

NS records at your nameservers are:
ns2.ipowerdns.com [64.70.61.131] [TTL=3600]
ns1.ipowerweb.net [64.70.61.130] [TTL=3600]
ns1.ipowerdns.com [66.235.217.202] [TTL=3600]
ns2.ipowerweb.net [66.235.217.200] [TTL=3600]

SOA record [TTL=3600] is:
Primary nameserver: ns1.ipowerweb.net
Hostmaster E-mail address: hostm...@ipowerweb.net
Serial #: 2003120900

1 MX record is:
10 mail.keanwebsolutions.com [TTL=3600] IP=66.235.192.123 [TTL=3600]
[US]

123.192.235.66.in-addr.arpa host127.ipowerweb.com [TTL=3600]

http://www.moensted.dk/spam/?addr=121.31.56.9
http://www.spamhaus.org/query/bl?ip=121.31.56.9

inetnum: 121.31.0.0 - 121.31.255.255
netname: CNCGROUP-GX
descr: CNC Group Guangxi province network
descr: China Network Communications Group Corporation
e-mail: ab...@cnc-noc.net => ???

bogusmx, whois, postmaster and abuse[]cnc-noc.net are listed in rfc-
ignorant.org database

route: 121.31.0.0/16
descr: CNC Group CHINA169 Guangxi Province Network
country: CN
origin: AS4837
mnt-by: MAINT-CNCGROUP-RR
http://www.cidr-report.org/cgi-bin/as-report?as=4837

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL50962
121.31.0.0/17 is listed on the Spamhaus Block List (SBL)

08-May-2007 22:03 GMT | SR04

CNC Group Guangxi province network spammer hosting

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL51346
121.31.32.0/19 is listed on the Spamhaus Block List (SBL)

05-May-2007 13:32 GMT | SR04

Spammer hosting (escalation)

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL54114
121.31.56.0/24 is listed on the Spamhaus Block List (SBL)

02-May-2007 01:45 GMT | SR04

Dirty block Months of spammer hosting (escalation)

5 SBL listings for IPs under the responsibility of cncgroup-gx
http://www.spamhaus.org/sbl/listings.lasso?isp=cncgroup-gx

See:
mail.keanwebsolutions.com [TTL=3600] IP=66.235.192.123
http://www.moensted.dk/spam/?addr=66.235.192.123

66.235.192.123 = host127.ipowerweb.com

OrgName: iPowerWeb, Inc.
OrgID: IPOWE
NetRange: 66.235.192.0 - 66.235.223.255
CIDR: 66.235.192.0/19
NetName: IPOWERWEB-NET
NetHandle: NET-66-235-192-0-1
Parent: NET-66-0-0-0-0
NetType: Direct Allocation

abuse[]ipowerweb.com is listed in rfc-ignorant.org database
dsn, postmaster and abuse[]ipowerdns.com are listed in rfc-
ignorant.org database

route: 66.235.192.0/24
descr: Ipowerweb, Inc
origin: AS30380
mnt-by: MAINT-AS30380
changed: neta...@ipowerweb.com

IP: 66.235.192.123
Reverse: host127.ipowerweb.com
Aliases: www.baddude.com
Prefix: 66.235.192.0/24
Prefix Name: error
AS: 30380
AS Name: -No Whois Entry-
http://www.cidr-report.org/cgi-bin/as-report?as=30380

2 SBL listings for IPs under the responsibility of ipowerweb.com
http://www.spamhaus.org/sbl/listings.lasso?isp=ipowerweb.com

Let see whois:
Registrant:
Kean Solutions
1051 Wild Dunes Way
Duluth, GA 30097
US

Domain name: KEANWEBSOLUTIONS.COM

Administrative Contact:
Hsu, Kai k...@hip-ventures.com
1051 Wild Dunes Way
Duluth, GA 30097
US
4044225844 Fax: 000-000-0000

Technical Contact:
Manager, Domain hostm...@ipowerweb.com
2800 28th Street Suite 205
Santa Monica, California 90405
US
+1.8885114678 Fax: +1.3103141610

Registration Service Provider:
iPowerWeb, hostm...@ipowerweb.com
888 511 4678
602-307-5438 (fax)
http://IPOWER.com
This company may be contacted for domain login/passwords,
DNS/Nameserver changes, and general domain support questions.

Registrar of Record: TUCOWS, INC.
Record last updated on 09-Dec-2006.
Record expires on 09-Dec-2007.
Record created on 09-Dec-2003.

Domain servers in listed order:
NS1.IPOWERDNS.COM
NS1.IPOWERWEB.NET

hip-ventures.com has no whois record

More keanwebsolutions.com sightings:
http://groups.google.com/groups/search?q=keanwebsolutions.com+group%3A*abuse&qt_s=Search

See:
daserukanfunjinbas.com IP 69.226.33.102 => botnet

See from HTML source code:
=> javascript => function bookmark points to:
http://www.rxpills5.com/

Also:
daserukanfunjinbas.com => Resolved to 24.86.140.120 to 24.91.45.70 to
68.49.191.162 to 69.226.33.102 to 70.134.110.157 to 71.142.68.194 to
71.227.165.54 to 75.34.26.172 to 208.102.255.207 to 216.165.41.28

www.daserukanfunjinbas.com => Resolved to 24.14.179.22 to
24.86.140.120 to 24.116.234.42 to 69.226.33.102 to 71.85.146.9 to
71.227.165.54 to 75.0.97.16 to 75.25.31.214 to 75.32.107.110 to
208.102.255.207

www.daserukanfunjinbas.com has no MX records -> daserukanfunjinbas.com
has no MX records

http://www.spamhaus.org/query/bl?ip=216.165.41.28
http://cbl.abuseat.org/lookup.cgi?ip=216.165.41.28

Let see botnet IP addresses:
24.14.179.22 = c-24-14-179-22.hsd1.il.comcast.net
24.116.234.42 = 24-116-234-42.cpe.cableone.net
71.85.146.9 = 71-85-146-9.dhcp.stls.mo.charter.com
75.0.97.16 = adsl-75-0-97-16.dsl.snantx.sbcglobal.net
75.25.31.214 = adsl-75-25-31-214.dsl.irvnca.sbcglobal.net
75.32.107.110 = adsl-75-32-107-110.dsl.irvnca.sbcglobal.net

And:
24.86.140.120 = s01060011d8ef2e19.vs.shawcable.net
24.91.45.70 = c-24-91-45-70.hsd1.nh.comcast.net
68.49.191.162 = c-68-49-191-162.hsd1.md.comcast.net
69.226.33.102 = adsl-69-226-33-102.dsl.irvnca.pacbell.net
70.134.110.157 = NO PTR at SBC Internet Services
71.142.68.194 = adsl-71-142-68-194.dsl.pltn13.pacbell.net
71.227.165.54 = c-71-227-165-54.hsd1.wa.comcast.net
75.34.26.172 = adsl-75-34-26-172.dsl.chcgil.sbcglobal.net
208.102.255.207 = ws1-dsl-208-102-255-207.fuse.net
216.165.41.28 = 216-165-41-28.dynapool.nyu.edu

Let see whois:
Domain Name.......... daserukanfunjinbas.com
Creation Date........ 2007-01-13 17:36:25
Registration Date.... 2007-01-13 17:36:25
Expiry Date.......... 2008-01-13 17:36:25
Organisation Name.... he keai
Organisation Address. 18 erxiangjie beijing
Organisation Address.
Organisation Address. bei jing
Organisation Address. 165892
Organisation Address. BJ
Organisation Address. CN
Organisation Email... hekeai[]163.com

Admin Name........... he keai
Admin Address........ 18 erxiangjie beijing
Admin Address........
Admin Address........ bei jing
Admin Address........ 165892
Admin Address........ BJ
Admin Address........ CN
Admin Email.......... hek...@163.com
Admin Phone.......... +86.1062512874
Admin Fax............ +86.1062589125

Tech Name............ he wenjie
Tech Address......... 706,huanandianli building,shennanzhong rd
Tech Address.........
Tech Address......... Shenzhen
Tech Address......... 518031
Tech Address......... GD
Tech Address......... CN
Tech Email........... admins...@126.com
Tech Phone........... +86.75561280100
Tech Fax............. +86.75561280100

Bill Name............ he wenjie
Bill Address......... 706,huanandianli building,shennanzhong rd
Bill Address.........
Bill Address......... Shenzhen
Bill Address......... 518031
Bill Address......... GD
Bill Address......... CN
Bill Email........... admins...@126.com
Bill Phone........... +86.75561280100
Bill Fax............. +86.75561280100
Name Server.......... ns0.puntunhdefunterun.com
Name Server.......... ns0.pumationdesun.com
Name Server.......... ns0.ptrinmasedinca.com
Name Server.......... ns0.priokoliondedsa.com

More daserukanfunjinbas.com sightings:
http://groups.google.com/groups/search?q=daserukanfunjinbas.com+group%3A*abuse&qt_s=Search

Spamvert URL:
http://www.asian-escort.org/images/index.htm

This Account Has Been Suspended:
http://ds171.reliablehosting.com/suspended.page/

Was Redirected to:
http://degjbfmchk.jiggerrox.com/e/?ailchkxowsrydegjzchcmbfm

Copyright © 2001-2007 Canadian Health&Care Mall. All rights reserved.

See:
www.asian-escort.org IP 216.131.96.206
ns1.oakweb.com [216.131.94.5 (NO GLUE)] [US]
ns1.california.net [216.131.95.20 (NO GLUE)] [US]

SOA record [TTL=14400] is:
Primary nameserver: ns1.california.net
Hostmaster E-mail address: servicemonitor.reliablehosting.com
Serial #: 2005012701

1 MX record is:
0 asian-escort.org [TTL=14400] IP=216.131.96.206 [TTL=14400] [US]

http://www.moensted.dk/spam/?addr=216.131.96.206

216.131.96.206 = ds171.reliablehosting.com

OrgName: Black Oak Computers
OrgID: BOAK
NetRange: 216.131.64.0 - 216.131.127.255
CIDR: 216.131.64.0/18
NetName: RBLHST
NetHandle: NET-216-131-64-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Allocation

route: 216.131.96.0/19
descr: ReliableHosting
origin: AS22781
mnt-by: MAINT-RBLHST
Prefix: 216.131.96.0/19
Prefix Name: ReliableHosting
AS: 22781
AS Name: RBLHST ReliableHosting
http://www.cidr-report.org/cgi-bin/as-report?as=22781

2 SBL listings for IPs under the responsibility of reliablehosting.com
http://www.spamhaus.org/sbl/listings.lasso?isp=reliablehosting.com

See:
degjbfmchk.jiggerrox.com IP 222.161.21.110
ns1.harborpurp.net [83.15.82.74] [TTL=172800] [PL]
ns1.topfamishment.com [83.15.82.74] [TTL=172800] [PL]
ns2.wholetralrx.com [200.215.102.156] [TTL=172800] [BR]

NS records at nameservers are:
ns1.jiggerrox.com [222.161.21.110] [TTL=600]
ns2.jiggerrox.com [222.161.21.110] [TTL=600]
ns3.jiggerrox.com [124.24.107.10] [TTL=600]

SOA record [TTL=600] is:
Primary nameserver: jiggerrox.com
Hostmaster E-mail address: ad...@jiggerrox.com
Serial #: 2005000000

1 MX record is:
10 mail.jiggerrox.com [TTL=600] IP=124.24.107.10 [TTL=600] [JP]

degjbfmchk.jiggerrox.com has no MX records -> [jiggerrox.com has 1 MX
record mail.jiggerrox.com (10)]

http://www.moensted.dk/spam/?addr=222.161.21.110
http://www.spamhaus.org/query/bl?ip=222.161.21.110
http://www.spamhaus.org/pbl/query/PBL112295

inetnum: 222.161.21.108 - 222.161.21.111
netname: CC-JINFENGHUANG-NETBAR
country: CN
descr: CHANGCHUN CITY,JINFENGHUANG NETBAR,
descr: NO.1881 FUZHI ROAD,JILIN PROVINCE,CHINA
person: li jihong
nic-hdl: JL2441-AP
e-mail: jhl...@mail.jl.cn

route: 222.160.0.0/15
descr: CNC Group Jilin Network
descr: CNC Group CHINA169 Jilin Province Network
origin: AS4837
mnt-by: MAINT-AS4837
changed: I...@cnc-noc.net
http://www.cidr-report.org/cgi-bin/as-report?as=4837

And:
9 hosts sharing IP 222.161.21.110
abrubjoy.com
abrubjoy.info
checkmart.hk
lanatefood.com
ns2.triiks.hk
richkeep.com
spam.abrubjoy.info
stersensorial.com
www.triiks.hk

nameserver for 5 domains on the same IP
abrubjoy.com*
abrubjoy.info*
branndle.hk*
checkmart.hk*
richkeep.com*

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL52130
222.161.21.110/32 is listed on the Spamhaus Block List (SBL/ROKSO)

08-Mar-2007 22:48 GMT | SR20

Yambo Financials.
Yambo botnet webhosts/nameservers

6 SBL/ROKSO listings for IPs under the responsibility of cncgroup-jl
http://www.spamhaus.org/sbl/listings.lasso?isp=cncgroup-jl

See:
mail.jiggerrox.com IP 124.24.107.10

http://www.moensted.dk/spam/?addr=124.24.107.10

124.24.107.10 = u7c186b0a.sec.ppp.nifty.com

inetnum: 124.24.0.0 - 124.27.255.255
netname: InfoWeb
descr: FUJITSU LIMITED
descr: 17-25, SHINKAMATA 1-CHOME, OTA-KU,
descr: TOKYO 144-8588, JAPAN
country: JP
remarks: for spam or abuse: ab...@web.ad.jp => ???

abuse[]web.ad.jp is listed in rfc-ignorant.org database

inetnum: 124.24.64.0 - 124.24.127.255
netname: NIFTY-SERVE (nifty.ad.jp / nifty.com)
descr: NIFTY SERVE NETWORK(NIFTY Corporation)
country: JP

Prefix: 124.24.0.0/14
Prefix Name: InfoWeb InfoWeb
AS: 2510
AS Name: JPNIC ASBLOCK AP JPNIC Japan Network Information Center
http://www.cidr-report.org/cgi-bin/as-report?as=2510

Let see whois:
Registrant:
Klaudiusz Bromka (JIGGERROX-COM-DOM)
Podmiejska 5.
Pruszcz Gdanski, Gdansk 83000
POLAND
+485.86822033
klaudius...@yahoo.com

Domain Name: JIGGERROX.COM
Status: PROTECTED

Administrative Contact:
Klaudiusz Bromka klaudiusz_bromka[]yahoo.com
Podmiejska 5.
Pruszcz Gdanski, Gdansk 83000
POLAND
+485.86822033

Technical Contact, Zone Contact:
Klaudiusz Bromka klaudius...@yahoo.com
Podmiejska 5.
Pruszcz Gdanski, Gdansk 83000
POLAND
+485.86822033

Record last updated on 10-May-2007.
Record expires on 10-May-2008.
Record created on 10-May-2007.

Domain servers in listed order:
Name Server: ns1.topfamishment.com
Name Server: ns2.wholetralrx.com
Name Server: ns1.harborpurp.net

More jiggerrox.com sightings:
http://groups.google.com/groups/search?q=jiggerrox.com+group%3A*abuse&qt_s=Search

Spamvert URL:
http://www.ftalink.com/images/index.htm

Redirected to:
http://daserukanfunjinbas.com/?a=818-10532

Redirected again to:
http://daserukanfunjinbas.com/welcome.php?sid=07777acbc78eeae9070c0ee59ca625f2

Title: => Premier Pharmacy

See from source:
=> javascript => function bookmark points to:
http://www.rxpills5.com/

See:
www.ftalink.com IP 64.202.163.190
park10.secureserver.net [208.109.80.56] [TTL=172800] [US]
park9.secureserver.net [64.202.165.114] [TTL=172800] [US]

SOA record [TTL=86400] is:
Primary nameserver: PARK9.SECURESERVER.NET
Hostmaster E-mail address: dns.jomax.net
Serial #: 2006122000

2 MX records are:
0 smtp.secureserver.net [TTL=3600] IP=64.202.166.12 [CNAME] [US]
10 mailstore1.secureserver.net [TTL=3600] IP=64.202.166.11 (No Glue)
[TTL=1129] [US]

http://www.moensted.dk/spam/?addr=64.202.163.190

64.202.163.190 = linhost204.prod.mesa1.secureserver.net

More 64.202.163.190 sightings:
http://groups.google.com/groups/search?q=64.202.163.190+group%3A*abuse&qt_s=Search

OrgName: Go Daddy Software
OrgID: GDS-31
NetRange: 64.202.160.0 - 64.202.191.255
CIDR: 64.202.160.0/19
NetName: GO-DADDY-SOFTWARE-INC
NetHandle: NET-64-202-160-0-1
Parent: NET-64-0-0-0-0
NetType: Direct Allocation

route: 64.202.163.0/24
descr: NET-64-202-163-0-1
origin: AS26496
mnt-by: MAINT-AS26496
changed: an...@godaddy.com 20021211

route: 64.202.160.0/19
descr: LLNW cust
origin: AS26496
remarks: This is an auto-generated route for a Limelight customer,
remarks: created because no matching route-object was found.
remarks: Please contact bgp at llnw.com with any questions.
mnt-by: MAINT-LLNW
changed: w...@limelightnetworks.com 20060125

route: 64.202.160.0/19
descr: The Go Daddy Group
origin: AS26496
remarks: Prolexic BGP Customer
remarks: Puregig BGP Customer
mnt-by: PUREGIG-MNT
changed: ip-re...@puregig.net
http://www.cidr-report.org/cgi-bin/as-report?as=26496

Let see whois:
Registrant:
Godaddy Software

14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: FTALINK.COM
Created on: 20-Dec-06
Expires on: 06-Dec-07
Last Updated on:

Administrative Contact:
domains for sale, Godaddy Software domains4sale[]godaddy.com
Godaddy Software
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260
United States
480-505-8800 Fax -- 480-505-8844

Technical Contact:
domains for sale, Godaddy Software domain...@godaddy.com
Godaddy Software
14455 N Hayden Rd
Suite 219
Scottsdale, AZ 85260
United States
480-505-8800 Fax -- 480-505-8844

Domain servers in listed order:
PARK9.SECURESERVER.NET
PARK10.SECURESERVER.NET

More ftalink.com sightings:
http://groups.google.com/groups/search?q=ftalink.com+group%3A*abuse&qt_s=Search

See Spamvert URL:
http://www.owenjackson.com/images/index.htm

Redirected to:
http://daserukanfunjinbas.com/welcome.php?sid=a5f863d4564de3abc032e16e59a6be23

Title: => Premier Pharmacy

See:
www.owenjackson.com IP 67.19.29.250
ns7.studentwebhosting.net [67.19.29.251] [TTL=172800] [US]
ns8.studentwebhosting.net [67.19.29.252] [TTL=172800] [US]

SOA record [TTL=14400] is:
Primary nameserver: ns7.studentwebhosting.net
Hostmaster E-mail address: sam.studentwebhosting.co.uk
Serial #: 2005081300

1 MX record is:
0 owenjackson.com [TTL=14400] IP=67.19.29.250 [TTL=14400] [US]

http://www.moensted.dk/spam/?addr=67.19.29.250

67.19.29.250 = morpheus.webservercity.com

More 67.19.29.250 sightings:
http://groups.google.com/groups/search?q=67.19.29.250+group%3A*abuse&qt_s=Search

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
NetRange: 67.18.0.0 - 67.19.255.255
CIDR: 67.18.0.0/15
NetName: NETBLK-THEPLANET-BLK-11
NetHandle: NET-67-18-0-0-1
Parent: NET-67-0-0-0-0
NetType: Direct Allocation

route: 67.19.0.0/17
descr: ThePlanet.com Internet Services, Inc.
origin: AS21844
notify: adm...@theplanet.com
mnt-by: MAINT-AS13884
changed: wcha...@theplanet.com
http://www.cidr-report.org/cgi-bin/as-report?as=21844

5 SBL/ROKSO listings for IPs under the responsibility of theplanet.com
http://www.spamhaus.org/sbl/listings.lasso?isp=theplanet.com

Let see whois:
Registration Service Provided By: Student Web Hosting
Contact: en...@studentwebhosting.co.uk
Visit: http://www.studentwebhosting.net

Domain name: owenjackson.com

Registrant Contact:
OWEN JACKSON (OWEN.JACKSON1[]BTINTERNET.COM)
+44.01162772805
Fax: +44.01162772805
1 HOLYROOD DRIVE
LEICESTER, LEICESTERSHIRE LE8 5TQ
GB

Administrative Contact:
OWEN JACKSON (OWEN.J...@BTINTERNET.COM)
+44.01162772805
Fax: +44.01162772805
1 HOLYROOD DRIVE
LEICESTER, LEICESTERSHIRE LE8 5TQ
GB

Technical Contact:
OWEN JACKSON (OWEN.J...@BTINTERNET.COM)
+44.01162772805
Fax: +44.01162772805
1 HOLYROOD DRIVE
LEICESTER, LEICESTERSHIRE LE8 5TQ
GB

Status: Locked

Name Servers:
ns7.studentwebhosting.net
ns8.studentwebhosting.net

Creation date: 29 Apr 2005 07:40:39
Expiration date: 29 Apr 2008 07:40:39

More owenjackson.com sightings:
http://groups.google.com/groups/search?q=owenjackson.com+group%3A*abuse&start=0&scoring=d&

Spamvert URL:
http://www.agencywhite.com/images/index.htm

See:
www.agencywhite.com IP N/A
ns1.gulfcoastinternetservice.com [66.98.246.37] [TTL=172800] [US]
ns2.gulfcoastinternetservice.com [66.98.246.227] [TTL=172800] [US]

www.agencywhite.com has no MX records -> agencywhite.com has no MX
records

Let see whois:
Registrant:
Agency W H I T E
PO Box 102901
Memphis, TN 59921
US

Registrar: NAMESDIRECT
Domain Name: AGENCYWHITE.COM
Created on: 04-APR-05
Expires on: 04-APR-08
Last Updated on: 03-APR-07

Administrative, Technical Contact:
Brown, Jennifer in...@agencywhite.com
Agency W H I T E
PO Box 102901
Memphis, TN 59921
US
000000000

Domain servers in listed order:
NS1.GULFCOASTINTERNETSERVICE.COM
NS2.GULFCOASTINTERNETSERVICE.COM

More agencywhite.com sightings:
http://groups.google.com/groups/search?q=agencywhite.com+group%3A*abuse&qt_s=Search

Spamvert URL:
http://www.klaymusic.com/images/index.htm

Redirected to:
http://daserukanfunjinbas.com/?a=818-10532

And Again Redirected to:
http://daserukanfunjinbas.com/welcome.php?sid=4e5b1fd5fb57768065fabfa46b90e965

Premier Pharmacy is licensed online pharmacy, international license
number 05848921 issused 10 June 2002.

OUR ADDRESS:
Premier Pharmacy, 1300 State Route 7
Champlain, NY, USA

Merchant: Online Pharmacy

See:
www.klaymusic.com IP 69.41.238.66
ns1.studentwebhosting.net [69.41.238.67] [TTL=172800] [US]
ns2.studentwebhosting.net [69.41.238.68] [TTL=172800] [US]

SOA record [TTL=14400] is:
Primary nameserver: ns1.studentwebhosting.net
Hostmaster E-mail address: root.webservercity.com
Serial #: 2005060801

1 MX record is:
0 klaymusic.com [TTL=14400] IP=69.41.238.66 [TTL=14400] [US]

http://www.moensted.dk/spam/?addr=69.41.238.66

69.41.238.66 = matrix.webservercity.com

OrgName: ThePlanet.com Internet Services, Inc.
OrgID: TPCM
NetRange: 69.41.224.0 - 69.41.255.255
CIDR: 69.41.224.0/19
NetName: NETBLK-THEPLANET-BLK-6
NetHandle: NET-69-41-224-0-1
Parent: NET-69-0-0-0-0
NetType: Direct Allocation

route: 69.41.224.0/20
descr: ThePlanet.com Internet Services, Inc.
origin: AS21844
notify: adm...@theplanet.com
mnt-by: MAINT-AS13884
changed: r...@theplanet.com
http://www.cidr-report.org/cgi-bin/as-report?as=13884

Le see whois:
Registration Service Provided By: Student Web Hosting
Contact: en...@studentwebhosting.co.uk
Visit: http://www.studentwebhosting.net

Domain name: klaymusic.com

Registrant Contact:
Klay
Paul Maddick (PAULOFKLAY[]HOTMAIL.COM)
+44.7810328400
Fax: +44.7810328400
Estuary View
Dawlish, Devon EX7 0NA
GB

Administrative Contact:
Klay
Paul Maddick (PAULO...@HOTMAIL.COM)
+44.7810328400
Fax: +44.7810328400
Estuary View
Dawlish, Devon EX7 0NA
GB

Technical Contact:
Klay
Paul Maddick (PAULO...@HOTMAIL.COM)
+44.7810328400
Fax: +44.7810328400
Estuary View
Dawlish, Devon EX7 0NA
GB

Status: Locked

Name Servers:
ns1.studentwebhosting.net
ns2.studentwebhosting.net

Creation date: 08 Jun 2005 11:22:24
Expiration date: 08 Jun 2007 11:22:24

More klaymusic.com sightings:
http://groups.google.com/groups/search?q=klaymusic.com+group%3A*abuse&qt_s=Search

SEE Spamvert URL:
http://www.hireup.com/images/index.htm

Redirected to:
http://daserukanfunjinbas.com/welcome.php?sid=10c00f3d27dc17da8958b4fbf1a4125a

See:
www.hireup.com IP 208.101.17.36
ns1.fasthost.com [216.180.225.171] [TTL=172800] [US]
ns2.fasthost.com [63.247.77.151] [TTL=172800] [US]

NS records at nameservers are:
ns1.host.org [216.180.225.172] [TTL=86400]
ns2.host.org [63.247.77.132] [TTL=86400]

SOA record [TTL=86400] is:
Primary nameserver: ns1.host.org
Hostmaster E-mail address: host101.capital-web.com
Serial #: 2007011701

1 MX record is:
0 hireup.com [TTL=14400] IP=208.101.17.36 [TTL=14400] [US]

http://www.moensted.dk/spam/?addr=208.101.17.36

OrgName: SoftLayer Technologies Inc.
OrgID: SOFTL
NetRange: 208.101.0.0 - 208.101.63.255
CIDR: 208.101.0.0/18
NetName: SOFTLAYER-NETBLOCK3
NetHandle: NET-208-101-0-0-1
Parent: NET-208-0-0-0-0
NetType: Direct Allocation

route: 208.101.0.0/18
descr: SoftLayer Technologies Inc. - dal01 netblock2
origin: AS36351
notify: n...@softlayer.com
mnt-by: MAINT-AS36351
changed: ipa...@softlayer.com

IP: 208.101.17.36
Reverse: host.org
Aliases:
antilleanhouse.com
intergalacticplanetregistry.com
Prefix: 208.101.0.0/18
Prefix Name: SoftLayer Technologies Inc dal01 netblock2
AS: 36351
AS Name: SOFTLAYER SoftLayer Technologies Inc
http://www.cidr-report.org/cgi-bin/as-report?as=36351

Let see whois:
Domain: hireup.com
Registration provider: DotRegistrations.com

Registrant
Management Development Systems, LLC

D...@HireUp.com
32352 Ascension Road
Dana Point, CA 92629 US
+1.1111111111
(FAX)

Administrative
Del Still
Del J. Still
Del[]HireUp.com
32352 Ascension Road
Dana Point, Ca 92629 US
+1.9496611669
(FAX)

Billing
Del Still
Del J. Still
D...@HireUp.com
32352 Ascension Road
Dana Point, Ca 92629 US
+1.9496611669
(FAX)

Technical
Del Still
Del J. Still
D...@HireUp.com
32352 Ascension Road
Dana Point, Ca 92629 US
+1.9496611669
(FAX)

Record created on November 24, 1996
Record last updated on October 25, 2006
Record expires on November 23, 2007

Domain Name Servers:
NS1.FASTHOST.COM
NS2.FASTHOST.COM

More hireup.com sightings:
http://groups.google.com/groups/search?q=hireup.com+group%3A*abuse&start=0&scoring=d&

See:
www.rxpills5.com IP N/A
ns.daseruikiontungandesun.com [72.52.193.81] [TTL=172800] [US]
ns.waseruntionkinyungands.com [218.80.178.28] [TTL=172800] [CN]

www.rxpills5.com has no MX records -> rxpills5.com has no MX records

Let see whois:
Domain Name.......... rxpills5.com
Creation Date........ 2007-04-17 22:38:49
Registration Date.... 2007-04-17 22:38:49
Expiry Date.......... 2008-04-17 22:38:49
Organisation Name.... Wang Mingmiao
Organisation Address. SH
Organisation Address.
Organisation Address. SH
Organisation Address. 100021
Organisation Address. SH
Organisation Address. CN

Admin Name........... Wang Mingmiao
Admin Address........ SH
Admin Address........
Admin Address........ SH
Admin Address........ 100021
Admin Address........ SH
Admin Address........ CN
Admin Email.......... xxeqwqqe[]hotmail.com
Admin Phone.......... +86.1076885547
Admin Fax............ +86.1076885547

Tech Name............ Wang Mingmiao
Tech Address......... SH
Tech Address.........
Tech Address......... SH
Tech Address......... 100021
Tech Address......... SH
Tech Address......... CN
Tech Email........... xxeq...@hotmail.com
Tech Phone........... +86.1076885547
Tech Fax............. +86.1076885547

Bill Name............ Wang Mingmiao
Bill Address......... SH
Bill Address.........
Bill Address......... SH
Bill Address......... 100021
Bill Address......... SH
Bill Address......... CN
Bill Email........... xxeq...@hotmail.com
Bill Phone........... +86.1076885547
Bill Fax............. +86.1076885547
Name Server.......... ns.waseruntionkinyungands.com
Name Server.......... ns.daseruikiontungandesun.com

See:
ns.daseruikiontungandesun.com IP 72.52.193.81

ns.daseruikiontungandesun.com has no MX records ->
daseruikiontungandesun.com has no MX records

http://www.moensted.dk/spam/?addr=72.52.193.81

OrgName: Liquid Web, Inc.
OrgID: LQWB
NetRange: 72.52.128.0 - 72.52.255.255
CIDR: 72.52.128.0/17
NetName: LIQUIDWEB-6
NetHandle: NET-72-52-128-0-1
Parent: NET-72-0-0-0-0
NetType: Direct Allocation

route: 72.52.192.0/18
descr: Liquid Web Inc
4210 S. Creyts Rd
Lansing, MI 48917
origin: AS32244
mnt-by: MAINT-LQWB
changed: ipa...@liquidweb.com
http://www.cidr-report.org/cgi-bin/as-report?as=32244

Also:
ns.daseruikiontungandesun.com
a 60.12.192.90(CN)
nameserver for 10 domains
asipaboxip.com
basedrunjahsin.com
guihgzybira.com
hadrx.com
hodrx.com
klunarisafoneterra.com
ledrx.com
rx47.com
s-rx.net
tedrx.com

http://www.moensted.dk/spam/?addr=60.12.192.90

inetnum: 60.12.0.0 - 60.12.255.255
netname: CNCGROUP-ZJ
descr: CNC Group Zhejiang province network
descr: China Network Communications Group Corporation
descr: No.156,Fu-Xing-Men-Nei Street,
descr: Beijing 100031
country: CN

route: 60.12.0.0/16
descr: CNC Group ZheJiang Network
origin: AS4837
mnt-by: MAINT-AS4837
changed: I...@cnc-noc.net
http://www.cidr-report.org/cgi-bin/as-report?as=4837

More 60.12.192.90 sightings:
http://groups.google.com/groups/search?q=60.12.192.90+group%3A*abuse&qt_s=Search

14 SBL/ROKSO listings for IPs under the responsibility of CHINANET-ZJ
http://www.spamhaus.org/sbl/listings.lasso?isp=CHINANET-ZJ

Let see whois:
Domain Name.......... daseruikiontungandesun.com
Creation Date........ 2006-12-15 17:56:28
Registration Date.... 2006-12-15 17:56:28
Expiry Date.......... 2007-12-15 17:56:28
Organisation Name.... Wang Mingmiao
Organisation Address. SH
Organisation Address.
Organisation Address. SH
Organisation Address. 100021
Organisation Address. SH
Organisation Address. CN

Admin Name........... Wang Mingmiao
Admin Address........ SH
Admin Address........
Admin Address........ SH
Admin Address........ 100021
Admin Address........ SH
Admin Address........ CN
Admin Email.......... xxeqwqqe[]hotmail.com
Admin Phone.......... +86.1076885547
Admin Fax............ +86.1076885547

Tech Name............ Wang Mingmiao
Tech Address......... SH
Tech Address.........
Tech Address......... SH
Tech Address......... 100021
Tech Address......... SH
Tech Address......... CN
Tech Email........... xxeq...@hotmail.com
Tech Phone........... +86.1076885547
Tech Fax............. +86.1076885547

Bill Name............ Wang Mingmiao
Bill Address......... SH
Bill Address.........
Bill Address......... SH
Bill Address......... 100021
Bill Address......... SH
Bill Address......... CN
Bill Email........... xxeq...@hotmail.com
Bill Phone........... +86.1076885547
Bill Fax............. +86.1076885547
Name Server.......... ns0.kerunhandgunfandesikuntun.com
Name Server.......... ns0.adesuikintandefunhandesun.com

More daseruikiontungandesun.com sightings:
http://groups.google.com/groups/search?q=daseruikiontungandesun.com+group%3A*abuse&start=0&scoring=d&

See also more kerunhandgunfandesikuntun.com sightings:
http://groups.google.com/groups/search?q=kerunhandgunfandesikuntun.com+group%3A*abuse&start=0&scoring=d&

See:
ns.waseruntionkinyungands.com IP 218.80.178.28

also
203.191.148.182()
nameserver for 7 domains on this IP
basedrunjahsin.com
hadrx.com
klunarisafoneterra.com
ledrx.com
rx47.com
s-rx.net
tedrx.com

http://www.moensted.dk/spam/?addr=218.80.178.28
http://www.spamhaus.org/query/bl?ip=218.80.178.28
http://www.spamhaus.org/pbl/query/PBL114603

inetnum: 218.78.0.0 - 218.83.255.255
netname: CHINANET-SH
descr: CHINANET Shanghai province network
descr: Data Communication Division
descr: China Telecom
country: CN
changed: din...@cndata.com

route: 218.80.0.0/14
descr: Chinanet Shanghai
origin: AS4812
notify: ip-a...@mail.online.sh.cn
mnt-by: MAINT-AS4812
changed: sh-a...@8163.net.cn
http://www.cidr-report.org/cgi-bin/as-report?as=4812

And:
http://www.moensted.dk/spam/?addr=203.191.148.182

inetnum: 203.191.144.0 - 203.191.159.255
netname: EDONGNET
descr: Edong Network
country: CN
person: Hato Yu
nic-hdl: HY230-AP
e-mail: ha...@edong.com
address: Floor 4, NO.399, North Fute Road, Free Trade
Zone,Shanghai,China.

abuse[]edong.com IS listed in rfc-ignorant.org database

IP: 203.191.148.182
Aliases:
ns0.daserunhgenfunyanderunjans.com
ns.waseruntionkinyungands.com

ns for
basedrunjahsin.com
hadrx.com
klunarisafoneterra.com
ledrx.com
ns.waseruntionkinyungands.com
ns0.daserunhgenfunyanderunjans.com
rx47.com
s-rx.net
tedrx.com

5 SBL/ROKSO listings for IPs under the responsibility of edong.com
http://www.spamhaus.org/sbl/listings.lasso?isp=edong.com

More 203.191.148.182 sightings:
http://groups.google.com/groups/search?q=203.191.148.182+group%3A*abuse&qt_s=Search

Let see whois:
Domain Name.......... waseruntionkinyungands.com
Creation Date........ 2006-12-15 17:56:31
Registration Date.... 2006-12-15 17:56:31
Expiry Date.......... 2007-12-15 17:56:31
Organisation Name.... Wang Mingmiao
Organisation Address. SH
Organisation Address.
Organisation Address. SH
Organisation Address. 100021
Organisation Address. SH
Organisation Address. CN

Admin Name........... Wang Mingmiao
Admin Address........ SH
Admin Address........
Admin Address........ SH
Admin Address........ 100021
Admin Address........ SH
Admin Address........ CN
Admin Email.......... xxeqwqqe[]hotmail.com
Admin Phone.......... +86.1076885547
Admin Fax............ +86.1076885547

Tech Name............ Wang Mingmiao
Tech Address......... SH
Tech Address.........
Tech Address......... SH
Tech Address......... 100021
Tech Address......... SH
Tech Address......... CN
Tech Email........... xxeq...@hotmail.com
Tech Phone........... +86.1076885547
Tech Fax............. +86.1076885547

Bill Name............ Wang Mingmiao
Bill Address......... SH
Bill Address.........
Bill Address......... SH
Bill Address......... 100021
Bill Address......... SH
Bill Address......... CN
Bill Email........... xxeq...@hotmail.com
Bill Phone........... +86.1076885547
Bill Fax............. +86.1076885547
Name Server.......... ns0.kerunhandgunfandesikuntun.com
Name Server.......... ns0.adesuikintandefunhandesun.com

More waseruntionkinyungands.com sightings:
http://groups.google.com/groups/search?q=waseruntionkinyungands.com+group%3A*abuse&qt_s=Search

SEE Yambo Image Hosting at:
http://217.6.21.195:8080/e/ch/images/aw_fda.gif

OUR ADDRESS:
Main Office (headquarters)
2110 Oak Aly Monroe,
LA 71201-3659ICS

International Certified Stocks
12, Kasturba Gandhi Marg
New Delhi , India 110 001

Canadian Health&Care Mall is licenced by Minnesota Board of Pharmacy
http://217.6.21.195:8080/e/ch/images/license.jpg

STATE OF MINNESOTA
Minnesota board of pharmacy
DRUG RESELLING LICENSE
Canadian Health&Care Mall Corp.
2110 Oak Aly
Monroe, LA 71201-3659
LICENSE NO 02724941

IP 217.6.21.195

http://www.moensted.dk/spam/?addr=217.6.21.195
http://www.spamhaus.org/query/bl?ip=217.6.21.195

More 217.6.21.195 sightings:
http://groups.google.com/groups/search?q=217.6.21.195+group%3A*abuse&start=0&scoring=d&

inetnum: 217.6.21.192 - 217.6.21.199
netname: GEOCONTENT-MAGDEBURG-NET
descr: GeoContent Gmbh
country: DE
person: Aicke Damrau
address: GeoContent Gmbh
address: Goethestr. 49
address: 39108 Magdeburg
address: DE
phone: +49391400020
e-mail: dam...@geocontent.de

whois, postmaster and abuse[]dtag.de are listed in rfc-ignorant.org
database
abuse[]telekom.de is listed in rfc-ignorant.org database

route: 217.0.0.0/13
descr: Deutsche Telekom AG, Internet service provider
origin: AS3320
member-of: AS3320:RS-PA-TELEKOM
mnt-by: DTAG-RR
changed: r...@NIC.DTAG.DE 20000728
source: RIPE
changed: r...@TE142.T-COM.XX 20040615
http://www.cidr-report.org/cgi-bin/as-report?as=3320

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL54002
217.6.21.195/32 is listed on the Spamhaus Block List (SBL/ROKSO)

27-Apr-2007 15:16 GMT | SR20

Yambo Financials.
Yambo botnet image proxying/hosting (compromised sytems)

9 SBL/ROKSO listings for IPs under the responsibility of dtag.de
http://www.spamhaus.org/sbl/listings.lasso?isp=dtag.de

6 SBL/ROKSO listings for IPs under the responsibility of telekom.de
http://www.spamhaus.org/sbl/listings.lasso?isp=telekom.de

See:
products.bose.com Resolved to bose.com to IP 128.167.142.36

[products.bose.com has 3 MX records smtpgw01.bose.com (10)
smtpgw02.bose.com (10) smtpgw03.bose.com (10)]

http://www.moensted.dk/spam/?addr=128.167.142.36

See:
email.bose.com IP 216.73.89.100

[email.bose.com has 4 MX records inc24smtp1.ddc.dartmail.net (10)
cl6bak1smtp1.ddc.dartmail.net (30) cl6bak1smtp2.ddc.dartmail.net (30)
cl6bak2smtp1.ddc.dartmail.net (40)]

2 domains sharing mailservers with email.bose.com
dartmail.net => ?!
ddc.dartmail.net => ?!

11 domains sharing nameservers with email.bose.com
20.221.62.in-addr.arpa
ddc.dartmail.net => ?!
edc.dartmail.net => ?!
flonetwork.com => ?!
interests.cox.com
news.c-rewards.com
news.cr-news.com
news.crnewsletter.com
newsletter.handbag.com
newsletter.photoways.com
newsletter.pixdiscount.com

Sharing space with dartmail.net and flonetwork.com => 127.0.0.1

abuse[]flonetwork.com is listed in rfc-ignorant.org database

See more abuse and ignorance sightings:
http://groups.google.com/groups/search?q=dartmail+group%3A*abuse&start=0&scoring=d&

http://www.moensted.dk/spam/?addr=216.73.89.100

OrgName: Double Click, Inc.
OrgID: DOUBLE-3
NetRange: 216.73.80.0 - 216.73.95.255
CIDR: 216.73.80.0/20
NetName: DOUBLECLICK-NET
NetHandle: NET-216-73-80-0-1
Parent: NET-216-0-0-0-0
NetType: Direct Assignment
NameServer: NS1.DOUBLECLICK.NET
NameServer: NS2.DOUBLECLICK.NET
NameServer: NS3.DOUBLECLICK.NET
NameServer: NS4.DOUBLECLICK.NET

route: 216.73.80.0/20
descr: DoubleClick Digital Advertising
descr: DOUBLECLICK-FR
mnt-routes: MNT-AS6432
origin: AS6432
mnt-by: MNT-AS6432
changed: net...@doubleclick.net
RTechHandle: AN1068-ARIN
RTechName: Ng, Alex
RTechPhone: +1-212-683-0001
RTechEmail: a...@doubleclick.net
http://www.cidr-report.org/cgi-bin/as-report?as=6432

1 SBL listings for IPs under the responsibility of doubleclick.net
http://www.spamhaus.org/sbl/listings.lasso?isp=doubleclick.net

4 SBL listings for IPs under the responsibility of google.com
http://www.spamhaus.org/sbl/listings.lasso?isp=google.com

See also more identical spam sightings with email.bose.com:
http://groups.google.com/groups/search?q=email.bose.com+group%3A*abuse&start=0&scoring=d&

Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/0827b157cb221a8f

Cheers, Tomez


--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

For a copy of the guidelines to this group, see:

http://www.killfile.org/~tskirvin/nana/

0 new messages