Spamvert botnet:
neighborlight.cn => botnet
neighborlight.cn Resolved to 59.149.172.20 to 61.244.118.170 to
61.244.134.62 to 74.160.66.220 to 76.104.9.196 to 82.131.17.35 to
90.224.28.63 to 123.195.47.238 to 202.86.133.139 to 218.191.66.214 to
218.253.172.117 to 218.253.248.57 to 218.254.186.186 to
221.126.157.145 to 222.166.212.69
Title: Canadian Pharmacy
WEB:
ยฉ Copyright Canadian Pharmacy, 2003-2007. All Rights Reserved.
Much More Canadian Pharmacy sightings:
http://groups.google.com/groups/search?q=%22Canadian+Pharmacy%22+group%3A*abuse&start=0&scoring=d&
Plenty of Forged Certificates and logos as always.
Much More info below:
====================
X-SID-PRA: Vitaliy Hans <subsetru...@seica.com.mx>
X-Message-Info: txF49lGdW405mQPprqPdS6IIsRx7JJ/
RJaOe3arLpCiixXJEoq1Cw8XVQZZFwaJ2
Received: from tomts12-srv.bellnexxia.net ([209.226.175.56]) by bay0-
pamc1-f3.bay0.hotmail.com with Microsoft SMTPSVC(6.0.3790.2444);
Sun, 22 Jul 2007 12:45:55 -0700
Received: from [MUNGED]
by toip20.srvr.bell.ca with ESMTP; 22 Jul 2007 15:45:49 -0400
Received: (qmail 14112 invoked by uid 110); 22 Jul 2007 15:45:49 -0400
Delivered-To: [MUNGED]
Received: (qmail 12182 invoked from network); 22 Jul 2007 15:45:47
-0400
Received: from 191.169.203.62.cust.bluewin.ch (62.203.169.191)
by [MUNGED] with SMTP; 22 Jul 2007 15:45:47 -0400
Return-Path: <subsetru...@seica.com.mx>
Received: from 201.130.106.30 (HELO mail.seica.com.mx)
by [MUNGED] with esmtp (28Q0A0.7< 9H4B6)
id ,7C54)-90V6)I-+;
for [MUNGED]; Sun, 22 Jul 2007 19:45:50 -0060
From: "Vitaliy Hans" <subsetru...@seica.com.mx>
To: <[MUNGED]>
Subject: Re:
Date: Sun, 22 Jul 2007 19:45:50 -0060
Message-ID: <01c7cc98$e8412ff0$6c822ecf@subsetrubinstein>
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----=_NextPart_000_0006_01C7CCA9.ABC9FFF0"
X-Mailer: Microsoft Office Outlook, Build 11.0.5510
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Thread-Index: Aca6Q164C(6+QFH(+JH0PH;ZD075)+==
X-OriginalArrivalTime: 22 Jul 2007 19:45:56.0077 (UTC)
FILETIME=[EB7531D0:01C7CC98]
This is a multi-part message in MIME format.
------=_NextPart_000_0006_01C7CCA9.ABC9FFF0
Content-Type: text/plain;
charset="windows-1250"
Content-Transfer-Encoding: 7bit
VIAGRAIf you have a problem getting or keeping an
erection, your sex life can suffer. You should know that
you’re not alone. In fact, more than half of all men over 40
have difficulties getting or maintaining an erection. This issue, also
called erectile dysfunction, occurs with younger men as
well!You should know there is something you can do about
it. Join the millions of men who have already improved
their sex lives with VIAGRA!VISIT STORE ONLINE!
------=_NextPart_000_0006_01C7CCA9.ABC9FFF0
Content-Type: text/html;
charset="windows-1250"
Content-Transfer-Encoding: quoted-printable
<html xmlns:o=3D"urn:schemas-microsoft-com:office:office"
xmlns:w=3D"urn:sc=
hemas-microsoft-com:office:word" xmlns=3D"http://www.w3.org/TR/REC-
html40">
<head>
<META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html;
charset=3Dwindows-1250">
<meta name=3DGenerator content=3D"Microsoft Word 11 (filtered
medium)">
</head>
<body>
<BODY text=3D#000000 bgColor=3D#ffffff>
<font size=3D"3" face=3D"Times New Roman"><p align=3D"center"><font
color=
=3D"#0000ff" size=3D"6"><strong>VIAGRA</strong></font></p>
<p align=3D"center">If you have a problem getting or keeping an
erection, your sex life can suffer. <br />You should know that
you’re not alone. In fact, more than half of all men over 40 <br/
>hav=
e difficulties getting or maintaining an erection. This issue, also
called =
<br />erectile dysfunction, occurs with younger men as
well!</p>
<p align=3D"center">You should know there is something you can do
about
it. <br />Join the millions of men who have already <strong>improved
their sex lives with VIAGRA</strong>!</p>
<p align=3D"center"><a href=3D"http://neighborlight.cn"><font
size=3D"4"><s=
trong>VISIT STORE ONLINE!</strong></font></a></p></font>
</BODY>
</body>
</html>
------=_NextPart_000_0006_01C7CCA9.ABC9FFF0--
-- END OF SPAM --
See:
IP 62.203.169.191 191.169.203.62.cust.bluewin.ch
http://www.moensted.dk/spam/?addr=62.203.169.191
http://www.spamhaus.org/query/bl?ip=62.203.169.191
http://www.spamhaus.org/pbl/query/PBL015894
http://spamcop.net/w3m?action=checkblock&ip=62.203.169.191
Much More bluewin.ch sightings:
http://groups.google.com/groups/search?q=bluewin.ch+group%3A*abuse&start=0&scoring=d&
inetnum: 62.202.0.0 - 62.203.255.255
org: ORG-BA8-RIPE
netname: CH-BLUEWINDOW-20001018
descr: Swisscom Fixnet AG
country: CH
Prefix: 62.203.0.0/16
Prefix Name: Provider: Swisscom IP Plus
AS: 3303
AS Name: SWISSCOM Swisscom Solutions Ltd IP Plus Internet Backbone
Abuse issues abuse@ip plus net Operational issues helpdesk@ip plus net
Peering requests peering@ip plus net Other info http://www ip plus net
http://www.cidr-report.org/cgi-bin/as-report?as=3303
1 SBL listings for IPs under the responsibility of bluewin.ch
http://www.spamhaus.org/sbl/listings.lasso?isp=bluewin.ch
See:
neighborlight.cn => botnet
neighborlight.cn Resolved to 59.149.172.20 to 61.244.118.170 to
61.244.134.62 to 74.160.66.220 to 76.104.9.196 to 82.131.17.35 to
90.224.28.63 to 123.195.47.238 to 202.86.133.139 to 218.191.66.214 to
218.253.172.117 to 218.253.248.57 to 218.254.186.186 to
221.126.157.145 to 222.166.212.69
ns0.pharokufuma.com [221.127.80.230 (NO GLUE)] [HK]
ns0.nuspharkosa.com [219.134.59.25 (NO GLUE)] [CN]
neighborlight.cn has no MX records
a 123.195.47.238(AU) 123-195-47-238.ethome-ip.ethome.com.tw
a 218.253.172.117(HK) cm218-253-172-117.hkcable.com.hk
a 218.253.248.57(HK) cm218-253-248-57.hkcable.com.hk
a 218.253.25.35(HK) cm218-253-25-35.hkcable.com.hk
a 218.254.186.186(HK) cm218-254-186-186.hkcable.com.hk
a 218.255.78.116(HK) cm218-255-78-116.hkcable.com.hk
a 221.126.157.145(HK)
a 222.166.212.69(HK) cm222-166-212-69.hkcable.com.hk
a 59.149.136.33(HK) 059149136033.ctinets.com
a 59.149.172.20(HK) 059149172020.ctinets.com
a 61.244.118.170(HK) 061244118170.ctinets.com
a 61.244.134.62(HK) 061244134062.ctinets.com
a 74.160.66.220(US) adsl-160-66-220.asm.bellsouth.net
a 76.104.9.196(US) c-76-104-9-196.hsd1.va.comcast.net
a 90.224.28.63() 90-224-28-63-no112.tbcn.telia.com
NS:
ns0.kopepharas.com 218.175.234.193(TW)
ns0.mukopkufude.com 79.178.4.136(IL)
ns0.nuspharkosa.com 89.0.171.166(IL)
ns0.pharokufuma.com 24.127.246.103(US)
218.175.234.193 = 218-175-234-193.dynamic.hinet.net
79.178.4.136 no PTR at bezeqint.net
89.0.171.166 = 89.0.171.166.dynamic.barak-online.net
24.127.246.103 = c-24-127-246-103.hsd1.fl.comcast.net
SEE:
14 hosts sharing ip
asnolyke.com
cm218-254-186-186.hkcable.com.hk
cm218-255-78-116.hkcable.com.hk
directmedmass.com
drylike.hk
happennature.com
malware.degreeinch.hk
rxfast.org
vonare.com
www.distantleg.hk
www.hundredanger.hk
www.lifequiet.com
www.nineshall.hk
www.whitecry.com
nameserver for 1 domains
containone.hk*
Let see whois.cnnic.net.cn:
Domain Name: neighborlight.cn
ROID: 20070717s10001s23811261-cn
Domain Status: ok
Registrant Organization: Sam inc
Registrant Name: Trully Sam
Administrative Email: bobm...@safe-mail.net
Sponsoring Registrar: รฅลฝยฆรฉโ"ยจรฅ๏ฟฝลฝรฅโขโ รงโบโบรคยธโ"รงยฝโรงยปล"รฆล"โฐรฉโข๏ฟฝรฅโฆยฌรฅ๏ฟฝยธ
Name Server: ns0.pharokufuma.com
Name Server: ns0.nuspharkosa.com
Registration Date: 2007-07-17 21:14
Expiration Date: 2008-07-17 21:14
SEE:
ns0.kopepharas.com IP 218.175.234.193 and 222.167.199.80
ns0.kopepharas.com has no MX records -> kopepharas.com has no MX
records
Let see whois.paycenter.com.cn:
Domain Name:kopepharas.com
Registrant:
Stephen Patterson
9857 WEXFORD CIR
95746
Administrative Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Technical Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Billing Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Registration Date: 2007-07-12
Update Date: 2007-07-13
Expiration Date: 2008-07-12
Primary DNS: ns0.kopepharas.com 218.175.234.193
Secondary DNS: ns1.kopepharas.com 82.81.186.119
See:
ns0.mukopkufude.com IP 79.178.4.136 and 222.166.212.69
ns0.mukopkufude.com has no MX records -> mukopkufude.com has no MX
records
Let see whois.paycenter.com.cn:
Domain Name: mukopkufude.com
Registrant:
Stephen Patterson
9857 WEXFORD CIR
95746
Administrative Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Technical Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Billing Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Registration Date: 2007-07-12
Update Date: 2007-07-13
Expiration Date: 2008-07-12
Primary DNS: ns0.mukopkufude.com 79.178.4.136
Secondary DNS: ns1.mukopkufude.com 218.190.201.28
See:
ns0.nuspharkosa.com IP 89.0.171.166
ns0.nuspharkosa.com has no MX records -> nuspharkosa.com has no MX
records
Let see whois.paycenter.com.cn:
Domain Name:nuspharkosa.com
Registrant:
Stephen Patterson
9857 WEXFORD CIR
95746
Administrative Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Technical Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Billing Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Registration Date: 2007-07-12
Update Date: 2007-07-13
Expiration Date: 2008-07-12
Primary DNS: ns0.nuspharkosa.com 89.0.171.166
Secondary DNS: ns1.nuspharkosa.com 60.198.0.156
See:
ns0.pharokufuma.com IP 24.127.246.103 and 84.60.176.115
ns0.pharokufuma.com has no MX records -> pharokufuma.com has no MX
records
Let see whois.paycenter.com.cn:
Domain Name:pharokufuma.com
Registrant:
Stephen Patterson
9857 WEXFORD CIR
95746
Administrative Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Technical Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Billing Contact:
Stephen Patterson
Stephen Patterson
9857 WEXFORD CIR
GRANITE BAY 95746
United States
tel: 86 916 791 6222
fax: 86 916 791 6222
d...@hotmail.com
Registration Date: 2007-07-12
Update Date: 2007-07-13
Expiration Date: 2008-07-12
Primary DNS: ns0.pharokufuma.com 24.127.246.103
Secondary DNS: ns1.pharokufuma.com 85.250.190.75
SEE also page source code:
<snip>
function bookmark(){
if (book != 1) {
if(navigator.appName == "Microsoft Internet Explorer") {
var a='World';a ='C';a ='l';a ='a';a ='s';a ='s';a ='m';a ='e';a ='d';
window.external.AddFavorite("http://www.worldclassmed.com/",a '.Com,
Canadian Pharmacy - #1 Internet Online Drugstore');
www.worldclassmed.com IP N/A
www.worldclassmed.com has no MX records -> worldclassmed.com has no MX
records
Let see who was at whois.PublicDomainRegistry.com:
Registration Service Provided By: TRI RUBLYA J.S.C.
Contact: +7.8123760140
Website: http://buy-cheap-domain.info
Domain Name: WORLDCLASSMED.COM
Registrant:
MONDON inc.
wong hien philippe (benichoux[]free.fr)
411 Piedmont Ave., #103
Hillsborough
USA,23153
US
Tel. +23.39374522
Creation Date: 19-Mar-2006
Expiration Date: 19-Mar-2008
Domain servers in listed order:
ns1.webdns.hk
ns2.toptld.biz
Administrative Contact:
MONDON inc.
wong hien philippe (beni...@free.fr)
411 Piedmont Ave., #103
Hillsborough
USA,23153
US
Tel. +23.39374522
Technical Contact:
MONDON inc.
wong hien philippe (beni...@free.fr)
411 Piedmont Ave., #103
Hillsborough
USA,23153
US
Tel. +23.39374522
Billing Contact:
MONDON inc.
wong hien philippe (beni...@free.fr)
411 Piedmont Ave., #103
Hillsborough
USA,23153
US
Tel. +23.39374522
Status:SUSPENDED
More worldclassmed.com sightings:
http://groups.google.com/groups/search?q=worldclassmed.com+group%3A*abuse&qt_s=Search
Read more:
http://groups.google.com/group/news.admin.net-abuse.sightings/msg/a9ab4a478f31e7e0
Cheers, Tomez
--
All postings to news.admin.net-abuse.sightings are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.
For a copy of the guidelines to this group, see: