[email] of stone, but Let them and power but that

POPULAR GROUPS

more...

[email] of stone, but Let them and power but that

Group: news.admin.netabuse.sightings · Group Profile
Author: spamless
Date: Feb 16, 2007 20:00

SPAM: of stone, but Let them and power but that

Illegal sale of prescription drugs without prescription
webcomplaints@ora.fda.gov
---
Fraudulent VeriSign seal at http://217.170.77.210:8080/legalrx/images/award_secure.gif
abuse@verisign.com,abuse@verisign.org
---
Three drugs disappeared from the product listing a few days ago,
Ambien, Valium and Xanax
while seven have more recently appeared,
Clarinex, Claritin, Glucosamine, Hyzaar Losartan (Hydrochlorthiazide),
Nolvadex, Topamax and Zinc.
---

Spam FROM: IP address 59.93.95.173
on sancharnet.in
nib_abuse@sancharnet.in,postmaster@sancharnet.in

Spamvertized URL: http://www.sawr.hk
resolved to the SPAMHAUS listed IP address 59.120.127.38
on hinet.net
network-adm@hinet.net,spam@ms1.hinet.net,abuse@hinet.net,
postmaster@hinet.net,support@hinet.net,admin@hinet.net,
abuse@ms1.hinet.net,postmaster@ms1.hinet.net,support@ms1.hinet.net,
admin@ms1.hinet.net,cykang@ms1.hinet.net
by the spammer's
Nameserver at the SPAMHAUS listed IP address 59.120.127.38
on hinet.net
network-adm@hinet.net,spam@ms1.hinet.net,abuse@hinet.net,
postmaster@hinet.net,support@hinet.net,admin@hinet.net,
abuse@ms1.hinet.net,postmaster@ms1.hinet.net,support@ms1.hinet.net,
admin@ms1.hinet.net,cykang@ms1.hinet.net
Nameserver at the SPAMHAUS listed IP address 60.2.225.106
on cncnet.net,china-netcom.com,cnc-noc.net,cncgroup, etc., Hebei
abuse@cnc-noc.net,postmaster@cnc-noc.net,root@cnc-noc.net,
tanghx@cnc-noc.net,hostmaster@cnc-noc.net,
webmaster@cnc-noc.net,haidong@cnc-noc.net,wenya@cnc-noc.net
noc@cnc-noc.net,admin@cnc-noc.net,nic@cnc-noc.net,help@cnc-noc.net,
abuse@cncnet.net,postmaster@cncnet.net,root@cncnet.net,
hostmaster@cncnet.net,webmaster@cncnet.net,
noc@cncnet.net,admin@cncnet.net,nic@cncnet.net
gzman_admin@china-netcom.com,liuhao@china-netcom.com,root@china-netcom.com,
tech-group@china-netcom.com,daihy@china-netcom.com,
postmaster@china-netcom.com,cncsummary@special.abuse.net,
hostmaster@china-netcom.com,webmaster@china-netcom.com,mazq@china-netcom.com,
jinyuan_lu@heinfo.net,postmaster@heinfo.net,ele@heinfo.net
Nameserver at the SPAMHAUS listed IP address 60.8.233.18
on cncnet.net,china-netcom.com,cnc-noc.net,cncgroup, etc., Hebei
abuse@cnc-noc.net,postmaster@cnc-noc.net,root@cnc-noc.net,
tanghx@cnc-noc.net,hostmaster@cnc-noc.net,
webmaster@cnc-noc.net,haidong@cnc-noc.net,wenya@cnc-noc.net
noc@cnc-noc.net,admin@cnc-noc.net,nic@cnc-noc.net,help@cnc-noc.net,
abuse@cncnet.net,postmaster@cncnet.net,root@cncnet.net,
hostmaster@cncnet.net,webmaster@cncnet.net,
noc@cncnet.net,admin@cncnet.net,nic@cncnet.net
gzman_admin@china-netcom.com,liuhao@china-netcom.com,root@china-netcom.com,
tech-group@china-netcom.com,daihy@china-netcom.com,
postmaster@china-netcom.com,cncsummary@special.abuse.net,
hostmaster@china-netcom.com,webmaster@china-netcom.com,mazq@china-netcom.com,
jinyuan_lu@heinfo.net,postmaster@heinfo.net,ele@heinfo.net
Nameserver at the SPAMHAUS listed IP address 63.223.11.14
on pccwglobal.com,Beyond The Network America, Inc. (btnaccess.com),cais.{com,net},wvfiber.net
abuse@btnaccess.com,postmaster@btnaccess.com,support@btnaccess.com,
abuse@cais.com,postmaster@cais.com,
abuse@pccwbtn.com,postmaster@pccwbtn.com,
supportamerica@btnaccess.com,abuse@pccwglobal.com,
support@pccwglobal.com,postmaster@pccwglobal.com,
abuse@wvfiber.net,postmaster@wvfiber.net,support@wvfiber.net
Nameserver at the SPAMHAUS listed IP address 64.110.30.1
on ses-americom.{com,net}
abuse@ses-americom.com,postmaster@ses-americom.com,
ivan.rodriguez@ses-americom.com
Nameserver at the SPAMHAUS listed IP address 65.43.7.170
on sbcglobal.net,swbell.net/NORTHERN INDIAN CENTER FOR HISTORY
abuse@sbcglobal.net,postmaster@sbcglobal.net,support@sbcglobal.net,
abuse@swbell.net,support@swbell.net,postmaster@swbell.net
Nameserver at the SPAMHAUS listed IP address 69.44.192.184
on level3/fairpoint.com/neonova.net/chouteautel.com
abuse@level3.com,spamtool@level3.net,abuse@level3.net
postmaster@fairpoint.com,abuse@fairpoint.com,support@fairpoint.com,
abuse@chouteautel.com,postmaster@chouteautel.com,
abuse@neonova.net,postmaster@neonova.net
Nameserver at the SPAMHAUS listed IP address 81.214.248.37
on ttnet.net.tr
abuse@ttnet.net.tr,postmaster@ttnet.net.tr,support@ttnet.net.tr
Nameserver at the SPAMHAUS listed IP address 83.15.82.74
on telekomunikacja.pl/tpnet.pl
abuse@telekomunikacja.pl,abuse@tpnet.pl,webmaster@telekomunikacja.pl,
postmaster@telekomunikacja.pl,postmaster@tpnet.pl
Nameserver at the SPAMHAUS listed IP address 85.136.20.235
on auna.{es,net},ono.es
abuse@ono.es,abuse@ono.com,postmaster@ono.es,
abuse@auna.net,postmaster@auna.net,
abuse@auna.es,postmaster@auna.es
Nameserver at the SPAMHAUS listed IP address 85.185.226.162
on dci.co.ir
abuse@mail.dci.co.ir,postmaster@mail.dci.co.ir,
support@mail.dci.co.ir,admin@mail.dci.co.ir,
abuse@dci.ir,admin@dci.ir
Nameserver at the SPAMHAUS listed IP address 87.105.62.30
on dialog.net.pl
abuse@dialog.net.pl,radoslaw.zdunek@dialog.pl,
piotr.guziewicz@dialog.pl,postmaster@dialog.net.pl
Nameserver at the SPAMHAUS listed IP address 199.243.242.9
on Bell Canada/Ttx Canada Inc/stentor.ca
abuse@bellnexxia.net,abuse@sympatico.ca,abuse@bell.ca,
postmaster@bell.ca,abuse@bellglobal.com,postmaster@bellglobal.com,
abuse@stentor.ca,postmaster@stentor.ca,support@stentor.ca
Nameserver at the SPAMHAUS listed IP address 200.29.97.98
on emcali.net.co
abuse@emcali.net.co,administradores@emcali.net.co,
postmaster@emcali.net.co,support@emcali.net.co,
admin@emcali.net.co
Nameserver at the SPAMHAUS listed IP address 200.53.86.254
on TerraLycos Mexico/terra.com.mx
postmaster@terra.com.mx,terra@terra.com.mx,abuse.backbone@wholesale.telefonica.com,
support@terra.com.mx,abuse@terra.com.mx
Nameserver at the SPAMHAUS listed IP address 200.62.226.85
on telmex.com/telmex.com.pe
isp.gestion@TELMEX.COM,abuse@telmex.com,postmaster@telmex.com,
abuse@TELMEX.COM.PE,postmaster@telmex.com.me,support@telmex.com.pe
Nameserver at the SPAMHAUS listed IP address 200.160.91.198
on ajato.com.br
abuse@AJATO.COM.BR,postmaster@ajato.com.br,
support@ajato.com.br,idc@ajato.com.br,
cert@cert.br,mail-abuse@cert.br
Nameserver at the SPAMHAUS listed IP address 201.231.109.16
on fibertel.com.ar
spamming@fibertel.com.ar,abuse@fibertel.com.ar,
postmaster@fibertel.com.ar,support@fibertel.com.ar
Nameserver at the SPAMHAUS listed IP address 202.130.115.198
on wharftt.com/newttidc.com
abuse@wharftt.com,postmaster@wharftt.com,support@wharftt.com,
abuse@newttidc.com,postmaster@newttidc.com,support@newttidc.com,
hostmaster@newttidc.com
Nameserver at the SPAMHAUS listed IP address 203.97.108.117
on telstraclear.co.nz,telstraclear.net/clear.net.nz
abuse@clear.net.nz,postmaster@clear.net.nz,support@clear.net.nz,
postmaster@telstraclear.co.nz,list.admin@team.telstraclear.co.nz,
abuse@telstraclear.net,postmaster@telstraclear.net,support@telstraclear.net
Nameserver at the SPAMHAUS listed IP address 203.231.90.90
on epnetworks.co.kr,epnetworks.co.kr
postmaster@epidc.co.kr,abuse@epidc.co.kr,abuse@epnetworks.co.kr,
spamcop@kisa.or.kr,postmaster@epnetworks.co.kr
Nameserver at the SPAMHAUS listed IP address 210.34.0.101
on net.edu.cn/xmu.edu.cn (Xiamen University)
cernet-helpdesk-ip@net.edu.cn,abuse@net.edu.cn,
postmaster@xmu.edu.cn,abuse@xmu.edu.cn,support@xmu.edu.cn,
postmaster@net.edu.cn
Nameserver at the SPAMHAUS listed IP address 210.48.202.78
on digi.com.my
abuse@digi.com.my,postmaster@digi.com.my,support@digi.com.my,
admin@digi.com.my
Nameserver at the SPAMHAUS listed IP address 213.85.227.50
on JSC "Central industry company" (a small block, 213.85.227.48/29) on AS8615, cnt.ru
pavel245@newmail.ru,abusedep@cnt.ru,postmaster@cnt.ru,
support@cnt.ru,admin@cnt.ru,abuse@cnt.ru
Nameserver at the SPAMHAUS listed IP address 218.107.52.68
on cncnet.net,china-netcom.com,cnc-noc.net,cncgroup, etc., Guangdong Province/Guangzhou city
abuse@cnc-noc.net,postmaster@cnc-noc.net,root@cnc-noc.net,
tanghx@cnc-noc.net,hostmaster@cnc-noc.net,
webmaster@cnc-noc.net,haidong@cnc-noc.net,wenya@cnc-noc.net
noc@cnc-noc.net,admin@cnc-noc.net,nic@cnc-noc.net,help@cnc-noc.net,
abuse@cncnet.net,postmaster@cncnet.net,root@cncnet.net,
hostmaster@cncnet.net,webmaster@cncnet.net,
noc@cncnet.net,admin@cncnet.net,nic@cncnet.net
gzman_admin@china-netcom.com,liuhao@china-netcom.com,root@china-netcom.com,
tech-group@china-netcom.com,daihy@china-netcom.com,
postmaster@china-netcom.com,cncsummary@special.abuse.net,
hostmaster@china-netcom.com,webmaster@china-netcom.com,mazq@china-netcom.com,
abuse-gd@china-netcom.com
Nameserver at the SPAMHAUS listed IP address 220.134.62.1
on hinet.net
network-adm@hinet.net,spam@ms1.hinet.net,abuse@hinet.net,
postmaster@hinet.net,support@hinet.net,admin@hinet.net,
abuse@ms1.hinet.net,postmaster@ms1.hinet.net,support@ms1.hinet.net,
admin@ms1.hinet.net,cykang@ms1.hinet.net
Nameserver at the SPAMHAUS listed IP address 220.189.231.22
on CHINANET-ZJ Shaoxing (chinanet.cn.net)/Friday Internet Bar
anti-spam@mail.sxptt.zj.cn,antispam@dcb.hz.zj.cn,
postmaster@zj.cn,postmaster@zjnbptt.net.cn,
postmaster@chinanet.cn.net,ctsummary@special.abuse.net,
anti-spam@ns.chinanet.cn.net
Nameserver at the SPAMHAUS listed IP address 221.8.12.90
on cncnet.net,china-netcom.com,cnc-noc.net,cncgroup, etc., Jilin
abuse@cnc-noc.net,postmaster@cnc-noc.net,root@cnc-noc.net,
tanghx@cnc-noc.net,hostmaster@cnc-noc.net,
webmaster@cnc-noc.net,haidong@cnc-noc.net,wenya@cnc-noc.net
noc@cnc-noc.net,admin@cnc-noc.net,nic@cnc-noc.net,help@cnc-noc.net,
abuse@cncnet.net,postmaster@cncnet.net,root@cncnet.net,
hostmaster@cncnet.net,webmaster@cncnet.net,
noc@cncnet.net,admin@cncnet.net,nic@cncnet.net
gzman_admin@china-netcom.com,liuhao@china-netcom.com,root@china-netcom.com,
tech-group@china-netcom.com,daihy@china-netcom.com,
postmaster@china-netcom.com,cncsummary@special.abuse.net,
hostmaster@china-netcom.com,webmaster@china-netcom.com,mazq@china-netcom.com
Nameserver at the SPAMHAUS listed IP address 222.134.78.66
on cncnet.net,china-netcom.com,cnc-noc.net,cncgroup, etc., Shandong/ZiBo-SunZhaoDong
abuse@cnc-noc.net,postmaster@cnc-noc.net,root@cnc-noc.net,
tanghx@cnc-noc.net,hostmaster@cnc-noc.net,
webmaster@cnc-noc.net,haidong@cnc-noc.net,wenya@cnc-noc.net
noc@cnc-noc.net,admin@cnc-noc.net,nic@cnc-noc.net,help@cnc-noc.net,
abuse@cncnet.net,postmaster@cncnet.net,root@cncnet.net,
hostmaster@cncnet.net,webmaster@cncnet.net,
noc@cncnet.net,admin@cncnet.net,nic@cncnet.net
gzman_admin@china-netcom.com,liuhao@china-netcom.com,root@china-netcom.com,
tech-group@china-netcom.com,daihy@china-netcom.com,
postmaster@china-netcom.com,cncsummary@special.abuse.net,
hostmaster@china-netcom.com,webmaster@china-netcom.com,mazq@china-netcom.com
ip@sdinfo.net,support@sdinfo.net,postmaster@sdjnptt.net.cn

The spamvertized sites contain images which are almost invariably hosted
at (or proxied by) other servers, however some time ago I noticed, and I
now see, a MyCanadian Pharmacy site (under several hostnames such as
drugscheapplace.com, all resolving to the same IP address) which either
proxy or host the images themselves. The MyCanadian sites' hostnames will
resolve not just to one, but to several IP addresses. For those which
resolve to this IP address (but not others), the VeriSign seal's URL is
http://drugscheapplace.com/p/images/veris.gif, for example. This proxies
or hosts the images itself. Might this be Windows instead of *nix?
For this spam, we have the usual references to images proxied by or hosted
at another location.

Fraudulent VeriSign seal at http://217.170.77.210:8080/legalrx/images/award_secure.gif
at the SPAMHAUS listed IP address 217.170.77.210 on eltel.net/spaceweb.ru,sweb.ru
abuse@eltel.net,postmaster@eltel.net
abuse@sweb.ru,postmaster@sweb.ru,support@sweb.ru,
abuse@spaceweb.ru,postmaster@spaceweb.ru

==========
[DETAILS:]

SPAM FROM: IP address 59.93.95.173
Which forged my email address as the envelope sender
while addressing the spam to an old format of my email
address used some years ago for USENET posting.

inetnum: 59.88.0.0 - 59.99.255.255
netname: BSNLNET
descr: NIB (National Internet Backbone)
descr: Bharat Sanchar Nigam Limited
country: IN
e-mail: nib_abuse@sancharnet.in

SPAMVERTIZED URL: http://www.sawr.hk

The message has an attachment, a gif image which just contains
text (to foil anti-spam filters). Different versions of the
spam have different backgrounds, fonts, etc. so that the
image itself is not identical and does not have a fixed
"fingerprint" which could be used to block the spam.

The textual content of the image is:
============================================
Buy meds online 5 times cheaper then in local pharmacy!

Now you have the opportunity to save your time and money!
Drugs list include: Levitra, Xanax, Tramadol, Coral Calcium, Xenical and more.
Free online consultation, No prior prescription needed.
Order High-Quality medications, save money and get them instantly!

To enter open your browser and type
www.sawr.hk

Serving clients 24 hours a day, 7 days a week!
Certified online pharmacy, 100%% Customer Satisfaction
Save your money, buy high-quality meds at low price!
We ship instantly worldwide in unmarked packing.

Order before midnight Thursday, July 31, 2003
and get special prices for all products!!

Warm regards,
US Pharmacy Association
============================================

===================================================
For the host:
"www.sawr.hk"

NAMESERVERS listed in the root servers for sawr.hk:
---------------------------------------------------
sawr.hk NS NS1.OURBOYCOT.COM
sawr.hk NS NS1.PERCEIVABLENUT.COM
sawr.hk NS NS2.GRISAILLESAG.COM
sawr.hk NS NS2.TRANSITSTARS.COM
NS1.OURBOYCOT.COM A 85.136.20.235
NS1.PERCEIVABLENUT.COM A 85.136.20.235
NS2.GRISAILLESAG.COM A 199.243.242.9
NS2.TRANSITSTARS.COM A 64.94.117.200

[extract from dig]
------------------
dig @64.94.117.200
www.sawr.hk
A +noqu +noadd +noau +norec
connection timed out

dig @85.136.20.235
www.sawr.hk
A +noqu +noadd +noau +norec
connection timed out

dig @199.243.242.9
www.sawr.hk
A +noqu +noadd +noau +norec
connection timed out
===================================================
Yambo blocks me from their nameservers and web sites.

Yambo has many (*many*) hosts around and vary the IP addresses
which appear as their nameservers and web sites from day to
day (hour to hour?, minute to minute?). One may find the above
as the current nameservers or perhaps some from the following list.
Let me list a few other IP addresses which have appeared as responsive
Yambo nameservers and web hosts since the beginning of December 2006.
24.232.145.171 83.229.85.132 200.68.73.157 213.19.120.1
24.232.169.19 85.136.20.235 200.122.158.15 213.85.227.50
59.120.127.38 85.185.226.162 200.160.91.198 213.165.34.170
60.2.39.58 87.105.62.30 200.170.112.252 217.15.112.93
60.2.225.106 87.118.160.9 200.203.63.110 217.66.25.115
60.8.233.18 89.32.106.38 201.231.109.16 217.218.235.6
60.210.100.198 89.35.123.26 201.236.86.253 218.21.90.7
60.213.10.2 125.215.149.201 202.29.128.196 218.22.50.150
60.213.15.242 141.60.167.50 202.83.166.115 218.107.52.68
61.158.228.139 147.102.33.31 202.130.115.198 218.210.183.145
61.191.21.18 147.215.18.22 202.143.145.210 219.156.206.171
61.216.115.187 148.202.23.17 203.97.99.153 220.110.211.87
63.223.11.14 148.244.66.234 203.97.108.117 220.132.47.130
63.245.40.72 150.214.101.178 203.129.232.82 220.132.53.217
64.94.117.200 151.8.85.1 203.208.142.242 220.134.62.1
64.110.30.1 152.104.168.85 203.215.232.130 220.134.142.24
64.212.191.82 162.105.139.37 203.231.90.90 220.134.150.81
65.43.7.170 164.77.192.242 207.166.125.202 220.189.231.22
69.44.192.184 193.77.124.224 210.34.0.101 221.8.12.90
81.182.254.200 193.230.183.161 210.47.0.50 221.215.89.210
81.214.248.37 199.243.242.9 210.48.202.78 222.134.78.66
82.106.134.139 200.29.97.98 210.77.30.253
83.15.82.74 200.53.86.254 210.77.87.241
83.143.12.252 200.62.226.85 211.190.236.153
and let me check at each to see if they, too, are nameservers which
still currently are part of this spam operation (ready to appear
today, tomorrow or the next day as nameservers and/or webhosts).
As I am blocked, I will use an "online dig" tool to query each IP
address for a resolution of the spamvertized hostname. As the tool
I use does not permit me to specify a non-recursive query, I will
query twice to avoid a "false positive" assertion of an "authoritative"
response for a first reply from a recursive server which passes along
an authoritative response, not having a cached value for the first
reply.

RESULTS:
--------
24.232.145.171 No response.
24.232.169.19 No response.
59.120.127.38 Authoritative resolution to 59.120.127.38.
60.2.39.58 No response.
60.2.225.106 Authoritative resolution to 59.120.127.38.
60.8.233.18 Authoritative resolution to 59.120.127.38.
60.210.100.198 Recursive resolution. [*]
60.213.10.2 No response.
60.213.15.242 No response.
61.158.228.139 No response.
61.191.21.18 No response.
61.216.115.187 No response.
63.223.11.14 Authoritative resolution to 59.120.127.38.
63.245.40.72 No response.
64.94.117.200 No response.
64.110.30.1 Authoritative resolution to 59.120.127.38.
64.212.191.82 No response.
65.43.7.170 Authoritative resolution to 59.120.127.38.
69.44.192.184 Authoritative resolution to 59.120.127.38.
81.182.254.200 No response.
81.214.248.37 Authoritative resolution to 59.120.127.38.
82.106.134.139 No response.
83.15.82.74 Authoritative resolution to 59.120.127.38.
83.143.12.252 No response.
83.229.85.132 No response.
85.136.20.235 Authoritative resolution to 59.120.127.38.
85.185.226.162 Authoritative resolution to 59.120.127.38.
87.105.62.30 Authoritative resolution to 59.120.127.38.
87.118.160.9 No response.
89.32.106.38 No response.
89.35.123.26 No response.
125.215.149.201 No response.
141.60.167.50 No response.
147.102.33.31 No response.
147.215.18.22 No response.
148.202.23.17 No response.
148.244.66.234 No response.
150.214.101.178 No response.
151.8.85.1 Recursive resolution. [*]
152.104.168.85 No response.
162.105.139.37 No response.
164.77.192.242 No response.
193.77.124.224 No response.
193.230.183.161 No response.
199.243.242.9 Authoritative resolution to 59.120.127.38.
200.29.97.98 Authoritative resolution to 59.120.127.38.
200.53.86.254 Authoritative resolution to 59.120.127.38.
200.62.226.85 Authoritative resolution to 59.120.127.38.
200.68.73.157 No response.
200.122.158.15 No response.
200.160.91.198 Authoritative resolution to 59.120.127.38.
200.170.112.252 No response.
200.203.63.110 No response.
201.231.109.16 Authoritative resolution to 59.120.127.38.
201.236.86.253 No response.
202.29.128.196 No response.
202.83.166.115 No response.
202.130.115.198 Authoritative resolution to 59.120.127.38.
202.143.145.210 No response. [+]
203.97.99.153 No response.
203.97.108.117 Authoritative resolution to 59.120.127.38.
203.129.232.82 No response.
203.208.142.242 No response.
203.215.232.130 No response.
203.231.90.90 Authoritative resolution to 59.120.127.38.
207.166.125.202 No response.
210.34.0.101 Authoritative resolution to 59.120.127.38.
210.47.0.50 No response.
210.48.202.78 Authoritative resolution to 59.120.127.38.
210.77.30.253 No response.
210.77.87.241 No response.
211.190.236.153 No response.
213.19.120.1 No response.
213.85.227.50 Authoritative resolution to 59.120.127.38.
213.165.34.170 No response.
217.15.112.93 No response.
217.66.25.115 No response.
217.218.235.6 No response.
218.21.90.7 No response.
218.22.50.150 No response.
218.107.52.68 Authoritative resolution to 59.120.127.38.
218.210.183.145 No response.
219.156.206.171 No response.
220.110.211.87 No response.
220.132.47.130 No response.
220.132.53.217 No response.
220.134.62.1 Authoritative resolution to 59.120.127.38.
220.134.142.24 No response.
220.134.150.81 No response.
220.189.231.22 Authoritative resolution to 59.120.127.38.
221.8.12.90 Authoritative resolution to 59.120.127.38.
221.215.89.210 No response.
222.134.78.66 Authoritative resolution to 59.120.127.38.

[Hmmm ... many of them have not been responding for awhile.
I dislike removing them from the list I check, for I have
seen Yambo nameservers play possum for awhile, stop working,
and a week or so later, they are back in business either as
nameserver or even as the IP address to which a web host
resolves. Still, some of the above have not been responding
for quite some time and so I have reduced the listing to those
which have authoritatively responded sometime since the
beginning of last December.]

*: This appears to be a publicly accessible resolver which
provides recursive resolutions. It seems that this has
been listed as one of "their" nameservers by Yambo simply
because it "works" for them (and others) rather than it
actually being a part of their operation.

+: Sometimes I get a response from this system but with
the "Recursion Available" flag set and a "Server Failure"
error message. When I get a response from this system without
the error message it is an authoritative response (for both
queries). It seems that this is infected but having problems
accessing the site from which it proxies data.

IP address 59.120.127.38
------------------------
59.120.127.38 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 59.112.0.0 - 59.123.255.255
netname: HINET-NET
country: TW
Netname: HINET-NET
Netblock: 59.120.127.0/24
Address 59.120.127.38 maps to 59-120-127-38.HINET-IP.hinet.net
Checking 59-120-127-38.HINET-IP.hinet.net address 59.120.127.38
[whois.abuse.net]
spam@ms1.hinet.net (for hinet.net)
------------------------

IP address 60.2.225.106
-----------------------
60.2.225.106 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 60.0.0.0 - 60.10.255.255
netname: CNCGROUP-HE
descr: CNCGROUP Hebei Province Network
e-mail: abuse@cnc-noc.net
e-mail: jinyuan_lu@heinfo.net
[whois.abuse.net]
jinyuan_lu@heinfo.net (for heinfo.net)
postmaster@heinfo.net (for heinfo.net)
abuse@cnc-noc.net (for heinfo.net)
ele@heinfo.net (for heinfo.net)
-----------------------

IP address 60.8.233.18
----------------------
60.8.233.18 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 60.0.0.0 - 60.10.255.255
netname: CNCGROUP-HE
descr: CNCGROUP Hebei Province Network
e-mail: abuse@cnc-noc.net
e-mail: jinyuan_lu@heinfo.net
----------------------

IP address 63.223.11.14
-----------------------
63.223.11.14 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
OrgName: Beyond The Network America, Inc.
OrgID: BNA-42
CIDR: 63.216.0.0/13
NameServer: NS.CAIS.COM
NameServer: NS2.CAIS.COM
OrgNOCEmail: supportamerica@btnaccess.com
11.223.63.in-addr.arpa has SOA hostmaster@wvfiber.net.
[whois.abuse.net]
abuse@btnaccess.com (for pccwglobal.com)
abuse@cais.com (for cais.net)
abuse@btnaccess.com (for btnaccess.com)
abuse@pccwbtn.com (for cais.net)
postmaster@btnaccess.com (for btnaccess.com)
supportamerica@btnaccess.com (for btnaccess.com)
abuse@pccwglobal.com (for pccwglobal.com)
abuse@cais.com (for cais.com)
abuse@pccwbtn.com (for cais.com)
postmaster@wvfiber.net (default, no info)
postmaster@pccwglobal.com (for pccwglobal.com)
-----------------------

IP address 64.110.30.1
----------------------
64.110.30.1 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
OrgName: SES Americom Inc.
OrgID: SESAM
City: Alexandria
StateProv: VA
NetRange: 64.110.0.0 - 64.110.191.255
NameServer: NS1.SES-AMERICOM.NET
OrgAbuseEmail: abuse@ses-americom.net
Address 64.110.30.1 maps to host-64-110-30-1.leuk.ses-americom.net
Checking host-64-110-30-1.leuk.ses-americom.net address 64.110.30.1
30.110.64.in-addr.arpa has SOA [omitted]@ses-americom.com

BUT ... currently I can get no A or MX record for ses-americom.net.
There *is* an MX for ses-americom.com.

The NS records for ses-americom.net in the root servers point to
ns{1,2}.ses-americom.net which authoritatively again provide the
NS records and resolve ns{1,2}.ses-americom.net (66.133.3.8,66.133.0.99)
but do not resolve ses-americom.net, www.ses-americom.net or provide
an mx record for ses-americom.net
----------------------

IP address 65.43.7.170
----------------------
65.43.7.170 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
OrgName: SBC Internet Services
OrgID: SIS-80
NetRange: 65.42.0.0 - 65.43.255.255
OrgAbuseEmail: abuse@sbcglobal.net
CustName: NORTHERN INDIAN CENTER FOR HISTORY
CIDR: 65.43.7.168/29
OrgAbuseEmail: abuse@sbcglobal.net
OrgNOCEmail: support@swbell.net
----------------------

IP address 69.44.192.184
------------------------
69.44.192.184 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
OrgName: Level 3 Communications, Inc.
OrgID: LVLT
CIDR: 69.44.0.0/15
OrgAbuseEmail: abuse@level3.com
OrgName: FAIRPOINT COMMUNICATIONS, INC.
OrgID: FAIRPO-3
CIDR: 69.44.192.0/21
RTechEmail: [omitted]@fairpoint.com
Address 69.44.192.184 maps to ip192-184.chouteautel.com
Checking ip192-184.chouteautel.com address 69.44.192.184
192.44.69.in-addr.arpa has SOA [omitted]@neonova.net
[whois.abuse.net]
abuse@level3.com (for level3.com)
spamtool@level3.net (for level3.com)
postmaster@fairpoint.com (default, no info)
abuse@chouteautel.com (for chouteautel.com)
abuse@level3.net (for level3.com)
abuse@neonova.net (for neonova.net)
------------------------

IP address 81.214.248.37
------------------------
81.214.248.37 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 81.214.248.0 - 81.214.248.255
netname: TurkTelekom
descr: ADSL-ALC-Ulus-Static Pool
country: tr
e-mail: abuse@ttnet.net.tr
Address 81.214.248.37 maps to dsl.static8121424837.ttnet.net.tr
------------------------

IP address 83.15.82.74
----------------------
83.15.82.74 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 83.0.0.0 - 83.31.255.255
org: ORG-PT1-RIPE
netname: PL-TPSA-20031203
country: PL
remarks: abuse@telekomunikacja.pl
Address 83.15.82.74 maps to eja74.internetdsl.tpnet.pl
Checking eja74.internetdsl.tpnet.pl address 83.15.82.74
[whois.abuse.net]
abuse@telekomunikacja.pl (for telekomunikacja.pl)
abuse@tpnet.pl (for tpnet.pl)
webmaster@telekomunikacja.pl (for telekomunikacja.pl)
abuse@telekomunikacja.pl (for tpnet.pl)
abuse@tpnet.pl (for telekomunikacja.pl)
postmaster@telekomunikacja.pl (for telekomunikacja.pl)
postmaster@tpnet.pl (for tpnet.pl)
----------------------

IP address 85.136.20.235
------------------------
85.136.20.235 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 85.136.0.0 - 85.136.255.255
netname: CABLEMODEM-AUNA-ZONA-SUR
descr: AUNA
country: ES
remarks: abuse@auna.es
Address 85.136.20.235 maps to 235-20-136-85.user.auna.net
but 235-20-136-85.user.auna.net does not resolve.
20.136.85.in-addr.arpa has SOA [omitted]@ono.es
[whois.abuse.net]
abuse@auna.es (for auna.net)
abuse@ono.com (for ono.es)
abuse@auna.es (for auna.es)
------------------------

IP address 85.185.226.162
-------------------------
85.185.226.162 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 85.185.0.0 - 85.185.255.255
org: ORG-TCoI1-RIPE
netname: IR-DCC-20041125
descr: Information Technology Company (ITC)
country: IR
abuse-mailbox: abuse@mail.dci.co.ir
dci.co.ir has SOA admin@dci.ir.
-------------------------

IP address 87.105.62.30
-----------------------
87.105.62.30 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 87.105.54.0 - 87.105.63.255
netname: DIALOGNET
descr: Static Broadband Services
country: PL
abuse-mailbox: abuse@dialog.net.pl
Address 87.105.62.30 maps to xdsl-8478.walbrzych.dialog.net.pl
Checking xdsl-8478.walbrzych.dialog.net.pl address 87.105.62.30
62.105.87.in-addr.arpa has SOA [omitted]@dns.wroclaw.dialog.net.pl
[whois.abuse.net]
radoslaw.zdunek@dialog.pl (for dialog.net.pl)
piotr.guziewicz@dialog.pl (for dialog.net.pl)
postmaster@dialog.net.pl (for dialog.net.pl)
-----------------------

IP address 199.243.242.9
------------------------
199.243.242.9 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
OrgName: Bell Canada
OrgID: LINX
CIDR: 199.243.0.0/16
NameServer: TOROON63NSZP05.SRVR.BELL.CA
RTechEmail: noc@in.bell.ca
OrgAbuseEmail: abuse@sympatico.ca
OrgAbuseEmail: abuse@bellnexxia.net
OrgTechEmail: [omitted]@bellglobal.com
CustName: Ttx Canada Inc
CIDR: 199.243.242.0/27
Comment: LINX - For Abuse issues contact
Comment: abuse@bellnexxia.net
OrgAbuseEmail: abuse@bellnexxia.net
OrgAbuseEmail: abuse@sympatico.ca
OrgTechEmail: [omitted]@bellglobal.com
242.243.199.in-addr.arpa has NS records {lopez,cyclops}.stentor.ca
stentor.ca has IP address 199.243.242.4
This is on Autonomous System Number 577
aut-num: AS577
as-name: BELL-AS
descr: Bell Backbone
e-mail: [omitted]@bellnexxia.com
------------------------

IP address 200.29.97.98
-----------------------
200.29.97.98 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 200.29.96/20
status: allocated
owner: EMCATEL
inetrev: 200.29.96/21
nserver: DNS1.EMCALI.NET.CO
nserver: DNS2.EMCALI.NET.CO
e-mail: administradores@EMCALI.NET.CO
Address 200.29.97.98 maps to servicios_pool_1_98.emcali.net.co
Checking servicios_pool_1_98.emcali.net.co address 200.29.97.98
-----------------------

IP address 200.53.86.254
------------------------
200.53.86.254 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 200.53.64/19
status: reallocated
owner: TerraLycos Mexico
e-mail: ipmaster@CORP.TERRA.COM.MX
86.53.200.in-addr.arpa has NS records dns{1,2}.infosel.net.mx
dns3.infosel.net.mx authoritatively reports that
86.53.200.in-addr.arpa has SOA [omitted]@corp.terra.com.mx
[whois.abuse.net]
postmaster@terra.com.mx (for terra.com.mx)
terra@terra.com.mx (for terra.com.mx)
abuse.backbone@wholesale.telefonica.com (for terra.com.mx)
------------------------

IP address 200.62.226.85
------------------------
200.62.226.85 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 200.62.226.80/29
status: reallocated
owner: EJERCITO PERUANO - CGE
ownerid: PE-EPCG-LACNIC
responsible: EJERCITO PERUANO - CGE
e-mail: isp.gestion@TELMEX.COM
226.62.200.in-addr.arpa has SOA [omitted]@mail.attla.com.pe
This is on Autonomous System Number 12252
[whois.ra.net]
aut-num: AS12252
as-name: TELMEX-PERU
descr: Autonomous System Object
Telmex Peru - Core Internet
admin-c: Rocio Castilla
notify: isp.gestion@telmex.com
[whois.lacnic.net]
aut-num: AS12252
owner: Telmex Peru S.A.
e-mail: abuse@TELMEX.COM.PE
e-mail: isp.gestion@TELMEX.COM
------------------------

IP address 200.160.91.198
-------------------------
200.160.91.198 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 200.160.80/20
aut-num: AS19182
abuse-c: ETA8 adm-ajato@ajato.com.br
owner: TVA SISTEMA DE TELEVISAO S.A.
inetrev: 200.160.88/21
nserver: ns1.ajato.com.br
nserver: ns2.ajato.com.br
e-mail: adm-ajato@ajato.com.br
remarks: Security issues should also be addressed to
remarks: cert@cert.br, http://www.cert.br/
remarks: Mail abuse issues should also be addressed to
remarks: mail-abuse@cert.br
Address 200.160.91.198 maps to 200-160-91-198.user.ajato.com.br
Checking 200-160-91-198.user.ajato.com.br address 200.160.91.198
This is on Autonomous System Number 19182
aut-num: AS19182
owner: Rede Ajato Ltda
e-mail: abuse@AJATO.COM.BR
-------------------------

IP address 201.231.109.16
-------------------------
201.231.109.16 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 201.231.0/17
status: allocated
owner: CABLEVISION S.A.
ownerid: AR-CASA10-LACNIC
country: AR
e-mail: noc@FIBERTEL.COM.AR
Address 201.231.109.16 maps to 16-109-231-201.fibertel.com.ar
Checking 16-109-231-201.fibertel.com.ar address 201.231.109.16
[whois.abuse.net]
spamming@fibertel.com.ar (for fibertel.com.ar)
-------------------------

IP address 202.130.115.198
--------------------------
202.130.115.198 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 202.130.96.0 - 202.130.127.255
netname: IPC-NEWTT
descr: Wharf T&T Limited
descr: Harbour City, Hong Kong SAR.
country: HK
e-mail: abuse@wharftt.com
115.130.202.in-addr.arpa has SOA hostmaster@newttidc.com
--------------------------

IP address 203.97.108.117
-------------------------
203.97.108.117 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 203.97.101.0 - 203.97.111.255
netname: TCL-CABLE-NZ
descr: TelstraClear Cable Customers
trouble: For network abuse contact:
trouble: list.admin@team.telstraclear.co.nz
Address 203.97.108.117 maps to 203-97-108-117.cable.telstraclear.net
Checking 203-97-108-117.cable.telstraclear.net address 203.97.108.117
108.97.203.in-addr.arpa has SOA hostmaster@clear.net.nz.
[whois.abuse.net]
abuse@clear.net.nz (for clear.net.nz)
postmaster@telstraclear.co.nz (for telstraclear.co.nz)
postmaster@telstraclear.net (default, no info)
list.admin@team.telstraclear.co.nz (for telstraclear.co.nz)
-------------------------

IP address 203.231.90.90
------------------------
203.231.90.90 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
Querying whois.nic.or.kr
query: 203.231.90.90
Org Name : Enterprise Networks
Service Name : ENTERPRISENET
E-mail : abuse@epnetworks.co.kr
90.231.203.in-addr.arpa has NS records ns{2,3}.epidc.co.kr
[whois.abuse.net]
postmaster@epidc.co.kr (for kr)
abuse@epidc.co.kr (for kr)
abuse@epnetworks.co.kr (for kr)
spamcop@kisa.or.kr (for kr)
postmaster@epnetworks.co.kr (for kr)
------------------------

IP address 210.34.0.101
-----------------------
210.34.0.101 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 210.34.0.0 - 210.34.15.255
netname: XMU-CN
descr: Xiamen University
country: CN
e-mail: cernet-helpdesk-ip@net.edu.cn
34.210.in-addr.arpa has SOA [omitted]@xmu.edu.cn
[whois.abuse.net]
abuse@net.edu.cn (for edu.cn)
-----------------------

IP address 210.48.202.78
------------------------
210.48.202.78 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 210.48.192.0 - 210.48.207.255
netname: DIGIIX
descr: DiGi Telecommunications Sdn. Bhd.
descr: Malaysia
country: MY
e-mail: [omitted]@digi.com.my
------------------------

IP address 213.85.227.50
------------------------
213.85.227.50 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 213.85.227.48 - 213.85.227.55
netname: cpcompany-net
descr: JSC "Central industry company"
country: RU
e-mail: pavel245@newmail.ru
This is on Autonomous System Number 8615
aut-num: AS8615
as-name: CNT-AS
descr: CNT Autonomous System
descr: "Central Telegraph"
descr: Moscow, Russia
remarks: abusedep@cnt.ru
------------------------

IP address 218.107.52.68
------------------------
218.107.52.68 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 218.107.44.0 - 218.107.54.255
netname: TY-LEASED-LINE-CUSTOMER
country: CN
descr: guangzhou city
route: 218.107.0.0/18
descr: CNC Group CHINA169 Guangdong Province Network
e-mail: abuse-gd@china-netcom.com
This is on Autonomous System Number 17622
aut-num: AS17622
as-name: CNCGROUP-GZ
descr: CNCGROUP IP network of GuangZhou region MAN network
------------------------

IP address 220.134.62.1
-----------------------
220.134.62.1 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 220.129.0.0 - 220.143.255.255
netname: HINET-NET
country: TW
inetnum: 220.134.0.0 - 220.134.255.255
netname: HINET-NET
descr: Chunghwa Telecom Data communication Business Group
e-mail: cykang@ms1.hinet.net
Address 220.134.62.1 maps to 220-134-62-1.HINET-IP.hinet.net
Checking 220-134-62-1.HINET-IP.hinet.net address 220.134.62.1
[whois.abuse.net]
spam@ms1.hinet.net (for hinet.net)
-------------------------

IP address 220.189.231.22
-------------------------
220.189.231.22 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 220.189.231.20 - 220.189.231.23
netname: FRIDAY-NETBAR
country: CN
descr: Friday Internet Bar
role: CHINANET-ZJ Shaoxing
e-mail: anti-spam@mail.sxptt.zj.cn
189.220.in-addr.arpa has SOA [omitted]@ns.zjnbptt.net.cn
[whois.abuse.net]
antispam@dcb.hz.zj.cn (for zj.cn)
postmaster@zj.cn (for zj.cn)
postmaster@zjnbptt.net.cn (default, no info)
postmaster@chinanet.cn.net (for chinanet.cn.net)
ctsummary@special.abuse.net (for chinanet.cn.net)
anti-spam@ns.chinanet.cn.net (for chinanet.cn.net)
-------------------------

IP address 221.8.12.90
----------------------
221.8.12.90 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 221.8.0.0 - 221.9.255.255
netname: CNCGROUP-JL
descr: CNC Group JILIN province network
e-mail: abuse@cnc-noc.net
8.221.in-addr.arpa has SOA [omitted]@dns.jlccptt.net.cn.
----------------------

IP address 222.134.78.66
------------------------
222.134.78.66 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 222.134.78.64 - 222.134.78.67
netname: ZB-SZD
country: CN
descr: ZiBo-SunZhaoDong
route: 222.132.0.0/14
descr: CNC Group CHINA169 Shandong Province Network
e-mail: ip@sdinfo.net
134.222.in-addr.arpa has SOA [omitted]@ns.sdjnptt.net.cn
[whois.abuse.net]
support@sdinfo.net (for sdinfo.net)
postmaster@sdjnptt.net.cn (default, no info)
abuse@cnc-noc.net (for sdinfo.net)
ctsummary@special.abuse.net (for sdinfo.net)
------------------------

Most of the Yambo sites use various filtering techniques and I can't
reach them using a web based anonymizing proxy - let me check this time
... YES! The proxy I used managed to get the pages at this site (they use
IP address based blocking as well as connection based blocking. If,
during your current connection, you do not proceed "properly", getting
the image whose tag is encrypted in Javascript, getting the framed
contents immediately after the frameset, etc., the current IP address
will be blocked, usually only temporarily. I wonder if the usual lack of
success using web proxies is because someone else recently used them to
access the site). I am now, sometimes, trying several proxies to reach
the site and find the image hosting.

LEGALRX PHARMACY:
-----------------

This site (the starting page redirects) is in the "/legalrx/" directory.
It is the LegalRX Pharmacy site (as opposed to the MyCanadian pharmacy
at other hostnames in the "/p/" directory or the US Drugs pharmacy
at other hostnames in the "/usd/" directory or the EVA/VIP Pharmacy pages
in the "/e/[varies]/" directories or the counterfeit rolex pages in the
"/rolex/" directory under other hostnames. While the hostnames may vary
and resolve to other IP addresses, you should be able to find any of them
at the IP address to which any other resolves if you force the resolution).

As usual the site has its images hosted/proxied at another location ...
(Recently the images had been hosted at (proxied by) the spamvertized host.
Before that they were often obtained at another compromised system on port
8080 if they were not hosted on yahoo.com).

SPAMVERTIZED IMAGE HOST: http://217.170.77.210:8080/legalrx/[varies]

Fraudulent Verisign seal:
http://217.170.77.210:8080/legalrx/images/award_secure.gif

Let me check that this is "up." Yes, it is.

IP address 217.170.77.210
-------------------------
217.170.77.210 is found in sbl.spamhaus.org
Lists "known spammers, spam gangs or spam support services."
inetnum: 217.170.77.0 - 217.170.77.255
netname: Internet33com
descr: Web Hosting Services
country: US
admin-c: AF1468-RIPE admin@internet33.com
Address 217.170.77.210 maps to db2.sorenssystem.com
but db2.sorenssystem.com does not resolve.
77.170.217.in-addr.arpa has SOA (NS: ns1.spaceweb.ru) postmaster@sweb.ru
This is on Autonomous System Number 20597
aut-num: AS20597
as-name: ELTEL-AS
admin-c: SA507-RIPE [omitted]@eltel.net

The TTL for the PTR record, db2.sorenssystem.com, provided by
ns1.spaceweb.ru is ten minutes.

TCPTRACEROUTE to port 8080 on 217.170.77.210 shows:
...
11: retn-gw.ip.tiscali.net (213.200.72.38)
12: so000.RT033-001.spb.retn.net (81.222.0.85)
13: GW-Eltel.retn.net (81.222.2.50)
14: gi-1.RT033-301.eltel.net (81.222.255.177)
15: 81.222.223.10 (81.222.223.10) [*]
16: db2.sorenssystem.com (217.170.77.210) [TCP Syn Ack]
*: ASN 20597, eltel.
inetnum: 81.222.223.0 - 81.222.223.255
netname: JSCFRO
descr: JSC "FRO" Network
country: RU
admin-c: DS544-RIPE [omitted]@eltel.net
and ns1.spaceweb.ru has IP address 81.222.134.2
-------------------------

A few drugs:
------------
100%% Pure Okinawan Coral Calcium
Aciphex
Actos
All-Natural Magnesium Oxide
Amoxicillin
Celebrex
Cialis
Cialis Soft Tabs
Cialis + Viagra Powerpack
Cipro
Clarinex
Claritin
Clearitol
Clomid
Crestor
Enhance9
Fatblast
Flomax
Generic Viagra
Glucophage
Glucosamine
Hangover Pills
Hoodia Patch
Horny Goat Weed
Human Growth Hormone
Hyzaar Losartan (Hydrochlorthiazide)
Jungle Burn
Lasix
Levitra
Lexapro
Lipitor
Liposafe
Lipothin
Lipotrexate
Lorazepam
Maxaman
Megathin
Meridia
Microlean
Nexium
Nolvadex
Nymphomax
Paxil
Pheromone cologne for men
Pheromone perfume for women
Plavix
Premium Diet Patch
Prilosec
Pro-erex
Propecia
Protonix
Provigil
Prozac
Pure Natural Hoodia
Quick Bust
Quick-detox
Rockit247
Slimpulse
Soma
Spermamax
Suprax
Suregasm
Synthroid
Topamax
Tramadol
Ultram
Valtrex
Viagra Professional
Viagra Soft Tabs
Virility Patch
Wellbutrin SR
Zero Nicotine
Zinc
Zithromax
Zocor
Zoloft
Zyrtec

Recently three drugs seem to have disappeared from the site,
Ambien, Valium and Xanax but seven later appeared,
Clarinex, Claritin, Glucosamine, Hyzaar Losartan (Hydrochlorthiazide),
Nolvadex, Topamax and Zinc.

===========================================================
[ORIGINAL SPAM: with angle brackets, such as "<", converted
to square brackets, such as "[", so as not
to affect HTML enabled mail/news readers.]

Return-Path: <_my_email_address_>
X-Spam-DCC: _DCCB_: _DCCR_
X-Spam-Flag: YES
X-Spam-Checker-Version: SpamAssassin 3.1.7 (2006-10-05) on
_my_isp_
X-Spam-Level: *************************************
X-Spam-Status: Yes, score=37.5 required=5.0 tests=BAYES_99,DATE_IN_PAST_96_XX,
DC_GIF_UNO_LARGO,DC_IMAGE_SPAM_HTML,DC_IMAGE_SPAM_TEXT,
DC_IMG_HTML_RATIO,DC_IMG_TEXT_RATIO,EXTRA_MPART_TYPE,
HTML_IMAGE_ONLY_08,HTML_MESSAGE,INCH_RCVD_IN_XBL,INVALID_DATE,
MY_CID_AND_CLOSING,MY_CID_AND_STYLE,RAZOR2_CF_RANGE_51_100,
RAZOR2_CF_RANGE_E4_51_100,RAZOR2_CHECK,RCVD_IN_NJABL_DUL,
RCVD_IN_NJABL_PROXY,RCVD_IN_XBL,RCVD_NUMERIC_HELO,SARE_GIF_ATTACH,
SARE_GIF_STOX,UNPARSEABLE_RELAY autolearn=spam version=3.1.7
X-Spam-Report:
* 2.2 INVALID_DATE Invalid Date: header (not RFC 2822)
* 1.1 EXTRA_MPART_TYPE Header has extraneous Content-type:...type= entry
* 2.0 DATE_IN_PAST_96_XX Date: is 96 hours or more before Received: date
* 1.5 RCVD_NUMERIC_HELO Received: contains an IP address used for HELO
* 0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay
* lines
* 1.0 DC_IMG_TEXT_RATIO BODY: Low body to pixel area ratio
* 0.0 HTML_MESSAGE BODY: HTML included in message
* 3.1 HTML_IMAGE_ONLY_08 BODY: HTML: images with 400-800 bytes of words
* 2.5 BAYES_99 BODY: Bayesian spam probability is 99 to 100%%
* [score: 1.0000]
* 1.0 DC_IMG_HTML_RATIO RAW: Low rawbody to pixel area ratio
* 0.8 SARE_GIF_ATTACH FULL: Email has a inline gif
* 0.5 RAZOR2_CHECK Listed in Razor2 (http://razor.sf.net/)
* 1.5 RAZOR2_CF_RANGE_E4_51_100 Razor2 gives engine 4 confidence level
* above 50%%
* [cf: 100]
* 0.5 RAZOR2_CF_RANGE_51_100 Razor2 gives confidence level above 50%%
* [cf: 100]
* 2.0 INCH_RCVD_IN_XBL RBL: Received via a relay in Exploits Block List
* [<http://www.spamhaus.org/query/bl?ip=59.93.95.173>]
* 0.7 RCVD_IN_NJABL_PROXY RBL: NJABL: sender is an open proxy
* [59.93.95.173 listed in combined.njabl.org]
* 3.9 RCVD_IN_XBL RBL: Received via a relay in Spamhaus XBL
* [59.93.95.173 listed in sbl-xbl.spamhaus.org]
* 1.9 RCVD_IN_NJABL_DUL RBL: NJABL: dialup sender did non-local SMTP
* [59.93.95.173 listed in combined.njabl.org]
* 3.0 DC_GIF_UNO_LARGO Message contains a single large inline gif
* 0.9 MY_CID_AND_CLOSING SARE cid and closing
* 0.7 MY_CID_AND_STYLE SARE cid and style
* 1.7 SARE_GIF_STOX Inline Gif with little HTML
* 2.0 DC_IMAGE_SPAM_TEXT Possible Image-only spam with little text
* 3.0 DC_IMAGE_SPAM_HTML Possible Image-only spam
Received: from 59.93.95.173 ([59.93.95.173])
by _my_isp_ (xxx) with ESMTP id l1G6B05m075614
for <_my_email_address_>; Fri, 16 Feb 2007 01:11:07 -0500 (EST)
(envelope-from _my_email_address_)
Received: from mail.edesignscorp.com (port=13925 helo=jmsxixnpi)
by 59.93.95.173 with smtp
id x5sM-7r65Nv7K-wM
for _my_email_address_; Thu, 31 Jul 2003 01:53:68 +0530
Message-ID: <000901c356d8$81ea81a0$008faa3c@jmsxixnpi>
From: "Lee Diaz" all-kopi.net>
To:
Subject: of stone, but Let them and power but that
Date: Thu, 31 Jul 2003 01:53:68 +0530
xxxMIME-Version: 1.0
xxxContent-Type: multipart/related;
xxx type="multipart/alternative";
xxx boundary="----=_NextPart_000_000B_01C35706.9B9E02B0"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2900.2869
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2962
X-UIDL: *H,#!_17"!D?1"!<%%a!!

xxx------=_NextPart_000_000B_01C35706.9B9E02B0
xxxContent-Type: multipart/alternative;
xxx boundary="----=_NextPart_001_000C_01C35706.9B9E02B0"

xxx------=_NextPart_001_000C_01C35706.9B9E02B0
xxxContent-Type: text/plain;
xxx charset="us-ascii"
xxxContent-Transfer-Encoding: quoted-printable

and on the tabernacle