|
Donation/Premium |
|
 |
|
|
|
|
|
|
|
|
|
| View previous topic :: View next topic |
| Author |
Message |
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1118
Location: USA
|
 Posted: Wed Jul 02, 2008 8:59 pm Post subject: [SIRT#195457] Canadian Healthcare on ayeaunes.com / krdns99. |
|
|
Spam Alert
Full Report:  /Canadian_Healthcare_spam195457.html
Consumed following related reports:
[193989] http://P.ayeaunes.com/r.php
[194026] http://F.ayeaunes.com/r.php
[194271] http://U.ayeaunes.com/r.php
[194515] http://EDOTayeaunesD0Tcom/rD0Tphp
[194696] http://HDOTayeaunesD0Tcom/rD0Tphp
[194697] http://H.ayeaunes.com/r.php
[194827] http://PDOTayeaunesD0Tcom/rD0Tphp
[194831] http://UDOTayeaunesD0Tcom/rD0Tphp
[195091] http://WDOTayeaunesD0Tcom/rD0Tphp
[195388] http://ayeaunes.com/view_cart.php
[195389] http://ayeaunes.com/support.php
[195390] http://ayeaunes.com/shipping.php
[195391] http://ayeaunes.com/refund.php
[195392] http://ayeaunes.com/r.php
[195393] http://ayeaunes.com/privacy.php
[195394] http://ayeaunes.com/model.php?br_x=8&mod=5
[195395] http://ayeaunes.com/model.php?br_x=6&mod=29
[195396] http://ayeaunes.com/model.php?br_x=6&mod=27
[195397] http://ayeaunes.com/model.php?br_x=5&mod=8
[195398] http://ayeaunes.com/model.php?br_x=5&mod=7
[195399] http://ayeaunes.com/model.php?br_x=5&mod=5
[195400] http://ayeaunes.com/model.php?br_x=5&mod=20
[195401] http://ayeaunes.com/model.php?br_x=5&mod=19
[195402] http://ayeaunes.com/model.php?br_x=5&mod=17
[195403] http://ayeaunes.com/model.php?br_x=5&mod=13
[195404] http://ayeaunes.com/model.php?br_x=5&mod=1
[195405] http://ayeaunes.com/faq.php
[195406] http://ayeaunes.com/counter.php
[195407] http://ayeaunes.com/cart_action.php?addx=1&bmr=4-4-0&bmr2=4-2-0
[195408] http://ayeaunes.com/cart_action.php?addw=1&bmr=4-4-0&bmr2=4-2-0
[195409] http://ayeaunes.com/cart_action.php?add=1&bmr=5-17-9
[195410] http://ayeaunes.com/brand.php?br_x=9
[195411] http://ayeaunes.com/brand.php?br_x=8
[195412] http://ayeaunes.com/brand.php?br_x=7
[195413] http://ayeaunes.com/brand.php?br_x=6
[195414] http://ayeaunes.com/brand.php?br_x=5
[195415] http://ayeaunes.com/brand.php?br_x=4
[195416] http://ayeaunes.com/brand.php?br_x=3
[195417] http://ayeaunes.com/brand.php?br_x=2
[195418] http://ayeaunes.com/brand.php?br_x=18
[195419] http://ayeaunes.com/brand.php?br_x=17
[195420] http://ayeaunes.com/brand.php?br_x=16
[195421] http://ayeaunes.com/brand.php?br_x=15
[195422] http://ayeaunes.com/brand.php?br_x=14
[195423] http://ayeaunes.com/brand.php?br_x=13
[195424] http://ayeaunes.com/brand.php?br_x=12
[195425] http://ayeaunes.com/brand.php?br_x=11
[195426] http://ayeaunes.com/brand.php?br_x=10
[195427] http://ayeaunes.com/brand.php?br_x=1
[195428] http://ayeaunes.com/brand.php?act=search&my_search=z&c=x
[195429] http://ayeaunes.com/brand.php?act=search&my_search=y&c=x
[195430] http://ayeaunes.com/brand.php?act=search&my_search=x&c=x
[195431] http://ayeaunes.com/brand.php?act=search&my_search=w&c=x
[195432] http://ayeaunes.com/brand.php?act=search&my_search=v&c=x
[195433] http://ayeaunes.com/brand.php?act=search&my_search=u&c=x
[195434] http://ayeaunes.com/brand.php?act=search&my_search=t&c=x
[195435] http://ayeaunes.com/brand.php?act=search&my_search=s&c=x
[195436] http://ayeaunes.com/brand.php?act=search&my_search=r&c=x
[195437] http://ayeaunes.com/brand.php?act=search&my_search=q&c=x
[195438] http://ayeaunes.com/brand.php?act=search&my_search=p&c=x
[195439] http://ayeaunes.com/brand.php?act=search&my_search=o&c=x
[195440] http://ayeaunes.com/brand.php?act=search&my_search=n&c=x
[195441] http://ayeaunes.com/brand.php?act=search&my_search=m&c=x
[195442] http://ayeaunes.com/brand.php?act=search&my_search=l&c=x
[195443] http://ayeaunes.com/brand.php?act=search&my_search=k&c=x
[195444] http://ayeaunes.com/brand.php?act=search&my_search=j&c=x
[195445] http://ayeaunes.com/brand.php?act=search&my_search=i&c=x
[195446] http://ayeaunes.com/brand.php?act=search&my_search=h&c=x
[195447] http://ayeaunes.com/brand.php?act=search&my_search=g&c=x
[195448] http://ayeaunes.com/brand.php?act=search&my_search=f&c=x
[195449] http://ayeaunes.com/brand.php?act=search&my_search=e&c=x
[195450] http://ayeaunes.com/brand.php?act=search&my_search=d&c=x
[195451] http://ayeaunes.com/brand.php?act=search&my_search=c&c=x
[195452] http://ayeaunes.com/brand.php?act=search&my_search=b&c=x
[195453] http://ayeaunes.com/brand.php?act=search&my_search=a&c=x
[195454] http://ayeaunes.com/aboutus.php
[195455] http://ayeaunes.com/
[195456] http://JDOTayeaunesD0Tcom/rD0Tphp
Changed status to confirmed spam.IP Converted: 60.172.219.14
dword = 1017961230
hex1 = 0x3cacdb0e
hex2 = 0x3c.0xac.0xdb.0xe
oct = 074.0254.0333.016
View CIDR AS4134 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4134
"4134 | CN | apnic | 2002-08-01 | CHINANET-BACKBONE No.31,Jin-rong Street"<br />
Extended information for AS4134:
State/Province:
Country: cn
Responsible Domain: chinanet.cn.net
Abuse Email: cncert@cert.org.cn
Criminal Evidence
See the Spam Wiki entry at http://www.spamtrackers.eu/wiki/index.php?title=Canadian_Healthcare
or from China: http://www.spamtrackers.hk/wiki/index.php?title=Canadian_Healthcare
See the McAfee Site Advisor information at http://siteadvisor.com/sites/ayeaunes.com
> ONLINENIC, INC.
REGISTRATION OF THE WEB SITE: ayeaunes.com
ACTION: To suspend this criminal site which breaks your terms of service, set the domain status to clientHold
> BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
REGISTRATION OF THE NAME SERVERS
These name servers are registered by criminals to resolve only illegal web sites. This breaks your terms of service. You can safely suspend them:
ns1.krdns99.com [60.172.219.14] which is listed in the SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL65572
ns2.krdns99.com [221.230.2.221] which is listed in the SBL: http://www.spamhaus.org/SBL/sbl.lasso?query=SBL64972
ACTION: To suspend these name servers successfully, follow these steps.
1. set the ns Address records to a non-routable address, such as 127.0.0.1 or 61.61.61.61.
2. Set the domain status to clientUpdateProhibited, clientTransferProhibited, clientDeleteProhibited, and clientHold
To help expedite the removal of this criminally operated domain name, a Chinese translation of these directions is available from the CastleCop Wiki:
http://wiki.castlecops.com/Suspending_an_EPP_name_server_domain_Chinese
From the URIBL - you will find these nameservers are not servicing ANY legitimate domains, and can be safely suspended:
http://rss.uribl.com/ns/krdns99_com.html
ALERT: You are being _tracked_ by the CastleCops Wiki - Bulk Spam Reporting Project:
http://wiki.castlecops.com/Bulk_Spam_Reporting
Please visit the following articles - which will point out domains that have been reported for bulk removals, as well as successfully suspended domains. Please use the list of suspended domains as examples to correctly suspend this domain being used as a nameserver:
http://wiki.castlecops.com/BILT_Removals
http://wiki.castlecops.com/BILT_Removals_Archive
> CHINANET-BACKBONE No.31,Jin-rong Street (incl. anti-spam@ns.chinanet.cn.net)
IP ADDRESS OF HOST: 60.172.219.14
The IP address of this criminal site is within your allocated address space.
This IP address is currently linked with the following fraudulent, criminal-operated domains:
ns4.broyaoise.com A 60.172.219.14
ns4.wiuyqican.com A 60.172.219.14
ns4.wiudhkjcs.com A 60.172.219.14
www.mifykate.cn A 60.172.219.14
ACTION: Black-hole the route to this address to prevent further criminal activity
The criminality of these domain names can be verified using the following SiteAdvisor link format, http://www.siteadvisor.com/lookup/?q=domainname.tld
CRIMINAL EVIDENCE - VIOLATION OF CAN-SPAM LAWS:
Delivered-To: xxx
Received: by 10.86.73.16 with SMTP id v16cs196036fga;
Mon, 30 Jun 2008 15:14:07 -0700 (PDT)
Received: by 10.141.116.16 with SMTP id t16mr2974258rvm.280.1214864046204;
Mon, 30 Jun 2008 15:14:06 -0700 (PDT)
Return-Path: <hesximptnh@peel01.fslife.co.uk>
Received: from mail-in.freeserve.com (247-139.76-83.cust.bluewin.ch [83.76.139.247])
by mx.google.com with ESMTP id c20si7819834rvf.1.2008.06.30.15.13.59;
Mon, 30 Jun 2008 15:14:06 -0700 (PDT)
Received-SPF: neutral (google.com: 83.76.139.247 is neither permitted nor denied by best guess record for domain of hesximptnh@peel01.fslife.co.uk) client-ip=83.76.139.247;
Authentication-Results: mx.google.com; spf=neutral (google.com: 83.76.139.247 is neither permitted nor denied by best guess record for domain of hesximptnh@peel01.fslife.co.uk) smtp.mail=hesximptnh@peel01.fslife.co.uk
Message-Id: <48695aad.14b48c0a.2100.2068SMTPIN_ADDED@mx.google.com>
From: "Desmond Gagne"<eewpbfvjx@peel01.fslife.co.uk>
To: <raan85@gmail.com>,
<biggkat@gmail.com>,
<xxx>,
<zacgrace@gmail.com>,
<josh.hoopingarner@gmail.com>
Date: Mon, 30 Jun 2008 15:02:35 -0700
Subject: Most lucrative and effective
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 7bit
Hey how are things? Still trapped in the Nine to Five?
Well if you have a telephone which we all do and can return some calls
each day we want to hear from you as there is $15OO to $3500 in it for you 
Give my info line a dial to hear how, its short and sweet but can give you the answers you
have been searching for.
800^275^0473
You may call anytime of day or night. So go ahead just have a listen it certainly is worth it since many receive the first delivery of dough (1500-3500)
in the first fourty eight hours from starting...its awesome
Regards
P-0st-0ffice-B0x 1-1 Five-Tw0
P.la.ce.ville C.A 9Five6 Three-9
http://JDOTayeaunesD0Tcom/rD0Tphp
In the event that the commercial mailer associated with this mailing is found to be a U.S. citizen and linked with off-shore hosting/registration, and use of hijacked servers, this mailing was sent in violation of many requirements set forth by the CAN-SPAM Act outlined at the following page:
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm
> ATTN: CERT Team
You are being copied this report due to the fact that the servers and the ISPs currently providing service to these criminally-operated domain names are within your jurisdiction.
Please meet with the hosts, and customers associated with the machines behind these IP addresses and ensure that the machines connected to these IP addresses are cleaned of all malicious contentt. For help, reference the CastleCops Malware Removal and Prevention article located at the CastleCops Wiki:
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview
Further, enforce the need for hightened Internet Security, and the need for stronger and more secure password phrases to prevent further malicious abuse from these addresses.
| Quote: | | http://J.ayeaunes.com/r.php |
|
|
| Back to top |
|
 |
ahoier
SIRT Handler
Joined: Jan 14, 2006
Posts: 1118
Location: USA
|
| Posted: Wed Jul 02, 2008 9:06 pm Post subject: |
|
|
DNS.COM.CN has also been sent a seperate mailing, in the case they still utilize SURBL filtering.
|
|
| Back to top |
|
|
tembow
Blue Angel
Premium Member
Joined: Oct 10, 2005
Posts: 2945
|
| Posted: Thu Jul 03, 2008 3:07 am Post subject: |
|
|
Confirming:
Arrival-Date: Wed, 2 Jul 2008 23:51:54 +0000 (UTC)
Final-Recipient: rfc822; abuse@DNS.COM.CN
Action: failed
Status: 5.0.0
Remote-MTA: dns; mail.DNS.COM.CN
Diagnostic-Code: smtp; 550 Does not like recipient,your mail is rejected!
Final-Recipient: rfc822; cnreg@dns.com.cn
Action: failed
Status: 5.0.0
Remote-MTA: dns; mail.DNS.COM.CN
Diagnostic-Code: smtp; 550 Does not like recipient,your mail is rejected!
|
|
| Back to top |
|
|
|
|
|
You cannot post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
Powered by phpBB © 2001 phpBB Group
|
Forum FAQ
Search
Usergroups
Profile
Login to check your private messages
Login
