[SIRT#173201] Botnet, Canadian Pharmacy on gschildday.com

 CastleCops -> SIRT Reports
Author: newangels PostPosted: Mon May 12, 2008 2:00 am    Post subject: [SIRT#173201] Botnet, Canadian Pharmacy on gschildday.com
Spam Alert
 
 Full Report: CastleCops Link/Botnet_Canadian_Pharmacy_spam173201.html
 
 Changed status to confirmed spam.IP Converted: 123.111.50.177

dword = 2070885041
hex1 = 0x7b6f32b1
hex2 = 0x7b.0x6f.0x32.0xb1
oct = 0173.0157.062.0261
View CIDR AS9318 Report: http://www.cidr-report.org/cgi-bin/as-report?as=9318

"9318 | KR | apnic | 1998-06-03 | HANARO-AS Hanaro Telecom Inc."<br />
Extended information for AS9318:
State/Province:
Country: kr
Responsible Domain: hananet.net
Abuse Email: abuse@hananet.net
Criminal Evidence

** REDIRECTOR **

This site is using redirections to access a hidden criminal site
See the Spam Wiki entry at http://www.spamtrackers.eu/wiki/index.php?title=Registrations
or from China: http://www.spamtrackers.hk/wiki/index.php?title=Registrations
See the McAfee Site Advisor information at http://siteadvisor.com/sites/gschildday.com


> XIN NET TECHNOLOGY CORPORATION aka SINO-I.COM
REGISTRATION OF THE WEB SITE: gschildday.com
ACTION: To suspend this criminal site which breaks your terms of service, set the domain status to clientHold


> XIN NET TECHNOLOGY CORPORATION aka SINO-I.COM
REGISTRATION OF THE NAME SERVERS
These name servers are registered by criminals to resolve only illegal web sites. This breaks your terms of service. You can safely suspend them:
Primary DNS: ns1.fopns.com 58.242.152.80
Secondary DNS: ns2.fopns.com 221.122.64.14


ACTION: To suspend these name servers successfully, follow these steps.
1. set the ns Address records to a non-routable address, such as 127.0.0.1 or 61.61.61.61.
2. Set the domain status to clientUpdateProhibited, clientTransferProhibited, clientDeleteProhibited, and clientHold


>This Is a Botnet Using 6 Illegally hijacked Machines.



** TARGET SITE **

See the Spam Wiki entry at http://www.spamtrackers.eu/wiki/index.php?title=Canadian_Pharmacy
or from China: http://www.spamtrackers.hk/wiki/index.php?title=Canadian_Pharmacy
See the McAfee Site Advisor information at http://siteadvisor.com/sites/prettydesert.com


> XIN NET TECHNOLOGY CORPORATION aka SINO-I.COM
REGISTRATION OF THE WEB SITE: prettydesert.com
ACTION: To suspend this criminal site which breaks your terms of service, set the domain status to clientHold


> XIN NET TECHNOLOGY CORPORATION aka SINO-I.COM

REGISTRATION OF THE NAME SERVERS
These name servers are registered by criminals to resolve only illegal web sites. This breaks your terms of service. You can safely suspend them:
Name Server.......... ns4.guprovider.com
Name Server.......... ns3.guprovider.com
Name Server.......... ns2.guprovider.com
Name Server.......... ns1.guprovider.com

ACTION: To suspend these name servers successfully, follow these steps.
1. set the ns Address records to a non-routable address, such as 127.0.0.1 or 61.61.61.61.
2. Set the domain status to clientUpdateProhibited, clientTransferProhibited, clientDeleteProhibited, and clientHold


> abuse@hananet.net
IP ADDRESS OF HOST: 123.111.50.177

The IP address of this criminal site is within your allocated address space.
ACTION: Black-hole the route to this address to prevent further criminal activity
Quote:
http://byt.gschildday.com
CastleCops -> SIRT Reports

All times are GMT

Page 1 of 1


Powered by phpBB © 2001 phpBB Group