Spam Alert
 
 Full Report: /VPXL_spam194387.html
 
 Changed status to confirmed spam.IP Converted: 221.230.2.221

dword = 3722838749
hex1 = 0xdde602dd
hex2 = 0xdd.0xe6.0x2.0xdd
oct = 0335.0346.02.0335
View CIDR AS4134 Report: http://www.cidr-report.org/cgi-bin/as-report?as=4134

"4134 | CN | apnic | 2002-08-01 | CHINANET-BACKBONE No.31,Jin-rong Street"<br />
Extended information for AS4134:
State/Province:
Country: cn
Responsible Domain: chinanet.cn.net
Abuse Email: cncert@cert.org.cn


Criminal Evidence

See the Spam Wiki entry at http://www.spamtrackers.eu/wiki/index.php?title=VPXL
or from China: http://www.spamtrackers.hk/wiki/index.php?title=VPXL
See the McAfee Site Advisor information at http://siteadvisor.com/sites/lanbgelka.com


> ONLINENIC, INC.
REGISTRATION OF THE WEB SITE: lanbgelka.com
ACTION: To suspend this criminal site which breaks your terms of service, set the domain status to clientHold


> BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
REGISTRATION OF THE NAME SERVERS
These name servers are registered by criminals to resolve only illegal web sites. This breaks your terms of service. You can safely suspend them:
ns2.metdns2008.com [124.236.241.91]
ns1.metdns2008.com [221.230.2.221]

You will find 221.230.2.221 is listed within the following Spamhaus entries for providing hosting for HerbalKing, VPXL, and other related fraudulent pharmacies
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65492
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL64972

You will find 124.236.241.91 is listed within the following Spamhaus entries for providing hosting for HerbalKing, VPXL, and other related fraudulent pharmacies
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65127
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL65260

ACTION: To suspend these name servers successfully, follow these steps.
1. set the ns Address records to a non-routable address, such as 127.0.0.1 or 61.61.61.61.
2. Set the domain status to clientUpdateProhibited, clientTransferProhibited, clientDeleteProhibited, and clientHold

You are being tracked within the CastleCops Wiki Bulk Spam Reporting Project:
http://wiki.castlecops.com/Bulk_Spam_Reporting

Furthermore, you will find articles pointing out pending-suspensions, as well as successfully suspended domains within these pages. Please use these successful suspensions as an example in suspending this, and future fraudulent domain registrations used in unsolicited spam:
http://wiki.castlecops.com/BILT_Removals
http://wiki.castlecops.com/BILT_Removals_Archive


> CHINANET-BACKBONE No.31,Jin-rong Street (incl. abuse@jsinfo.net, abuse@jlonline.com, abuse@public1.ptt.js.cn, spam@jsinfo.net, anti-spam@ns.chinanet.cn.net)
IP ADDRESS OF HOST: 221.230.2.221
The IP address of this criminal site is within your allocated address space.

This IP address is currently linked with the following fraudulent, criminal-operated domains:
ns1.metdns101.com A 221.230.2.221
ns1.metdns2008.com A 221.230.2.221
ns1.jdns99.com A 221.230.2.221
ns2.krdns99.com A 221.230.2.221
ns1.metdns99.com A 221.230.2.221
www.tanivaca.com A 221.230.2.221
www.towowida.com A 221.230.2.221
kf.eohiuaea.com A 221.230.2.221
pf.eohiuaea.com A 221.230.2.221
eygbth.eohiuaea.com A 221.230.2.221
rzro.eohiuaea.com A 221.230.2.221
hlu.eohiuaea.com A 221.230.2.221
obdmw.eohiuaea.com A 221.230.2.221
qsyrtx.eohiuaea.com A 221.230.2.221
braiuhcea.com A 221.230.2.221
telakncea.com A 221.230.2.221
www.bealinfea.com A 221.230.2.221
micalkea.com A 221.230.2.221
www.braunclea.com A 221.230.2.221
jilmainea.com A 221.230.2.221
www.stalippea.com A 221.230.2.221
www.dalknyea.com A 221.230.2.221
terewofa.com A 221.230.2.221
swinestaga.com A 221.230.2.221
www.swinestaga.com A 221.230.2.221
www.wocemiha.com A 221.230.2.221
traypeia.com A 221.230.2.221
www.lanbgelka.com A 221.230.2.221
miacjela.com A 221.230.2.221
www.nbeakela.com A 221.230.2.221
job.teiusaloa.com A 221.230.2.221
ygcoe.teiusaloa.com A 221.230.2.221
pxg.teiusaloa.com A 221.230.2.221
oylzi.teiusaloa.com A 221.230.2.221
bk.teiusaloa.com A 221.230.2.221
fo.teiusaloa.com A 221.230.2.221
so.teiusaloa.com A 221.230.2.221
fyt.teiusaloa.com A 221.230.2.221
mz.teiusaloa.com A 221.230.2.221
mukapa.com A 221.230.2.221
www.vigamiqa.com A 221.230.2.221
www.wehasata.com A 221.230.2.221
www.totihota.com A 221.230.2.221
pifirota.com A 221.230.2.221
tbfm.ilkexza.com A 221.230.2.221
ploiabub.com A 221.230.2.221
beaommac.com A 221.230.2.221
www.qualietac.com A 221.230.2.221
www.tailaecc.com A 221.230.2.221
www.slizaecc.com A 221.230.2.221
braallecc.com A 221.230.2.221
www.stralacec.com A 221.230.2.221
www.traimmec.com A 221.230.2.221
www.platealic.com A 221.230.2.221
ns1.faneanic.com A 221.230.2.221
www.bveyanic.com A 221.230.2.221
www.caltihenc.com A 221.230.2.221
www.bmeaoinc.com A 221.230.2.221
cerofoned.com A 221.230.2.221
www.cerofoned.com A 221.230.2.221
www.tryeaind.com A 221.230.2.221
flaockae.com A 221.230.2.221
www.traipplae.com A 221.230.2.221
www.micalnae.com A 221.230.2.221
biauatae.com A 221.230.2.221
www.cibalibe.com A 221.230.2.221
www.tryaiube.com A 221.230.2.221
www.socolace.com A 221.230.2.221
valkaece.com A 221.230.2.221
www.tisigece.com A 221.230.2.221
beaiuche.com A 221.230.2.221
salealle.com A 221.230.2.221
pleawalle.com A 221.230.2.221
aiatelle.com A 221.230.2.221
satieple.com A 221.230.2.221
ealkene.com A 221.230.2.221
traiplatne.com A 221.230.2.221
uquiseh.com A 221.230.2.221
plaedehi.com A 221.230.2.221
beayteesi.com A 221.230.2.221
poaoialk.com A 221.230.2.221
biayceal.com A 221.230.2.221
alicneal.com A 221.230.2.221
bracyeal.com A 221.230.2.221
flaeixal.com A 221.230.2.221
pisaeanel.com A 221.230.2.221
ceajumpel.com A 221.230.2.221
coameanil.com A 221.230.2.221
walkeall.com A 221.230.2.221
agiyeall.com A 221.230.2.221
naicheanl.com A 221.230.2.221
nitroxam.com A 221.230.2.221
waqecaem.com A 221.230.2.221
bracllemm.com A 221.230.2.221
biuhacan.com A 221.230.2.221
vabkehan.com A 221.230.2.221
faoyteacn.com A 221.230.2.221
qaleicen.com A 221.230.2.221
qiuhaden.com A 221.230.2.221
briauchen.com A 221.230.2.221
falealein.com A 221.230.2.221
liqeualin.com A 221.230.2.221
poaelakn.com A 221.230.2.221
paeastenn.com A 221.230.2.221
cosameao.com A 221.230.2.221
feantelas.com A 221.230.2.221
teyaoies.com A 221.230.2.221
oveiales.com A 221.230.2.221
heanteals.com A 221.230.2.221
berakuals.com A 221.230.2.221
faneaels.com A 221.230.2.221
madnms.com A 221.230.2.221
falicens.com A 221.230.2.221
valkeatens.com A 221.230.2.221
cpameaps.com A 221.230.2.221
kileiaps.com A 221.230.2.221
miasterrs.com A 221.230.2.221
bveoahent.com A 221.230.2.221
banlkast.com A 221.230.2.221
stallaew.com A 221.230.2.221
juaplaex.com A 221.230.2.221
ACTION: Black-hole the route to this address to prevent further criminal activity


The criminality of these domain names can be verified using the following SiteAdvisor link format, http://www.siteadvisor.com/lookup/?q=domainname.tld


CRIMINAL EVIDENCE - VIOLATION OF CAN-SPAM LAWS:

Delivered-To: xxx
Received: by 10.150.156.15 with SMTP id d15cs142750ybe;
Sun, 29 Jun 2008 15:29:43 -0700 (PDT)
Received: by 10.210.136.10 with SMTP id j10mr3539798ebd.43.1214778582244;
Sun, 29 Jun 2008 15:29:42 -0700 (PDT)
Return-Path: <mbourrer_2001@freeautobot.com>
Received: from 18925171167.user.veloxzone.com.br ([189.25.171.167])
by mx.google.com with ESMTP id p10si1653434gvf.7.2008.06.29.15.29.40;
Sun, 29 Jun 2008 15:29:42 -0700 (PDT)
Received-SPF: neutral (google.com: 189.25.171.167 is neither permitted nor denied by domain of mbourrer_2001@freeautobot.com) client-ip=189.25.171.167;
Authentication-Results: mx.google.com; spf=neutral (google.com: 189.25.171.167 is neither permitted nor denied by domain of mbourrer_2001@freeautobot.com) smtp.mail=mbourrer_2001@freeautobot.com
MIME-version: 1.0
Content-type: multipart/alternative;
boundary="Boundary_(ID_isbEpRONPZSrb0tzCrIOTB)"
Message-id: <AA265671-08BE-7396-18A2-BD7BB7C56102@Freeautobot.com>
From: nancy <mbourrer_2001@Freeautobot.com>
To: xxx
Subject: Give this a try, you won't regret
Date: Sun, 29 Jun 2008 19:29:39 -0300
X-Mailer: Apple Mail (2.924)

--Boundary_(ID_isbEpRONPZSrb0tzCrIOTB)
Content-type: text/plain; charset=UTF-8; format=flowed
Content-transfer-encoding: 7BIT

Medically-researched and proven to provide gains of 2-4 inches within weeks http://www.lanbgelka.com/

--Boundary_(ID_isbEpRONPZSrb0tzCrIOTB)
Content-type: text/html; charset=UTF-8
Content-transfer-encoding: 7BIT

<html><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; ">Medically-researched and proven to provide gains of 2-4 inches within weeks<div><a href="http://www.lanbgelka.com/">http://www.lanbgelka.com/</a></div></body></html>

--Boundary_(ID_isbEpRONPZSrb0tzCrIOTB)--

This instance of unsolicited e-mail is also being tracked by SpamCop:
http://www.spamcop.net/sc?id=z2032618117z48b3fba79114d43373f8d97380e63bc8z


In the event that the commercial mailer associated with this mailing is found to be a U.S. citizen and linked with off-shore hosting/registration, and use of hijacked servers, this mailing was sent in violation of many requirements set forth by the CAN-SPAM Act outlined at the following page:
http://www.ftc.gov/bcp/conline/pubs/buspubs/canspam.shtm


> ATTN: CERT Team
You are being copied this report due to the fact that the servers and the ISPs currently providing service to these criminally-operated domain names are within your jurisdiction.
Please meet with the hosts, and customers associated with the machines behind these IP addresses and ensure that the machines connected to these IP addresses are cleaned of all malicious contentt. For help, reference the CastleCops Malware Removal and Prevention article located at the CastleCops Wiki:
http://wiki.castlecops.com/Malware_Removal_and_Prevention:_Overview

Further, enforce the need for hightened Internet Security, and the need for stronger and more secure password phrases to prevent further malicious abuse from these addresses.

All times are GMT