ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
Brian McDaid - Global Prosperity Group / DrHGH / greeneyed media / Sili

Evidence Menu:

Brian McDaid - Global Prosperity Group / DrHGH / greeneyed media / Sili Index


Country: United States
State: Pennsylvania
The pharma spamming Chiropractor. Now in prison.

Sili Neutraceuticals, LLC
Global Prosperity Group
DrHGH
Greeneyed Media


Brian McDaid - Global Prosperity Group / DrHGH / greeneyed media / Sili SBL Listings History
Current SBL Listings
Archived SBL Listings

Caught proxy/botnet-hijack spamming (CAN-SPAM violations)


proxy-spamming via Hijacked botnet zombies. (Felony violations of CAN-SPAM and Computer Fraud & Abuse Act in the USA)

Ref: SBL55406 208.65.156.49/32 09-Jun-2007

208.65.156.49/32 is listed on the Register Of Known Spam Operations (ROKSO) database as being assigned to, under the control of, or providing service to a known professional spam operation run by Brian McDaid - Global Prosperity Group / DrHGH / greeneyed media.

Subject: Source of proxy/botnet hijack spamming

TCP stream analysis of a virus-infected/trojaned PC reveals that it is being hijacked on proprietary high ports from the spammers illegal proxy-mailing server on 208.65.156.49

i.e. the listed IP is hijacking virus-infected PCs on proxy ports

[Listed IP]---SOCKS/HTTP--->[Infected PC]---SMTP--->[Recipient]

--
[whois.arin.net]
MarquisNet LLC MARQUISNET (NET-208-65-156-0-1)
208.65.156.0 - 208.65.159.255
Arogo.Net NETBLK-LV-AROGO-208-65-156-0 (NET-208-65-156-0-2)
208.65.156.0 - 208.65.156.63
CustName: Arogo.Net
Address: PO Box 371184
City: Las Vegas
StateProv: NV
PostalCode: 89137
Country: US
RegDate: 2006-04-07
Updated: 2006-04-07
NetRange: 208.65.156.0 - 208.65.156.63
CIDR: 208.65.156.0/26


====================================================
Sample spam payload extracted from an infected PC being
proxy-hijacked from 208.65.156.49:
..................................................
Date: Thu, 07 Jun 2007 05:xx:xx -0000
Subject: $5000 Monthly+ & Free Silver Coins!!

We Do All The Prospecting, With Guaranteed Results!

This helps 100% Of Our Members Succeed

-No Experience Needed!
-No Selling, etc

Get More Info Here:
http://www.silver-millions.com/

100% System Designed to Make You
$27,000 Per Month by Your first 6 Months!!

$27,000 in Monthly Residual Income!

For More Info
http://www.silver-millions.com/
..................................................
" Master Assets Syndication "
"Contact" page: capitalgrowth@anonmail.de

--
www.silver-millions.com. IN CNAME silver-millions.com.
silver-millions.com. IN A 121.77.147.93
silver-millions.com. IN NS ns1.corporation.com.tw.
silver-millions.com. IN NS ns1.netting.com.tw.

See: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL54815 (ROKSO Brian McDaid - Global Prosperity Group)

--
[whois.dotregistrar.com]
Registrant:
Tom L (SILVER-MILLIONS-COM-DOM)
12F, 2028 Chung Hwa E. Rd.
Taipei, TW 00002
TW
+886.262462202
yesme2800@yahoo.com.tw

Domain Name: SILVER-MILLIONS.COM
Status: PROTECTED

Administrative Contact:
Tom L yesme2800@yahoo.com.tw
12F, 2028 Chung Hwa E. Rd.
Taipei, TW 00002
TW
+886.262462202

Technical Contact, Zone Contact:
Tom L yesme2800@yahoo.com.tw
12F, 2028 Chung Hwa E. Rd.
Taipei, TW 00002
TW
+886.262462202

Record last updated on 31-May-2007.
Record expires on 31-May-2008.
Record created on 31-May-2007.

Domain servers in listed order:

Name Server: ns1.netting.com.tw
Name Server: ns1.corporation.com.tw



====================================================
Sample spam payload extracted from an infected PC being
proxy-hijacked from 208.65.156.49:
..................................................
Date: Thu, 07 Jun 2007 05:xx:xx -0000
Subject: Hold $1million in Silver Coins & Make $25k/Month

100% of The Prospecting is Done..For You

$27,000 Monthly Within Your 1st 6 Months!!

Go To:
http://www.virtual-millionaires.com

Now Everyone Can Succeed!

100% of the Prospecting is done for you!

Go To:
http://www.virtual-millionaires.com

Now Everyone Can Make a Realistic Income
>From Home and Build Their Financial Net Worth!!

..................................................
" Master Assets Syndication "
"Contact" page: capitalgrowth@anonmail.de

--
www.virtual-millionaires.com. IN CNAME virtual-millionaires.com.
virtual-millionaires.com. IN A 121.77.147.93
virtual-millionaires.com. IN NS ns1.corporation.com.tw.
virtual-millionaires.com. IN NS ns1.netting.com.tw.

--
[whois.godaddy.com]

Registrant:
Bluelight Capitalk Management
1068 Steele Blvd
Baldwin, New York 11510
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: VIRTUAL-MILLIONAIRES.COM
Created on: 14-May-07
Expires on: 14-May-08
Last Updated on:

Administrative Contact:
Fisher, Thomas Buildingnetworth@aol.com
Bluelight Capitalk Management
1068 Steele Blvd
Baldwin, New York 11510
United States
(516) 208-9006

Technical Contact:
Fisher, Thomas Buildingnetworth@aol.com
Bluelight Capitalk Management
1068 Steele Blvd
Baldwin, New York 11510
United States
(516) 208-9006

Domain servers in listed order:
NS1.CORPORATION.COM.TW
NS1.NETTING.COM.TW


The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: http://www.spamhaus.org/rokso/evidence/ROK7599/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2014 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy