ROKSO: Market Strong Media / Worldmarketpower.com

ROKSO Home | ROKSO FAQs & Policies | About Spamhaus | FAQs

Market Strong Media / Worldmarketpower.com

Evidence Menu:

Market Strong Media / Worldmarketpower.com Index

Country: United States of America
State: Nevada

Long-time spam operation who have worked their way through most of the "fashions" in spam. Most recently involved in snowshoe spam through affiliate marketing programs. The company is owned or managed by a Bill Waggoner.

Market Strong Media / Worldmarketpower.com SBL Listings History

Current SBL Listings

Archived SBL Listings

NANAE: "Spammer sends me his console logs"

Great stuff - seems Bill's "testbox" is quite broken.

Has a Scott Richter tie-in: cpaempire.com

________

Looks like the spammer's "Include a random text file from the hard drive in order to throw off the bayesian filters" feature is malfunctioning.

This is a bit interesting, a bit amusing.

[ Wrote 99 lines ]

bill@testbox:/opt/gdmailer$ bash runmailer.sh bill
Mailer is running.
Type "tail -f /opt/gdmailer/nohup.mailer.out" to watch its progress...
bill@testbox:/opt/gdmailer$ bash runmailer.sh bill
Mailer is running.
Type "tail -f /opt/gdmailer/nohup.mailer.out" to watch its progress...
bill@testbox:/opt/gdmailer$
Last login: Sat Jun 19 15:34:37 2004 from aplushosting.co
Copyright (c) 1980, 1983, 1986, 1988, 1990, 1991, 1993, 1994
The Regents of the University of California. All rights
reserved.

FreeBSD 4.8-RELEASE-p16 (kernel) #0: Sun Mar 7 13:56:55 GMT 2004
To repeat the last command in the C shell, type "!!".
-- Dru <genesis@istar.ca>
bill@testbox:~$ cd /www/sites/
bill@testbox:/www/sites$ mkdir cas1
bill@testbox:/www/sites$ cp -R 0003/* cas1
bill@testbox:/www/sites$ cd cas1/
bill@testbox:/www/sites/cas1$ ;s
-bash: syntax error near unexpected token `;'
bill@testbox:/www/sites/cas1$ ls
_opt_5.gif ao.gif index.cgi logogen.img rd.cgi
removepage.cgi unsubscribe.cgi
_pt_5.gif canspam.gif logo.img pt.gif
remove.cgi signup.cgi
bill@testbox:/www/sites/cas1$ pico index.cgi

[snip]

GNU nano 1.2.2 File:
index.cgi

#!/usr/bin/perl

##
## BulkWeb - Web : index.cgi
## revision: 3.4.1
## last updated: Jun 3 03
##
## modified 5-11-04 to display no frame
##
## this script is the "face" of all the sites; it handles keys and no-
keys, as well
## as multiple targets
##

use DBI;
use POSIX;

my ($dbh, $sth, $sth2, $findkey);
my ($id,
y=r0a747gp&ph=otc83786sn&qj=ie4a7d6s&r=xb80808h&t=rym37d797yvx&q=q07e386
d7977px&io=qmstring, $removed, $orig);
my ($logfile, $logtime, $match, $vrfy);
my ($emailaddr, @buf1, @buf2, $tablename, @matches);
my (@targetpages, @nokeyrequired, $cursrv, $targetpage);

if ($ENV{QUERY_STRING} =~ /GETSTATUS/) {
print "Content-type: text/plain\n\nALIVE\n";
exit 0;
}

$ENV{QUERY_STRING} =~ s/&/&/g;

#add more than one page here to have them go to a random one (rotate in
the future)
push (@targetpages, "http://cpaempire.com/c/2858/CD111/&dp=0&l=0&p=0");

#add no-key-required sites here

$logfile = "/www/keysystemlogs/hitlog.txt";
$logtime = strftime("%a %d %b %Y %H:%M:%S", localtime);

$targetpage = $targetpages[int(rand(@targetpages))];

foreach $cursrv (@nokeyrequired) {
if ($ENV{QUERY_STRING} =~ /^0564737077$/ || ($ENV{SERVER_NAME} =~ /
$cursrv/ && $ENV{QUERY_STRING} !~ /\S/)) {
if ($ENV{SERVER_NAME} !~ /kzmi\.com/) {
print "Location: http://www.kzmi.com$ENV{REQUEST_URI}?
0564737077\n\n";
exit 0;
}

&printsuccess ("", $targetpage, "100%,*", "blank.htm");
exit 0;
}
}

if ($ENV{SERVER_NAME} !~ /kzmi\.com/) {
print "Location: http://www.kzmi.com$ENV{REQUEST_URI}\n\n";
exit 0;
}

$orig = $ENV{QUERY_STRING};

if ($ENV{QUERY_STRING} =~ /&winner/) {
$vrfy = 1;
$ENV{QUERY_STRING} =~ s/&winner//ig;
} else { $vrfy = 0;
}
if (@buf1 = ($ENV{QUERY_STRING} =~ /&_m(\d{2})/)) {
$tablename = "mixed" . $buf1[0];
$ENV{QUERY_STRING} =~ s/&_m\d{2}//ig;
}
$findkey = uc($ENV{QUERY_STRING});
$findkey =~ s/[^A-Fa-f0-9]//ig;

$emailaddr = &key_decode($findkey);
#if ($emailaddr =~ /[^A-Za-z0-9_\-\.@]/) { &frontpage(1); exit 0; }
[ Wrote 243
lines ]

bill@testbox:/www/sites/cas1$ cd
bill@testbox:~$ cd /opt/gdmailer/
bill@testbox:/opt/gdmailer$ pico conf/body.txt

GNU nano 1.2.2 File:
conf/body.txt

<html>
</head>
<body>

<a href="http://www.kzmi.com/cas1">
<img border="0" src="http://ndiwash.contentedservices.com/cas1/lost.gif" width="409" height="65"></a>
 
 
 
 
 
 
 

<a href="http://ndiwash.contentedservices.com/cas1/rd.cgi?
y=r0a747gp&ph=otc83786sn&qj=ie4a7d6s&r=xb80808h&t=rym37d797yvx&q=q07e386
d7977px&io=qm&winner&_m01">

<img border="0" src="http://ndiwash.contentedservices.com/cas1/5.gif" width="502" height="59"></a>

<img src="http://ndiwash.contentedservices.com/cas1/logogen.img?
y=r0a747gp&ph=otc83786sn&qj=ie4a7d6s&r=xb80808h&t=rym37d797yvx&q=q07e386
d7977px&io=qm" border=0>
</body>
</html>

___________

Domain Name: KZMI.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.MEDIADREAMLAND.COM
Name Server: NS2.MEDIADREAMLAND.COM
Status: ACTIVE
Updated Date: 31-may-2004
Creation Date: 03-feb-2004
Expiration Date: 03-feb-2006
___________

Registration Service Provided By: Media Dreamland
Contact: postmaster@mediadreamland.com
Visit: http://www.mediadreamland.com

Domain name: kzmi.com

Registrant Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Administrative Contact:
Media Dreamland
Domain Manager (abuse@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Technical Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Billing Contact:
Media Dreamland
Media Dreamland (postmaster@mediadreamland.com)
+1.7026429213
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Status: Active

Name Servers:
ns1.mediadreamland.com
ns2.mediadreamland.com

Creation date: 03 Feb 2004 22:08:16
Expiration date: 03 Feb 2006 22:08:16
___________

Domain Name: CONTENTEDSERVICES.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.MEDIADREAMLAND.COM
Name Server: NS2.MEDIADREAMLAND.COM
Status: REGISTRAR-LOCK
Updated Date: 12-mar-2004
Creation Date: 14-jul-2003
Expiration Date: 14-jul-2004

Registration Service Provided By: Media Dreamland
Contact: postmaster@mediadreamland.com
Visit: http://www.mediadreamland.com

Domain name: contentedservices.com

Registrant Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Administrative Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Technical Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Billing Contact:
Media Dreamland
Domain Manager (ipadmin@Mediadreamland.com)
+1.7026579239
Fax:
5546 Camino Al Norte #2 - 278
North Las Vegas, NV 89031
US

Status: Locked

Name Servers:
ns1.mediadreamland.com
ns2.mediadreamland.com

Creation date: 14 Jul 2003 17:44:24
Expiration date: 14 Jul 2004 17:44:24

___________