ROKSO Home  |  ROKSO FAQs & Policies  |  About Spamhaus  |  FAQs
ROKSO
The Register of Known Spam Operations
BadCow / mAiLIEN

Evidence Menu:

BadCow / mAiLIEN Index


Country: Russian Federation
State:
*** Leo Kuvayev now in prison ***

Founded by Russian/American criminal Leo Kuvayev. Now all in Russia. Spamming "OEM CD" pirated software scams, fake pharmaceuticals, porn spam, porn payment collection, etc. Spam using virus-created botnets and seems to be involved in virus distribution. Partnered with Vladislav Khokholkov - aka "Mr. Green".


BadCow / mAiLIEN SBL Listings History
Current SBL Listings
Archived SBL Listings

SBL44935 - info


Just some info from SBL44935 for searchability and to tie some various stuff together.

------------------------------------------------------------

http://www.narzmort.com
>>> http://seconlife.net/affiliate/index.php?id=kup

Domain Name: NARZMORT.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DNS1.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Name Server: DNS5.NAME-SERVICES.COM
Status: REGISTRAR-LOCK
Updated Date: 26-jul-2006
Creation Date: 26-jul-2006
Expiration Date: 26-jul-2007


Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: http://www.namecheap.com/

Domain name: narzmort.com

Registrant Contact:
N/A
Rajesh Bhatt (rajmaison@hotmail.com)
+1.5555555555
Fax: +1.5555555555
Good Will Soceity
Dehli, RO 342323
IN

Administrative Contact:
N/A
Rajesh Bhatt (rajmaison@hotmail.com)
+1.5555555555
Fax: +1.5555555555
Good Will Soceity
Dehli, RO 342323
IN

Technical Contact:
N/A
Rajesh Bhatt (rajmaison@hotmail.com)
+1.5555555555
Fax: +1.5555555555
Good Will Soceity
Dehli, RO 342323
IN

Status: Locked

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 26 Jul 2006 19:49:22
Expiration date: 26 Jul 2007 19:49:22

_______________

Domain Name: SECONLIFE.NET
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: DNS1.NAME-SERVICES.COM
Name Server: DNS2.NAME-SERVICES.COM
Name Server: DNS3.NAME-SERVICES.COM
Name Server: DNS4.NAME-SERVICES.COM
Name Server: DNS5.NAME-SERVICES.COM
Status: REGISTRAR-LOCK
Updated Date: 25-jul-2006
Creation Date: 25-jul-2006
Expiration Date: 25-jul-2007

Registration Service Provided By: NameCheap.com
Contact: support@NameCheap.com
Visit: http://www.namecheap.com/

Domain name: seconlife.net

Registrant Contact:
N/A
Rajesh Bhatt (rajmaison@hotmail.com)
+1.5555555555
Fax: +1.5555555555
Good Will Soceity
Dehli, RO 342323
IN

Administrative Contact:
N/A
Rajesh Bhatt (rajmaison@hotmail.com)
+1.5555555555
Fax: +1.5555555555
Good Will Soceity
Dehli, RO 342323
IN

Technical Contact:
N/A
Rajesh Bhatt (rajmaison@hotmail.com)
+1.5555555555
Fax: +1.5555555555
Good Will Soceity
Dehli, RO 342323
IN

Status: Locked

Name Servers:
dns1.name-services.com
dns2.name-services.com
dns3.name-services.com
dns4.name-services.com
dns5.name-services.com

Creation date: 25 Jul 2006 19:02:55
Expiration date: 25 Jul 2007 19:02:55

_______________

Received: from [210.211.245.205] (port=3550 helo=3E6D8050)
by xxxxxxxxxxxxxxxx; Thu, 27 Jul 2006 08:14:57 +0000
Received: from eajsmtp5.viciousvenus.com (unknown [10.253.43.699]) by rfabrelay1.viciousvenus.com (Postfix) with ESMTP id 175GA4455Q7; Thu, 27 Jul 2006 04:14:59 -0500 (EDT)
X-Terra-Karma: 0%
X-Terra-Hash: mn464van9fzt61n147908vhtcmf75wu0
Received: from viciousvenus.com (jrowebmail6.terra.com [66.231.335.72]) (authenticated user BenefieldNaftalizqpfvd@astound.net) by kfqsmtp5.viciousvenus.com (Postfix) with ESMTP id Q54L384Y24O; Thu, 27 Jul 2006 04:14:59 -0500 (EDT)
Date: Thu, 27 Jul 2006 04:14:59 -0500
To: xxxxxxxxxxxxxxxxxxx
Message-Id: <J23W4L$R4R869EJ1LXQFV94Y1J8X599F12GHYKO@viciousvenus.com>
Subject: A Competitive Advantage in 48 Hours,Mortgage Professionals Only.
MIME-Version: 1.0
X-Sensitivity: 3
Content-Type: text/html
From: "Miss Kassidy" <BenefieldNaftalizqpfvd@astound.net>
X-XaM3-API-Version: 4.11 (B108)
X-SenderIP: 210.211.245.205




Only $688/Month for $150,000! SmartChoice Loan from Quicken Loans


Finalize It Here












visit our web site to go out of this onetime mailing



--------------------------------------------------------------------
2007-05-02 'drugssy.com' replaces now-nuked 'ajaxmx.com', still hosting 'global pharmacy'


[whois.paycenter.com.cn]

Domain Name:drugssy.com

Registrant:
xiao qing
No.12 chang'an road,beijing
100001

Administrative Contact:
top qing
xiao qing
No.12 chang'an road,beijing
beijing Beijing 100001
China
tel: 86 010 1234567
fax: 86 010 1234567
124@126.com

Technical Contact:
top qing
xiao qing
No.12 chang'an road,beijing
beijing Beijing 100001
China
tel: 86 010 1234567
fax: 86 010 1234567
124@126.com

Billing Contact:
top qing
xiao qing
No.12 chang'an road,beijing
beijing Beijing 100001
China
tel: 86 010 1234567
fax: 86 010 1234567
124@126.com

Registration Date: 2007-01-23
Update Date: 2007-01-23
Expiration Date: 2008-01-23

Primary DNS: ns.xinnetdns.com 210.51.170.66
Secondary DNS: ns.xinnet.cn 210.51.171.209


$ dig @ns2.drugssy.com humbero.com ns

; <<>> DiG 9.2.4 <<>> @ns2.drugssy.com humbero.com ns
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41844
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;humbero.com. IN NS

;; ANSWER SECTION:
humbero.com. 172800 IN NS ns3.drugssy.com.
humbero.com. 172800 IN NS ns4.drugssy.com.
humbero.com. 172800 IN NS ns.drugssy.com.
humbero.com. 172800 IN NS ns2.drugssy.com.

;; Query time: 287 msec
;; SERVER: 59.188.2.239#53(59.188.2.239)
;; WHEN: Wed May 2 2007
;; MSG SIZE rcvd: 108



Fast fluxing:

$ host humbero.com
humbero.com has address 76.208.54.255
humbero.com has address 71.239.142.146
humbero.com has address 67.167.249.236
humbero.com has address 67.175.36.33
humbero.com has address 75.73.49.51

--- reading URL humbero.com
--- contacting host humbero.com [67.167.249.236] on port 80

HTTP/1.1 200 OK
Date: Wed, 02 May 2007 x GMT
Server: Apache
Set-Cookie: PHPSESSID=x; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: globa=osirica; expires=Wed, 16-May-2007 20:50:02 GMT; path=/
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html

207b
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head>
<title>Global Pharmacy -- </title>




Also on this IP:


[whois.pacnames.com]

PacNames WHOIS Server Version 1.1.0

Domain name: SOPLEY.NET
Registrar: PacNames
Referral URL: http://www.pacnames.com/

Domain Registrant: TOTALNIC-129881 (DOMAINS@LOCU.ST)
Alex Rodrigez
Alex Rodrigez
PO box 109 WP 1432
Lappeenranta NA 53101
FI

Telephone: +358.207818027
Fax: +358.207818027

Administrative, Technical Contact: TOTALNIC-129881 (DOMAINS@LOCU.ST)
Alex Rodrigez
Alex Rodrigez
PO box 109 WP 1432
Lappeenranta NA 53101
FI

Telephone: +358.207818027
Fax: +358.207818027

Name Server: NS1.PACNAMES.COM
Name Server: NS2.PACNAMES.COM

Domain creation date: 2006-04-05 11:17:22.0
Domain expiration date: 2007-04-05 11:53:26.0



[whois.pacnames.com]

PacNames WHOIS Server Version 1.1.0

Domain name: PROGIKUPI.NET
Registrar: PacNames
Referral URL: http://www.pacnames.com/

Domain Registrant: TOTALNIC-129881 (DOMAINS@LOCU.ST)
Alex Rodrigez
Alex Rodrigez
PO box 109 WP 1432
Lappeenranta NA 53101
FI

Telephone: +358.207818027
Fax: +358.207818027

Administrative, Technical Contact: TOTALNIC-129881 (DOMAINS@LOCU.ST)
Alex Rodrigez
Alex Rodrigez
PO box 109 WP 1432
Lappeenranta NA 53101
FI

Telephone: +358.207818027
Fax: +358.207818027

Name Server: NS1.SRUL5.COM
Name Server: NS2.SRUL5.COM

Domain creation date: 2006-06-09 21:15:25.0
Domain expiration date: 2007-06-09 21:46:44.0




Domain Name: SOUCHASNEG.COM
Registrar: CAPITAL NETWORKS PTY LTD
Whois Server: whois.pacnames.com
Referral URL: http://www.pacnames.com
Name Server: NS1.PACNAMES.COM
Name Server: NS2.PACNAMES.COM
Status: redemptionPeriod
Updated Date: 22-apr-2007
Creation Date: 22-mar-2006
Expiration Date: 22-mar-2007



Domain Name: DEARGENIUS.NET
Registrar: CAPITAL NETWORKS PTY LTD
Whois Server: whois.pacnames.com
Referral URL: http://www.pacnames.com
Name Server: NS1.PACNAMES.COM
Name Server: NS2.PACNAMES.COM
Status: redemptionPeriod
Updated Date: 22-apr-2007
Creation Date: 22-mar-2006
Expiration Date: 22-mar-2007



Domain Name: DRUNOSOFT.COM
Registrar: CAPITAL NETWORKS PTY LTD
Whois Server: whois.pacnames.com
Referral URL: http://www.pacnames.com
Name Server: NS1.PACNAMES.COM
Name Server: NS2.PACNAMES.COM
Status: redemptionPeriod
Updated Date: 04-apr-2007
Creation Date: 04-mar-2006
Expiration Date: 04-mar-2007






The Register of Known Spam Operations (ROKSO) collates information and evidence on entities with a history of spamming or providing spam services, and entities affiliated or otherwise connected with them, for the purpose of assisting ISP Abuse Desks and Law Enforcement Agencies.
The address of this ROKSO record is: https://www.spamhaus.org/rokso/evidence/ROK7449/

The above consists of information in the public domain. The Spamhaus Project makes every effort to avoid errors in information in the ROKSO database, and will correct any errors as soon as it is able to verify the correction, but accepts no responsibility or liability for any errors or omissions, or liability for any loss or damage, consequential or otherwise, incurred in reliance on the material in these pages. The Spamhaus Project makes no warranties or representations as to the accuracy of the Information in ROKSO records. The information in the ROKSO database is for information purposes only and is not intended as legal advice of any kind.

For information on contacting the ROKSO Team regarding any factual errors in this record, see the ROKSO FAQs.
© 1998-2016 The Spamhaus Project Ltd. All rights reserved.
Legal  |  Privacy