fdcservers.net and the Acai berries
One example from fresh spam.
Spam coming in via 92.126.72.138, krasnet.ru.
Spamvertised domain is atlanticbody.com.
Which is hosted on a botnet.
atlanticbody.com's main content is a frame pulled from:
h||p://www.fjfnfnfnaaswwospotyacai.com/?a_aid=met2 (don't try to pronounce that!)
Hosted at 66.90.104.168, fdcservers.net.
Links found on the unpronouncable domain:
https://www.myherbalcheckout.com/mypureacai/checkout.php
Hosted at 66.90.74.18, again fdcservers.net.
A javascript:
h||p://www.acaiberrycheckout.com/vsa/callagent.php?cid=2
Hosted on 119.42.149.254, InfoMove Limited in HongKong.
Spamhaus has a listing for that one, with the nice title:
"New hub of internet cybercrime, botnet, malware hosting".
Another javascript:
h||p://www.007aff.com/scripts/clickjs.php
Hosted at 123.108.108.180, Pang International Limited in Hongkong.
Their "affiliate" program, setting "flashcookies".
And in case it could be handy to have, their Google code or whatever it is:
"UA-7923288-2".
The hosts, most likely resellers or whatever it is called:
66.90.104.168 - www.fjfnfnfnaaswwospotyacai.com
(I can't get a proper result when digging that one, but my browser connects to 66.90.104.168)
network:Auth-Area:66.90.64.0/18 network:Class-Name:network network:OrgName:IP numbers is for webhosting... network:OrgID;I:OSKAR-AUCLANDNET network:Address:Funkabov. 43 network:City:Kalamr network:StateProv:N/A network:PostalCode:39351 network:Country:Sweden network:NetRange:66.90.104.168-66.90.104.168 network:CIDR:66.90.104.168/32 network:NetName:OSKAR-AUCLANDNET network:OrgAbuseHandle:FDCservers Customer network:OrgAbuseName:Oskar R network:OrgAbusePhone:0046704352198 network:OrgAbuseEmail:oskar@aucland.net network:OrgNOCHandle:NOC1402-ARIN network:OrgNOCName:Network Operations Center network:OrgNOCPhone:+1-312-913-9304 network:OrgNOCEmail:support[]fdcservers. net network:OrgTechHandle:PKR5-ARIN network:OrgTechName:Petr Kral network:OrgTechPhone:+1-312-933-1046 network:OrgTechEmail:petr[]fdcservers. net
66.90.74.18 - www.myherbalcheckout.com
network:Auth-Area:66.90.64.0/18 network:Class-Name:network network:OrgName:FDCservers.net LLC network:OrgID;I:JCLARKKENT2005-GMAILCOM network:Address:141 West Jackson Blvd, Suite 1135 network:City:Chicago network:StateProv:N/A network:PostalCode:60604 network:Country:US network:NetRange:66.90.74.16-66.90.74.31 network:CIDR:66.90.74.16/28 network:NetName:JCLARKKENT2005-GMAILCOM network:OrgAbuseHandle:FDCservers Customer network:OrgAbuseName:Abuse Department network:OrgAbusePhone:+1-312-913-9304 network:OrgAbuseEmail:jclarkkent2005@gmail.com network:OrgNOCHandle:NOC1402-ARIN network:OrgNOCName:Network Operations Center network:OrgNOCPhone:+1-312-913-9304 network:OrgNOCEmail:support[]fdcservers. net network:OrgTechHandle:PKR5-ARIN network:OrgTechName:Petr Kral network:OrgTechPhone:+1-312-933-1046 network:OrgTechEmail:petr[]fdcservers. net
I wonder if Petr will boot "Oskar R" (could that be John Oskar?) and "J Clark Kent"?
Similar
Recent comments
- Finally lost patiense
41 weeks 2 days ago - Seems like t's one and the same
41 weeks 5 days ago - Another commentform-/guestbookspammer using Ecatel
42 weeks 2 days ago - Ecatel?
42 weeks 2 days ago - FDC profits too much from spam
43 weeks 4 days ago - Re: This site has a poor reputation.
1 year 22 weeks ago - WOT Warning: This site has a
1 year 22 weeks ago - Re: More on this "spooler" character
1 year 24 weeks ago - More on this "spooler" character
1 year 24 weeks ago - Ecatel hosts 12chan. If this
1 year 26 weeks ago
Syndicate
Comments
FDC profits too much from spam
About 10% of the spam I receive now is for sites FDC servers hosts. I have forwarded and faxed them over 400 spams - all for the same few sites. All are still up and running, and using fake Verisign seals and several stolen logos. Try complaining to the Illinois Attorney General.