Saturday, July 14, 2007

ED Pill Store: Going on internet café

ED Pill Store have done some moving around with their sites within the last 24 hours, don't know if what happend was that the China Network Communications Group (CNC Group) finally are starting to react on complaints or it was an intentional move by the spammer. But the old server at CNC Group was closed down so quickly that I was presented with a "blank page" because of the old ip cached by the DNS servers I use.

They then moved very shortly to 58.83.15.6 which is another hosting provider in China, but even though that server is still running they quickly moved on again to 58.17.3.50 and they have now set TTL (Time To Live) down to only 60 seconds for their domains, which maybe indicates that they expect to move soon again.

58.17.3.50 is a bit of a surprise:



An internet café in china. They can't really act as a hosting provider with only 16 IP-adresses allocated. Wonder if the spammers have hijacked a computer at the café or maybe the café doesn't exists at all but is actually the spammers own little "hosting company" hiding behind being an internet café.

Regarding the backend server, then it's still 66.230.182.166, located at ISPrime. I'm almost finished with a 25 page document describing the connection between a spam mail I received to the frontend servers now located at this internet café and from those servers to the backend server. I have included a lot of different evidence both the more obvious one but also bits of html/javascript/css code found on the sites that are similar in a way that it would be an extremely big coincidence if they were not copies of eachother. I have of course also included links to external sources for example like the SpamWiki spamtrackers.eu/wiki/index.php?title=ED_Pill_Store, but only as background information not as part of the main evidence. The reason for that is that what I will send to ISPrime as evidence is something I'm willing to testify to the police, should it be necessary, is the truth, I can not do that with all of the information on the SpamWiki, it's not that I don't believe 100% in the information gathered there, but there is still a long way from believing to knowing and I can only testify about what I know.

1 comment:

Spaminator said...

That is an excellent philosophy that others should follow - especially given the nature of internet resources. Perhaps the whole idea in itself would make an interesting post?