[Dshield] FriendGreetings Update

John Sage jsage at finchhaven.com
Tue Nov 26 00:10:02 GMT 2002


A dig for "a" records on most of these returns ANSWER: 0

A few have real IP's associated with them:

surprisecards.net.	1800	IN	A	66.226.64.2
cool-downloads.com.	38400	IN	A	65.89.168.69
cool-downloads.net.	38400	IN	A	65.89.168.6 <- yes, "6"
friend-cards.com.	38400	IN	A	207.21.232.104
friend-cards.net.	38400	IN	A	207.21.232.104
friendcard.com.		86400	IN	A	216.65.63.139
friendcards.com.	3600	IN	A	216.34.38.97
friend-greeting.com.	37715	IN	A	207.21.232.104
friend-greetings.com.	37670	IN	A	207.21.232.104
friend-greetings.net.	38400	IN	A	207.21.232.104
surprisecards.net.	970	IN	A	66.226.64.2


On Mon, Nov 25, 2002 at 12:14:33PM -0500, Roger wrote:
<snip>
>      Below is a list of who is sending that Emailer Hack they
>      "legally" trick people into. To get around the Anti Spam tools
>      they use new names. I don't see how they can afford to do this.
>      Each of the names are real and do have that so called "non-
>      virus" ready for a sucker [to download]. The list grows every
>      day...---Jim Cooke
> 
>      [Note: to make these links unclickable, Jim has replaced the
>      punctuation with the word DOT.}
>      
>      surprise-card DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprise-card.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39916
;; flags: qr rd ra; QUERY: 1, ANSWER: 0,

>      surprise-cards DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprise-cards.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 17914
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,

>      surprise-greeting DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprise-greeting.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 58209
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,

>      surprise-greetings DOT net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63331
;; flags: qr rd ra; QUERY: 1, ANSWER: 0,

>      surprisecard DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprisecard.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 40522
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,

>      surprisecards DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprisecards.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 62694
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 5

;; QUESTION SECTION:
;surprisecards.net.		IN	A

;; ANSWER SECTION:
surprisecards.net.	1800	IN	A	66.226.64.2


>      surprisegreeting DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprisegreeting.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 49834
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,

>      surprisegreetings DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprisegreetings.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 47718
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,

>      cool-download DOT com
; <<>> DiG 9.1.0 <<>> @greatwall a cool-download.com
;; global options:  printcmd
;; connection timed out; no servers could be reached

>      cool-download DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a cool-download.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 29736
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,

>      cool-downloads DOT com
; <<>> DiG 9.1.0 <<>> @greatwall a cool-downloads.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27583
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;cool-downloads.com.		IN	A

;; ANSWER SECTION:
cool-downloads.com.	38400	IN	A	65.89.168.69


>      cool-downloads DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a cool-downloads.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65227
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;cool-downloads.net.		IN	A

;; ANSWER SECTION:
cool-downloads.net.	38400	IN	A	65.89.168.6


>      friend-card DOT com
; <<>> DiG 9.1.0 <<>> @greatwall a friend-card.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35147
;; flags: qr rd ra; QUERY: 1, ANSWER: 0,

>      friend-card DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a friend-card.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35727
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,

>      friend-cards DOT com
; <<>> DiG 9.1.0 <<>> @greatwall a friend-cards.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 46831
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;friend-cards.com.		IN	A

;; ANSWER SECTION:
friend-cards.com.	38400	IN	A	207.21.232.104


>      friend-cards DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a friend-cards.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 58735
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;friend-cards.net.		IN	A

;; ANSWER SECTION:
friend-cards.net.	38400	IN	A	207.21.232.104


>      friend-greeting DOT com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23699
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;friend-greeting.com.		IN	A

;; ANSWER SECTION:
friend-greeting.com.	37715	IN	A	207.21.232.104


>      friend-greeting DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a friend-greeting.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51133
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, 

>      friend-greetings DOT com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53349
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;friend-greetings.com.		IN	A

;; ANSWER SECTION:
friend-greetings.com.	37670	IN	A	207.21.232.104


>      friend-greetings DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a friend-greetings.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39309
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;friend-greetings.net.		IN	A

;; ANSWER SECTION:
friend-greetings.net.	38400	IN	A	207.21.232.104


>      friendcard DOT com
; <<>> DiG 9.1.0 <<>> @greatwall a friendcard.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20312
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;friendcard.com.			IN	A

;; ANSWER SECTION:
friendcard.com.		86400	IN	A	216.65.63.139


>      friendcard DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a friendcard.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 4465
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,

>      friendcards DOT com
; <<>> DiG 9.1.0 <<>> @greatwall a friendcards.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34276
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;friendcards.com.		IN	A

;; ANSWER SECTION:
friendcards.com.	3600	IN	A	216.34.38.97


>      friendcards DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a friendcards.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 51412
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,

>      friendgreeting DOT com
; <<>> DiG 9.1.0 <<>> @greatwall a friendgreeting.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13824
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0,

>      friendgreeting DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a friendgreeting.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25126
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, 

>      friendgreetings DOT com
; <<>> DiG 9.1.0 <<>> @greatwall a friendgreetings.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56963
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;friendgreetings.com.		IN	A

;; ANSWER SECTION:
friendgreetings.com.	38400	IN	A	64.177.216.163


>      friendgreetings DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a friendgreetings.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53963
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;friendgreetings.net.		IN	A

;; ANSWER SECTION:
friendgreetings.net.	38400	IN	A	65.89.168.14


>      surprise-card DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprise-card.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 57554
;; flags: qr rd ra; QUERY: 1, ANSWER: 0,

>      surprise-cards DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprise-cards.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13383
;; flags: qr rd ra; QUERY: 1, ANSWER: 0,

>      surprise-greeting DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprise-greeting.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 13513
;; flags: qr rd ra; QUERY: 1, ANSWER: 0,

>      surprise-greetings DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprise-greetings.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26906
;; flags: qr rd ra; QUERY: 1, ANSWER: 0,

>      surprisecard DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprisecard.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 61380
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, 

>      surprisecards DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprisecards.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16043
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 5, ADDITIONAL: 10

;; QUESTION SECTION:
;surprisecards.net.		IN	A

;; ANSWER SECTION:
surprisecards.net.	970	IN	A	66.226.64.2


>      surprisegreeting DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprisegreeting.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 39650
;; flags: qr rd ra; QUERY: 1, ANSWER: 0,

>      surprisegreetings DOT net
; <<>> DiG 9.1.0 <<>> @greatwall a surprisegreetings.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 7503
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, 



- John
-- 
Forest: a collection of trees

    PGP key: http://www.finchhaven.com/pages/gpg_pubkey.html
Fingerprint: C493 9F26 05A9 6497 9800  4EF6 5FC8 F23D 35A4 F705




More information about the list mailing list