ALL the links below lead to some Acai Berry spam page. ALL the links are
discarded as fake - everyone of them. What is going on here - and how
does this spammer get away with having his link unresolved?
thanks
-----------------------------------------------------------------------------------
Tracking message source: 83.29.149.173:
Routing details for 83.29.149.173
[refresh/show] Cached whois for 83.29.149.173 : abuse[at]tpnet.pl cert[at]telekomunikacja.pl abuse[at]telekomunikacja.pl
Using abuse net on abuse[at]tpnet.pl
abuse net tpnet.pl = abuse[at]opentransit.net, postmaster[at]tpnet.pl, abuse[at]tpnet.pl, cert[at]telekomunikacja.pl, abuse[at]telekomunikacja.pl
Using best contacts abuse[at]opentransit.net postmaster[at]tpnet.pl abuse[at]tpnet.pl cert[at]telekomunikacja.pl abuse[at]telekomunikacja.pl
postmaster[at]tpnet.pl redirects to abuse[at]tpnet.pl
cert[at]telekomunikacja.pl redirects to abuse[at]tpnet.pl
abuse[at]telekomunikacja.pl redirects to abuse[at]tpnet.pl
Yum, this spam is fresh!
Message is 0 hours old
83.29.149.173 not listed in dnsbl.njabl.org ( 127.0.0.8 )
83.29.149.173 not listed in dnsbl.njabl.org ( 127.0.0.9 )
83.29.149.173 listed in cbl.abuseat.org ( 127.0.0.2 )
83.29.149.173 is an open proxy
83.29.149.173 not listed in accredit.habeas.com
83.29.149.173 not listed in plus.bondedsender.org
83.29.149.173 not listed in iadb.isipp.com
Finding links in message body
Parsing HTML part
Resolving link obfuscation
h t t p://laterwater.com
Host laterwater.com (checking ip) IP not found ; laterwater.com discarded as fake.
Host laterwater.com (checking ip) IP not found ; laterwater.com discarded as fake.
h t t p://soongreat.com
Host soongreat.com (checking ip) IP not found ; soongreat.com discarded as fake.
Host soongreat.com (checking ip) IP not found ; soongreat.com discarded as fake.
h t t p://greatsoon.com
Host greatsoon.com (checking ip) IP not found ; greatsoon.com discarded as fake.
Host greatsoon.com (checking ip) IP not found ; greatsoon.com discarded as fake.
h t t p://seaold.com
Host seaold.com (checking ip) IP not found ; seaold.com discarded as fake.
Host seaold.com (checking ip) IP not found ; seaold.com discarded as fake.
h t t p://latersea.com
Host latersea.com (checking ip) IP not found ; latersea.com discarded as fake.
Host latersea.com (checking ip) IP not found ; latersea.com discarded as fake.
Tracking link: h t t p://greatsoon.com/
No recent reports, no history available
Cannot resolve h t t p://greatsoon.com/
Tracking link: h t t p://soongreat.com/
No recent reports, no history available
Cannot resolve h t t p://soongreat.com/
Tracking link: h t t p://laterwater.com/
No recent reports, no history available
Cannot resolve h t t p://laterwater.com/
Tracking link: h t t p://latersea.com/
No recent reports, no history available
Cannot resolve h t t p://latersea.com/
Tracking link: h t t p://seaold.com/
No recent reports, no history available
Cannot resolve h t t p://seaold.com/
moderator edit to break unnecessary clickable links
Full Version: Discarded as fake
QUOTE(sickofspam @ May 30 2009, 03:24 PM) 
ALL the links below lead to some Acai Berry spam page. ALL the links are
discarded as fake - everyone of them. What is going on here - and how
does this spammer get away with having his link unresolved?
discarded as fake - everyone of them. What is going on here - and how
does this spammer get away with having his link unresolved?
At the top of this page, you will find a "search for" box. Type "discarded as fake" into it and hit "go;" this will return nearly 200 links to posts here describing this issue (which is very commonly discussed here).
The answer to your question boils down to this:
- SpamCop is a service for tracing, reporting, and blocklisting sources of spam mail.
- Tracing and reporting spam websites is only a secondary mission of SpamCop.
- Tracing and reporting websites takes many more resources and much more time than simply finding mail sources. This activity is also much more prone to ambiguity and inaccuracy for reasons noted elsewhere on this board.
- Spammers often host their sites on botnets, which traditionally have very slow and rickety name service. SpamCop cannot afford to wait on these slow nameservers, so it will time out after a very short period and delcare the site to be "fake" (however incorrectly).
- There are other services that are better situated to deal effectively with spam websites, if SpamCop does not meet your expectations.
-- rick
Moderator Edit: I can't come up with any valid reason why "you" would start a second Topic on the exactly the same subject as your last "new" Topic, going so far as to even duplicate the Title .... and then not reference any of the "study material" suggested in that previous Topic/Discussion. Merged this "new" Topic right into your previous Topic/Discussion.
I've seen posts about this before, but I've yet to find an explanation as to why some links are "DISCARDED AS FAKE" - yet they bring you right to the spammer's web site.
Can someone explain what is going on here, and how this spammer is getting away with detection on ALL THESE LINKS?
NOTE: I added -- in the link so as not to give the spammer linkbacks.
Tracking message source: 62.29.74.87:
Routing details for 62.29.74.87
[refresh/show] Cached whois for 62.29.74.87 : ender.erenoglu[at]dogantelekom.com ripe[at]dol.com.tr salih.ergulen[at]dogantelekom.com ripe[at]dogantelekom.com suat.altintas[at]dogantelekom.com
Using last resort contacts ender.erenoglu[at]dogantelekom.com ripe[at]dol.com.tr salih.ergulen[at]dogantelekom.com ripe[at]dogantelekom.com suat.altintas[at]dogantelekom.com
Yum, this spam is fresh!
Message is 2 hours old
62.29.74.87 not listed in dnsbl.njabl.org ( 127.0.0.8 )
62.29.74.87 not listed in dnsbl.njabl.org ( 127.0.0.9 )
62.29.74.87 listed in cbl.abuseat.org ( 127.0.0.2 )
62.29.74.87 is an open proxy
62.29.74.87 not listed in accredit.habeas.com
62.29.74.87 not listed in plus.bondedsender.org
62.29.74.87 not listed in iadb.isipp.com
Finding links in message body
Parsing HTML part
Resolving link obfuscation
http://--Os0Mh.tellshe.com/
http://--AJ7nd.tellshe.com/
http://--do89L.tellshe.com/
http://--VyPuL.tellshe.com/
http://--bgM5N.fieldwinner.com/
Host --bgm5n.fieldwinner.com (checking ip) = 58.17.3.41
host 58.17.3.41 (getting name) no name
http://--0cSFx.washshe.com/
Host --0csfx.washshe.com (checking ip) IP not found ; --0csfx.washshe.com discarded as fake.
http://--mKEn8.himhour.com/
Host --mken8.himhour.com (checking ip) IP not found ; --mken8.himhour.com discarded as fake.
http://--nRu59.tellshe.com
http://--LEAz.tellshe.com/
http://--teBpd.tellshe.com/
http://--WQkon.washshe.com/
Host --wqkon.washshe.com (checking ip) IP not found ; --wqkon.washshe.com discarded as fake.
Tracking link: http://0cSFx.washshe.com/
No recent reports, no history available
Cannot resolve http://--0cSFx.washshe.com/
I've seen posts about this before, but I've yet to find an explanation as to why some links are "DISCARDED AS FAKE" - yet they bring you right to the spammer's web site.
Can someone explain what is going on here, and how this spammer is getting away with detection on ALL THESE LINKS?
NOTE: I added -- in the link so as not to give the spammer linkbacks.
Tracking message source: 62.29.74.87:
Routing details for 62.29.74.87
[refresh/show] Cached whois for 62.29.74.87 : ender.erenoglu[at]dogantelekom.com ripe[at]dol.com.tr salih.ergulen[at]dogantelekom.com ripe[at]dogantelekom.com suat.altintas[at]dogantelekom.com
Using last resort contacts ender.erenoglu[at]dogantelekom.com ripe[at]dol.com.tr salih.ergulen[at]dogantelekom.com ripe[at]dogantelekom.com suat.altintas[at]dogantelekom.com
Yum, this spam is fresh!
Message is 2 hours old
62.29.74.87 not listed in dnsbl.njabl.org ( 127.0.0.8 )
62.29.74.87 not listed in dnsbl.njabl.org ( 127.0.0.9 )
62.29.74.87 listed in cbl.abuseat.org ( 127.0.0.2 )
62.29.74.87 is an open proxy
62.29.74.87 not listed in accredit.habeas.com
62.29.74.87 not listed in plus.bondedsender.org
62.29.74.87 not listed in iadb.isipp.com
Finding links in message body
Parsing HTML part
Resolving link obfuscation
http://--Os0Mh.tellshe.com/
http://--AJ7nd.tellshe.com/
http://--do89L.tellshe.com/
http://--VyPuL.tellshe.com/
http://--bgM5N.fieldwinner.com/
Host --bgm5n.fieldwinner.com (checking ip) = 58.17.3.41
host 58.17.3.41 (getting name) no name
http://--0cSFx.washshe.com/
Host --0csfx.washshe.com (checking ip) IP not found ; --0csfx.washshe.com discarded as fake.
http://--mKEn8.himhour.com/
Host --mken8.himhour.com (checking ip) IP not found ; --mken8.himhour.com discarded as fake.
http://--nRu59.tellshe.com
http://--LEAz.tellshe.com/
http://--teBpd.tellshe.com/
http://--WQkon.washshe.com/
Host --wqkon.washshe.com (checking ip) IP not found ; --wqkon.washshe.com discarded as fake.
Tracking link: http://0cSFx.washshe.com/
No recent reports, no history available
Cannot resolve http://--0cSFx.washshe.com/
QUOTE
I've seen posts about this before, but I've yet to find an explanation as to why some links are "DISCARDED AS FAKE" - yet they bring you right to the spammer's web site.
Check the Wiki as yet another source of data .... "fastflux" is but one item to "actually read" .. "botnet" is yet another.
QUOTE
Can someone explain what is going on here, and how this spammer is getting away with detection on ALL THESE LINKS?
Tracking link: http://0cSFx.washshe.com/
Tracking link: http://0cSFx.washshe.com/
Just wondering where you got the idea that what you offered up is a Tracking URL ... a term defined in every reasonably successful parse result, the SpamCop FAQ, the Dictionary, the Glossary, the Wiki and thousands of previous Posts/Discussions already existing.
Can't help but note that all of your 'examples' are sub-domains ... suggesting the possibilty of the oft-described (in the same places already referenced) of things like blocking of some IP Addresses trying to do look-ups, the fastflux crap mentioned above, extremely slow DNS servers, on and on .. again, this is something pretty much beat to death, sorry you can't seem to 'find anything' about it.
Note the differing results as a function of time;
06/01/09 05:58:34 dig nRu59.tellshe.com @ 208.67.220.220
Dig nRu59.tellshe.com[at]208.67.220.220 ...
Non-authoritative answer
Recursive queries supported by this server
Query for nRu59.tellshe.com type=255 class=1
nRu59.tellshe.com A (Address) 60.191.239.181
nRu59.tellshe.com A (Address) 58.17.3.41
nRu59.tellshe.com A (Address) 61.191.63.150
nRu59.tellshe.com A (Address) 203.93.208.86
06/01/09 06:29:09 dig nRu59.tellshe.com @ 208.67.220.220
Dig nRu59.tellshe.com[at]208.67.220.220 ...
Non-authoritative answer
Recursive queries supported by this server
Query for nRu59.tellshe.com type=255 class=1
nRu59.tellshe.com A (Address) 203.93.208.86
nRu59.tellshe.com A (Address) 60.191.239.181
nRu59.tellshe.com A (Address) 58.17.3.41
nRu59.tellshe.com A (Address) 61.191.63.150
06/01/09 06:32:32 dig nRu59.tellshe.com @ 208.67.220.220
Dig nRu59.tellshe.com[at]208.67.220.220 ...
Non-authoritative answer
Recursive queries supported by this server
Query for nRu59.tellshe.com type=255 class=1
nRu59.tellshe.com A (Address) 61.191.63.150
nRu59.tellshe.com A (Address) 203.93.208.86
nRu59.tellshe.com A (Address) 60.191.239.181
nRu59.tellshe.com A (Address) 58.17.3.41
06/01/09 06:00:01 Browsing http://0cSFx.washshe.com/
No such server as 0cSFx.washshe.com
on and on ....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.