Greetings:
I'm not sure exactly where to post this, so I made my best guess. Please move this post to the correct forum if I goofed.
This spam is interesting because it evaded both Spamcop filters and our own domain filters. Unlike the vast majority of spam sent to our Spamcop email address these days, this spam punched through to our real inbox. That's why I'm taking the time to alert Spamcop admins about it. I hope the following info is useful.
Two copies of this spam arrived today, with a JPEG attachment referencing a website called colomby.net.
Let us know if Spamcop needs additional info to help block these criminals.
-----
Examine spam version 1 at:
http://www.spamcop.net/sc?id=z901092431z42...9b829d727bb237z
Examine spam version 2 at:
http://www.spamcop.net/sc?id=z900915847z15...ce161ff9552bb5z
-----
Here's some additional basic Whois info we collected regarding this spam:
domain: colomby.net
owner: Vladimir Mironov
email: whois[at]rattlings.com
address: Abonensky yashik 16
city: Moscow
state: --
postal-code: 117525
country: RU
phone: +7095.2349449
admin-c: whois[at]rattlings.com#1
tech-c: whois[at]rattlings.com#1
billing-c: whois[at]rattlings.com#1
nserver: ns1.unmnemonic.net 58.56.12.77
nserver: ns2.unmnemonic.net 58.56.12.77
status: lock
created: 2006-03-10 14:23:12 UTC
modified: 2006-03-14 14:06:24 UTC
expires: 2007-03-10 09:19:43 UTC
source: joker.com live whois service
query-time: 0.020415
db-updated: 2006-03-19 17:28:21
-----
domain: unmnemonic.net
owner: Vladimir Mironov
email: whois[at]rattlings.com
address: Abonensky yashik 16
city: Moscow
state: --
postal-code: 117525
country: RU
phone: +7095.2349449
admin-c: whois[at]rattlings.com#1
tech-c: whois[at]rattlings.com#1
billing-c: whois[at]rattlings.com#1
nserver: a.ns.joker.com 194.176.0.2
nserver: b.ns.joker.com 194.245.101.19
nserver: c.ns.joker.com 194.245.50.1
status: lock
created: 2006-03-10 14:23:03 UTC
modified: 2006-03-14 14:02:28 UTC
expires: 2007-03-10 09:19:35 UTC
source: joker.com live whois service
query-time: 0.016137
db-updated: 2006-03-19 17:30:13
-----
inetnum: 194.176.0.0 - 194.176.0.255
netname: CSL-194-176-0
descr: CSL Computer Service Langenbach GmbH
descr: Hansaallee 191-193
descr: D-40549 Duesseldorf
country: DE
admin-c: CSL6-RIPE
tech-c: CSL6-RIPE
rev-srv: a.ns.joker.com
rev-srv: b.ns.joker.com
rev-srv: c.ns.joker.com
status: ASSIGNED PA
mnt-by: CSL-MNT
source: RIPE # Filtered
role: CSL Computer Service Langenbach GmbH
address: Hansaallee 191-193
D-40549 Duesseldorf
Germany
e-mail: noc[at]nrw.net
admin-c: JL1322-RIPE
tech-c: UO86-RIPE
nic-hdl: CSL6-RIPE
remarks: ***************************************************
remarks: * Please use abuse[at]nrw.net for reporting abuse... *
remarks: ***************************************************
source: RIPE # Filtered
% Information related to '194.176.0.0/19AS5517'
route: 194.176.0.0/19
descr: CSL
origin: AS5517
mnt-by: CSL-MNT
source: RIPE # Filtered
Full Version: Spam evading Spamcop filters
QUOTE(paul101 @ Mar 20 2006, 01:49 AM)
Greetings:
I'm not sure exactly where to post this, so I made my best guess. Please move this post to the correct forum if I goofed.
Two copies of this spam arrived today, with a JPEG attachment referencing a website called colomby.net.
-----
Examine spam version 1 at:
http://www.spamcop.net/sc?id=z901092431z42...9b829d727bb237z
I'm not sure exactly where to post this, so I made my best guess. Please move this post to the correct forum if I goofed.
Two copies of this spam arrived today, with a JPEG attachment referencing a website called colomby.net.
-----
Examine spam version 1 at:
http://www.spamcop.net/sc?id=z901092431z42...9b829d727bb237z
Number 1 is being sent through a mailserver not stamping the IP source which is going to wake the owner of that IP soon as SpamCop lists it
The domain you mentioned has Joker as the registrar
Report this domain to Joker by clicking here
Joker will check the site out and close it down if they spam and or their registrar info is false (ask SpamCop
)Number 2 is listed by SpamCop
Thanks for the quick reply and info, petzl. I'll pass this along. We've never had much luck reporting spam to Joker. Joker seems to be more interested in profits than ethics. In any case, we'll save a copy of all relevant files for any agency that might find them useful.
QUOTE(paul101 @ Mar 20 2006, 10:41 AM)
Thanks for the quick reply and info, petzl. I'll pass this along. We've never had much luck reporting spam to Joker. Joker seems to be more interested in profits than ethics. In any case, we'll save a copy of all relevant files for any agency that might find them useful.
I have found Joker to be responsive?
If Joker have changed their ways you can then complian to ICANN which can result in a register being hurt
QUOTE(petzl @ Mar 20 2006, 02:43 AM)
Number 1 is being sent through a mailserver not stamping the IP source which is going to wake the owner of that IP soon as SpamCop lists it
The domain you mentioned has Joker as the registrar
Report this domain to Joker by clicking here
Joker will check the site out and close it down if they spam and or their registrar info is false (ask SpamCop )
Number 2 is listed by SpamCop
The domain you mentioned has Joker as the registrar
Report this domain to Joker by clicking here
Joker will check the site out and close it down if they spam and or their registrar info is false (ask SpamCop
)Number 2 is listed by SpamCop
yes I got one to:
There is nonsense mulitiline part of text... kind of story and on the end
is JPG pic with offer to go to
http://spottier.com
Just to mention that I have been getting this kind of mails alot lately with different
spam links. All is reffered to joker.com
who is on spottier.com tells me his registrar is joker.com and the person, owner of all of those spam urls is one man:
domain: spottier.com
owner: Vladimir Mironov
email: whois[at]rattlings.com
address: Abonensky yashik 16
city: Moscow
state: --
postal-code: 117525
country: RU
phone: +7095.2349449
I reported it to joker.com and lets hope they will cut down their services to that dude....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.