priruss Posted August 25, 2013 Share Posted August 25, 2013 tippingthescalesinyourflavor.com myfastsaleclick.com ourpossibilitiesareendlesss.com everythinghereischeaper.com areyoureadyformassivesavings.com And many many more. spam complaints to these entities go to the titled email address and subsequently straight into the bit bucket. Is this a spam gang who just registered a bunch of dot coms with some poor schlub's email address? Link to comment Share on other sites More sharing options...
petzl Posted August 25, 2013 Share Posted August 25, 2013 tippingthescalesinyourflavor.com myfastsaleclick.com ourpossibilitiesareendlesss.com everythinghereischeaper.com areyoureadyformassivesavings.com And many many more. spam complaints to these entities go to the titled email address and subsequently straight into the bit bucket. Is this a spam gang who just registered a bunch of dot coms with some poor schlub's email address? Clue "us" in by supplying a SpamCop tracking URL or an IP or two Link to comment Share on other sites More sharing options...
priruss Posted August 26, 2013 Author Share Posted August 26, 2013 Clue "us" in by supplying a SpamCop tracking URL or an IP or two My feet are like wings/your wish is my command/et al. http://www.spamcop.net/sc?track=http%3A%2F...TCHAZTIMBVGU%2F 157.231.100.50 http://www.spamcop.net/sc?track=http%3A%2F...DQZRQMNRGCZQ%2F 157.231.100.50 http://www.spamcop.net/sc?track=http%3A%2F...CYZZGY2WCY3F%2F 157.231.100.51 http://www.spamcop.net/sc?track=http%3A%2F...KNJUGYYTGYRU%2F 157.231.100.51 Link to comment Share on other sites More sharing options...
Farelf Posted August 26, 2013 Share Posted August 26, 2013 ...spam complaints to these entities go to the titled email address and subsequently straight into the bit bucket. Is this a spam gang who just registered a bunch of dot coms with some poor schlub's email address?Not QUITE that simple, SpamCop always finds a formal abuse record, or else declares "no master" - look at the parses (there will be a test later the double marks question "What is a SpamCop Tracking URL??). You will see the abuse address comes from the ARIN database: # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=157.231.100.50?showDetails=true&showARIN=false&ext=netref2 NetRange: 157.231.0.0 - 157.231.255.255 CIDR: 157.231.0.0/16 OriginAS: NetName: HDS0 NetHandle: NET-157-231-0-0-1 Parent: NET-157-0-0-0-0 NetType: Direct Assignment RegDate: 1992-01-31 Updated: 1992-01-31 ... OrgAbuseHandle: GN45-ARIN OrgAbuseName: Niemiec, Greg OrgAbusePhone: +1-205-416-4581 OrgAbuseEmail: niemiec[at]aflmc.ssc.af.mil OrgAbuseRef: http://whois.arin.net/rest/poc/GN45-ARIN OrgAbuseHandle: BE222-ARIN OrgAbuseName: Entwistle, Bruce OrgAbusePhone: +1-866-454-8385 OrgAbuseEmail: bruce_entwistle[at]hdsc.com OrgAbuseRef: http://whois.arin.net/rest/poc/BE222-ARIN ... Doesn't look like either address is presently a valid, deliverable one. Looks like this piece of netspace is quite firmly in the grip of the bad guys. Link to comment Share on other sites More sharing options...
petzl Posted August 26, 2013 Share Posted August 26, 2013 OrgAbusePhone: +1-205-416-4581 OrgAbuseEmail: niemiec[at]aflmc.ssc.af.mil OrgAbuseRef: http://whois.arin.net/rest/poc/GN45-ARIN OrgAbuseHandle: BE222-ARIN OrgAbuseName: Entwistle, Bruce OrgAbusePhone: +1-866-454-8385 OrgAbuseEmail: bruce_entwistle[at]hdsc.com OrgAbuseRef: http://whois.arin.net/rest/poc/BE222-ARIN ... Doesn't look like either address is presently a valid, deliverable one. Looks like this piece of netspace is quite firmly in the grip of the bad guys. Refreshed SpamCops cache Pay to add manually add "spam[at]uce.gov" Link to comment Share on other sites More sharing options...
priruss Posted August 26, 2013 Author Share Posted August 26, 2013 Refreshed SpamCops cache Pay to add manually add "spam[at]uce.gov" Gladly. Consider it my thanks for the assist. Link to comment Share on other sites More sharing options...
mrmaxx Posted December 14, 2013 Share Posted December 14, 2013 Currently a traceroute from Canada and HongKong goes through Hostwinds.com. I'm going to LART them to see if they will do anything. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.