remay Posted September 20, 2004 Share Posted September 20, 2004 When reporting spam for hotfunsingles.com, spamcop failed to gather the IP address for the domain, so did not allow me to report it. I retried several times, but to no avail. I had no difficulties tracerouting the domain and going to the website in the spam before and after the report was made, so I don't understand why spamcop couldn't detect it correctly. Here is the spam report: http://www.spamcop.net/sc?id=z672870723zf7...5b1f5e667aaa09z traceroute to HOTFUNSINGLES.COM (61.240.131.191), 21 61.240.131.191 (61.240.131.191) 467.743 ms Link to comment Share on other sites More sharing options...
Wazoo Posted September 20, 2004 Share Posted September 20, 2004 A couple of things; your spam submittal seems to be missing some header lines, specifically the Content-Type: description. (though noting that this could be a spammer construct, but .....) Hitting the web page in question finds that it is nothing more than a re-direct anyway, so I'd bet it'll be gone as soon as the next spam run gets started; 09/20/04 15:47:42 Browsing http://www.hotfunsingles.com/ck.html Fetching http://www.hotfunsingles.com/ck.html ... GET /ck.html HTTP/1.1 <head> <title>Meta Redirect Code</title> <meta http-equiv="refresh" content="0;url=http://www.amateurmatch.com/index.php?ainfo=MzY1fDE="> </head> DNS data doesn't lead one to go with a permanent location, so perhaps there's a bit of subterfuge going on there, with the look-up results changing, so depending on when a request gets made (or even some IP blocking going on to prevent some folks from accessing the page? ::Name Servers:: ns1.mysharedhosting.info ns2.mysharedhosting.info ns3.mysharedhosting.info ns4.mysharedhosting.info and you just don't get much better than this for Registration data; whois -h whois.crsnic.net hotfunsingles.com ... Redirecting to YESNIC CO. LTD. whois -h whois.yesnic.com hotfunsingles.com ... ::Registrant:: Name : LIONEL RICHIE Email : bulkmails[at]126.com Address : Costal Road 32 Zipcode : 1444 Nation : AW Tel : 144-754 Link to comment Share on other sites More sharing options...
dbiel Posted September 21, 2004 Share Posted September 21, 2004 When reporting spam for hotfunsingles.com, spamcop failed to gather the IP address for the domain, so did not allow me to report it. I retried several times, but to no avail. I had no difficulties tracerouting the domain and going to the website in the spam before and after the report was made, so I don't understand why spamcop couldn't detect it correctly. Here is the spam report: http://www.spamcop.net/sc?id=z672870723zf7...5b1f5e667aaa09z traceroute to HOTFUNSINGLES.COM (61.240.131.191), 21 61.240.131.191 (61.240.131.191) 467.743 ms 17422[/snapback] A bit confused by your questionTracking link: http://www.hotfunsingles.com/ck.html [report history] Resolves to 61.240.131.191 Running the parse now the IP is clearly listed. Hard to say what was going on when you ran the orignal parse. Link to comment Share on other sites More sharing options...
DavidT Posted September 21, 2004 Share Posted September 21, 2004 When I visited the Tracking URL this mornig, I saw the same error that remay reported, so I think there might have been some DNS issues. DT Link to comment Share on other sites More sharing options...
ortonmc Posted September 23, 2004 Share Posted September 23, 2004 When I visited the Tracking URL this mornig, I saw the same error that remay reported, so I think there might have been some DNS issues. I'm having a similar problem this morning with www.her-bal.com. SpamCop says "Cannot resolve www.her-bal.com", but I can resolve it from here. -Mark- Link to comment Share on other sites More sharing options...
Wazoo Posted September 23, 2004 Share Posted September 23, 2004 I'm having a similar problem this morning with www.her-bal.com. SpamCop says "Cannot resolve www.her-bal.com", but I can resolve it from here. Tracking URL? Link to comment Share on other sites More sharing options...
Ellen Posted September 23, 2004 Share Posted September 23, 2004 I'm having a similar problem this morning with www.her-bal.com. SpamCop says "Cannot resolve www.her-bal.com", but I can resolve it from here. -Mark- 17625[/snapback] it's resolving now -- I notice the TTL is 666 and so it may be moving around. Link to comment Share on other sites More sharing options...
ortonmc Posted October 21, 2004 Share Posted October 21, 2004 Tracking URL? 17626[/snapback] Here's a similar, more recent one: http://members.spamcop.net/sc?id=z68444008...dd4ff44cfb95a4z At the moment, SpamCop says it can't resolve anorthic.antispywarecoer.com and effort.antispywarecoer.com. But from my PC they resolve and load just fine. I've waited about an hour since I submitted it, but it hasn't changed. Link to comment Share on other sites More sharing options...
Wazoo Posted October 21, 2004 Share Posted October 21, 2004 At the time of my look at your sample; Resolving link obfuscation http://anorthic.antispywarecoer.com/discon host 221.11.133.66 (getting name) no name http://effort.antispywarecoer.com Tracking link: http://anorthic.antispywarecoer.com/discon No recent reports, no history available Resolves to 221.11.133.66 Routing details for 221.11.133.66 [refresh/show] Cached whois for 221.11.133.66 : abuse[at]cnc-noc.net Using abuse net on abuse[at]cnc-noc.net abuse net cnc-noc.net = abuse[at]cnc-noc.net, postmaster[at]cnc-noc.net Using best contacts abuse[at]cnc-noc.net postmaster[at]cnc-noc.net postmaster[at]cnc-noc.net bounces (6 sent : 6 bounces) Using postmaster#cnc-noc.net[at]devnull.spamcop.net for statistical tracking. Tracking link: http://effort.antispywarecoer.com No recent reports, no history available Cannot resolve http://effort.antispywarecoer.com would go with DNS issues and caching ... but; 10/21/04 13:17:34 Slow traceroute effort.antispywarecoer.com Trace effort.antispywarecoer.com (221.11.133.66) ... 10/21/04 13:09:37 Browsing http://effort.antispywarecoer.com Fetching http://effort.antispywarecoer.com/ ... GET / HTTP/1.1 Host: effort.antispywarecoer.com HTTP/1.1 200 OK Date: Thu, 21 Oct 2004 18:12:26 GMT Server: Apache/2.0.51 (Unix) DAV/2 PHP/4.3.9 X-Powered-By: PHP/4.3.9 Expires: Mon, 26 Jul 1997 05:00:00 GMT Last-Modified: Thu, 21 Oct 2004 18:12:26 GMT ..... var popWin = confirm("Click OK to download our FREE Spyware Scanner software while browsing the site"); if (popWin) { window.location.href = 'download.php?id=kez769'; } yeah, right .... on the other hand; whois -h whois.crsnic.net antispywarecoer.com ... Redirecting to TUCOWS INC. whois -h whois.opensrs.net antispywarecoer.com ... Registrant: APRM Inc 195 Piper Court Fairfax, CA 94930 US Domain name: ANTISPYWARECOER.COM Administrative Contact: Alan Taylor, David davidalan[at]gawab.com 195 Piper Court Fairfax, CA 94930 US +1.4154571656 Technical Contact: Alan Taylor, David davidalan[at]gawab.com 195 Piper Court Fairfax, CA 94930 US +1.4154571656 Registrar of Record: TUCOWS, INC. Record last updated on 21-Oct-2004. Record expires on 10-Oct-2005. Record created on 10-Oct-2004. Domain servers in listed order: NS4.ILUVDNS.COM 200.184.84.213 NS6.123MYDNS.COM 221.11.133.64 This guy is a long way from China, and the use of those "interesting" DNS servers also suggests a few things. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 21, 2004 Share Posted October 21, 2004 I too get a report attempt only to: Re: http://effort.antispywarecoer.com (Administrator of network hosting website referenced in spam) To: abuse[at]cnc-noc.net (Notes) To: postmaster#cnc-noc.net[at]devnull.spamcop.net (Notes) Also you should either report that or cancel it before someone does it for you which may not be the correct answer. Link to comment Share on other sites More sharing options...
dra007 Posted October 21, 2004 Share Posted October 21, 2004 I get a lot of devnulling of <<cnc-noc.net>>. Spamhaus lists them as a rogue domain. Link to comment Share on other sites More sharing options...
bdurrett Posted November 12, 2004 Share Posted November 12, 2004 Here is another instance where Spamcop says that the domain can't resolve. These gonks are spamming for people to "Win a Green Card" (never mind that I am already a US Citizen by birth)! Tracking Link: http://www.spamcop.net/sc?id=z691466124zf7...a9f533655174a8z Domain name is usa-vista.com "Allwhois" gives the following information on the site (gotta love those DNS Server Names and the Registrar ). Also check out the "last updated on" field : Registrant: ivanov po box 5032 kiev, ua 65000 UA Domain name: USA-VISTA.COM Administrative Contact: ivanov, ivan info[at]q-h.ru po box 5032 kiev, ua 65000 UA +38.0503160000 Technical Contact: ivanov, ivan info[at]q-h.ru po box 5032 kiev, ua 65000 UA +38.0503160000 Registrar of Record: TUCOWS, INC. Record last updated on 09-Nov-2004. Record expires on 26-Sep-2005. Record created on 26-Sep-2004. Domain servers in listed order: NS6.DNSISGREAT.COM 221.11.133.64 NS7.4GREATDNS.COM 219.138.131.36 Domain status: ACTIVE Link to comment Share on other sites More sharing options...
turetzsr Posted November 12, 2004 Share Posted November 12, 2004 Here is another instance where Spamcop says that the domain can't resolve. <snip> 20101[/snapback] ...Looks okay to me:<snip> Tracking message source: 24.218.1.187: Routing details for 24.218.1.187 [refresh/show] Cached whois for 24.218.1.187 : abuse[at]comcast.net <snip> Reports regarding this spam have already been sent: Re: 24.218.1.187 (Administrator of network where email originates) Reportid: 1287512353 To: abuse[at]comcast.net <snip> Link to comment Share on other sites More sharing options...
Jeff G. Posted November 12, 2004 Share Posted November 12, 2004 Current results are as follows: Resolving link obfuscation http://gluey.usa-vista.com/?aid host 195.95.204.15 (getting name) no name Tracking link: http://gluey.usa-vista.com/?aid No recent reports, no history available Resolves to 195.95.204.15 Routing details for 195.95.204.15 [refresh/show] Cached whois for 195.95.204.15 : pavol.cvengros[at]primeinteractive.net Using last resort contacts pavol.cvengros[at]primeinteractive.net ... Re: http://gluey.usa-vista.com/?aid (Administrator of network hosting website referenced in spam) pavol.cvengros[at]primeinteractive.net When the Parser reports "Cannot resolve $SPAMMYURL", I usually hit "Refresh" a few times. If it still doesn't resolve, I: try to use other tools to resolve it, including SSW, nslookup, and occasionally ping and dig; use the Parser on the resulting IP Address or CNAME (alias) in a separate window; and add the resulting suggested Reporting address(es) to the User Notification Section. If the User Notification Section is full or you are not a paying customer (or you are helping someone who is not a paying customer), I'd suggest sending a Manual Report. Link to comment Share on other sites More sharing options...
bdurrett Posted November 15, 2004 Share Posted November 15, 2004 Current results are as follows: When the Parser reports "Cannot resolve $SPAMMYURL", I usually hit "Refresh" a few times. If it still doesn't resolve, I: try to use other tools to resolve it, including SSW, nslookup, and occasionally ping and dig; use the Parser on the resulting IP Address or CNAME (alias) in a separate window; and add the resulting suggested Reporting address(es) to the User Notification Section. If the User Notification Section is full or you are not a paying customer (or you are helping someone who is not a paying customer), I'd suggest sending a Manual Report. 20108[/snapback] Thanks Jeff, I will give that a try. I didn't want to go bashing the Parser because it failed to resolve but, if the refresh works, I will give it a chance.... Cheers, Bret Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.