Jump to content
Sign in to follow this  
Followers 0
get-even

Multiple 'A' records for spam web site

By get-even, in SpamCop Reporting Help

Recommended Posts

get-even    0

get-even
Posted

In the part few days, several spam messages have contained web sites with multiple 'A' records in

their DNS. The SpamCop parser seem to only report/track the first one found, This reduces the

number of reports for a address by the number of distict 'A' records.

Example:

% nslookup -type=any www.substations.nbikgebj.info first.nokkauma.biz.

Server: first.nokkauma.biz.

Address: 65.203.151.193#53

Name: www.substations.nbikgebj.info

Address: 222.223.134.42

Name: www.substations.nbikgebj.info

Address: 202.102.230.37

Name: www.substations.nbikgebj.info

Address: 65.203.151.192

and for tracking purposes, in the part few minutes:

http://www.spamcop.net/sc?id=z707174640z33...0889565379a063z

http://www.spamcop.net/sc?id=z707174792z84...04c9c45a8da10cz

http://www.spamcop.net/sc?id=z707174870zc0...cecc1ac3f8033bz

Note some others have had as many as 6 'A' records (they are distict servers, but seem to contain

the same "pages" - also, not always are all of the 'A' valid or "up")

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing SpamCop Reporting Help
×