Jump to content
Sign in to follow this  
paul101

Spam evading Spamcop filters

Recommended Posts

Greetings:

I'm not sure exactly where to post this, so I made my best guess. Please move this post to the correct forum if I goofed.

This spam is interesting because it evaded both Spamcop filters and our own domain filters. Unlike the vast majority of spam sent to our Spamcop email address these days, this spam punched through to our real inbox. That's why I'm taking the time to alert Spamcop admins about it. I hope the following info is useful.

Two copies of this spam arrived today, with a JPEG attachment referencing a website called colomby.net.

Let us know if Spamcop needs additional info to help block these criminals.

-----

Examine spam version 1 at:

http://www.spamcop.net/sc?id=z901092431z42...9b829d727bb237z

Examine spam version 2 at:

http://www.spamcop.net/sc?id=z900915847z15...ce161ff9552bb5z

-----

Here's some additional basic Whois info we collected regarding this spam:

domain: colomby.net

owner: Vladimir Mironov

email: whois[at]rattlings.com

address: Abonensky yashik 16

city: Moscow

state: --

postal-code: 117525

country: RU

phone: +7095.2349449

admin-c: whois[at]rattlings.com#1

tech-c: whois[at]rattlings.com#1

billing-c: whois[at]rattlings.com#1

nserver: ns1.unmnemonic.net 58.56.12.77

nserver: ns2.unmnemonic.net 58.56.12.77

status: lock

created: 2006-03-10 14:23:12 UTC

modified: 2006-03-14 14:06:24 UTC

expires: 2007-03-10 09:19:43 UTC

source: joker.com live whois service

query-time: 0.020415

db-updated: 2006-03-19 17:28:21

-----

domain: unmnemonic.net

owner: Vladimir Mironov

email: whois[at]rattlings.com

address: Abonensky yashik 16

city: Moscow

state: --

postal-code: 117525

country: RU

phone: +7095.2349449

admin-c: whois[at]rattlings.com#1

tech-c: whois[at]rattlings.com#1

billing-c: whois[at]rattlings.com#1

nserver: a.ns.joker.com 194.176.0.2

nserver: b.ns.joker.com 194.245.101.19

nserver: c.ns.joker.com 194.245.50.1

status: lock

created: 2006-03-10 14:23:03 UTC

modified: 2006-03-14 14:02:28 UTC

expires: 2007-03-10 09:19:35 UTC

source: joker.com live whois service

query-time: 0.016137

db-updated: 2006-03-19 17:30:13

-----

inetnum: 194.176.0.0 - 194.176.0.255

netname: CSL-194-176-0

descr: CSL Computer Service Langenbach GmbH

descr: Hansaallee 191-193

descr: D-40549 Duesseldorf

country: DE

admin-c: CSL6-RIPE

tech-c: CSL6-RIPE

rev-srv: a.ns.joker.com

rev-srv: b.ns.joker.com

rev-srv: c.ns.joker.com

status: ASSIGNED PA

mnt-by: CSL-MNT

source: RIPE # Filtered

role: CSL Computer Service Langenbach GmbH

address: Hansaallee 191-193

D-40549 Duesseldorf

Germany

e-mail: noc[at]nrw.net

admin-c: JL1322-RIPE

tech-c: UO86-RIPE

nic-hdl: CSL6-RIPE

remarks: ***************************************************

remarks: * Please use abuse[at]nrw.net for reporting abuse... *

remarks: ***************************************************

source: RIPE # Filtered

% Information related to '194.176.0.0/19AS5517'

route: 194.176.0.0/19

descr: CSL

origin: AS5517

mnt-by: CSL-MNT

source: RIPE # Filtered

Share this post


Link to post
Share on other sites
Greetings:

I'm not sure exactly where to post this, so I made my best guess. Please move this post to the correct forum if I goofed.

Two copies of this spam arrived today, with a JPEG attachment referencing a website called colomby.net.

-----

Examine spam version 1 at:

http://www.spamcop.net/sc?id=z901092431z42...9b829d727bb237z

41437[/snapback]

Number 1 is being sent through a mailserver not stamping the IP source which is going to wake the owner of that IP soon as SpamCop lists it

The domain you mentioned has Joker as the registrar

Report this domain to Joker by clicking here

Joker will check the site out and close it down if they spam and or their registrar info is false (ask SpamCop :excl: )

Number 2 is listed by SpamCop

Share this post


Link to post
Share on other sites

Thanks for the quick reply and info, petzl. I'll pass this along. We've never had much luck reporting spam to Joker. Joker seems to be more interested in profits than ethics. In any case, we'll save a copy of all relevant files for any agency that might find them useful.

Share this post


Link to post
Share on other sites
Thanks for the quick reply and info, petzl. I'll pass this along. We've never had much luck reporting spam to Joker. Joker seems to be more interested in profits than ethics. In any case, we'll save a copy of all relevant files for any agency that might find them useful.

41443[/snapback]

I have found Joker to be responsive?

If Joker have changed their ways you can then complian to ICANN which can result in a register being hurt

Share this post


Link to post
Share on other sites
Number 1 is being sent through a mailserver not stamping the IP source which is going to wake the owner of that IP soon as SpamCop lists it

The domain you mentioned has Joker as the registrar

Report this domain to Joker by clicking here

Joker will check the site out and close it down if they spam and or their registrar info is false (ask SpamCop :excl: )

Number 2 is listed by SpamCop

41438[/snapback]

yes I got one to:

There is nonsense mulitiline part of text... kind of story and on the end

is JPG pic with offer to go to

http://spottier.com

Just to mention that I have been getting this kind of mails alot lately with different

spam links. All is reffered to joker.com

who is on spottier.com tells me his registrar is joker.com and the person, owner of all of those spam urls is one man:

domain: spottier.com

owner: Vladimir Mironov

email: whois[at]rattlings.com

address: Abonensky yashik 16

city: Moscow

state: --

postal-code: 117525

country: RU

phone: +7095.2349449

I reported it to joker.com and lets hope they will cut down their services to that dude....

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×