Jump to content
Sign in to follow this  
navybuff

Not Parsing Iran IP Addresses

Recommended Posts

hxxp://withfulls.com/ & hxxp://trevormuss.com/ are both the same IP address and indicate they are in Iran at 217.218.235.6

For 3 days I have been getting 50 or 60 emails per day and not a single one has parsed correctly and produced the correct (or any for that matter) IP address. If I traceroute and do a whois I have no problems discovering the details, why is SC not doing this?

Thanks,

Delivered-To: x

Received: by 10.78.193.4 with SMTP id q4cs1061321huf;

Sun, 31 Dec 2006 06:35:12 -0800 (PST)

Received: by 10.78.201.10 with SMTP id y10mr1634774huf.1167575712412;

Sun, 31 Dec 2006 06:35:12 -0800 (PST)

Return-Path: <extractnow[at]glrts.com>

Received: from -1208540152 ([121.143.85.177])

by mx.google.com with SMTP id 23si22047106hud.2006.12.31.06.35.02;

Sun, 31 Dec 2006 06:35:12 -0800 (PST)

Received-SPF: neutral (google.com: 121.143.85.177 is neither permitted nor denied by best guess record for domain of extractnow[at]glrts.com)

Received: from glrts.com (-1208384152 [-1209492208])

by gratefuljazz.com (Qmailv1) with ESMTP id 9F27A5A838

for <x>; Sun, 31 Dec 2006 07:30:25 -0500

Date: Sun, 31 Dec 2006 07:30:25 -0500

From: "Subscriber J. Hiatus" <extractnow[at]glrts.com>

X-Mailer: The Bat! (v2.00.9) Personal

X-Priority: 3

Message-ID: <0265153700.20061231073025[at]glrts.com>

To: x

Subject: Tired of your health problems?

MIME-Version: 1.0

Content-Type: text/plain

Content-Transfer-Encoding: 7bit

X-Virus-Scanned: by AMaViS perl-11 mion

With Viagra and Cialis pills from Canada Pharmacy store! There is no need to pay more just buy erectile dysfunction medications online at lowest prices on the web.

hxxp://trevormuss.com/

-----------------------------------------

Delivered-To: x

Received: by 10.78.193.4 with SMTP id q4cs1068837huf;

Sun, 31 Dec 2006 09:41:49 -0800 (PST)

Received: by 10.78.158.11 with SMTP id g11mr1655242hue.1167586909826;

Sun, 31 Dec 2006 09:41:49 -0800 (PST)

Return-Path: <potter[at]godart.net>

Received: from 146562432 ([222.113.206.114])

by mx.google.com with SMTP id 2si19286013hue.2006.12.31.09.41.45;

Sun, 31 Dec 2006 09:41:49 -0800 (PST)

Received-SPF: neutral (google.com: 222.113.206.114 is neither permitted nor denied by best guess record for domain of potter[at]godart.net)

Received: from godart.net (144914200 [143736640])

by goll.net (Qmailv1) with ESMTP id D2A0DEF84C

for <x>; Sun, 31 Dec 2006 12:43:56 -0500

Date: Sun, 31 Dec 2006 12:43:56 -0500

From: "Hearting L. Outstaying" <potter[at]godart.net>

X-Mailer: The Bat! (v2.00.3) Personal

X-Priority: 3

Message-ID: <1753533029.20061231124356[at]godart.net>

To: x

Subject: Pharmacy for everyone

MIME-Version: 1.0

Content-Type: text/plain

Content-Transfer-Encoding: 7bit

X-AntiVirus: Checked by Dr.Web (hxxp://www.drweb.net)

The most powerful medicines for you!

Augmetin - $4.8 - FDA-approved antibiotic for both acute bacterial sinusitis (ABS) and community-acquired pneumonia (CAP).

Hangover Pills - $35.99 Uncle Rummies Hangover Pills are an all-natural dietary supplement providing protection from the "morning after" symptoms experienced after prolonged or excessive alcohol consumption. If taken as directed, Uncle Rummie's Hangover Helper can completely eliminate unpleasant side-effects such as headaches, nausea and dehydration.

Augmetin - $4.8 - FDA-approved antibiotic for both acute bacterial sinusitis (ABS) and community-acquired pneumonia (CAP).

Vlragra Soft Tabs - $3.86 - are mint flavored soft tablets for the treatment of male erectile dysfunction. They are equivalent to regular Vlragra, however due to their soft formulation, they are absorbed directly into the bloodstream. As such, they contain a much smaller dosage of Sildenafil Citrate to achieve the same result.

All-Natural Magnesium Oxide - $35.99 - All-Natural Magnesium Oxide is a rich source of elemental magnesium, an essential mineral. Magnesium plays a role in many vital body functions, including protein biosynthesis, as well as bone and muscle formation, and as a cofactor in hundreds of enzymatic reactions.

and more!

our site hxxp://withfulls.com/

dfglirsjiel X1NFTVdEVFV0UlxTWlgbUl1e

ONLY!

Edited by navybuff

Share this post


Link to post
Share on other sites

hxxp://withfulls.com/ & hxxp://trevormuss.com/ are both the same IP address and indicate they are in Iran at 217.218.235.6

For 3 days I have been getting 50 or 60 emails per day and not a single one has parsed correctly and produced the correct (or any for that matter) IP address. If I traceroute and do a whois I have no problems discovering the details, why is SC not doing this?

SpamCop is only a bot and spammers do "tricks" to confuse it, SpamCop will err on the side of caution

If you have the time you can add to reports or send them yourself

The abuse addresses for that URL- IP 217.218.235.6

is

info[at]shooka.net

postmaster[at]shooka.net

Domain Registrant

spam[at]wildwestdomains.com

SpamCop did trace the correctly where the spam came from/through and has contacted the IP owner

121.143.85.177

222.113.206.114

Please just use the link SpamCop gives you at the top of parsing page instead of posting full spam here

(ILike I have done just above)

Edited by petzl

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×