Jump to content
Sign in to follow this  
rconner

Fortiguard - nospammer.net

Recommended Posts

Received a drug spam today (tracking link) for a botnet-hosted website. Nothing out of the ordinary except that a bit of HTML was prepended, containing a URL to something called www.nospammer.net, with a very long query string. They want me to "report" the spam to them. I went to the URL (minus the query string), and it redirects to www.fortiguardcenter.com.

Wikipedia had an entry, it appears to be an internet security firm. No abuse seems to be evident in the top page of Google hits.

Anybody know much else about these guys?

-- rick

Share this post


Link to post
Share on other sites
Received a drug spam today (tracking link) for a botnet-hosted website. Nothing out of the ordinary except that a bit of HTML was prepended, containing a URL to something called www.nospammer.net, with a very long query string. They want me to "report" the spam to them.

Strangely, I read it the other way... the Subject line 'tagged' (or maybe I should just say 'includedes the word") spam .... the appearance if the 'fortiguard' X-Line: would seem to tie into the leading paragraph .. suggesting that one would click on the link so as to 'whitelist' (or at least indicate) that this e-mail was 'not' spam. What I can't do of course, is tie the X-line: data to the URL identification string.

I went to the URL (minus the query string), and it redirects to www.fortiguardcenter.com.

Browsing http://www.nospammer.net/

Fetching http://www.nospammer.net/ ...

GET / HTTP/1.1

Host: www.nospammer.net

HTTP/1.1 301 Moved Permanently

Location: http://www.fortinet.com/FortiGuardCenter/a...m/antispam.html

Browsing http://www.nospammer.net/SpamSubmission/SubmitSpam

Fetching http://www.nospammer.net/SpamSubmission/SubmitSpam ...

GET /SpamSubmission/SubmitSpam HTTP/1.1

Host: www.nospammer.net

HTTP/1.1 200 OK

<title>Submission Server -- Invalid Request</title>

<span class="error_msg">Invalid Request!</span>

<td align="right"><small>© 2006 FORTINET INC. ALL RIGHTS RESERVED  </small></td>

Wikipedia had an entry, it appears to be an internet security firm. No abuse seems to be evident in the top page of Google hits.

Anybody know much else about these guys?

Slow traceroute www.nospammer.net

Trace www.nospammer.net (65.39.139.177) ...

216.187.88.74 RTT: 113ms TTL:170 (No rDNS)

65.39.139.187 RTT: 95ms TTL:170 (mail.fortinet.com fraudulent rDNS)

* * * failed

* * * failed

whois -h whois.networksolutions.com nospammer.net ...

Registrant:

AP Secure Technologies Inc.

4710 Kingsway

Suite 400

Burnaby, BC V5X 4M2

CA

Domain Name: NOSPAMMER.NET

Administrative Contact, Technical Contact:

Li, Wenbin MIS[at]fortinet.com

4710 Kingsway

Suite 400

Burnaby, BC V5H 4M2

CA

604-430-1297 fax: 604-430-1296

Record expires on 20-Aug-2008.

Record created on 20-Aug-2004.

Database last updated on 13-May-2007 17:46:21 EDT.

Domain servers in listed order:

NS37.WORLDNIC.COM 205.178.190.19

NS38.WORLDNIC.COM 205.178.189.19

Slow traceroute www.fortinet.com

Trace www.fortinet.com (203.160.224.97) ...

203.160.225.81 RTT: 103ms TTL:170 (No rDNS)

203.78.176.2 RTT: 86ms TTL:170 (No rDNS)

203.160.224.108 RTT: 105ms TTL:170 (No rDNS)

203.160.224.97 RTT: 89ms TTL: 49 (No rDNS)

whois -h whois.networksolutions.com fortinet.com ...

Registrant:

Fortinet Technologies (Canada) Inc.

4710 Kingsway Suite, 400

Burnaby, BC v5h 4m2

CA

Domain Name: FORTINET.COM

Administrative Contact, Technical Contact:

Li, Wenbin MIS[at]fortinet.com

4710 Kingsway

Suite 400

Burnaby, BC V5H 4M2

CA

604-430-1297 fax: 604-430-1296

Record expires on 16-Feb-2015.

Record created on 10-Apr-2004.

Database last updated on 13-May-2007 17:46:59 EDT.

Domain servers in listed order:

NS1.FORTINET.COM 65.39.139.161

NS2.FORTINET.COM 203.160.224.103

NS3.FORTINET.COM 65.61.202.153

Bottom line, they are 'connected' .... not that this really answers much more ....

Share this post


Link to post
Share on other sites

They look kosher - their domain was registered 'way back' in 2004 (AP Secure Technologies Inc), which is usually a good sign & their 'FortiGuard Antispam Solutions' seem to be used by some SP's, notably Zen who are a reputable UK ISP.

Share this post


Link to post
Share on other sites

FWIW nobody has slated nospammer.net in SiteAdvisor and fortiguardcenter.com hadn't even been submitted for investigation (request now made). Nothing untoward found by LinkScanner (however that didn't raise the alert that the destination for both nospammer.net and www.nospammer.net had changed, which is one of the things it is supposed to do). Inconclusive but certainly nothing adverse.

Share this post


Link to post
Share on other sites

Thanks all for the responses.

I did not read the message extremely closely, it is possible that they wanted me to click the link in order to "whitelist" the mail, but no harm no foul since I didn't really plan on clicking the link anyway, at least not without further inquiry.

Wikipedia indicated that this firm was implicated in work on behalf of the Myanmar (formerly Burma) government to block internet traffic critical of that government. Seems like we have a smaller version of the Yahoo/China controversy here, but that wouldn't prevent them from being competent and prudent in handling spam.

-- rick

Share this post


Link to post
Share on other sites
Wikipedia indicated that this firm was implicated in work on behalf of the Myanmar (formerly Burma) government to block internet traffic critical of that government.

Yeah, that's it .... I knew I'd seen this before, but ..... thanks for beinging up that connection ...

Share this post


Link to post
Share on other sites

Dear All,

I'm not so sure this is "cosher". There is no terms of use or what would happen to the person if submission is made or any other plethora making it a legal website. Also I decided since I have that privelage to setup a dummy response. The address within 2 days started to receive the spam addressed to that e-mail.

Also do an interesting exercise:

Load the page first do nothing

Re-load the page and try again to see what happens. Mine said there was a false positive submitted. Now I have not pressed any button whatsover.

The last thing the puzzles me the most is that I use Fortigate 100A and ffew 60 in my servers so it seems logical that I would respond. Yet how would "nospammer" know that I am a genuine user with the right responses. I may dislike the person and create havock for them by posting the false response.

No matter how you look none of the people in my list knew thier e-mail was sending this. Isn't that in itself point of caution.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×