sickofspam Posted May 30, 2009 Posted May 30, 2009 ALL the links below lead to some Acai Berry spam page. ALL the links are discarded as fake - everyone of them. What is going on here - and how does this spammer get away with having his link unresolved? thanks ----------------------------------------------------------------------------------- Tracking message source: 83.29.149.173: Routing details for 83.29.149.173 [refresh/show] Cached whois for 83.29.149.173 : abuse[at]tpnet.pl cert[at]telekomunikacja.pl abuse[at]telekomunikacja.pl Using abuse net on abuse[at]tpnet.pl abuse net tpnet.pl = abuse[at]opentransit.net, postmaster[at]tpnet.pl, abuse[at]tpnet.pl, cert[at]telekomunikacja.pl, abuse[at]telekomunikacja.pl Using best contacts abuse[at]opentransit.net postmaster[at]tpnet.pl abuse[at]tpnet.pl cert[at]telekomunikacja.pl abuse[at]telekomunikacja.pl postmaster[at]tpnet.pl redirects to abuse[at]tpnet.pl cert[at]telekomunikacja.pl redirects to abuse[at]tpnet.pl abuse[at]telekomunikacja.pl redirects to abuse[at]tpnet.pl Yum, this spam is fresh! Message is 0 hours old 83.29.149.173 not listed in dnsbl.njabl.org ( 127.0.0.8 ) 83.29.149.173 not listed in dnsbl.njabl.org ( 127.0.0.9 ) 83.29.149.173 listed in cbl.abuseat.org ( 127.0.0.2 ) 83.29.149.173 is an open proxy 83.29.149.173 not listed in accredit.habeas.com 83.29.149.173 not listed in plus.bondedsender.org 83.29.149.173 not listed in iadb.isipp.com Finding links in message body Parsing HTML part Resolving link obfuscation h t t p://laterwater.com Host laterwater.com (checking ip) IP not found ; laterwater.com discarded as fake. Host laterwater.com (checking ip) IP not found ; laterwater.com discarded as fake. h t t p://soongreat.com Host soongreat.com (checking ip) IP not found ; soongreat.com discarded as fake. Host soongreat.com (checking ip) IP not found ; soongreat.com discarded as fake. h t t p://greatsoon.com Host greatsoon.com (checking ip) IP not found ; greatsoon.com discarded as fake. Host greatsoon.com (checking ip) IP not found ; greatsoon.com discarded as fake. h t t p://seaold.com Host seaold.com (checking ip) IP not found ; seaold.com discarded as fake. Host seaold.com (checking ip) IP not found ; seaold.com discarded as fake. h t t p://latersea.com Host latersea.com (checking ip) IP not found ; latersea.com discarded as fake. Host latersea.com (checking ip) IP not found ; latersea.com discarded as fake. Tracking link: h t t p://greatsoon.com/ No recent reports, no history available Cannot resolve h t t p://greatsoon.com/ Tracking link: h t t p://soongreat.com/ No recent reports, no history available Cannot resolve h t t p://soongreat.com/ Tracking link: h t t p://laterwater.com/ No recent reports, no history available Cannot resolve h t t p://laterwater.com/ Tracking link: h t t p://latersea.com/ No recent reports, no history available Cannot resolve h t t p://latersea.com/ Tracking link: h t t p://seaold.com/ No recent reports, no history available Cannot resolve h t t p://seaold.com/ moderator edit to break unnecessary clickable links
rconner Posted May 30, 2009 Posted May 30, 2009 ALL the links below lead to some Acai Berry spam page. ALL the links are discarded as fake - everyone of them. What is going on here - and how does this spammer get away with having his link unresolved? At the top of this page, you will find a "search for" box. Type "discarded as fake" into it and hit "go;" this will return nearly 200 links to posts here describing this issue (which is very commonly discussed here). The answer to your question boils down to this: SpamCop is a service for tracing, reporting, and blocklisting sources of spam mail. Tracing and reporting spam websites is only a secondary mission of SpamCop. Tracing and reporting websites takes many more resources and much more time than simply finding mail sources. This activity is also much more prone to ambiguity and inaccuracy for reasons noted elsewhere on this board. Spammers often host their sites on botnets, which traditionally have very slow and rickety name service. SpamCop cannot afford to wait on these slow nameservers, so it will time out after a very short period and delcare the site to be "fake" (however incorrectly). There are other services that are better situated to deal effectively with spam websites, if SpamCop does not meet your expectations. Also, as a favor, could you please use a tracking URL next time you wish to post detailed message info in the forum? -- rick
sickofspam Posted June 1, 2009 Author Posted June 1, 2009 Moderator Edit: I can't come up with any valid reason why "you" would start a second Topic on the exactly the same subject as your last "new" Topic, going so far as to even duplicate the Title .... and then not reference any of the "study material" suggested in that previous Topic/Discussion. Merged this "new" Topic right into your previous Topic/Discussion. I've seen posts about this before, but I've yet to find an explanation as to why some links are "DISCARDED AS FAKE" - yet they bring you right to the spammer's web site. Can someone explain what is going on here, and how this spammer is getting away with detection on ALL THESE LINKS? NOTE: I added -- in the link so as not to give the spammer linkbacks. Tracking message source: 62.29.74.87: Routing details for 62.29.74.87 [refresh/show] Cached whois for 62.29.74.87 : ender.erenoglu[at]dogantelekom.com ripe[at]dol.com.tr salih.ergulen[at]dogantelekom.com ripe[at]dogantelekom.com suat.altintas[at]dogantelekom.com Using last resort contacts ender.erenoglu[at]dogantelekom.com ripe[at]dol.com.tr salih.ergulen[at]dogantelekom.com ripe[at]dogantelekom.com suat.altintas[at]dogantelekom.com Yum, this spam is fresh! Message is 2 hours old 62.29.74.87 not listed in dnsbl.njabl.org ( 127.0.0.8 ) 62.29.74.87 not listed in dnsbl.njabl.org ( 127.0.0.9 ) 62.29.74.87 listed in cbl.abuseat.org ( 127.0.0.2 ) 62.29.74.87 is an open proxy 62.29.74.87 not listed in accredit.habeas.com 62.29.74.87 not listed in plus.bondedsender.org 62.29.74.87 not listed in iadb.isipp.com Finding links in message body Parsing HTML part Resolving link obfuscation http://--Os0Mh.tellshe.com/ http://--AJ7nd.tellshe.com/ http://--do89L.tellshe.com/ http://--VyPuL.tellshe.com/ http://--bgM5N.fieldwinner.com/ Host --bgm5n.fieldwinner.com (checking ip) = 58.17.3.41 host 58.17.3.41 (getting name) no name http://--0cSFx.washshe.com/ Host --0csfx.washshe.com (checking ip) IP not found ; --0csfx.washshe.com discarded as fake. http://--mKEn8.himhour.com/ Host --mken8.himhour.com (checking ip) IP not found ; --mken8.himhour.com discarded as fake. http://--nRu59.tellshe.com http://--LEAz.tellshe.com/ http://--teBpd.tellshe.com/ http://--WQkon.washshe.com/ Host --wqkon.washshe.com (checking ip) IP not found ; --wqkon.washshe.com discarded as fake. Tracking link: http://0cSFx.washshe.com/ No recent reports, no history available Cannot resolve http://--0cSFx.washshe.com/
Wazoo Posted June 1, 2009 Posted June 1, 2009 I've seen posts about this before, but I've yet to find an explanation as to why some links are "DISCARDED AS FAKE" - yet they bring you right to the spammer's web site. Check the Wiki as yet another source of data .... "fastflux" is but one item to "actually read" .. "botnet" is yet another. Can someone explain what is going on here, and how this spammer is getting away with detection on ALL THESE LINKS? Tracking link: http://0cSFx.washshe.com/ Just wondering where you got the idea that what you offered up is a Tracking URL ... a term defined in every reasonably successful parse result, the SpamCop FAQ, the Dictionary, the Glossary, the Wiki and thousands of previous Posts/Discussions already existing. Can't help but note that all of your 'examples' are sub-domains ... suggesting the possibilty of the oft-described (in the same places already referenced) of things like blocking of some IP Addresses trying to do look-ups, the fastflux crap mentioned above, extremely slow DNS servers, on and on .. again, this is something pretty much beat to death, sorry you can't seem to 'find anything' about it. Note the differing results as a function of time; 06/01/09 05:58:34 dig nRu59.tellshe.com [at] 208.67.220.220 Dig nRu59.tellshe.com[at]208.67.220.220 ... Non-authoritative answer Recursive queries supported by this server Query for nRu59.tellshe.com type=255 class=1 nRu59.tellshe.com A (Address) 60.191.239.181 nRu59.tellshe.com A (Address) 58.17.3.41 nRu59.tellshe.com A (Address) 61.191.63.150 nRu59.tellshe.com A (Address) 203.93.208.86 06/01/09 06:29:09 dig nRu59.tellshe.com [at] 208.67.220.220 Dig nRu59.tellshe.com[at]208.67.220.220 ... Non-authoritative answer Recursive queries supported by this server Query for nRu59.tellshe.com type=255 class=1 nRu59.tellshe.com A (Address) 203.93.208.86 nRu59.tellshe.com A (Address) 60.191.239.181 nRu59.tellshe.com A (Address) 58.17.3.41 nRu59.tellshe.com A (Address) 61.191.63.150 06/01/09 06:32:32 dig nRu59.tellshe.com [at] 208.67.220.220 Dig nRu59.tellshe.com[at]208.67.220.220 ... Non-authoritative answer Recursive queries supported by this server Query for nRu59.tellshe.com type=255 class=1 nRu59.tellshe.com A (Address) 61.191.63.150 nRu59.tellshe.com A (Address) 203.93.208.86 nRu59.tellshe.com A (Address) 60.191.239.181 nRu59.tellshe.com A (Address) 58.17.3.41 06/01/09 06:00:01 Browsing http://0cSFx.washshe.com/ No such server as 0cSFx.washshe.com on and on ....
RightWay Posted September 2, 2015 Posted September 2, 2015 h t t p:/ /seaold.com/ is not a fake id and it is working well.To know details follow the links h t t p:/ /who.is/whois/seaold.com. so request the author to remove the link.
Lking Posted September 2, 2015 Posted September 2, 2015 RightWay, thank you for your input. However, I believe with careful reading you will see that the six year old OP and responses are referring to the "abuse" or "reporting" email address for unwanted email from seaold{DOT}com not the domain its self. To avoid your post promoting the referenced website(s) I have broken the links so that search engines which index this forum do not mistake those links as SEO efforts.
RightWay Posted September 3, 2015 Posted September 3, 2015 Lking, Thanks for your post. I carefully reading and know this is six year post. But It is newly registered and this website(s) all link are working well. Please advice... For the 1st registered person why suffer the newly registered person ? Now what should the newly owner of the sites?
cwg Posted September 21, 2015 Posted September 21, 2015 I know this is an slightly old post, but you can restrict / cap usage of a DNS server by requester IP address.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.