Jump to content

Discarded as fake


Recommended Posts

ALL the links below lead to some Acai Berry spam page. ALL the links are

discarded as fake - everyone of them. What is going on here - and how

does this spammer get away with having his link unresolved?

thanks

-----------------------------------------------------------------------------------

Tracking message source: 83.29.149.173:

Routing details for 83.29.149.173

[refresh/show] Cached whois for 83.29.149.173 : abuse[at]tpnet.pl cert[at]telekomunikacja.pl abuse[at]telekomunikacja.pl

Using abuse net on abuse[at]tpnet.pl

abuse net tpnet.pl = abuse[at]opentransit.net, postmaster[at]tpnet.pl, abuse[at]tpnet.pl, cert[at]telekomunikacja.pl, abuse[at]telekomunikacja.pl

Using best contacts abuse[at]opentransit.net postmaster[at]tpnet.pl abuse[at]tpnet.pl cert[at]telekomunikacja.pl abuse[at]telekomunikacja.pl

postmaster[at]tpnet.pl redirects to abuse[at]tpnet.pl

cert[at]telekomunikacja.pl redirects to abuse[at]tpnet.pl

abuse[at]telekomunikacja.pl redirects to abuse[at]tpnet.pl

Yum, this spam is fresh!

Message is 0 hours old

83.29.149.173 not listed in dnsbl.njabl.org ( 127.0.0.8 )

83.29.149.173 not listed in dnsbl.njabl.org ( 127.0.0.9 )

83.29.149.173 listed in cbl.abuseat.org ( 127.0.0.2 )

83.29.149.173 is an open proxy

83.29.149.173 not listed in accredit.habeas.com

83.29.149.173 not listed in plus.bondedsender.org

83.29.149.173 not listed in iadb.isipp.com

Finding links in message body

Parsing HTML part

Resolving link obfuscation

h t t p://laterwater.com

Host laterwater.com (checking ip) IP not found ; laterwater.com discarded as fake.

Host laterwater.com (checking ip) IP not found ; laterwater.com discarded as fake.

h t t p://soongreat.com

Host soongreat.com (checking ip) IP not found ; soongreat.com discarded as fake.

Host soongreat.com (checking ip) IP not found ; soongreat.com discarded as fake.

h t t p://greatsoon.com

Host greatsoon.com (checking ip) IP not found ; greatsoon.com discarded as fake.

Host greatsoon.com (checking ip) IP not found ; greatsoon.com discarded as fake.

h t t p://seaold.com

Host seaold.com (checking ip) IP not found ; seaold.com discarded as fake.

Host seaold.com (checking ip) IP not found ; seaold.com discarded as fake.

h t t p://latersea.com

Host latersea.com (checking ip) IP not found ; latersea.com discarded as fake.

Host latersea.com (checking ip) IP not found ; latersea.com discarded as fake.

Tracking link: h t t p://greatsoon.com/

No recent reports, no history available

Cannot resolve h t t p://greatsoon.com/

Tracking link: h t t p://soongreat.com/

No recent reports, no history available

Cannot resolve h t t p://soongreat.com/

Tracking link: h t t p://laterwater.com/

No recent reports, no history available

Cannot resolve h t t p://laterwater.com/

Tracking link: h t t p://latersea.com/

No recent reports, no history available

Cannot resolve h t t p://latersea.com/

Tracking link: h t t p://seaold.com/

No recent reports, no history available

Cannot resolve h t t p://seaold.com/

moderator edit to break unnecessary clickable links

Edited by dbiel
Link to comment
Share on other sites

ALL the links below lead to some Acai Berry spam page. ALL the links are

discarded as fake - everyone of them. What is going on here - and how

does this spammer get away with having his link unresolved?

At the top of this page, you will find a "search for" box. Type "discarded as fake" into it and hit "go;" this will return nearly 200 links to posts here describing this issue (which is very commonly discussed here).

The answer to your question boils down to this:

  1. SpamCop is a service for tracing, reporting, and blocklisting sources of spam mail.
  2. Tracing and reporting spam websites is only a secondary mission of SpamCop.
  3. Tracing and reporting websites takes many more resources and much more time than simply finding mail sources. This activity is also much more prone to ambiguity and inaccuracy for reasons noted elsewhere on this board.
  4. Spammers often host their sites on botnets, which traditionally have very slow and rickety name service. SpamCop cannot afford to wait on these slow nameservers, so it will time out after a very short period and delcare the site to be "fake" (however incorrectly).
  5. There are other services that are better situated to deal effectively with spam websites, if SpamCop does not meet your expectations.

Also, as a favor, could you please use a tracking URL next time you wish to post detailed message info in the forum?

-- rick

Link to comment
Share on other sites

Moderator Edit: I can't come up with any valid reason why "you" would start a second Topic on the exactly the same subject as your last "new" Topic, going so far as to even duplicate the Title .... and then not reference any of the "study material" suggested in that previous Topic/Discussion. Merged this "new" Topic right into your previous Topic/Discussion.

I've seen posts about this before, but I've yet to find an explanation as to why some links are "DISCARDED AS FAKE" - yet they bring you right to the spammer's web site.

Can someone explain what is going on here, and how this spammer is getting away with detection on ALL THESE LINKS?

NOTE: I added -- in the link so as not to give the spammer linkbacks.

Tracking message source: 62.29.74.87:

Routing details for 62.29.74.87

[refresh/show] Cached whois for 62.29.74.87 : ender.erenoglu[at]dogantelekom.com ripe[at]dol.com.tr salih.ergulen[at]dogantelekom.com ripe[at]dogantelekom.com suat.altintas[at]dogantelekom.com

Using last resort contacts ender.erenoglu[at]dogantelekom.com ripe[at]dol.com.tr salih.ergulen[at]dogantelekom.com ripe[at]dogantelekom.com suat.altintas[at]dogantelekom.com

Yum, this spam is fresh!

Message is 2 hours old

62.29.74.87 not listed in dnsbl.njabl.org ( 127.0.0.8 )

62.29.74.87 not listed in dnsbl.njabl.org ( 127.0.0.9 )

62.29.74.87 listed in cbl.abuseat.org ( 127.0.0.2 )

62.29.74.87 is an open proxy

62.29.74.87 not listed in accredit.habeas.com

62.29.74.87 not listed in plus.bondedsender.org

62.29.74.87 not listed in iadb.isipp.com

Finding links in message body

Parsing HTML part

Resolving link obfuscation

http://--Os0Mh.tellshe.com/

http://--AJ7nd.tellshe.com/

http://--do89L.tellshe.com/

http://--VyPuL.tellshe.com/

http://--bgM5N.fieldwinner.com/

Host --bgm5n.fieldwinner.com (checking ip) = 58.17.3.41

host 58.17.3.41 (getting name) no name

http://--0cSFx.washshe.com/

Host --0csfx.washshe.com (checking ip) IP not found ; --0csfx.washshe.com discarded as fake.

http://--mKEn8.himhour.com/

Host --mken8.himhour.com (checking ip) IP not found ; --mken8.himhour.com discarded as fake.

http://--nRu59.tellshe.com

http://--LEAz.tellshe.com/

http://--teBpd.tellshe.com/

http://--WQkon.washshe.com/

Host --wqkon.washshe.com (checking ip) IP not found ; --wqkon.washshe.com discarded as fake.

Tracking link: http://0cSFx.washshe.com/

No recent reports, no history available

Cannot resolve http://--0cSFx.washshe.com/

Edited by Wazoo
Link to comment
Share on other sites

I've seen posts about this before, but I've yet to find an explanation as to why some links are "DISCARDED AS FAKE" - yet they bring you right to the spammer's web site.

Check the Wiki as yet another source of data .... "fastflux" is but one item to "actually read" .. "botnet" is yet another.

Can someone explain what is going on here, and how this spammer is getting away with detection on ALL THESE LINKS?

Tracking link: http://0cSFx.washshe.com/

Just wondering where you got the idea that what you offered up is a Tracking URL ... a term defined in every reasonably successful parse result, the SpamCop FAQ, the Dictionary, the Glossary, the Wiki and thousands of previous Posts/Discussions already existing.

Can't help but note that all of your 'examples' are sub-domains ... suggesting the possibilty of the oft-described (in the same places already referenced) of things like blocking of some IP Addresses trying to do look-ups, the fastflux crap mentioned above, extremely slow DNS servers, on and on .. again, this is something pretty much beat to death, sorry you can't seem to 'find anything' about it.

Note the differing results as a function of time;

06/01/09 05:58:34 dig nRu59.tellshe.com [at] 208.67.220.220

Dig nRu59.tellshe.com[at]208.67.220.220 ...

Non-authoritative answer

Recursive queries supported by this server

Query for nRu59.tellshe.com type=255 class=1

nRu59.tellshe.com A (Address) 60.191.239.181

nRu59.tellshe.com A (Address) 58.17.3.41

nRu59.tellshe.com A (Address) 61.191.63.150

nRu59.tellshe.com A (Address) 203.93.208.86

06/01/09 06:29:09 dig nRu59.tellshe.com [at] 208.67.220.220

Dig nRu59.tellshe.com[at]208.67.220.220 ...

Non-authoritative answer

Recursive queries supported by this server

Query for nRu59.tellshe.com type=255 class=1

nRu59.tellshe.com A (Address) 203.93.208.86

nRu59.tellshe.com A (Address) 60.191.239.181

nRu59.tellshe.com A (Address) 58.17.3.41

nRu59.tellshe.com A (Address) 61.191.63.150

06/01/09 06:32:32 dig nRu59.tellshe.com [at] 208.67.220.220

Dig nRu59.tellshe.com[at]208.67.220.220 ...

Non-authoritative answer

Recursive queries supported by this server

Query for nRu59.tellshe.com type=255 class=1

nRu59.tellshe.com A (Address) 61.191.63.150

nRu59.tellshe.com A (Address) 203.93.208.86

nRu59.tellshe.com A (Address) 60.191.239.181

nRu59.tellshe.com A (Address) 58.17.3.41

06/01/09 06:00:01 Browsing http://0cSFx.washshe.com/

No such server as 0cSFx.washshe.com

on and on ....

Link to comment
Share on other sites

  • 6 years later...

RightWay, thank you for your input. However, I believe with careful reading you will see that the six year old OP and responses are referring to the "abuse" or "reporting" email address for unwanted email from seaold{DOT}com not the domain its self.

To avoid your post promoting the referenced website(s) I have broken the links so that search engines which index this forum do not mistake those links as SEO efforts.

Link to comment
Share on other sites

Lking, Thanks for your post. I carefully reading and know this is six year post. But It is newly registered and this website(s) all link are working well. Please advice... For the 1st registered person why suffer the newly registered person ? Now what should the newly owner of the sites?

Link to comment
Share on other sites

  • 3 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...