dra007 Posted July 10, 2009 Share Posted July 10, 2009 I have been flooded for two days by spam pointinf to f2bbs dot com.. I was hoping someone had a tool to check what nasty malware they are attempting to inject Traking http://www.spamcop.net/sc?id=z3102844923zd...ac8418e871649cz Senders are pointing to all kinds of places so I assume they are zomby generated. these were the last 3: [quote]Submitted: Friday, July 10, 2009 10:26:35 AM -0400: F2BBS.com invitation 4357076873 ( [url=http://f2bbs.com/]http://f2bbs.com/[/url] ) To: abuse[at]godaddy.com 4357076855 ( Forwarded spam ) To: spam[at]uce.gov 4357076848 ( 122.162.212.172 ) To: knujon[at]coldrain.net 4357076838 ( 122.162.212.172 ) To: techsupport[at]bharti.com 4357076794 ( 122.162.212.172 ) To: helpdesk.network[at]bharti.com 4357076547 ( 122.162.212.172 ) To: abuse[at]airtelbroadband.in 4357076464 ( 122.162.212.172 ) To: abuse[at]mantraonline.com 4357076364 ( 122.162.212.172 ) To: abuse[at]airtel.lk 4357076259 ( 122.162.212.172 ) To: abuse[at]bharti.com 4357076141 ( 122.162.212.172 ) To: techsupport[at]airtel.in 4357075979 ( 122.162.212.172 ) To: postmaster[at]airtel.in 4357075848 ( 122.162.212.172 ) To: abuse[at]airtel.in -------------------------------------------------------------------------------- Submitted: Friday, July 10, 2009 10:26:34 AM -0400: F2BBS.com invitation 4357074508 ( Forwarded spam ) To: spam[at]uce.gov 4357074501 ( 86.99.103.36 ) To: knujon[at]coldrain.net 4357074497 ( 86.99.103.36 ) To: saleemmb[at]emirates.net.ae 4357074493 ( 86.99.103.36 ) To: help[at]eim.ae 4357074489 ( 86.99.103.36 ) To: postmaster[at]emirates.net.ae 4357074486 ( 86.99.103.36 ) To: abuse[at]eim.ae 4357074476 ( 86.99.103.36 ) To: noc[at]emix.net.ae 4357074473 ( 86.99.103.36 ) To: help[at]emirates.net.ae 4357074468 ( 86.99.103.36 ) To: abuse[at]emirates.net.ae -------------------------------------------------------------------------------- Submitted: Friday, July 10, 2009 10:26:34 AM -0400: F2BBS.com invitation 4357074197 ( Forwarded spam ) To: spam[at]uce.gov 4357074193 ( 91.150.120.13 ) To: knujon[at]coldrain.net 4357074190 ( 91.150.120.13 ) To: abuse[at]telekom.yu 4357074187 ( 91.150.120.13 ) To: abuse[at]gblx.net 4357074183 ( 91.150.120.13 ) To: abuse[at]telekom.rs 4357074181 ( 91.150.120.13 ) To: admin[at]telekom.yu 4357074178 ( 91.150.120.13 ) To: postmaster[at]telekom.rs [/quote] Link to comment Share on other sites More sharing options...
Farelf Posted July 10, 2009 Share Posted July 10, 2009 Nothing unusual at first blush: Initiating server query ... Looking up IP address for domain: f2bbs.com The IP address for the domain is: 97.74.182.1 Connecting to the server on standard HTTP port: 80 [Connected] Requesting the server's default page. The server returned the following response headers: HTTP/1.1 302 Moved Temporarily Date: Fri, 10 Jul 2009 17:41:16 GMT Server: Apache Location: .htt p://f2bb s.co m/bbs Connection: close Transfer-Encoding: chunked Content-Type: text/html Query complete. Site is a bulletin board, running some unfamiliar application software in a black and red color scheme. Visited (without registration) without apparent problems - a hot topic there being "F2 BEING SETUP, spam ISNT COMING FROM F2 ADMINS, PROOF INSIDE" - yeah well ... Dunno, looks pretty innocuous (for some value of innocuous which encompasses a FAQ page headed "FAH Q" and a black and red color scheme). Norton Site Safety hasn't yet evaluated the site. Link to comment Share on other sites More sharing options...
dra007 Posted July 10, 2009 Author Share Posted July 10, 2009 Starting to sound like some silly joe job, though as annoyed as I am by them it strikes me as fishy... Link to comment Share on other sites More sharing options...
rconner Posted July 10, 2009 Share Posted July 10, 2009 Dunno, looks pretty innocuous (for some value of innocuous which encompasses a FAQ page headed "FAH Q" Could be a vile insult depending upon how you pronounce it. -- rick Link to comment Share on other sites More sharing options...
Farelf Posted July 11, 2009 Share Posted July 11, 2009 Could be a vile insult depending upon how you pronounce it.Entirely intentional, I'm sure, sets a tone. All-in-all not the sort of venue, I would think, likely to conduct an untargeted recruitment campaign and it seems its founder is unpopular in some circles http://www.adotas.com/2006/06/controversia...out-at-adbrite/ and it is self-described as a "Premium E-Business Forum" (can't say I detected any evidence of serious endeavor but then I wasn't looking hard), elsewhere (DomainTools result) "F2 Anonboard - No Rules, No Registration." Not the sort of venture likely to escape the attentions of malicious detractors (joejobbers, etc) whichever way you look at it - so I'm still going with that bb site as "mostly harmless" and actual spamming involvement as a little unlikely. But, as regards the last, who could say? Opinion only. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.