Jump to content



Recommended Posts

I have been flooded for two days by spam pointinf to f2bbs dot com.. I was hoping someone had a tool to check what nasty malware they are attempting to inject

Traking http://www.spamcop.net/sc?id=z3102844923zd...ac8418e871649cz

Senders are pointing to all kinds of places so I assume they are zomby generated.

these were the last 3:

[quote]Submitted: Friday, July 10, 2009 10:26:35 AM -0400: 
F2BBS.com invitation 
4357076873 ( [url=http://f2bbs.com/]http://f2bbs.com/[/url] ) To: abuse[at]godaddy.com 
4357076855 ( Forwarded spam ) To: spam[at]uce.gov 
4357076848 ( ) To: knujon[at]coldrain.net 
4357076838 ( ) To: techsupport[at]bharti.com 
4357076794 ( ) To: helpdesk.network[at]bharti.com 
4357076547 ( ) To: abuse[at]airtelbroadband.in 
4357076464 ( ) To: abuse[at]mantraonline.com 
4357076364 ( ) To: abuse[at]airtel.lk 
4357076259 ( ) To: abuse[at]bharti.com 
4357076141 ( ) To: techsupport[at]airtel.in 
4357075979 ( ) To: postmaster[at]airtel.in 
4357075848 ( ) To: abuse[at]airtel.in 


Submitted: Friday, July 10, 2009 10:26:34 AM -0400: 
F2BBS.com invitation 
4357074508 ( Forwarded spam ) To: spam[at]uce.gov 
4357074501 ( ) To: knujon[at]coldrain.net 
4357074497 ( ) To: saleemmb[at]emirates.net.ae 
4357074493 ( ) To: help[at]eim.ae 
4357074489 ( ) To: postmaster[at]emirates.net.ae 
4357074486 ( ) To: abuse[at]eim.ae 
4357074476 ( ) To: noc[at]emix.net.ae 
4357074473 ( ) To: help[at]emirates.net.ae 
4357074468 ( ) To: abuse[at]emirates.net.ae 


Submitted: Friday, July 10, 2009 10:26:34 AM -0400: 
F2BBS.com invitation 
4357074197 ( Forwarded spam ) To: spam[at]uce.gov 
4357074193 ( ) To: knujon[at]coldrain.net 
4357074190 ( ) To: abuse[at]telekom.yu 
4357074187 ( ) To: abuse[at]gblx.net 
4357074183 ( ) To: abuse[at]telekom.rs 
4357074181 ( ) To: admin[at]telekom.yu 
4357074178 ( ) To: postmaster[at]telekom.rs [/quote]

Edited by dra007
Link to comment
Share on other sites

Nothing unusual at first blush:

Initiating server query ...

Looking up IP address for domain: f2bbs.com

The IP address for the domain is:

Connecting to the server on standard HTTP port: 80

[Connected] Requesting the server's default page.

The server returned the following response headers:

HTTP/1.1 302 Moved Temporarily

Date: Fri, 10 Jul 2009 17:41:16 GMT

Server: Apache

Location: .htt p://f2bb s.co m/bbs

Connection: close

Transfer-Encoding: chunked

Content-Type: text/html

Query complete.

Site is a bulletin board, running some unfamiliar application software in a black and red color scheme. Visited (without registration) without apparent problems - a hot topic there being "F2 BEING SETUP, spam ISNT COMING FROM F2 ADMINS, PROOF INSIDE" - yeah well ...

Dunno, looks pretty innocuous (for some value of innocuous which encompasses a FAQ page headed "FAH Q" and a black and red color scheme). Norton Site Safety hasn't yet evaluated the site.

Link to comment
Share on other sites

Could be a vile insult depending upon how you pronounce it.
Entirely intentional, I'm sure, sets a tone. All-in-all not the sort of venue, I would think, likely to conduct an untargeted recruitment campaign and it seems its founder is unpopular in some circles http://www.adotas.com/2006/06/controversia...out-at-adbrite/ and it is self-described as a "Premium E-Business Forum" (can't say I detected any evidence of serious endeavor but then I wasn't looking hard), elsewhere (DomainTools result) "F2 Anonboard - No Rules, No Registration." Not the sort of venture likely to escape the attentions of malicious detractors (joejobbers, etc) whichever way you look at it - so I'm still going with that bb site as "mostly harmless" and actual spamming involvement as a little unlikely. But, as regards the last, who could say? Opinion only.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...