Mr512Bytes Posted October 7, 2009 Share Posted October 7, 2009 I've just started to receive loads of spam this last week and all from the same place. It looks like a bot and someone's promoting these sites: ht tp://foryoulike.com/pregnancy/map-2.html ht tp://superflatline.com/apartment-design/map-3.html and a few more. They look to be in malaysia. Am I correct ? Who do I report them to ? Also why is it that a tracroute reveals nothing ? [edit - URLs broken] Link to comment Share on other sites More sharing options...
rconner Posted October 7, 2009 Share Posted October 7, 2009 ht tp://foryoulike. com/pregnancy/map-2.html ht tp://superflatline. com/apartment-design/map-3.html[/ [snip] Also why is it that a tracroute reveals nothing ? We have a page at the Wiki that describes how to go about tracking down spam websites, you might give it a read. There are several reasons why traceroute won't return results; for instance, in my office, my employer has blocked the ICMP port, so traceroute is useless. Also, not every host in a traceroute chain is obliged to respond to the probes (and many don't). Generally "host" or "nslookup" or "dig" are better tools to use in trying to pinpoint the IP addresses of websites. Both of the sites you mention are showing up for me at the same address, 201.71.102.105. wiich is allocated to a Brazilian provider (starone.com.br). I only get one IP address back from DNS, and it has a long TTL, so the website appears not to be a botnet operation. Star One would probably be an appropriate target for your reports, then. I have mangled the spam URLs in the quote above, we generally prefer that these URLs not be "clickable" so that spammers can't collect clicks or SEO points from this forum. -- rick Link to comment Share on other sites More sharing options...
Mr512Bytes Posted October 7, 2009 Author Share Posted October 7, 2009 Thanks for the advice. Thats strange I get the IP addresses as "202.71.102.105 " I'm not sure why yours are different. I also used http://spamid.servebeer.com:8081/servlet/realtimeiplocator and it says Malaysia. Can anyone else confirm is it Brazil or Malaysia ? Link to comment Share on other sites More sharing options...
rconner Posted October 7, 2009 Share Posted October 7, 2009 Thanks for the advice. Thats strange I get the IP addresses as "202.71.102.105 " You are correct, my finger slipped, it is a 202 address. This places it with tm.net.my (Malaysia). Of course, this just happens to be where the websites show up, it does not necessarily follow that the scammers are located there. -- rick Link to comment Share on other sites More sharing options...
Farelf Posted October 7, 2009 Share Posted October 7, 2009 ...Can anyone else confirm is it Brazil or Malaysia ?It is 202.71.102.105 and that is Malaysian - Telekom Multimedia of Telekom Malaysia Berhad. Both domains have the same bogus registrant detail Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.