Jump to content

SC needs to include resolved IP


petzl
 Share

Recommended Posts

Example SpamCop email subscriber link

http://mailsc.spamcop.net/mcgi?action=show...d;val=528487400

Note the one URL keeps redirecting to different IP's

http://cbl.abuseat.org/lookup.cgi?ip=213.1...;.pubmit=Lookup

The URL alone is not enough needs "resolves to" IP

Caution these sites are ATTACK sites so care and ARMOUR must be inplace

be ready to avert your eyes (disgusting and illegal)

Link to comment
Share on other sites

You may have missed this information on the SpamCop parse page...

Tracking link: http://sogoodmastering.com/date.html

[report history]

Host sogoodmastering.com (checking ip) = 213.186.33.87

Resolves to 213.186.33.87

Routing details for 213.186.33.87

[refresh/show] Cached whois for 213.186.33.87 : abuse[at]ovh.net

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

Link to comment
Share on other sites

You may have missed this information on the SpamCop parse page...

Tracking link: http://sogoodmastering.com/date.html

[report history]

Host sogoodmastering.com (checking ip) = 213.186.33.87

Resolves to 213.186.33.87

Routing details for 213.186.33.87

[refresh/show] Cached whois for 213.186.33.87 : abuse[at]ovh.net

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

.

My point is spamvertised botnet URL's are redirected to different IP's

http://cbl.abuseat.org/lookup.cgi?ip=213.186.33.87

"The IP address 213.186.33.87 corresponds to a web site that is infected with a spam or malware forwarding link. "

Have had abuse desks complain about SpamCop misdirecting report

Took a while for me to work out what was happening

Edited by petzl
Link to comment
Share on other sites

Yes, I try to remember to add the resolved IP address in a note to the abuse address - it would be good if that information was included in the "spamvertized" report. Have seen some of those websites cheerfully cycling through half a dozen or more IPs, in short order (as revealed by nslookup) which has been discussed "here" in times past. The one resolved by SC (if resolved at all) in such a circumstance is a roll of the dice. While that sort of revolving hosting may not be happening much just now, the botnets evidently still abuse inadvertent hosts who find it hard to see the problem without a little help.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...