petzl Posted October 23, 2013 Share Posted October 23, 2013 Example SpamCop email subscriber link http://mailsc.spamcop.net/mcgi?action=show...d;val=528487400 Note the one URL keeps redirecting to different IP's http://cbl.abuseat.org/lookup.cgi?ip=213.1...;.pubmit=Lookup The URL alone is not enough needs "resolves to" IP Caution these sites are ATTACK sites so care and ARMOUR must be inplace be ready to avert your eyes (disgusting and illegal) Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted October 23, 2013 Share Posted October 23, 2013 You may have missed this information on the SpamCop parse page... Tracking link: http://sogoodmastering.com/date.html [report history] Host sogoodmastering.com (checking ip) = 213.186.33.87 Resolves to 213.186.33.87 Routing details for 213.186.33.87 [refresh/show] Cached whois for 213.186.33.87 : abuse[at]ovh.net - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - . Link to comment Share on other sites More sharing options...
petzl Posted October 23, 2013 Author Share Posted October 23, 2013 You may have missed this information on the SpamCop parse page... Tracking link: http://sogoodmastering.com/date.html [report history] Host sogoodmastering.com (checking ip) = 213.186.33.87 Resolves to 213.186.33.87 Routing details for 213.186.33.87 [refresh/show] Cached whois for 213.186.33.87 : abuse[at]ovh.net - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - . My point is spamvertised botnet URL's are redirected to different IP's http://cbl.abuseat.org/lookup.cgi?ip=213.186.33.87 "The IP address 213.186.33.87 corresponds to a web site that is infected with a spam or malware forwarding link. " Have had abuse desks complain about SpamCop misdirecting report Took a while for me to work out what was happening Link to comment Share on other sites More sharing options...
Farelf Posted October 24, 2013 Share Posted October 24, 2013 Yes, I try to remember to add the resolved IP address in a note to the abuse address - it would be good if that information was included in the "spamvertized" report. Have seen some of those websites cheerfully cycling through half a dozen or more IPs, in short order (as revealed by nslookup) which has been discussed "here" in times past. The one resolved by SC (if resolved at all) in such a circumstance is a roll of the dice. While that sort of revolving hosting may not be happening much just now, the botnets evidently still abuse inadvertent hosts who find it hard to see the problem without a little help. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.