Jump to content

website in spam couldn't be resolved


remay

Recommended Posts

When reporting spam for hotfunsingles.com, spamcop failed to gather the IP address for the domain, so did not allow me to report it. I retried several times, but to no avail. I had no difficulties tracerouting the domain and going to the website in the spam before and after the report was made, so I don't understand why spamcop couldn't detect it correctly.

Here is the spam report:

http://www.spamcop.net/sc?id=z672870723zf7...5b1f5e667aaa09z

traceroute to HOTFUNSINGLES.COM (61.240.131.191),

21 61.240.131.191 (61.240.131.191) 467.743 ms

Link to comment
Share on other sites

A couple of things; your spam submittal seems to be missing some header lines, specifically the Content-Type: description. (though noting that this could be a spammer construct, but .....)

Hitting the web page in question finds that it is nothing more than a re-direct anyway, so I'd bet it'll be gone as soon as the next spam run gets started;

09/20/04 15:47:42 Browsing http://www.hotfunsingles.com/ck.html

Fetching http://www.hotfunsingles.com/ck.html ...

GET /ck.html HTTP/1.1

<head>

<title>Meta Redirect Code</title>

<meta http-equiv="refresh" content="0;url=http://www.amateurmatch.com/index.php?ainfo=MzY1fDE=">

</head>

DNS data doesn't lead one to go with a permanent location, so perhaps there's a bit of subterfuge going on there, with the look-up results changing, so depending on when a request gets made (or even some IP blocking going on to prevent some folks from accessing the page?

::Name Servers::

ns1.mysharedhosting.info

ns2.mysharedhosting.info

ns3.mysharedhosting.info

ns4.mysharedhosting.info

and you just don't get much better than this for Registration data;

whois -h whois.crsnic.net hotfunsingles.com ...

Redirecting to YESNIC CO. LTD.

whois -h whois.yesnic.com hotfunsingles.com ...

::Registrant::

Name : LIONEL RICHIE

Email : bulkmails[at]126.com

Address : Costal Road 32

Zipcode : 1444

Nation : AW

Tel : 144-754

Link to comment
Share on other sites

When reporting spam for hotfunsingles.com, spamcop failed to gather the IP address for the domain, so did not allow me to report it. I retried several times, but to no avail. I had no difficulties tracerouting the domain and going to the website in the spam before and after the report was made, so I don't understand why spamcop couldn't detect it correctly.

Here is the spam report:

http://www.spamcop.net/sc?id=z672870723zf7...5b1f5e667aaa09z

traceroute to HOTFUNSINGLES.COM (61.240.131.191),

21  61.240.131.191 (61.240.131.191)  467.743 ms

17422[/snapback]

A bit confused by your question
Tracking link: http://www.hotfunsingles.com/ck.html

[report history]

Resolves to 61.240.131.191

Running the parse now the IP is clearly listed. Hard to say what was going on when you ran the orignal parse.
Link to comment
Share on other sites

When I visited the Tracking URL this mornig, I saw the same error that remay reported, so I think there might have been some DNS issues.

I'm having a similar problem this morning with www.her-bal.com. SpamCop says "Cannot resolve www.her-bal.com", but I can resolve it from here.

-Mark-

Link to comment
Share on other sites

I'm having a similar problem this morning with www.her-bal.com.  SpamCop says "Cannot resolve www.her-bal.com", but I can resolve it from here.

-Mark-

17625[/snapback]

it's resolving now -- I notice the TTL is 666 and so it may be moving around.

Link to comment
Share on other sites

  • 4 weeks later...

At the time of my look at your sample;

Resolving link obfuscation

http://anorthic.antispywarecoer.com/discon

host 221.11.133.66 (getting name) no name

http://effort.antispywarecoer.com

Tracking link: http://anorthic.antispywarecoer.com/discon

No recent reports, no history available

Resolves to 221.11.133.66

Routing details for 221.11.133.66

[refresh/show] Cached whois for 221.11.133.66 : abuse[at]cnc-noc.net

Using abuse net on abuse[at]cnc-noc.net

abuse net cnc-noc.net = abuse[at]cnc-noc.net, postmaster[at]cnc-noc.net

Using best contacts abuse[at]cnc-noc.net postmaster[at]cnc-noc.net

postmaster[at]cnc-noc.net bounces (6 sent : 6 bounces)

Using postmaster#cnc-noc.net[at]devnull.spamcop.net for statistical tracking.

Tracking link: http://effort.antispywarecoer.com

No recent reports, no history available

Cannot resolve http://effort.antispywarecoer.com

would go with DNS issues and caching ... but;

10/21/04 13:17:34 Slow traceroute effort.antispywarecoer.com

Trace effort.antispywarecoer.com (221.11.133.66) ...

10/21/04 13:09:37 Browsing http://effort.antispywarecoer.com

Fetching http://effort.antispywarecoer.com/ ...

GET / HTTP/1.1

Host: effort.antispywarecoer.com

HTTP/1.1 200 OK

Date: Thu, 21 Oct 2004 18:12:26 GMT

Server: Apache/2.0.51 (Unix) DAV/2 PHP/4.3.9

X-Powered-By: PHP/4.3.9

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Thu, 21 Oct 2004 18:12:26 GMT

.....

var popWin = confirm("Click OK to download our FREE Spyware Scanner software while browsing the site");

if (popWin)

{

window.location.href = 'download.php?id=kez769';

}

yeah, right ....

on the other hand;

whois -h whois.crsnic.net antispywarecoer.com ...

Redirecting to TUCOWS INC.

whois -h whois.opensrs.net antispywarecoer.com ...

Registrant:

APRM Inc

195 Piper Court

Fairfax, CA 94930

US

Domain name: ANTISPYWARECOER.COM

Administrative Contact:

Alan Taylor, David davidalan[at]gawab.com

195 Piper Court

Fairfax, CA 94930

US

+1.4154571656

Technical Contact:

Alan Taylor, David davidalan[at]gawab.com

195 Piper Court

Fairfax, CA 94930

US

+1.4154571656

Registrar of Record: TUCOWS, INC.

Record last updated on 21-Oct-2004.

Record expires on 10-Oct-2005.

Record created on 10-Oct-2004.

Domain servers in listed order:

NS4.ILUVDNS.COM 200.184.84.213

NS6.123MYDNS.COM 221.11.133.64

This guy is a long way from China, and the use of those "interesting" DNS servers also suggests a few things.

Link to comment
Share on other sites

I too get a report attempt only to:

Re: http://effort.antispywarecoer.com (Administrator of network hosting website referenced in spam)

To: abuse[at]cnc-noc.net (Notes)

To: postmaster#cnc-noc.net[at]devnull.spamcop.net (Notes)

Also you should either report that or cancel it before someone does it for you which may not be the correct answer.

Link to comment
Share on other sites

  • 3 weeks later...

Here is another instance where Spamcop says that the domain can't resolve. These gonks are spamming for people to "Win a Green Card" (never mind that I am already a US Citizen by birth)!

Tracking Link:

http://www.spamcop.net/sc?id=z691466124zf7...a9f533655174a8z

Domain name is usa-vista.com

"Allwhois" gives the following information on the site (gotta love those DNS Server Names and the Registrar :blink: ). Also check out the "last updated on" field ;) :

Registrant:

ivanov

po box 5032

kiev, ua 65000

UA

Domain name: USA-VISTA.COM

Administrative Contact:

ivanov, ivan info[at]q-h.ru

po box 5032

kiev, ua 65000

UA

+38.0503160000

Technical Contact:

ivanov, ivan info[at]q-h.ru

po box 5032

kiev, ua 65000

UA

+38.0503160000

Registrar of Record: TUCOWS, INC.

Record last updated on 09-Nov-2004.

Record expires on 26-Sep-2005.

Record created on 26-Sep-2004.

Domain servers in listed order:

NS6.DNSISGREAT.COM 221.11.133.64

NS7.4GREATDNS.COM 219.138.131.36

Domain status: ACTIVE

Link to comment
Share on other sites

Here is another instance where Spamcop says that the domain can't resolve.

<snip>

20101[/snapback]

...Looks okay to me:
<snip>

Tracking message source: 24.218.1.187:

Routing details for 24.218.1.187

[refresh/show] Cached whois for 24.218.1.187 : abuse[at]comcast.net

<snip>

Reports regarding this spam have already been sent:

Re: 24.218.1.187 (Administrator of network where email originates)

Reportid: 1287512353 To: abuse[at]comcast.net

<snip>

Link to comment
Share on other sites

Current results are as follows:

Resolving link obfuscation

http://gluey.usa-vista.com/?aid

host 195.95.204.15 (getting name) no name

Tracking link: http://gluey.usa-vista.com/?aid

No recent reports, no history available

Resolves to 195.95.204.15

Routing details for 195.95.204.15

[refresh/show] Cached whois for 195.95.204.15 : pavol.cvengros[at]primeinteractive.net

Using last resort contacts pavol.cvengros[at]primeinteractive.net

...

Re: http://gluey.usa-vista.com/?aid (Administrator of network hosting website referenced in spam)

pavol.cvengros[at]primeinteractive.net

When the Parser reports "Cannot resolve $SPAMMYURL", I usually hit "Refresh" a few times. If it still doesn't resolve, I: try to use other tools to resolve it, including SSW, nslookup, and occasionally ping and dig; use the Parser on the resulting IP Address or CNAME (alias) in a separate window; and add the resulting suggested Reporting address(es) to the User Notification Section. If the User Notification Section is full or you are not a paying customer (or you are helping someone who is not a paying customer), I'd suggest sending a Manual Report.

Link to comment
Share on other sites

Current results are as follows:

When the Parser reports "Cannot resolve $SPAMMYURL", I usually hit "Refresh" a few times.  If it still doesn't resolve, I: try to use other tools to resolve it, including SSW, nslookup, and occasionally ping and dig; use the Parser on the resulting IP Address or CNAME (alias) in a separate window; and add the resulting suggested Reporting address(es) to the User Notification Section.  If the User Notification Section is full or you are not a paying customer (or you are helping someone who is not a paying customer), I'd suggest sending a Manual Report.

20108[/snapback]

Thanks Jeff, I will give that a try. I didn't want to go bashing the Parser because it failed to resolve but, if the refresh works, I will give it a chance....

Cheers,

Bret

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...