larxol Posted November 29, 2004 Share Posted November 29, 2004 When I report messages from notorious E.V.A. Pharmaceutics, I'm getting "Cannot resolve referenced web site" responses, so the spamvertized site goes unreported. The url resolves fine when used however. Here's how they have it in the note body: <A href="http://tiplyzkompr.36funhours.info/?xqsofioxtvuyesocyszctbidsmpnto">Get it</A> I report using the two-part form. Link to comment Share on other sites More sharing options...
Wazoo Posted November 29, 2004 Share Posted November 29, 2004 Please provide the Tracking URL in the future. 11/29/04 13:25:41 Slow traceroute tiplyzkompr.36funhours.info Trace tiplyzkompr.36funhours.info (202.102.230.36) ... 219.158.6.250 RTT: 268ms TTL:192 (No rDNS) 221.13.223.74 RTT: 269ms TTL:192 (No rDNS) 61.168.255.66 RTT: 387ms TTL:192 (No rDNS) 61.168.244.130 RTT: 286ms TTL:192 (No rDNS) 202.102.230.35 RTT: 305ms TTL:192 (No rDNS) * * * failed * * * failed * * * failed * * * failed Dig tiplyzkompr.36funhours.info[at]ns2.peiman.biz (202.102.230.36) ... failed, couldn't connect to nameserver Dig tiplyzkompr.36funhours.info[at]ns1.peiman.biz (61.184.198.53) ... failed, couldn't connect to nameserver Dig tiplyzkompr.36funhours.info[at]ns3.peiman.biz (61.141.32.57) ... failed, couldn't connect to nameserver Dig tiplyzkompr.36funhours.info[at]xxx.xx.xxx.xx ... Non-authoritative answer Recursive queries supported by this server Query for tiplyzkompr.36funhours.info type=255 class=1 tiplyzkompr.36funhours.info A (Address) 202.102.230.36 tiplyzkompr.36funhours.info MX (Mail Exchanger) Priority: 0 127.0.0.1 36funhours.info NS (Nameserver) ns3.peiman.biz 36funhours.info NS (Nameserver) ns1.peiman.biz 36funhours.info NS (Nameserver) ns2.peiman.biz ns1.peiman.biz A (Address) 221.5.251.213 ns2.peiman.biz A (Address) 202.102.230.36 11/29/04 13:31:22 Browsing http://tiplyzkompr.36funhours.info/ Fetching http://tiplyzkompr.36funhours.info/ ... GET / HTTP/1.1 Host: tiplyzkompr.36funhours.info Connection: close HTTP/1.0 200 OK Server: Apache/2.0.40 (Red Hat Linux) Accept-Ranges: bytes X-Powered-By: PHP/4.2.2 Content-Type: text/html; charset=ISO-8859-1 Connection: close <frameset><frame src="chair.php"></frameset> whois -h whois.geektools.com tiplyzkompr.36funhours.info ... GeekTools Whois Proxy v5.0.4 Ready. Checking server [whois.afilias.info] Results: NOT FOUND Query Results For: "tiplyzkompr.36funhours.info" Query timed out at http://www.canufly.net/~georgegg/dns/ Giving up on trying to locate the Domain name, switch to the IP address where it's sitting; whois -h whois.apnic.net 202.102.230.36 ... inetnum: 202.102.224.0 - 202.102.255.255 netname: CNCGROUP-HA role: CNCGroup Hostmaster e-mail: abuse[at]cnc-noc.net address: No.156,Fu-Xing-Men-Nei Street, address: Beijing,100031,P.R.China nic-hdl: CH455-AP person: Liping Zhong address: Henan Multimedia Information Bureau address: 70, Nong Ye Road address: ZhengZhou, Henan 450002 address: CN phone: +86-371-3962276 fax-no: +86-371-3962068 e-mail: antispam[at]public.zz.ha.cn -=-=-=-=-=-=- Easy assumption is that the web-site invoked is probably nothing more than a set-up to do some sort of hijack, trying to nail an unpatched, unsecure machine via one of several exploits. Simple trace-route blocked, no e-mail wanted, and name-servers suck. After running the domain through a half-dozen other tool sets, I gave up and just went for the IP ... result there would suggest that complaints would go un-heeded anyway ... Understand your frustration, but .... not much lost in the lack of a report actually. The main thing I'd point out is that if you're going to actually visit these spamvertised sites, please make sure that your system is up to date on all security tools, patches, and fixes. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.