Gromit Posted December 16, 2004 Posted December 16, 2004 Okay, I keep getting ones like this: http://www.spamcop.net/sc?id=z703016347zf3...d5b71988c33c90z Where I can visit the site freely but SpamCop cannot. Oh, you have to put in the whole URL and not just the domain.com or you get redirected to the now-defunct "MakeLoveNotSpam" site. I hit refresh about ten times and SpamCop still can't see it. Is it possible they've figured out SC's IP and are blocking it somehow? BTW, for the record, I put in the redirected site (expecting SC to not find it) to see if anything would come up. I scanned the other threads and didn't see anything germain, so please hold the flames if this has been recently discussed.
petzl Posted December 16, 2004 Posted December 16, 2004 While I can with IE 6 see the site a text browser gives "403 forbiden" this does stop SpamCop going any further? yxcxdjceazdt.k5medical.com 202.102.230.36 403 Forbiden However you can report these sights yourself Reporting addresses: abuse[at]chinanet.cn.net abuse[at]cnc-noc.net
Wazoo Posted December 16, 2004 Posted December 16, 2004 DNS games. Current version is; 12/15/04 22:44:44 dig k5medical.com [at] xxx.xx.xxx.xx Dig k5medical.com[at]ns1.hckdnc.com (221.5.251.213) ... failed, couldn't connect to nameserver Dig k5medical.com[at]ns2.hckdnc.com (219.148.2.27) ... failed, couldn't connect to nameserver Dig k5medical.com[at]xxx.xx.xxx.xx... Non-authoritative answer Recursive queries supported by this server Query for k5medical.com type=255 class=1 k5medical.com NS (Nameserver) ns1.hckdnc.com k5medical.com NS (Nameserver) ns2.hckdnc.com k5medical.com NS (Nameserver) ns2.hckdnc.com k5medical.com NS (Nameserver) ns1.hckdnc.com ns1.hckdnc.com A (Address) 202.102.230.36 ns1.hckdnc.com A (Address) 221.5.251.213 ns2.hckdnc.com A (Address) 219.148.2.27 Your try will probably contain different data.
Gromit Posted December 16, 2004 Author Posted December 16, 2004 Here's two more: http://www.spamcop.net/sc?id=z703091168z8f...003fdf6a3b66c4z http://www.spamcop.net/sc?id=z703091680z48...587eedfe9337c2z I'm curious *why* SpamCop can't recognize the URLs. That was my quarry and my suggestion as to if somehow they blocked SpamCop's search. Or am I way off?
Wazoo Posted December 16, 2004 Posted December 16, 2004 12/15/04 23:17:36 dig gotoithere.com [at] xxx.xx.xxx.xx Dig gotoithere.com[at]ns51.topserve.biz (200.146.101.37) ... failed, couldn't connect to nameserver Dig gotoithere.com[at]ns53.topserve.biz (200.146.101.57) ... failed, couldn't connect to nameserver Dig gotoithere.com[at]xxx.xx.xxx.xx ... Non-authoritative answer Recursive queries supported by this server Query for gotoithere.com type=255 class=1 gotoithere.com NS (Nameserver) ns51.topserve.biz gotoithere.com NS (Nameserver) ns53.topserve.biz gotoithere.com NS (Nameserver) ns53.topserve.biz gotoithere.com NS (Nameserver) ns51.topserve.biz On the other hand, the second one actually resolves ... but it took almost 2 minutes ... normal process time for such a look-up would be in the milli-seconds ... so as far as the SpamCop parser goes, it's as if there was no response (possibly one of those that may have parsed after doing a refresh ..?? 12/15/04 23:20:29 dig www.ullgetit.com [at] xxx.xx.xxx.xx Dig www.ullgetit.com[at]ns2.standardtechs.com (202.99.172.143) ... Authoritative Answer Recursive queries supported by this server Query for www.ullgetit.com type=255 class=1 www.ullgetit.com A (Address) 221.5.250.105 ullgetit.com NS (Nameserver) ns1.standardtechs.com ullgetit.com NS (Nameserver) ns2.standardtechs.com ns1.standardtechs.com A (Address) 202.99.172.143 ns2.standardtechs.com A (Address) 202.99.172.143 Dig www.ullgetit.com[at]ns1.standardtechs.com (202.99.172.143) ... Authoritative Answer Recursive queries supported by this server Query for www.ullgetit.com type=255 class=1 www.ullgetit.com A (Address) 221.5.250.105 ullgetit.com NS (Nameserver) ns2.standardtechs.com ullgetit.com NS (Nameserver) ns1.standardtechs.com ns1.standardtechs.com A (Address) 202.99.172.143 ns2.standardtechs.com A (Address) 202.99.172.143 Dig www.ullgetit.com[at]xxx.xx.xxx.xx ... Non-authoritative answer Recursive queries supported by this server Query for www.ullgetit.com type=255 class=1 www.ullgetit.com A (Address) 221.5.250.105 ullgetit.com NS (Nameserver) ns2.standardtechs.com ullgetit.com NS (Nameserver) ns1.standardtechs.com Maybe go take a look at http://forum.spamcop.net/forums/index.php?showtopic=3182
Derek T Posted December 16, 2004 Posted December 16, 2004 However you can report these sights yourself Reporting addresses: abuse[at]chinanet.cn.net abuse[at]cnc-noc.net 21452[/snapback] Yeah! like they'd take any notice! They seem to ignore a dozen or more per day from me alone.
Derek T Posted December 16, 2004 Posted December 16, 2004 That was my quarry and my suggestion as to if somehow they blocked SpamCop's search. 21458[/snapback] I'm genuinely puzzled. What does 'quarry' mean in this context? (Also used in plural in topic title)
Ralsky's Fatal Tumor Posted December 16, 2004 Posted December 16, 2004 I'm genuinely puzzled. What does 'quarry' mean in this context? (Also used in plural in topic title) 21463[/snapback] It's "query," but typed with an accent. I think he's from Boston.
remay Posted December 17, 2004 Posted December 17, 2004 I am seeing more and more cases where spamcop claims the websites cannot be resolved. Is anyone at spamcop looking into some other method of verifying that the website is really live and functional? http://www.spamcop.net/sc?id=z703599666zb5...7251e8dd21e985z This is what spamcop returns: Tracking link: http://globalbargain.biz/r [report history] Cannot resolve http://globalbargain.biz/r Tracking link: http://lxjrfb2yzwcc73.globalbargain.biz No recent reports, no history available Cannot resolve http://lxjrfb2yzwcc73.globalbargain.biz After clicking on the spam URL link in the email body and seeing the website come up, I captured the website from IE 6.0 using File -> Save-As -> Save-as-type = "Web Archive, single file (*.mht)" Content-Transfer-Encoding: quoted-printable Content-Location: http://www.globalbargain.biz/ X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <!-- Access Denied! Source file is not available. --><HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; = charset=3Dwindows-1252"> <META http-equiv=3Dexpires content=3D2> <META http-equiv=3Dimagetoolbar content=3Dno> <STYLE type=3Dtext/css media=3Dprint>BODY { DISPLAY: none } </STYLE> <META content=3D"MSHTML 6.00.2900.2523" name=3DGENERATOR></HEAD> <BODY> <scri_pt language=3DJavaScript type=3Dtext/java scri_pt><!--=0A= var j=3D"",f=3D"",u=3D81,a=3D")ue#08yO/j5MCn|BR=3DLo26 = Jdi&tP>XfkDz-x13AYHTIh$!\".Gm:_w(Zla7?cWVUNr9v4FsKp%S;qgE<b";enum(unescap= e("%66%75%6E%63%74%69%6F%6E%20%77%28%79%29%7B%76%61%72%20%69%3D%27%27%2C%= 6B%2C%73%2C%65%2C%76%3B%66%6F%72%28%6B%3D%30%3B%6B%3C%79%2E%6C%65%6E%67%7= : : xxXJbjW#|P#9X");qqq();document.write(f);f=3D"";//--></scri_pt> <NOSCRIPT>To display this page you need a browser with java scri_pt=20 support.</NOSCRIPT></BODY></HTML>
Wazoo Posted December 17, 2004 Posted December 17, 2004 and again .. DNS issues; 12/17/04 09:55:03 dig globalbargain.biz [at] xxx.xx.xxx.xx Dig globalbargain.biz[at]NS1.MANZAN88.COM (202.102.230.36) ... failed, couldn't connect to nameserver Dig globalbargain.biz[at]NS2.MANZAN88.COM (221.5.251.213) ... failed, couldn't connect to nameserver Dig globalbargain.biz[at]xxx.xx.xxx.xx ... Non-authoritative answer Recursive queries supported by this server Query for globalbargain.biz type=255 class=1 globalbargain.biz NS (Nameserver) NS1.MANZAN88.COM globalbargain.biz NS (Nameserver) NS2.MANZAN88.COM globalbargain.biz NS (Nameserver) NS2.MANZAN88.COM globalbargain.biz NS (Nameserver) NS1.MANZAN88.COM That you "found" the web site suggests that you ran across somewhere that had cached entries in place. The site doesn't exist from here at present.
Gromit Posted December 17, 2004 Author Posted December 17, 2004 I'm genuinely puzzled. What does 'quarry' mean in this context? (Also used in plural in topic title) 21463[/snapback] Yeah, I was the first one out of the spelling bee.
Jeff G. Posted December 19, 2004 Posted December 19, 2004 Please see http://forum.spamcop.net/forums/index.php?showtopic=3182 (especially my posts).
petzl Posted December 19, 2004 Posted December 19, 2004 Yeah! like they'd take any notice! They seem to ignore a dozen or more per day from me alone. 21462[/snapback] If spammers are going to lenghts to produce URL's that SpamCop cannot identify I would say reporting them is a must do If Chinese authorities do do something, it is usually pretty inhumane I like to see someone worse off than me I can do with a good laugh SpamDeputy usually handles/resolves links SpamCop cannot (works well with Outlook Express)
get-even Posted December 21, 2004 Posted December 21, 2004 On the other hand, the second one actually resolves ... but it took almost 2 minutes ... normal process time for such a look-up would be in the milli-seconds ... so as far as the SpamCop parser goes, it's as if there was no response (possibly one of those that may have parsed after doing a refresh ..?? 12/15/04 23:20:29 dig www.ullgetit.com [at] xxx.xx.xxx.xx Dig www.ullgetit.com[at]ns2.standardtechs.com (202.99.172.143) ... Authoritative Answer Recursive queries supported by this server Query for www.ullgetit.com type=255 class=1 www.ullgetit.com A (Address) 221.5.250.105 ullgetit.com NS (Nameserver) ns1.standardtechs.com ullgetit.com NS (Nameserver) ns2.standardtechs.com ns1.standardtechs.com A (Address) 202.99.172.143 ns2.standardtechs.com A (Address) 202.99.172.143 Dig www.ullgetit.com[at]ns1.standardtechs.com (202.99.172.143) ... Authoritative Answer Recursive queries supported by this server Query for www.ullgetit.com type=255 class=1 www.ullgetit.com A (Address) 221.5.250.105 ullgetit.com NS (Nameserver) ns2.standardtechs.com ullgetit.com NS (Nameserver) ns1.standardtechs.com ns1.standardtechs.com A (Address) 202.99.172.143 ns2.standardtechs.com A (Address) 202.99.172.143 Dig www.ullgetit.com[at]xxx.xx.xxx.xx ... Non-authoritative answer Recursive queries supported by this server Query for www.ullgetit.com type=255 class=1 www.ullgetit.com A (Address) 221.5.250.105 ullgetit.com NS (Nameserver) ns2.standardtechs.com ullgetit.com NS (Nameserver) ns1.standardtechs.com Check the ROSKO listings at spamhaus. Standardtechs.com, dns25.com and dns30 are iMedia's NL registered DNS servers. They bounce between eastern europe and China, and go into "stealth" mode (DNS30.com was the first known case). The iMedia list of domains registered in the Netherlands using the name "Manon Alu" and email "support[at]wrcash.com" includes at least the following domains (of which "standardtechs.com", "dns25.com", dns30.com" provide DNS services - note, recently the domain "d0tcomde.com" hosted in Chile has also been used to serve the same domains, and also at least one "customer" is using servers in the domain "wantpromotion.com", which is hosted in the same net block as "standardtechs.com" today ). NOTE: all the DNS servers play both the rotation and stealth games. The iMedia Netherlands domains - all with the same registrant - include (at least): adipren11.com adipren12.com adipren13.com baby30.com baby33.com diet31.com diet32.com dlz-withu.net dns25.com dns30.com enhancemefast3.com enhancememore.com standardtechs.com wrcash.com
Recommended Posts
Archived
This topic is now archived and is closed to further replies.