shmengie Posted June 8, 2005 Share Posted June 8, 2005 http://www.spamcop.net/sc?id=z772587994z11...aee40216c68f0dz Name: congress.su.dissemble.at.ibirxt.com Address: 12.207.80.167, 24.19.244.159, 24.128.254.159, 67.172.211.80, 69.134.181.217 Which translates to a bunch dsl/cable hosts, AFAICT. comcast, ameritech, comcast, rr and verizon. For some reason spamcop only identified the one ip address at rr (69.134.181.217), according to the tracking url. This is the second spam that resolves to a web-addy like this. My guess is the latest generation of spam-bot infected computers are also webhosting... What a joke. Maybe I should be greatful my ip isn't in the list. -Joe Link to comment Share on other sites More sharing options...
Wazoo Posted June 8, 2005 Share Posted June 8, 2005 whois -h whois.opensrs.net ibirxt.com ... Registrant: Clark 1099 greenfield rd. Saint Helena, CA 94574 US Domain name: IBIRXT.COM Administrative Contact: Clark, Amizetta amizelark[at]yahoo.com 1099 greenfield rd. Saint Helena, CA 94574 US +1.2098060154 Technical Contact: Clark, Amizetta amizelark[at]yahoo.com 1099 greenfield rd. Saint Helena, CA 94574 US +1.2098060154 Registration Service Provider: NS.com., support[at]ns.com 704.884.9000 http://www.ns.com This company may be contacted for domain login/passwords and general domain support questions. Registrar of Record: TUCOWS, INC. Record last updated on 05-Jun-2005. Record expires on 04-Jun-2006. Record created on 04-Jun-2005. Domain servers in listed order: NS1.IBIRXT.COM 67.172.211.80 NS2.IBIRXT.COM 12.207.80.167 NS3.IBIRXT.COM 24.19.244.159 NS4.IBIRXT.COM 69.134.181.217 NS5.IBIRXT.COM 24.128.254.159 Domain status: ACTIVE Registration data is still shiny, Yahoo e-mail address used for registration, 67.172.211.80 RTT: 74ms TTL:115 (c-67-172-211-80.hsd1.tx.comcast.net ok) 12.207.80.167 RTT: 83ms TTL:118 (12-207-80-167.client.mchsi.com ok) 24.19.244.159 RTT: 250ms TTL:116 (c-24-19-244-159.hsd1.wa.comcast.net ok) 69.134.181.217 RTT: 68ms TTL:112 (cpe-069-134-181-217.nc.res.rr.com ok) 24.128.254.159 RTT: 572ms TTL:115 (c-24-128-254-159.hsd1.nh.comcast.net ok) No doubt, all these IP addresses will change as they get reported and the compromised machines get taken care of (well, a couple of them anyway .. I contacted mchsi abuse folks) If you don't see it, spammer is running his/her own DNS servers on copomised end-user computers, such that any look-up is going to be 'phase-shifting' as time goes on .... Link to comment Share on other sites More sharing options...
Jeff G. Posted June 8, 2005 Share Posted June 8, 2005 Yahoo e-mail address used for registration28993[/snapback] Reported. Link to comment Share on other sites More sharing options...
Wazoo Posted June 8, 2005 Share Posted June 8, 2005 Mote the changes as of this morning ... 06/08/05 09:40:32 whois IBIRXT.COM whois -h whois.opensrs.net ibirxt.com ... Domain servers in listed order: NS1.IBIRXT.COM 67.170.214.237 NS2.IBIRXT.COM 68.53.143.198 NS3.IBIRXT.COM 67.172.211.80 NS4.IBIRXT.COM 66.191.54.140 NS5.IBIRXT.COM 68.75.34.167 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.