Jump to content

next generation spammers


shmengie

Recommended Posts

http://www.spamcop.net/sc?id=z772587994z11...aee40216c68f0dz

Name: congress.su.dissemble.at.ibirxt.com

Address: 12.207.80.167, 24.19.244.159, 24.128.254.159, 67.172.211.80, 69.134.181.217

Which translates to a bunch dsl/cable hosts, AFAICT.

comcast, ameritech, comcast, rr and verizon.

For some reason spamcop only identified the one ip address at rr (69.134.181.217), according to the tracking url.

This is the second spam that resolves to a web-addy like this.

My guess is the latest generation of spam-bot infected computers are also webhosting... What a joke. Maybe I should be greatful my ip isn't in the list. :o

-Joe

Link to comment
Share on other sites

whois -h whois.opensrs.net ibirxt.com ...

Registrant:

Clark

1099 greenfield rd.

Saint Helena, CA 94574

US

Domain name: IBIRXT.COM

Administrative Contact:

Clark, Amizetta amizelark[at]yahoo.com

1099 greenfield rd.

Saint Helena, CA 94574

US

+1.2098060154

Technical Contact:

Clark, Amizetta amizelark[at]yahoo.com

1099 greenfield rd.

Saint Helena, CA 94574

US

+1.2098060154

Registration Service Provider:

NS.com., support[at]ns.com

704.884.9000

http://www.ns.com

This company may be contacted for domain login/passwords and general

domain support questions.

Registrar of Record: TUCOWS, INC.

Record last updated on 05-Jun-2005.

Record expires on 04-Jun-2006.

Record created on 04-Jun-2005.

Domain servers in listed order:

NS1.IBIRXT.COM 67.172.211.80

NS2.IBIRXT.COM 12.207.80.167

NS3.IBIRXT.COM 24.19.244.159

NS4.IBIRXT.COM 69.134.181.217

NS5.IBIRXT.COM 24.128.254.159

Domain status: ACTIVE

Registration data is still shiny, Yahoo e-mail address used for registration,

67.172.211.80 RTT: 74ms TTL:115 (c-67-172-211-80.hsd1.tx.comcast.net ok)

12.207.80.167 RTT: 83ms TTL:118 (12-207-80-167.client.mchsi.com ok)

24.19.244.159 RTT: 250ms TTL:116 (c-24-19-244-159.hsd1.wa.comcast.net ok)

69.134.181.217 RTT: 68ms TTL:112 (cpe-069-134-181-217.nc.res.rr.com ok)

24.128.254.159 RTT: 572ms TTL:115 (c-24-128-254-159.hsd1.nh.comcast.net ok)

No doubt, all these IP addresses will change as they get reported and the compromised machines get taken care of (well, a couple of them anyway .. I contacted mchsi abuse folks)

If you don't see it, spammer is running his/her own DNS servers on copomised end-user computers, such that any look-up is going to be 'phase-shifting' as time goes on ....

Link to comment
Share on other sites

Mote the changes as of this morning ...

06/08/05 09:40:32 whois IBIRXT.COM

whois -h whois.opensrs.net ibirxt.com ...

Domain servers in listed order:

NS1.IBIRXT.COM 67.170.214.237

NS2.IBIRXT.COM 68.53.143.198

NS3.IBIRXT.COM 67.172.211.80

NS4.IBIRXT.COM 66.191.54.140

NS5.IBIRXT.COM 68.75.34.167

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...