Jump to content

DNS trickery?


griffinn

Recommended Posts

The piece of spam in This tracking URL contains a spamvertised website link www.tomuxe.com. Spamcop says this host resolves to 1.1.1.1, an unrouteable address, and therefore will send no report.

However, when I use my local DNS to resolve www.tomuxe.com, it gives the CNAME tomuxe.com, which resolves to 213.135.80.37.

Is someone targeting DNS queries from Spamcop and deliberately feeding wrong answers? Or is this just a caching issue?

Link to comment
Share on other sites

Following your Tracking URL shows me;

Resolving link obfuscation

http://www.tomuxe.com/re/

host www.tomuxe.com (checking ip) = 218.38.140.54

host 218.38.140.54 (getting name) no name

Tracking link: http://www.tomuxe.com/re/

[report history]

Resolves to 218.38.140.54

Routing details for 218.38.140.54

[refresh/show] Cached whois for 218.38.140.54 : abuse[at]hanaro.com ip-adm[at]hanaro.com

Using abuse net on abuse[at]hanaro.com

abuse net hanaro.com = abuse[at]hanaro.com

Using best contacts abuse[at]hanaro.com

so, sorry, can't attempt at explaining your 1.1.1.1 result

whois -h whois.yesnic.com tomuxe.com ...

Domain Name : tomuxe.com

::Registrant::

Name : Shop 4 Job Inc.

Email : leimomi01[at]tom.com

Address : AMSTERDAM, NH 1070 HE

Zipcode : PO Box 76613

Nation : NL

Tel : +31206791556

Fax : +31206627572

::Administrative Contact::

Name : Foundation Men On Line

Email : leimomi01[at]tom.com

Address : AMSTERDAM, NH 1070 HE

Zipcode : PO Box 76613

Nation : NL

Tel : +31206791556

Fax : +31206627572

::Technical Contact::

Name : Foundation Men On Line

Email : leimomi01[at]tom.com

Address : AMSTERDAM, NH 1070 HE

Zipcode : PO Box 76613

Nation : NL

Tel : +31206791556

Fax : +31206627572

::Name Servers::

ns1.maccpoct.ru

ns2.maccpoct.ru

::Dates & Status::

Created Date 2005-06-30 17:29:38 EDT

Updated Date 2005-06-30 17:29:38 EDT

Valid Date 2006-06-30 17:29:38 EDT

Status ACTIVE

Trace www.tomuxe.com (213.135.80.37) ...

213.248.64.21 RTT: 119ms TTL: 16 (kbn-bb1-pos1-3-0.telia.net ok)

213.248.65.26 RTT: 134ms TTL: 16 (s-bb1-pos7-0-0.telia.net ok)

213.248.66.2 RTT: 134ms TTL: 16 (s-b3-pos5-0.telia.net fraudulent rDNS)

213.248.66.98 RTT: 137ms TTL: 16 (equant-106622-s-b3.c.telia.net ok)

57.86.128.82 RTT: 163ms TTL: 16 (moscow08-pos-0-0.ru.equant.net bogus rDNS: host not found [authoritative])

193.232.88.13 RTT: 162ms TTL: 16 (Moscow85-GE0-1.rosprint.net bogus rDNS: host not found [authoritative])

* * * failed

213.135.80.1 RTT: 161ms TTL: 16 (No rDNS)

* * * failed

* * * failed

* * * failed

<snipped remainder failures>

http://www.dnsreport.com/tools/dnsreport.c...main=tomuxe.com shows some issues

I also note that this is a Mole Report, so it doesn't matter anyway ...????

Link to comment
Share on other sites

I saw the 1.1.1.1, hit the refresh button, and got the hanaro result. Generally, hitting refresh in your browser (or reload in Firefox) will clear up domain name resolution issues. However, you will generally see that the site is hosted with a foreign ISP that does not care about SpamCop reports.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...