griffinn Posted July 9, 2005 Share Posted July 9, 2005 The piece of spam in This tracking URL contains a spamvertised website link www.tomuxe.com. Spamcop says this host resolves to 1.1.1.1, an unrouteable address, and therefore will send no report. However, when I use my local DNS to resolve www.tomuxe.com, it gives the CNAME tomuxe.com, which resolves to 213.135.80.37. Is someone targeting DNS queries from Spamcop and deliberately feeding wrong answers? Or is this just a caching issue? Link to comment Share on other sites More sharing options...
Wazoo Posted July 9, 2005 Share Posted July 9, 2005 Following your Tracking URL shows me; Resolving link obfuscation http://www.tomuxe.com/re/ host www.tomuxe.com (checking ip) = 218.38.140.54 host 218.38.140.54 (getting name) no name Tracking link: http://www.tomuxe.com/re/ [report history] Resolves to 218.38.140.54 Routing details for 218.38.140.54 [refresh/show] Cached whois for 218.38.140.54 : abuse[at]hanaro.com ip-adm[at]hanaro.com Using abuse net on abuse[at]hanaro.com abuse net hanaro.com = abuse[at]hanaro.com Using best contacts abuse[at]hanaro.com so, sorry, can't attempt at explaining your 1.1.1.1 result whois -h whois.yesnic.com tomuxe.com ... Domain Name : tomuxe.com ::Registrant:: Name : Shop 4 Job Inc. Email : leimomi01[at]tom.com Address : AMSTERDAM, NH 1070 HE Zipcode : PO Box 76613 Nation : NL Tel : +31206791556 Fax : +31206627572 ::Administrative Contact:: Name : Foundation Men On Line Email : leimomi01[at]tom.com Address : AMSTERDAM, NH 1070 HE Zipcode : PO Box 76613 Nation : NL Tel : +31206791556 Fax : +31206627572 ::Technical Contact:: Name : Foundation Men On Line Email : leimomi01[at]tom.com Address : AMSTERDAM, NH 1070 HE Zipcode : PO Box 76613 Nation : NL Tel : +31206791556 Fax : +31206627572 ::Name Servers:: ns1.maccpoct.ru ns2.maccpoct.ru ::Dates & Status:: Created Date 2005-06-30 17:29:38 EDT Updated Date 2005-06-30 17:29:38 EDT Valid Date 2006-06-30 17:29:38 EDT Status ACTIVE Trace www.tomuxe.com (213.135.80.37) ... 213.248.64.21 RTT: 119ms TTL: 16 (kbn-bb1-pos1-3-0.telia.net ok) 213.248.65.26 RTT: 134ms TTL: 16 (s-bb1-pos7-0-0.telia.net ok) 213.248.66.2 RTT: 134ms TTL: 16 (s-b3-pos5-0.telia.net fraudulent rDNS) 213.248.66.98 RTT: 137ms TTL: 16 (equant-106622-s-b3.c.telia.net ok) 57.86.128.82 RTT: 163ms TTL: 16 (moscow08-pos-0-0.ru.equant.net bogus rDNS: host not found [authoritative]) 193.232.88.13 RTT: 162ms TTL: 16 (Moscow85-GE0-1.rosprint.net bogus rDNS: host not found [authoritative]) * * * failed 213.135.80.1 RTT: 161ms TTL: 16 (No rDNS) * * * failed * * * failed * * * failed <snipped remainder failures> http://www.dnsreport.com/tools/dnsreport.c...main=tomuxe.com shows some issues I also note that this is a Mole Report, so it doesn't matter anyway ...???? Link to comment Share on other sites More sharing options...
swingspacers Posted July 9, 2005 Share Posted July 9, 2005 I saw the 1.1.1.1, hit the refresh button, and got the hanaro result. Generally, hitting refresh in your browser (or reload in Firefox) will clear up domain name resolution issues. However, you will generally see that the site is hosted with a foreign ISP that does not care about SpamCop reports. Link to comment Share on other sites More sharing options...
griffinn Posted July 9, 2005 Author Share Posted July 9, 2005 Thanks for clearing that up. Yes, I report as a mole. Just want to make sure the DNS resolution works right, in case someone else gets the same spam and reports it. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.