EWS Posted November 15, 2005 Share Posted November 15, 2005 Every time I report spam containing a link to http://www.find-someone-new.com/ the parser resolves the spamvertised site to a different web host. How is the spammer hiding the real host of his web page? and how is he making it falsely report as being hosted somewhere else? Link to comment Share on other sites More sharing options...
Wazoo Posted November 15, 2005 Share Posted November 15, 2005 http://www.dnsreport.com/tools/dnsreport.c...someone-new.com for starters .... http://www.whois.sc/find-someone-new.com Website Status: not active Blacklist Status: Clear ICANN Registrar: YESNIC CO. LTD. Created: 14-nov-2005 Expires: 14-nov-2006 Status: ACTIVE Registrant:: Name : daniel daman Email : (gmail address) Address : 42 forsythia Zipcode : 11753 Nation : US Tel : 5186788866 Fax : ::Administrative Contact:: Name : daniel daman Email : Address : 42 forsythia Zipcode : 11753 Nation : US Tel : 5186788866 Fax : ::Technical Contact:: Name : daniel daman Email : Address : 42 forsythia Zipcode : 11753 Nation : US Tel : 5186788866 Fax : ::Name Servers:: ns1.gpeerik.com ns2.gpeerik.com ns3.gpeerik.com ns4.gpeerik.com ns5.gpeerik.com ::Dates & Status:: Created Date 2005-11-14 02:15:03 EST Updated Date 2005-11-14 02:15:03 EST Valid Date 2006-11-14 02:15:03 EST Status ACTIVE 11/15/05 02:36:17 Slow traceroute find-someone-new.com Trace find-someone-new.com (24.148.170.27) ... 24.148.170.27 RTT: 64ms TTL:112 (user-0c99agr.cable.mindspring.com ok) ^^^^^compromised computer^^^^^^^^^ 11/15/05 02:37:40 dns find-someone-new.com Canonical name: find-someone-new.com Addresses: 24.107.74.134 67.190.72.42 67.181.197.112 24.148.170.27 24.170.141.145 compromised computers used to provide DNS 24.107.74.134 RTT: 35ms TTL:118 (24-107-74-134.dhcp.stls.mo.charter.com ok) 67.181.197.112 RTT: 71ms TTL:118 (c-67-181-197-112.hsd1.ca.comcast.net ok) 24.148.170.27 RTT: 64ms TTL:112 (user-0c99agr.cable.mindspring.com ok) 24.170.141.145 RTT: 64ms TTL:111 (user-0cal3ch.cable.mindspring.com ok) check these results in a while and all of these IP addresses will be different .... thus the ever-changing parser results ...... 11/15/05 03:15:36 Slow traceroute find-someone-new.com Trace find-someone-new.com (68.51.33.99) ... 68.51.33.99 RTT: 635ms TTL:117 (pcp459202pcs.7acres01.ar.comcast.net ok) 11/15/05 03:15:39 dns find-someone-new.com Canonical name: find-someone-new.com Addresses: 24.170.141.145 24.160.122.97 68.51.33.99 24.148.170.27 67.167.36.157 11/15/05 03:40:49 Slow traceroute find-someone-new.com Trace find-someone-new.com (84.72.79.72) ... 84.72.79.72 RTT: 258ms TTL:113 (84-72-79-72.dclient.hispeed.ch ok) 11/15/05 03:39:37 dns find-someone-new.com Canonical name: find-someone-new.com Addresses: 69.210.253.120 24.148.170.27 64.201.215.123 67.167.36.157 84.72.79.72 11/15/05 14:37:52 Slow traceroute find-someone-new.com Trace find-someone-new.com (24.170.141.145) ... 24.170.141.145 RTT: 70ms TTL:111 (user-0cal3ch.cable.mindspring.com ok) 11/15/05 14:37:55 dns find-someone-new.com Canonical name: find-someone-new.com Addresses: 68.201.79.42 24.160.122.97 84.72.79.72 24.170.141.145 12.202.127.218 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.