paul101 Posted March 20, 2006 Share Posted March 20, 2006 Greetings: I'm not sure exactly where to post this, so I made my best guess. Please move this post to the correct forum if I goofed. This spam is interesting because it evaded both Spamcop filters and our own domain filters. Unlike the vast majority of spam sent to our Spamcop email address these days, this spam punched through to our real inbox. That's why I'm taking the time to alert Spamcop admins about it. I hope the following info is useful. Two copies of this spam arrived today, with a JPEG attachment referencing a website called colomby.net. Let us know if Spamcop needs additional info to help block these criminals. ----- Examine spam version 1 at: http://www.spamcop.net/sc?id=z901092431z42...9b829d727bb237z Examine spam version 2 at: http://www.spamcop.net/sc?id=z900915847z15...ce161ff9552bb5z ----- Here's some additional basic Whois info we collected regarding this spam: domain: colomby.net owner: Vladimir Mironov email: whois[at]rattlings.com address: Abonensky yashik 16 city: Moscow state: -- postal-code: 117525 country: RU phone: +7095.2349449 admin-c: whois[at]rattlings.com#1 tech-c: whois[at]rattlings.com#1 billing-c: whois[at]rattlings.com#1 nserver: ns1.unmnemonic.net 58.56.12.77 nserver: ns2.unmnemonic.net 58.56.12.77 status: lock created: 2006-03-10 14:23:12 UTC modified: 2006-03-14 14:06:24 UTC expires: 2007-03-10 09:19:43 UTC source: joker.com live whois service query-time: 0.020415 db-updated: 2006-03-19 17:28:21 ----- domain: unmnemonic.net owner: Vladimir Mironov email: whois[at]rattlings.com address: Abonensky yashik 16 city: Moscow state: -- postal-code: 117525 country: RU phone: +7095.2349449 admin-c: whois[at]rattlings.com#1 tech-c: whois[at]rattlings.com#1 billing-c: whois[at]rattlings.com#1 nserver: a.ns.joker.com 194.176.0.2 nserver: b.ns.joker.com 194.245.101.19 nserver: c.ns.joker.com 194.245.50.1 status: lock created: 2006-03-10 14:23:03 UTC modified: 2006-03-14 14:02:28 UTC expires: 2007-03-10 09:19:35 UTC source: joker.com live whois service query-time: 0.016137 db-updated: 2006-03-19 17:30:13 ----- inetnum: 194.176.0.0 - 194.176.0.255 netname: CSL-194-176-0 descr: CSL Computer Service Langenbach GmbH descr: Hansaallee 191-193 descr: D-40549 Duesseldorf country: DE admin-c: CSL6-RIPE tech-c: CSL6-RIPE rev-srv: a.ns.joker.com rev-srv: b.ns.joker.com rev-srv: c.ns.joker.com status: ASSIGNED PA mnt-by: CSL-MNT source: RIPE # Filtered role: CSL Computer Service Langenbach GmbH address: Hansaallee 191-193 D-40549 Duesseldorf Germany e-mail: noc[at]nrw.net admin-c: JL1322-RIPE tech-c: UO86-RIPE nic-hdl: CSL6-RIPE remarks: *************************************************** remarks: * Please use abuse[at]nrw.net for reporting abuse... * remarks: *************************************************** source: RIPE # Filtered % Information related to '194.176.0.0/19AS5517' route: 194.176.0.0/19 descr: CSL origin: AS5517 mnt-by: CSL-MNT source: RIPE # Filtered Link to comment Share on other sites More sharing options...
petzl Posted March 20, 2006 Share Posted March 20, 2006 Greetings: I'm not sure exactly where to post this, so I made my best guess. Please move this post to the correct forum if I goofed. Two copies of this spam arrived today, with a JPEG attachment referencing a website called colomby.net. ----- Examine spam version 1 at: http://www.spamcop.net/sc?id=z901092431z42...9b829d727bb237z 41437[/snapback] Number 1 is being sent through a mailserver not stamping the IP source which is going to wake the owner of that IP soon as SpamCop lists it The domain you mentioned has Joker as the registrar Report this domain to Joker by clicking here Joker will check the site out and close it down if they spam and or their registrar info is false (ask SpamCop ) Number 2 is listed by SpamCop Link to comment Share on other sites More sharing options...
paul101 Posted March 20, 2006 Author Share Posted March 20, 2006 Thanks for the quick reply and info, petzl. I'll pass this along. We've never had much luck reporting spam to Joker. Joker seems to be more interested in profits than ethics. In any case, we'll save a copy of all relevant files for any agency that might find them useful. Link to comment Share on other sites More sharing options...
petzl Posted March 20, 2006 Share Posted March 20, 2006 Thanks for the quick reply and info, petzl. I'll pass this along. We've never had much luck reporting spam to Joker. Joker seems to be more interested in profits than ethics. In any case, we'll save a copy of all relevant files for any agency that might find them useful. 41443[/snapback] I have found Joker to be responsive? If Joker have changed their ways you can then complian to ICANN which can result in a register being hurt Link to comment Share on other sites More sharing options...
ronin Posted March 29, 2006 Share Posted March 29, 2006 Number 1 is being sent through a mailserver not stamping the IP source which is going to wake the owner of that IP soon as SpamCop lists it The domain you mentioned has Joker as the registrar Report this domain to Joker by clicking here Joker will check the site out and close it down if they spam and or their registrar info is false (ask SpamCop ) Number 2 is listed by SpamCop 41438[/snapback] yes I got one to: There is nonsense mulitiline part of text... kind of story and on the end is JPG pic with offer to go to http://spottier.com Just to mention that I have been getting this kind of mails alot lately with different spam links. All is reffered to joker.com who is on spottier.com tells me his registrar is joker.com and the person, owner of all of those spam urls is one man: domain: spottier.com owner: Vladimir Mironov email: whois[at]rattlings.com address: Abonensky yashik 16 city: Moscow state: -- postal-code: 117525 country: RU phone: +7095.2349449 I reported it to joker.com and lets hope they will cut down their services to that dude.... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.