btech Posted June 14, 2006 Share Posted June 14, 2006 I know this has been reported here before, but I noticed that a spamvertized link changed IP and reporting addresses, as I went through a list of similar messages that were blasted [at] my domain. http://www.spamcop.net/sc?id=z972103722ze5...d812017a731e06z and http://www.spamcop.net/sc?id=z972103729z92...139385716269c3z Ended up reporting http://www.prosilyie.com to different IPs. Even pasting the link in the field for pasting will duplicate these findings: Parsing input: http://www.prosilyie.com Host www.prosilyie.com (checking ip) = 219.147.204.236 host 219.147.204.236 (getting name) no name Host www.prosilyie.com (checking ip) = 219.147.204.236 host 219.147.204.236 (getting name) no name [report history] Routing details for 219.147.204.236 Reporting addresses: network[at]hljtele.com postmaster[at]hljtele.com ------ Parsing input: http://www.prosilyie.com [report history] Routing details for 222.179.142.89 Reporting addresses: abuse[at]cta.cq.cn ----- InterNIC comes up with this (Which is the same thing I saw on whois.net): Domain Name: PROSILYIE.COM Registrar: ONLINE SAS Whois Server: whois.bookmyname.com Referral URL: http://www.bookmyname.com Name Server: NS1.NUCLEINGM.COM Name Server: NS2.NUCLEINGM.COM Status: ACTIVE Updated Date: 12-jun-2006 Creation Date: 05-jun-2006 Expiration Date: 05-jun-2007 --------------- And here's DNSstuff: http://www.dnsstuff.com/tools/whois.ch?ip=www.prosilyie.com Am I going crazy here? Link to comment Share on other sites More sharing options...
Farelf Posted June 14, 2006 Share Posted June 14, 2006 I know this has been reported here before, ... Am I going crazy here?Nah, you will need another excuse for your excessive and erratic behavior - it's just the same old run-around. In fact the dnsstuff result comes back to old Gertie Graydrawers AKA Maggie BAPTISTE 87 Columbia St 10002 New York unearthed by Wazoo in http://forum.spamcop.net/forums/index.php?...860entry43860 What a pity she's ficticious. Link to comment Share on other sites More sharing options...
Wazoo Posted June 14, 2006 Share Posted June 14, 2006 Chasing down the DNS servers leads to yet more 'funniness' whois -h whois.opensrs.net nucleingm.com ... Registrant: Private 11 Pearl St E, Sidney NY, NY 13838 US Domain name: NUCLEINGM.COM Administrative Contact: Finnegan, Robert stuarthiroyasu[at]yahoo.com 11 Pearl St E, Sidney NY, NY 13838 US +1 (212) 683-0559 Technical Contact: Fenison, Elden support[at]cybcon.com 30240 SW Parkway Ave #10 Wilsonville, OR 97070 US +1.5032484449 Fax: +1.5036827701 Registration Service Provider: CyberConnectics, support[at]cybcon.com 503-248-4449 503-682-7701 (fax) http://www.cyberconnectics.com This company may be contacted for domain login/passwords, DNS/Nameserver changes, and general domain support questions. Registrar of Record: TUCOWS, INC. Record last updated on 09-Jun-2006. Record expires on 09-Jun-2007. Record created on 09-Jun-2006. Domain servers in listed order: NS1.NUCLEINGM.COM 219.147.204.236 NS2.NUCLEINGM.COM 211.156.244.11 Domain status: ACTIVE Nite that the first IP address for DNS service matches that of the alleged web-site in onr of your parses. Let's not ignore that the Registration date of the DNS 'domaun' is even more recent than the web-site Domain .... Even funnier, even though serving as a DNS server for this alleged web-site Domain; 06/13/06 22:14:20 dig prosilyie.com [at] 219.147.204.236 Dig prosilyie.com[at]219.147.204.236 ... failed, couldn't connect to nameserver 06/13/06 22:09:24 dns prosilyie.com Canonical name: prosilyie.com Addresses: 222.179.142.89 06/13/06 22:12:22 Slow traceroute prosilyie.com Trace prosilyie.com (222.179.142.89) ... 06/13/06 22:13:47 Slow traceroute ns1.nucleingm.com Trace ns1.nucleingm.com (219.147.204.236) ... Both fail once "in" the local network .... 192.205.32.242 RTT: 76ms TTL:128 (p4-0.att.nwrknj01.us.bb.verio.net bogus rDNS: host not found [authoritative]) 202.97.49.129 RTT: 76ms TTL:128 (No rDNS) 202.97.51.161 RTT: 233ms TTL:128 (No rDNS) 202.97.33.125 RTT: 231ms TTL:128 (No rDNS) 222.176.2.225 RTT: 259ms TTL:128 (No rDNS) 222.176.4.182 RTT: 266ms TTL:128 (No rDNS) 222.179.128.66 RTT: 256ms TTL:128 (No rDNS) 222.179.128.106 RTT: 270ms TTL:128 (No rDNS) 222.179.142.48 RTT: 264ms TTL:128 (No rDNS) * * * failed 06/13/06 22:39:08 Browsing http://prosilyie.com/ Fetching http://prosilyie.com/ ... GET / HTTP/1.1 HTTP/1.1 200 OK Server: Apache/2.2.0 (Unix) Date: Wed, 14 Jun 2006 03:10:29 GMT <frame src="/sctyk/?cmpid=930&affid=5587" name="list" ..... 06/13/06 22:40:46 Fetching http://prosilyie.com/sctyk/?cmpid=930&affid=5587 Fetching http://prosilyie.com/sctyk/?cmpid=930&affid=5587 ... GET /sctyk/?cmpid=930&affid=5587 HTTP/1.1 Host: prosilyie.com HTTP/1.1 200 OK Server: Apache/2.2.0 (Unix) Date: Wed, 14 Jun 2006 03:12:07 GMT <title>ED Med Choice: Home <p>The shipments come from India from a respected pharmaceutical plant samo samo "great" deal on drugs ..... Link to comment Share on other sites More sharing options...
btech Posted June 15, 2006 Author Share Posted June 15, 2006 so that brings me to another question: If we're able to trackdown who registered the domain, ie GoDaddy or ItsYourDomain, then why not report the spam to them as well? I can only assume the registrations for the domains were made with stolen CCs and false information, so why not report to the registrar and have the domain name yanked for TOS violations? ... or does that seem like too much work for nothing? Link to comment Share on other sites More sharing options...
Miss Betsy Posted June 15, 2006 Share Posted June 15, 2006 so that brings me to another question: If we're able to trackdown who registered the domain, ie GoDaddy or ItsYourDomain, then why not report the spam to them as well? I can only assume the registrations for the domains were made with stolen CCs and false information, so why not report to the registrar and have the domain name yanked for TOS violations? ... or does that seem like too much work for nothing? I don't know about ItsYourDomain, but GoDaddy used to be fairly aggressive so it might be worth reporting to them. Miss Betsy Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.