Jump to content

Error: SC can't resolve domain


mrmaxx

Recommended Posts

Posted

Tracking URL: http://www.spamcop.net/sc?id=z1110604823ze...c831fad99bc71fz

I manually looked it up using "host" on my linux box and got the following:

[john[at]slave1 ~]$ host vbwjfa.creogas.com

vbwjfa.creogas.com has address 200.56.242.35

Further whois gives the following info:

[john[at]slave1 ~]$ whois 200.56.242.35

[Querying whois.lacnic.net]

[whois.lacnic.net]

% Joint Whois - whois.lacnic.net

% This server accepts single ASN, IPv4 or IPv6 queries

% Copyright LACNIC lacnic.net

% The data below is provided for information purposes

% and to assist persons in obtaining information about or

% related to AS and IP numbers registrations

% By submitting a whois query, you agree to use this data

% only for lawful purposes.

% 2006-10-20 14:43:25 (BRT -03:00)

inetnum: 200.56.240/20

status: reallocated

owner: ADETEL

ownerid: MX-ADET-LACNIC

responsible: Administrador Optical

address: Acueducto Rio Hondo Col. Lomas de Virreyes, 28, 205

address: 11000 - Mexico - DF

country: MX

phone: +52 55 50952300 [2335]

owner-c: ADO

tech-c: ADO

created: 20000609

changed: 20031205

inetnum-up: 200.56/15

nic-hdl: ADO

person: Administrador Optical

e-mail: dominios[at]OPTICAL.NET.MX

address: Acueducto Rio Hondo, 28, 205

address: 11000 - Mexico - DF

country: MX

phone: +52 55 50952300 [2335]

created: 20031204

changed: 20031204

% whois.lacnic.net accepts only direct match queries.

% Types of queries are: POCs, ownerid, CIDR blocks, IP

% and AS numbers.

Not sure it'll do much good, but I'm gonna file a manual complaint with the only contact for these folks.

Posted

And when I take a look, using tools from 'here' ..... Yes, I would say that the DNS configuration on this is definitely a spammer contrived set-up. Most 'tools' and look-up databases are based on working with the Domain itself, but in this case, only the sub-domain has been 'configured' to return results to things like "user browsers" ....

10/20/06 14:50:52 dns creogas.com

No DNS for this address

(host doesn't exist)

10/20/06 14:51:01 Slow traceroute creogas.com

Trace creogas.com failed, no such host

whois -h whois.gandi.net creogas.com ...

domain: creogas.com

owner-address: 8011 Hangar Loop Drive

owner-address: 33621

owner-address: MacDill

owner-address: United States of America

admin-c: SJH8-GANDI

tech-c: SJH8-GANDI

bill-c: SJH8-GANDI

nserver: ns1.timbreframe.info 211.139.168.75

nserver: ns2.goodiman.com 211.139.80.120

nserver: ns1.herecentral.info 213.226.169.168

nserver: ns2.witchcurrency.info 211.139.79.108

reg_created: 2006-10-17 14:03:02

expires: 2007-10-17 14:03:02

created: 2006-10-17 16:03:03

changed: 2006-10-17 16:03:03

On the other hand, the sub-domain you identified does track as you state ....

10/20/06 14:57:21 dns vbwjfa.creogas.com

Canonical name: vbwjfa.creogas.com

Addresses:

200.56.242.35

10/20/06 14:56:56 Slow traceroute vbwjfa.creogas.com

Trace vbwjfa.creogas.com (200.56.242.35) ...

200.53.127.45 RTT: 88ms TTL:160 (host112045.metrored.net.mx bogus rDNS: host not found [authoritative])

201.148.152.10 RTT: 75ms TTL:160 (Giga1-3.NMU-COR-R02.metrored.net.mx bogus rDNS: host not found [authoritative])

201.148.150.33 RTT: 86ms TTL:160 (host150033.metrored.net.mx bogus rDNS: host not found [authoritative])

201.148.150.35 RTT: 78ms TTL:160 (host150035.metrored.net.mx bogus rDNS: host not found [authoritative])

200.56.242.35 RTT: 84ms TTL: 47 (vbwjfa.creogas.com ok)

Posted

And when I take a look, using tools from 'here' ..... Yes, I would say that the DNS configuration on this is definitely a spammer contrived set-up. Most 'tools' and look-up databases are based on working with the Domain itself, but in this case, only the sub-domain has been 'configured' to return results to things like "user browsers" ....

(Snip)

Hmm... Interesting. Oh, well... so I reported Spammy to himself. :-) I was smart enough to take the specific page off the URL when manually reporting it. That should make it harder to identify me and spam me worse or list-wash me. :-)

Posted

Y'all;

And when I take a look, using tools from 'here' ..... Yes, I would say that the DNS configuration on this is definitely a spammer contrived set-up. Most 'tools' and look-up databases are based on working with the Domain itself, but in this case, only the sub-domain has been 'configured' to return results to things like "user browsers" ....

<snip>

On the other hand, the sub-domain you identified does track as you state ....

10/20/06 14:57:21 dns vbwjfa.creogas.com

Canonical name: vbwjfa.creogas.com

Addresses:

200.56.242.35

<snip>

200.56.242.35 RTT: 84ms TTL: 47 (vbwjfa.creogas.com ok)

Just a 'FYFiles'; from SORBS:

Database of servers sending to spamtrap addresses

Address: 200.56.242.35

Record Created: Tue Sep 26 21:06:21 2006 GMT

Record Updated: Tue Sep 26 21:06:21 2006 GMT

Additional Information: spamvertised www.templemon.com. 10M IN A 200.56.242.35

Currently active and flagged to be published in DNS

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...