btech Posted November 23, 2006 Share Posted November 23, 2006 http://www.spamcop.net/sc?id=z1144337933z6...e486540c80c57bz I keep getting messages with links to sites for American Pharmacy and My Canadian Pharmacy, but SpamCop never seems to find a reporting address to send to... http://ktjlde.litebeach.com/usd/?gmogmoafvbvy Parsing input: litebeach.com Host litebeach.com (checking ip) IP not found ; litebeach.com discarded as fake. Host litebeach.com (checking ip) IP not found ; litebeach.com discarded as fake. No recent reports, no history available Cannot resolve http://litebeach.com/ No valid email addresses found, sorry! BUT... http://whois.domaintools.com/litebeach.com Shows the IP is: 200.171.108.168, so it should route to: Reporting addresses: security[at]telesp.net.br abuse[at]empresas.telefonica.com.br abuse[at]telesp.net.br mail-abuse[at]cert.br Third parties interested in reports: abuse[at]telesp.net.br What can we do to get these IPs of the spamvertized sites reported? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 23, 2006 Share Posted November 23, 2006 http://www.spamcop.net/sc?id=z1144337933z6...e486540c80c57bz I keep getting messages with links to sites for American Pharmacy and My Canadian Pharmacy, but SpamCop never seems to find a reporting address to send to... http://ktjlde.litebeach.com/usd/?gmogmoafvbvy Parsing input: litebeach.com Host litebeach.com (checking ip) IP not found ; litebeach.com discarded as fake. Host litebeach.com (checking ip) IP not found ; litebeach.com discarded as fake. No recent reports, no history available Cannot resolve http://litebeach.com/ No valid email addresses found, sorry! BUT... http://whois.domaintools.com/litebeach.com Shows the IP is: 200.171.108.168, so it should route to: Reporting addresses: security[at]telesp.net.br abuse[at]empresas.telefonica.com.br abuse[at]telesp.net.br mail-abuse[at]cert.br Third parties interested in reports: abuse[at]telesp.net.br What can we do to get these IPs of the spamvertized sites reported? First, where did you get the portion starting with: Parsing input: litebeach.com Spamcop, as far as I have ever seen, never strips off the host portion of a domain name while parsing and neither your full parse, or a single line parse of that line shows the same information. litebeach.com could be owned by one person and ktjlde.litebeach.com by someone completely different, though not likely. From my location, ktjlde.litebeach.com does not resolve, so it is possible the site has been removed. Link to comment Share on other sites More sharing options...
btech Posted November 24, 2006 Author Share Posted November 24, 2006 I realize that the parser can't locate the IP.. neither can a traceroute: http://www.dnsstuff.com/tools/tracert.ch?i...e.litebeach.com BUT.. the site is still active, I just checked the link. So how do we resolve this? Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 24, 2006 Share Posted November 24, 2006 I realize that the parser can't locate the IP.. neither can a traceroute: http://www.dnsstuff.com/tools/tracert.ch?i...e.litebeach.com BUT.. the site is still active, I just checked the link. So how do we resolve this? Perhaps your DNS is cached somewhere because I tried it before I replied earlier and it did not resolve from here and it still doesn't. Resolve WHAT? You have not provided ANY resolution for ktjlde.litebeach.com. Spamcop can not find any resoltion for ktjlde.litebeach.com. Dnsstuff.com can not find and resolution for ktjlde.litebeach.com. I can find no resolution for ktjlde.litebeach.com. Link to comment Share on other sites More sharing options...
Wazoo Posted November 24, 2006 Share Posted November 24, 2006 Basically, you're going to have to dig pretty deep and far to "do something abouit it" ... http://www.dnsreport.com/tools/dnsreport.c...e.litebeach.com [ERROR: I was unable to get an answer from the parent servers [ns2.seveopd.com], when I tried to find the NS records for ktjlde.litebeach.com.] http://www.dnsreport.com/tools/dnsreport.c...n=litebeach.com WARNING. The parent servers (I checked with j.gtld-servers.net.) are not providing glue for all your nameservers. This means that they are supplying the NS records (host.example.com), but not supplying the A records (192.0.2.53), .... ERROR. One or more of your DNS servers are missing A records (per NS records that may be cached). As a result, they cannot be used. A timeout occurred getting the NS records from your nameservers! None of your nameservers responded fast enough. They are probably down or unreachable. I can't continue since your nameservers aren't responding. http://www.moensted.dk/spam/?addr=200.171....p;Submit=Submit 200.171.108.168 was found in 18 lists http://www.spamhaus.org/sbl/sbl.lasso?query=SBL48443 200.171.108.168/32 is listed on the Register Of Known spam Operations (ROKSO) database as being assigned to, under the control of, or providing service to a known professional spam operation run by Yambo Financials. 11/24/06 16:49:50 Slow traceroute litebeach.com Trace litebeach.com (200.171.108.168) ... 201.0.3.250 RTT: 239ms TTL: 32 (201-0-3-250.dsl.telesp.net.br ok) 201.0.4.69 RTT: 230ms TTL: 32 (201-0-4-69.dsl.telesp.net.br ok) * * * failed 200.171.108.168 RTT: 211ms TTL: 45 (ktjlde.litebeach.com ok) 11/24/06 16:50:19 Slow traceroute ktjlde.litebeach.com Trace ktjlde.litebeach.com (200.171.108.168) ... 201.0.3.250 RTT: 187ms TTL: 32 (201-0-3-250.dsl.telesp.net.br ok) 201.0.4.69 RTT: 190ms TTL: 32 (201-0-4-69.dsl.telesp.net.br ok) * * * failed * 200.171.108.168 RTT: 201ms TTL: 45 (ktjlde.litebeach.com ok) whois -h whois.anytimesites.com litebeach.com ... Domain Name: LITEBEACH.COM Registrant: Prager Edgar Prager Edgar (edgprag[at]yahoo.com) 7125 Fruitville Rd Sarasota Florida,34240 US Tel. +941.3431087 Creation Date: 16-Nov-2006 Expiration Date: 16-Nov-2007 Domain servers in listed order: ns2.grettnos.com ns1.anatomyabstract.com ns2.seveopd.com ns1.poertodas.com Administrative Contact: Prager Edgar Prager Edgar (edgprag[at]yahoo.com) 7125 Fruitville Rd Sarasota Florida,34240 US Tel. +941.3431087 Technical Contact: Prager Edgar Prager Edgar (edgprag[at]yahoo.com) 7125 Fruitville Rd Sarasota Florida,34240 US Tel. +941.3431087 Billing Contact: Prager Edgar Prager Edgar (edgprag[at]yahoo.com) 7125 Fruitville Rd Sarasota Florida,34240 US Tel. +941.3431087 Status:ACTIVE whois -h whois.lacnic.net 200.171.108.168 ... inetnum: 200.171.0/17 aut-num: AS27699 abuse-c: ABL226 owner: TELECOMUNICACOES DE SAO PAULO S.A. - TELESP ownerid: 002.558.157/0001-62 responsible: Luiz A. P. Lopes address: Rua Martiniano de Carvalho, 851, address: 01321-001 - São Paulo - SP phone: (11) 3156-0100 [] owner-c: LAL456 tech-c: LAL456 inetrev: 200.171.0/17 nserver: dnsqipbr1.telesp.net.br nsstat: 20061121 AA nslastaa: 20061121 nserver: dnsqipbr2.telesp.net.br nsstat: 20061121 AA nslastaa: 20061121 created: 20030826 changed: 20050328 nic-hdl-br: ABL226 person: Alicia Bernarda Contreras Lamas e-mail: security[at]telesp.net.br created: 20030313 changed: 20050912 nic-hdl-br: LAL456 person: Luiz A. P. Lopes e-mail: gestaoip[at]telesp.com.br created: 20040628 changed: 20040628 remarks: Security issues should also be addressed to remarks: cert[at]cert.br, http://www.cert.br/ remarks: Mail abuse issues should also be addressed to remarks: mail-abuse[at]cert.br Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.