btech Posted January 5, 2007 Share Posted January 5, 2007 Since the update, I noticed that there are some odd occurances when I manually look up a spamvertized link. Parsing input: super-Raffle.com Host super-raffle.com (checking ip) = 188.8.131.52 host 184.108.40.206 (getting name) no name Host super-raffle.com (checking ip) = 220.127.116.11 host 18.104.22.168 (getting name) no name [report history] Routing details for 22.214.171.124 [refresh/show] Cached whois for 126.96.36.199 : abuse[at]abuse.earthlink.net Using abuse net on abuse[at]abuse.earthlink.net abuse net abuse.earthlink.net = abuse[at]abuse.earthlink.net Using best contacts abuse[at]abuse.earthlink.net Statistics: 188.8.131.52 not listed in bl.spamcop.net More Information.. 184.108.40.206 not listed in dnsbl.njabl.org 220.127.116.11 not listed in dnsbl.njabl.org 18.104.22.168 not listed in cbl.abuseat.org 22.214.171.124 listed in dnsbl.sorbs.net ( 127.0.0.10 ) 126.96.36.199 not listed in relays.ordb.org. Reporting addresses: abuse[at]abuse.earthlink.net The spammer is using DNS tricks, because that destination IP and address changes everytime you check it: http://www.dnsstuff.com/tools/tracert.ch?ip=super-Raffle.com But the parser shows 188.8.131.52 as the address and then looks up the abuse information for 184.108.40.206. I did the look up 5 times and came across this error (albeit different IP addresses) 2 times. Link to comment Share on other sites More sharing options...
This topic is now archived and is closed to further replies.