Jump to content

Cannot resolve http://www.theironoly.net/


efa
 Share

Recommended Posts

I got error in "Resolving link obfuscation" part of parsing.

Host www.theironoly.net (checking ip) IP not found ; www.theironoly.net discarded as fake.

Host www.theironoly.net (checking ip) IP not found ; www.theironoly.net discarded as fake.

Cannot resolve http://www.theironoly.net/

when theironoly.net seems perfectly browsable with Browser.

here' s the tracking URL:

http://www.spamcop.net/sc?id=z1280946609z3...85c87009795d61z

Link to comment
Share on other sites

when theironoly.net seems perfectly browsable with Browser.

Please check out the FAQ sections titled:

Steps taken by the parser, general overview

The Link Analysis Process

SpamCop reporting of spamvertized sites - some philosophy

Starting here: http://forum.spamcop.net/forums/index.php?...opic=2238#SCPRS

and looking for the subsection titled: Parsing Problems / Issues

Short answer: Browers are designed to wait a long time to show a web site, time that the parser can not devote to a secondary goal. There are other tools (including manual reporting) that can be used if getting the web site closed is your goal.

Link to comment
Share on other sites

Adding that things are far from fine with theironoly.net - ref

How I am searching:

Searching for theironoly.net A record at j.root-servers.net [192.58.128.30]: Got referral to

E.GTLD-SERVERS.net. (zone: net.) [took 81 ms]

Searching for theironoly.net A record at E.GTLD-SERVERS.net. [192.12.94.30]: Got referral to

ns1.practicekiss.net. (zone: theironoly.net.) [took 103 ms]

Searching for theironoly.net A record at ns1.practicekiss.net. [203.121.174.133]: Timed out. Trying again.

Searching for theironoly.net A record at ns1.practicekiss.net. [203.121.174.133]: Timed out. Trying again.

Searching for theironoly.net A record at ns1.practicekiss.net. [203.121.174.133]: Timed out. Trying again.

Searching for theironoly.net A record at ns1.practicekiss.net. [203.121.174.133]: Timed out. Trying again.

Searching for theironoly.net A record at ns2.norchikmik.com. [81.31.26.22]: Timed out. Trying again.

Searching for theironoly.net A record at ns2.champakdagon.com. [210.48.145.52]: Timed out. Trying again.

Link to comment
Share on other sites

Much interesting, thanks for the explanation.

What I cannot understand is:

- browsers do a simple DNS lookup like the Linux 'host' application, to get the IP.

On my system I got immediate answer:

$ host theironoly.net

theironoly.net has address 200.246.142.170

The Linux 'dig' application answer a more complete DNS record, but with the same information, in a reasonable time:

$ dig theironoly.net

; <<>> DiG 9.2.2 <<>> theironoly.net

;; global options: printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13008

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3

;; QUESTION SECTION:

;theironoly.net. IN A

;; ANSWER SECTION:

theironoly.net. 600 IN A 200.246.142.170

;; AUTHORITY SECTION:

theironoly.net. 600 IN NS ns1.theironoly.net.

theironoly.net. 600 IN NS ns2.theironoly.net.

theironoly.net. 600 IN NS ns3.theironoly.net.

;; ADDITIONAL SECTION:

ns1.theironoly.net. 600 IN A 200.246.142.170

ns2.theironoly.net. 600 IN A 200.246.142.170

ns3.theironoly.net. 600 IN A 165.147.12.67

;; Query time: 285 msec

;; SERVER: 138.132.1.1#53(138.132.1.1)

;; WHEN: Thu Apr 19 13:57:25 2007

;; MSG SIZE rcvd: 150

What other method use spamcomp to resolve DNS onto IP address?

Link to comment
Share on other sites

Much interesting, thanks for the explanation.

What I cannot understand is:

- browsers do a simple DNS lookup like the Linux 'host' application, to get the IP.

On my system I got immediate answer:

...

;; Query time: 285 msec

What you call immediate is a lifetime for a system processing 9 to 12 messages every second. Spamcop processes 2-3 entire messages in the time your one lookup took. You have used more than a quarter of a second on one part of a parse on one message.

For another point of view: http://www.dnsreport.com/tools/dnsreport.c...=theironoly.net

Take a close look at the stats behind that little graph at the top of the page. Once again, you are always welcome to send your own manual reports or if you have paid reporting, you can do the lookup manually and add the address to the reports you send through spamcop.

Link to comment
Share on other sites

now there is another domain that seems abnormal:

http://www.ShowRx.com/

every query, the DNS report a different IP and Spamcop report a different abuse email.

but the website is everytime the same illegal pharmacy seller.

In last 3 days I got these owner:

21 april 2007 15.24.41 +0200:

* 2255515515 ( http://www.ShowRx.com/ ) To: abuse[at]prodigy.net

21 april 2007 16.05.17 +0200:

* 2255596877 ( http://www.ShowRx.com/ ) To: postmaster[at]astound.net

* 2255596846 ( http://www.ShowRx.com/ ) To: abuse[at]seren.com

21 april 2007 16.53.53 +0200:

* 2255643297 ( http://www.ShowRx.com/ ) To: abuse[at]charter.net

* 2255643293 ( http://www.ShowRx.com/ ) To: abuse[at]chartercom.com

* 2255643289 ( http://www.ShowRx.com/ ) To: spamalert[at]charter.net

21 april 2007 17.39.40 +0200:

* 2255708608 ( http://www.ShowRx.com/ ) To: abuse[at]sympatico.ca

21 april 2007 17.42.05 +0200:

* 2255713169 ( http://www.ShowRx.com/ ) To: abuse[at]rr.com

21 april 2007 20.04.18 +0200:

* 2255875167 ( http://www.ShowRx.com/ ) To: abuse[at]prodigy.net

21 april 2007 21.08.39 +0200:

* 2255946923 ( http://www.ShowRx.com/ ) To: abuse[at]comcast.net

21 april 2007 21.24.05 +0200:

* 2255967216 ( http://www.ShowRx.com/ ) To: abuse[at]prodigy.net

21 april 2007 21.41.19 +0200:

* 2255985103 ( http://www.ShowRx.com/ ) To: abuse[at]comcast.net

21 april 2007 22.14.10 +0200:

* 2256014213 ( http://www.ShowRx.com/ ) To: postmaster[at]icsincorporated.com

21 april 2007 22.57.17 +0200:

* 2256048037 ( http://www.ShowRx.com/ ) To: abuse[at]prodigy.net

22 april 2007 0.27.35 +0200:

* 2256114542 ( http://www.ShowRx.com/ ) To: abuse[at]rr.com

22 april 2007 0.33.08 +0200:

* 2256119548 ( http://www.ShowRx.com/ ) To: abuse[at]prodigy.net

22 april 2007 6.27.19 +0200:

* 2256398613 ( http://www.ShowRx.com/ ) To: abuse[at]comcast.net

22 april 2007 6.28.34 +0200:

* 2256398701 ( http://www.ShowRx.com/ ) To: abuse[at]rr.com

22 april 2007 6.29.07 +0200:

* 2256399062 ( http://www.ShowRx.com/ ) To: abuse[at]prodigy.net

22 april 2007 6.31.28 +0200:

* 2256400919 ( http://www.ShowRx.com/ ) To: abuse[at]rr.com

22 april 2007 9.07.48 +0200:

* 2256531299 ( http://www.ShowRx.com/ ) To: abuse[at]rr.com

22 april 2007 9.46.28 +0200:

* 2256564599 ( http://www.ShowRx.com/ ) To: abuse[at]rr.com

22 april 2007 10.16.21 +0200:

* 2256603265 ( http://www.ShowRx.com/ ) To: abuse[at]rr.com

22 april 2007 10.18.41 +0200:

* 2256601976 ( http://www.ShowRx.com/ ) To: internet.abuse#sjrb.ca[at]devnull.spamcop.net

22 april 2007 10.20.32 +0200:

* 2256604515 ( http://www.ShowRx.com/ ) To: ipmanage[at]rogers.wave.ca

Edited by efa
Link to comment
Share on other sites

now there is another domain that seems abnormal:

http://www.ShowRx.com/

every query, the DNS report a different IP and Spamcop report a different abuse email.

but the website is everytime the same illegal pharmacy seller.

In last 3 days I got these owner:

We share the same spammer apparently! Check out this thread: http://forum.spamcop.net/forums/index.php?showtopic=8076

Link to comment
Share on other sites

We share the same spammer apparently!

I do not know if this is a good thing!

:-)

Seems that "Global Pharmacy" register a lot of different domains, fill with same junk, and spam all over the users with all those domains.

Another one is "Anatrim" diet junk:

http://g36a6e6e726e716e717f7a45743379w7exmueu.tirek.hk/n/

they do not use simple domain, change domain about every days, but the method is similar.

Edited by efa
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...