Jump to content

Odd result


Unclenick
 Share

Recommended Posts

Today I ran a URL for an unresolved spamvertized site through DNSstuff.com to figure out who to copy a report to? When I did, I got back no less than 15 IP addresses all claiming to belong to this same URL. 4 name servers were referenced. Anyone else see this multiple entry accomplished before? I didn't keep the original e-mail, but I believe it was one of the Canadian Pharmacy spamvertized sites, even though the URL was a .cn.

The other oddball I ran into the other day was a trace that DNSstuff couldn't handle, probably owing to being blocked from a Russian server. I put it in at DNStools.com instead, and got back an IP addy that was formatted like this:

123.45.67.89.somename.net.

Anyone else run into this before? I've noticed that very often DNStools will return the name of a URL as its resolution. So it, says, "somename.com resolves to somename.com", rather than the expected "somename.com resolves to 123.45.67.89".

If someone more familiar with the workings of these things could shed some light, it will be appreciated.

Nick

Edited by Unclenick
Link to comment
Share on other sites

Everything you've mentioned has been used over the past few years by many spammers, hucksters, etc. It's basically playing games with DNS .... these days using compromised/hijacked computers to do everything from sending spam to hosting the spamvertised web-site ... that some of these computers are also used to act as DNS servers with garbage data is basically old news .... There are plenty of examples offered up in various other spam analysis documentation within these forums.

Link to comment
Share on other sites

Thanks. They are just new to me. I managed a good run of almost four years after changing ISP's in which I received very little spam. In the last six months, however, the flood gates re-opened, probably because someone with my address had their computer compromised, so I am seeing a lot of these tactics for the first time.

Interestingly enough, my Spamcop e-mail address, which went largely un-spammed for an even longer number of years, is now the principle recipient of this "advertising" largess. I suppose it is proof that these guys have set themselves up in a successfully immune fashion and are either indifferent to being reported or are wanting to be reported to learn how effective their obfuscation is?

Edited by Unclenick
Link to comment
Share on other sites

Interestingly enough, my Spamcop e-mail address, which went largely un-spammed for an even longer number of years, is now the principle recipient of this "advertising" largess. [...]

That suggests you should try the new SpamCop mail greylisting feature, which should be most effective for this case.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...