neviller Posted July 30, 2008 Share Posted July 30, 2008 Three days running, I've noticed that SpamCop does not identity the administrators for various URLs of the form http://something.eu I've checked the links and in all three cases they are live websites. Is this something that needs setting up on SpamCop? Note that these URLs do not have a .com (etc) before the .eu. Link to comment Share on other sites More sharing options...
agsteele Posted July 30, 2008 Share Posted July 30, 2008 Three days running, I've noticed that SpamCop does not identity the administrators for various URLs of the form http://something.eu I've checked the links and in all three cases they are live websites. Is this something that needs setting up on SpamCop? Note that these URLs do not have a .com (etc) before the .eu. It isn't ALL domains in .eu hierarchy. I've just checked a couple and they come back with correct reporting addresses. .eu hierarchy doesn't use .co etc before the .eu Andrew Link to comment Share on other sites More sharing options...
Farelf Posted July 30, 2008 Share Posted July 30, 2008 I had four of those today - the parser handled one (brutalphrm.eu) but not the other three: ionships.eu, questhiphops.eu and, hiphoploots.eu - those with responses like: "Cannot resolve http://ionships.eu/ No valid email addresses found, sorry!" ... and other terms of disdain. But, I see those 'difficult' three all resolve to a common address: C:\Documents and Settings\Steve>nslookup ionships.eu *** *** Non-authoritative answer: Name: ionships.eu Address: 200.171.139.77 And the same network/owner of course C:\Documents and Settings\Steve>whosip 200.171.139.77 WHOIS Source: LACNIC IP Address: 200.171.139.77 Country: Network Name: 002.558.157/0001-62 Owner Name: TELECOMUNICACOES DE SAO PAULO S.A. - TELESP From IP: 200.171.128.0 To IP: 200.171.191.255 Allocated: Yes Contact Name: Alicia Bernarda Contreras Lamas Address: Email: security[at]telesp.net.br ... (I don't know that the 'real' Sra Contreras is the actual contact, who knows, spammers lie). Furthermore Robtex hints there are very many others with the same internet address (Robtex used to supply rather more "shared" records to free users than they do now). So, without detail of the OP's failures, I'm thinking these might all belong to just one or two dyed-in-the-wool blackhats for whom notification/reports could well be counter-productive to the anti-spam effort? Link to comment Share on other sites More sharing options...
Wazoo Posted July 30, 2008 Share Posted July 30, 2008 Slow traceroute ionships.eu Trace ionships.eu (200.171.139.77) ... 84.16.10.18 RTT: 185ms TTL:170 (TEBRASIL-5-2-0-0-grtsanem1.red.telefonica-wholesale.net.10.16.84.in-addr.arpa probable bogus rDNS: No DNS) 201.0.3.230 RTT: 188ms TTL:170 (201-0-3-230.dsl.telesp.net.br ok) 201.0.3.230 RTT: 189ms TTL:170 (201-0-3-230.dsl.telesp.net.br ok) 200.204.208.72 RTT: 235ms TTL:170 (200-204-208-72.dsl.telesp.net.br ok) * * * failed 200.171.139.77 RTT: 234ms TTL: 45 (200-171-139-77.dsl.telesp.net.br ok) dns ionships.eu Addresses: 200.171.139.77 Dig ionships.eu[at]208.67.220.220 ... Non-authoritative answer Recursive queries supported by this server Query for ionships.eu type=255 class=1 ionships.eu NS (Nameserver) ns2.ionships.eu ionships.eu NS (Nameserver) ns1.ionships.eu Dig ionships.eu[at]ns1.ionships.eu (200.171.139.77) ... failed, couldn't connect to nameserver Dig ionships.eu[at]ns2.ionships.eu (200.171.139.77) ... failed, couldn't connect to nameserver Same results on the other two referenced URLS. Both web-site and DNS hosted on a DSL connected system. Not too hard to assume a compromised 'personal' computer being involved. Or worse, a specifically crafted machine set=up and connected to an ISP that simply doesn't give a hoot. Link to comment Share on other sites More sharing options...
neviller Posted July 30, 2008 Author Share Posted July 30, 2008 But, I see those 'difficult' three all resolve to a common address: C:\Documents and Settings\Steve>nslookup ionships.eu *** *** Non-authoritative answer: Name: ionships.eu Address: 200.171.139.77 Thanks, I'm learning new stuff today. I tried typing nslookup in the Terminal program on my Mac (hardly ever used it before) and found the same address for my three spam URLs (probably all selling viagra, judging by the spam subject lines): Non-authoritative answer: Name: hiphopcult.eu Address: 200.171.139.77 Non-authoritative answer: Name: yourslick.eu Address: 200.171.139.77 Non-authoritative answer: Name: greathealthexchange.eu Address: 200.171.139.77 So, judging by the above comments, there's not much hope of getting them shut down. OK, thanks to all for your help. Link to comment Share on other sites More sharing options...
turetzsr Posted July 30, 2008 Share Posted July 30, 2008 <snip> So, judging by the above comments, there's not much hope of getting them shut down. OK, thanks to all for your help. ...Some people here have reported good results with Complainterator and some with Knujon. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.