Rolex spammers -- Internet Scams

[ Show ]

Support VoyForums

[ Shrink ]

VoyForums Announcement: Programming and providing support for this service has been a labor of love since 1997. We are one of the few services online who values our users' privacy, and have never sold your information. We have even fought hard to defend your privacy in legal cases; however, we've done it with almost no financial support -- paying out of pocket to continue providing the service. Due to the issues imposed on us by advertisers, we also stopped hosting most ads on the forums many years ago. We hope you appreciate our efforts.

Show your support by donating any amount. (Note: We are still technically a for-profit company, so your contribution is not tax-deductible.) PayPal Acct: Feedback:

Donate to VoyForums (PayPal):

[ Login ] [ Contact Forum Admin ] [ Main index ] [ Post a new message ] [ Search | Check update time | Archives: 1, [2], 3, 4 ]

[ Next Thread | Previous Thread | Next Message | Previous Message ]

Date Posted: 22:58:15 11/25/04 Thu
Author: Repost
Subject: Rolex spammers

It's becoming clearer that the Rolex spammers are moving to
GVT/ECONOCELL in Brazil. Spamless shows www.onlinereplicastore.com to be
up at three locations: two on GVT and one on CHINANET-CQ.
There are a few things that I don't understand:

- the port 80 trace below (to the new home of Rolex spammer afeet.com)
ends at [200.146.0.82], not [200.139.97.122], where it supposedly is
hosted. Does this mean the site is really hosted at [200.146.0.82] and
should I be reporting this as such to INTELIGNET (as the upstream of
GVT)? FWIW, a port 80 trace to onlinereplicastore.com also ends at
[200.146.0.82], though apparently the site is at [200.139.97.123].

- one dig (at www.dnsstuff.com) shows no record for afeet.com (IOW, it's
dead), but SS digs up [219.153.0.35]. nslookup says [200.139.97.122]. Is
it dead or not, and how can I tell if it's dead if I come across this
kind of thing again? How can it be dead and alive at two servers at the
same time?

traceroute to 200.139.97.122 on port 80:

14 200-184-200-164.intelignet.com.br (200.184.200.164) 236.865 ms
intelig-pos1-0-0-dxrcta102.intelignet.com.br (200.184.254.94) 224.832
ms 224.814 ms
15 200-184-236-126.intelignet.com.br (200.184.236.126) 236.471 ms
200-184-200-164.intelignet.com.br (200.184.200.164) 237.459 ms
200-184-236-126.intelignet.com.br (200.184.236.126) 235.789 ms
16 200.146.0.82 (200.146.0.82) 233.257 ms
200-184-236-126.intelignet.com.br (200.184.236.126) 242.49 ms
200.146.0.82 (200.146.0.82) 239.118 ms
17 200.146.0.82 (200.146.0.82) 240.996 ms 239.652 ms 200.139.97.122
(200.139.97.122) 233.412 ms
---------------------------------------

from www.dnsstuff.com:

Answer:
No ALL records exist for afeet.com. [Neg TTL=172800 seconds]

Details:
J.GTLD-SERVERS.NET. (an authoritative nameserver for com.) says that
there are no ALL records for afeet.com.
The E-mail address in charge of the com. zone is: nstld@verisign-grs.com.
---------------------------------------

from SS dig at [219.153.0.35]:

Dig afeet.com@219.153.0.35 ...
Authoritative Answer
Recursive queries supported by this server
Query for afeet.com type=255 class=1
afeet.com SOA (Zone of Authority)
Primary NS: dns4432.com
Responsible person: dns4432@com
serial:2000071503
refresh:36000s (10 hours)
retry:3600s (60 minutes)
expire:3600000s (410 days)
minimum-ttl:36s
afeet.com NS (Nameserver) ns2.dns4432.com
afeet.com NS (Nameserver) ns1.dns4432.com
afeet.com MX (Mail Exchanger) Priority: 10 mail.onlinereplicastore.com
afeet.com A (Address) 219.153.0.35
ns1.dns4432.com A (Address) 219.153.0.35
ns2.dns4432.com A (Address) 219.153.0.35
mail.onlinereplicastore.com A (Address) 219.153.0.35
-------------------------------------------

11/25/04 12:55:18 dns afeet.com
Mail for afeet.com is handled by mail.onlinereplicastore.com
Canonical name: afeet.com
Addresses:
200.139.97.122

--
Todd Dugdale
Plymouth, MN
sirius@tiny.net
http://frontpage.visi.com/~sirius

[ Next Thread | Previous Thread | Next Message | Previous Message ]

[ Contact Forum Admin ]

Forum timezone: GMT-8
VF Version: 3.00b, ConfDB:
Before posting please read our privacy policy.
VoyForums^(tm) is a Free Service from Voyager Info-Systems.
Copyright © 1998-2019 Voyager Info-Systems. All Rights Reserved.