http://www.os-bc.de/home.php -- Charles Morris cmorris@cs.odu.edu, cmorris@occs.odu.edu Network Security Administrator, Software Developer Office of Computing and Communications Services, CS Systems Group Old Dominion University http://www.cs.odu.edu/~cmorris
Charles Morris wrote:
This is spam by the way. The url redirects to a Canadian med site. The original sender may check if he has any malware running... -- http://goldmark.org/jeff/stupid-disclaimers/
On 10-04-21 06:59 PM, Jeroen van Aart wrote:
The url redirects to a Canadian med site. Just FYI, it's not a real Canadian med site. It is high probability not even Canadian.
The site appears to be a referral round robin over many domain names, including: - www.yourtabletrxhealth.com/ - traceroute to AS12880 "Data communication Company of Iran" - www.superstorepills.net/ - traceroute to AS9737 TOT Public Company Limited - www.bargainpillsstore.net - traceroute to AS4134 CHINANET-BACKBONE - www.losspillssite.net - traceroute to AS4837 CHINA169-Backbone etc. The www.yourtabletrxhealth.com domain name was created April 5 of 2010 and has Russian contact address information. http://whois.domaintools.com/yourtabletrxhealth.com Parts of the www.yourtabletrxhealth.com web pages are pulled in from all over, including AS9486, AS9737. The "license" at the bottom is fake. The controlling professional body in Ontario is the Ontario College of Pharmacists not "College of Pharmacists of Ontario". In Ontario, the language is that Pharmacies are accredited, not licensed. Pharmacists are licensed. The Verisign click-through is fake. OCP has no record of this company by name, location or number. See https://members.ocpinfo.com/ocpsearch/ The CEO is claimed to be affiliated with University of Western Ontario. Can't find them. Feel free to check out Kingston ON in Google street view for added amusement. And its listed in spamwiki. Regards, Eric Carroll
On Thu, 2010-04-22 at 23:22 -0400, Eric Carroll wrote:
On 10-04-21 06:59 PM, Jeroen van Aart wrote:
The url redirects to a Canadian med site. Just FYI, it's not a real Canadian med site. It is high probability not even Canadian.
Posting so many URLs which either are or should be listed in domain block lists to a list with as many subscribers as this is probably not wise. I'm guessing you just caused a wonderful bounce storm as the NANOG servers attempted to send that out, depending of course on how many people whitelist NANOG to URI filtering. yourtabletrxhealth[dot]com - URIBL black 2010-04-22 00:07:14 GMT superstorepills[dot]net - URLBL black 2010-04-21 20:47:31 GMT bargainpillsstore[dot]net - URLBL black 2010-04-15 20:41:59 GMT losspillssite[dot]net - URLBL black 2010-04-21 20:45:09 GMT The analysis of the domain is solid though, so good work there. Perhaps NANOG is not the correct forum though? Spam-L seems like a better fit.
----- Original Message ----- From: "Ted Cooper" <ml-nanog090304q@elcsplace.com> To: <nanog@nanog.org> Sent: Thursday, April 22, 2010 11:33 PM Subject: Re: iabelle francois ....
Posting so many URLs which either are or should be listed in domain block lists to a list with as many subscribers as this is probably not wise. I'm guessing you just caused a wonderful bounce storm as the NANOG servers attempted to send that out, depending of course on how many people whitelist NANOG to URI filtering. ... The analysis of the domain is solid though, so good work there. Perhaps NANOG is not the correct forum though? Spam-L seems like a better fit.
Spam-watch.com is the proper place for it.
On Fri, 2010-04-23 at 01:04 -0500, John Palmer (NANOG Acct) wrote:
Spam-watch.com
From the website: About Spam-watch - This list is meant as a replacement for the SPAM-L list which was abruptly shut down in May 2009.
From the website: Spam-L.com was created as a cooperative effort to replace the original Spam-L forum which ran for a decade and a half on L-Soft servers. When
On the contrary - Spam-l.com continues on different hosting with different moderators with an emphasis on collegial behaviour of participants. the original was abandoned on 11 May 2009, this list was set up to keep the forum alive. Hopefully this might now point some people in the right direction? Fin for me.
Ted Cooper wrote:
On Thu, 2010-04-22 at 23:22 -0400, Eric Carroll wrote:
On 10-04-21 06:59 PM, Jeroen van Aart wrote:
The url redirects to a Canadian med site. Just FYI, it's not a real Canadian med site. It is high probability not even Canadian.
Posting so many URLs which either are or should be listed in domain block lists to a list with as many subscribers as this is probably not wise. I'm guessing you just caused a wonderful bounce storm as the NANOG servers attempted to send that out, depending of course on how many people whitelist NANOG to URI filtering.
I would say one has their spamfilter configured incorrectly if such emails would be rejected and it should prompt an immediate fix. The mailinglist should ideally be whitelisted. In addition if you use content scanning (in almost all cases a bad idea, see: http://news.bbc.co.uk/2/hi/technology/8528672.stm ) your scanners ought to be trained well enough to figure out the email is not spam. Regards, Jeroen -- http://goldmark.org/jeff/stupid-disclaimers/
participants (5)
-
Charles Morris
-
Eric Carroll
-
Jeroen van Aart
-
John Palmer (NANOG Acct)
-
Ted Cooper