Can anyone help me interpret spam headers please? - GoFuckYourself.com

AmeliaG · 05-07-2003, 12:06 PM

Okay, I have been getting a lot of "goth" spam for the last week and it is really bothering me because I know there are going to be consumers who think it is coming from our sites. The spams are designed to look like they might be coming from our sites but they are NOT coming from us and they are NOT going to any site we have an ownership stake in. Can anyone give me a hand interpreting where the following headers are coming from:

(1)

Message-ID: <md5:55CD44CA17AC80B8371D475D762915F3>
Return-Path: <[email protected]>
Received: (qmail 94458 invoked from network); 7 May 2003 11:19:30 -0000
Received: from unknown (HELO mx13.victors-voluptious-videos.com) (65.241.155.188) by mail.4ph.com with SMTP; 7 May 2003 11:19:30-0000

The click appears to be going to the victors-voluptious-videos.com domain.

(2)

Return-Path: <[email protected]>
Received: (qmail 73140 invoked from network); 5 May 2003 20:13:33 -0000
Received: from unknown (HELO e-mail.ru) (80.36.117.88) by mail.4ph.com with SMTP; 5 May 2003 20:13:33 -0000
Message-ID: <[email protected]>
From: [email protected]

This one appears to go to conom.com although I am less concerned about this one because it does not design-wise look associated with us even though a lot of consumers may assume that it is us anyway because of the content claim.

pornJester · 05-07-2003, 12:07 PM

all your base are belong to us.

AmeliaG · 05-07-2003, 12:09 PM

Quote:

Originally posted by pornJester
all your base are belong to us.

?

Mutt · 05-07-2003, 12:16 PM

OrgName: Ion-Entertainment LLC
OrgID: IONENT
Address: 600 West 7th Street
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: US

NetRange: 65.241.155.0 - 65.241.155.255
CIDR: 65.241.155.0/24
NetName: UU-65-241-155
NetHandle: NET-65-241-155-0-1
Parent: NET-65-240-0-0-1
NetType: Reassigned
Comment:
RegDate: 2002-08-09
Updated: 2002-08-09

TechHandle: DI143-ARIN
TechName: Ion, Danny
TechPhone: +1-818-906-2466
TechEmail: [email protected]

PowerCum · 05-07-2003, 12:23 PM

1) appears to be sent from IP (65.241.155.188)
_This one has pionted the IP to domain "." (nothing), so it' appears to be a real spammer.
2) appears to be sent from IP (80.36.117.88)
This one is sent by a spanish DSL line user that is getting his line from Telefonica or Terra. It is running a web server and microsoft-ds services on that box
Appears to be a windows XP or something like box.

AmeliaG · 05-07-2003, 12:26 PM

Quote:

Originally posted by Mutt
OrgName: Ion-Entertainment LLC
OrgID: IONENT
Address: 600 West 7th Street
City: Los Angeles
StateProv: CA
PostalCode: 90017
Country: US

NetRange: 65.241.155.0 - 65.241.155.255
CIDR: 65.241.155.0/24
NetName: UU-65-241-155
NetHandle: NET-65-241-155-0-1
Parent: NET-65-240-0-0-1
NetType: Reassigned
Comment:
RegDate: 2002-08-09
Updated: 2002-08-09

TechHandle: DI143-ARIN
TechName: Ion, Danny
TechPhone: +1-818-906-2466
TechEmail: [email protected]

Thank you. Think they even semi-mean their abuse policy at http://www.ionent.com/antispam.asp or are they likely the originators as well as the senders? I haven't come across them before.

PowerCum · 05-07-2003, 12:31 PM

it apperas like the ionet user (1) has just bought or hired an IP from ionet and has started a spam campaign.

The user number (2) is just a stupid spanish spammer. You can shut him down by running ping -f 80.36.117.88 on his IP. He probably has a 256k line, so it's not very difficult to fuck it at all.
Or just deny all the mails comming from his IP.

Mutt · 05-07-2003, 12:40 PM

all u can do is send an abuse complaint to ION Net, sometimes it turns out they are the spammers or a spam friendly host. If he's a little spammer chances he'll get turfed out are better. Very hard to get anybody to do anything about a spammer who is paying alot of money.

AmeliaG · 05-07-2003, 02:16 PM

Quote:

Originally posted by PowerCum
it apperas like the ionet user (1) has just bought or hired an IP from ionet and has started a spam campaign.

The user number (2) is just a stupid spanish spammer. You can shut him down by running ping -f 80.36.117.88 on his IP. He probably has a 256k line, so it's not very difficult to fuck it at all.
Or just deny all the mails comming from his IP.

I'm not stressed about the mails coming in to me. I'm tense about other people thinking they are coming from me. If it is some affiliate from another country, chances are the program-owners won't be that thrilled either. I think one of the sponsors is a decent-sized sponsor and the other is a no-name AVS. Maybe the programs will shut these folks down.

AmeliaG · 05-07-2003, 02:17 PM

Quote:

Originally posted by PowerCum
it apperas like the ionet user (1) has just bought or hired an IP from ionet and has started a spam campaign.

The user number (2) is just a stupid spanish spammer. You can shut him down by running ping -f 80.36.117.88 on his IP. He probably has a 256k line, so it's not very difficult to fuck it at all.
Or just deny all the mails comming from his IP.

What should the ping -f 80.36.117.88 command line do?

Thanks, Amelia

PowerCum · 05-07-2003, 02:27 PM

Quote:

Originally posted by AmeliaG

What should the ping -f 80.36.117.88 command line do?

Thanks, Amelia

It floods the pinged IP connection causing a Denial of Service attack. In his case, it will really fuck his 256k DSL line.
If you send a mail to Telefonica or Terra (his ISP) they will do nothing. I use the same ISP, and my girl was network admin on the same ISP some time before. So, I know their policy is doing nothing unless the user attacks their own network.

AmeliaG · 05-07-2003, 03:57 PM

Quote:

Originally posted by PowerCum

It floods the pinged IP connection causing a Denial of Service attack. In his case, it will really fuck his 256k DSL line.
If you send a mail to Telefonica or Terra (his ISP) they will do nothing. I use the same ISP, and my girl was network admin on the same ISP some time before. So, I know their policy is doing nothing unless the user attacks their own network.

Thanks!

05-07-2003, 12:06 PM	#1
AmeliaG Too lazy to set a custom title Join Date: Jan 2003 Location: Los Angeles Posts: 10,585	Can anyone help me interpret spam headers please? Okay, I have been getting a lot of "goth" spam for the last week and it is really bothering me because I know there are going to be consumers who think it is coming from our sites. The spams are designed to look like they might be coming from our sites but they are NOT coming from us and they are NOT going to any site we have an ownership stake in. Can anyone give me a hand interpreting where the following headers are coming from: (1) Message-ID: <md5:55CD44CA17AC80B8371D475D762915F3> Return-Path: <[email protected]> Received: (qmail 94458 invoked from network); 7 May 2003 11:19:30 -0000 Received: from unknown (HELO mx13.victors-voluptious-videos.com) (65.241.155.188) by mail.4ph.com with SMTP; 7 May 2003 11:19:30-0000 The click appears to be going to the victors-voluptious-videos.com domain. (2) Return-Path: <[email protected]> Received: (qmail 73140 invoked from network); 5 May 2003 20:13:33 -0000 Received: from unknown (HELO e-mail.ru) (80.36.117.88) by mail.4ph.com with SMTP; 5 May 2003 20:13:33 -0000 Message-ID: <[email protected]> From: [email protected] This one appears to go to conom.com although I am less concerned about this one because it does not design-wise look associated with us even though a lot of consumers may assume that it is us anyway because of the content claim. __________________ GFY Hall of Famer AltStar Hall of Famer Blue Blood's SpookyCash.com Babe photography portfolio

05-07-2003, 12:07 PM	#2
pornJester Confirmed User Join Date: Mar 2001 Location: Florida Posts: 6,138	all your base are belong to us. __________________ FreshBucks \| Webmaster Vault \| GayAW Trusted Names in Adult. ICQ 9157.3698

05-07-2003, 12:16 PM	#4
Mutt Too lazy to set a custom title Industry Role: Join Date: Sep 2002 Posts: 34,431	OrgName: Ion-Entertainment LLC OrgID: IONENT Address: 600 West 7th Street City: Los Angeles StateProv: CA PostalCode: 90017 Country: US NetRange: 65.241.155.0 - 65.241.155.255 CIDR: 65.241.155.0/24 NetName: UU-65-241-155 NetHandle: NET-65-241-155-0-1 Parent: NET-65-240-0-0-1 NetType: Reassigned Comment: RegDate: 2002-08-09 Updated: 2002-08-09 TechHandle: DI143-ARIN TechName: Ion, Danny TechPhone: +1-818-906-2466 TechEmail: [email protected] __________________ I moved my sites to Vacares Hosting. I've saved money, my hair is thicker, lost some weight too! Thanks Sly!

05-07-2003, 12:23 PM	#5
PowerCum CjOverkill Industry Role: Join Date: Apr 2003 Location: Woldwide Posts: 1,328	1) appears to be sent from IP (65.241.155.188) _This one has pionted the IP to domain "." (nothing), so it' appears to be a real spammer. 2) appears to be sent from IP (80.36.117.88) This one is sent by a spanish DSL line user that is getting his line from Telefonica or Terra. It is running a web server and microsoft-ds services on that box Appears to be a windows XP or something like box. __________________ CjOverkill Traffic Trading Script Free, secure and fast traffic trading script. Get your copy now

05-07-2003, 12:31 PM	#7
PowerCum CjOverkill Industry Role: Join Date: Apr 2003 Location: Woldwide Posts: 1,328	it apperas like the ionet user (1) has just bought or hired an IP from ionet and has started a spam campaign. The user number (2) is just a stupid spanish spammer. You can shut him down by running ping -f 80.36.117.88 on his IP. He probably has a 256k line, so it's not very difficult to fuck it at all. Or just deny all the mails comming from his IP. __________________ CjOverkill Traffic Trading Script Free, secure and fast traffic trading script. Get your copy now

05-07-2003, 12:40 PM	#8
Mutt Too lazy to set a custom title Industry Role: Join Date: Sep 2002 Posts: 34,431	all u can do is send an abuse complaint to ION Net, sometimes it turns out they are the spammers or a spam friendly host. If he's a little spammer chances he'll get turfed out are better. Very hard to get anybody to do anything about a spammer who is paying alot of money. __________________ I moved my sites to Vacares Hosting. I've saved money, my hair is thicker, lost some weight too! Thanks Sly!