[SURBL-Discuss] Re: Need help checking FP list from Theo

Chris Santerre csanterre at merchantsoverseas.com
Tue Sep 7 17:50:50 CEST 2004


OK, you asked for it ;)

Some of this info will give you a 'feel' for who the hosts operate.

>>Theo got us a list of 112 new false positives >from across all
>>SURBLs.  He showed me the source >messages which are almost
>>all subscribed newsletters and mailing list >messages, so they
>>seem quite hammy.
>
>>Given the type of source messages and some >spot checking, I'm
>>inclined to whitelist them all, but I'd like to >ask for some help
>>checking them first.  Can anyone help check >these?
>
>123inkjets.com

Oh, these guys are on my personal poop list!

http://groups.google.com/groups?q=123inkjets.com+abuse&hl=en&lr=&ie=UTF-8&sa
=G&scoring=d

Domain List matching cluster of russ-effrig

    * 1: 007inkjets.com
    * 2: 00inkjets.com
    * 3: 111inkjets.com
    * 4: 123cartridges.com
    * 5: 123inkjets.com
    * 6: 123lasertoner.com
    * 7: 411inkjets.com
    * 8: 911inkjets.com
    * 9: amazingofferings.com
    * 10: communicationadvisor.com
    * 11: customoffers.com
    * 12: customoffersmail.com
    * 13: ebabyloninc.com
    * 14: etoll.net
    * 15: freecartridges.com
    * 16: imagerocket.com
    * 17: inkjetorder.com
    * 18: itsimazing.com
    * 19: mosaicdatasolutions.com
    * 20: niftyoffer.com
    * 21: proinkjets.com
    * 22: rocketmouse.net
    * 23: yourmailsource.com
    * 24: zbeta.com

    * @SPAM/spamsource: 553 SPEWS [1] zaconta, see
http://spews.org/ask.cgi?S1467;
      SPEWS [1] tonerbuys, see http://spews.org/ask.cgi?S1506;
      207.178.170/24: 553 SPAM,PINK 207.178.128.0/17 iswest.net AS5033
dedicated spam network - S1467,S2747,S2705,S2657,S786,S1467,SBL9192 2003-07
    * SPEWS/spews.org: 553 SPEWS2 [1] zaconta, see
http://spews.org/ask.cgi?S1467;
      SPEWS2 [1] tonerbuys, see http://spews.org/ask.cgi?S1506;
      207.178.170/24: 553 SPEWS2 [2] zaconta, see
http://spews.org/ask.cgi?S1467 




>1and1.com
http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&scoring=d&q=1and1.com+abu
se&btnG=Search

Domain List matching contacts_email of hostmaster at 1and1.com

    * 1: 1-asian-sex.com
    * 2: 1and1.com
    * 3: ansonline.com
    * 4: attachs.com
    * 5: autoperl.com
    * 6: basix.com
    * 7: bb4f.info
    * 8: bloated.org
    * 9: bonzil.com
    * 10: clickforhosting.com
    * 11: college-nudes.net
    * 12: colomb.org
    * 13: cyber-cd.com
    * 14: discreetdvd.com
    * 15: diveadventurers.com
    * 16: domymarketing.com
    * 17: dynawebdesigns.com
    * 18: e-hostonline.net
    * 19: e-mazingdeals.com
    * 20: equestriantherapy.org
    * 21: equotesonline.com
    * 22: extremmovies.com
    * 23: ffa-usa.com
    * 24: freepussypass.com
    * 25: ghostbiz.com
    * 26: globaladvt.com
    * 27: gun-sales.com
    * 28: ivee.org
    * 29: ladygodivanetwork.com
    * 30: linethai.com
    * 31: marketingconceptsgroup.com
    * 32: medicalwebservices.net
    * 33: metreward.com
    * 34: micacy.com
    * 35: michigan-business.com
    * 36: myhouselist.com
    * 37: myproemail.com
    * 38: nastiest-teens.com
    * 39: njmovietime.com
    * 40: onlinehome-server.com
    * 41: onlinehome.us
    * 42: propappr-alachua-fl.org
    * 43: softwarepark-goa.org
    * 44: something-else.org
    * 45: speedyvalues.com
    * 46: systechintegration.com
    * 47: theinfoman.com
    * 48: uptimesoftware.com
    * 49: wonderfulldeals.com


>
>Gotomypc.com sells a remote access product
>Yale.edu is the domain for Yale University

http://spews.org/html/S2611.html

Domain List matching spews of S2611

    * 1: ca.us
    * 2: expertcity.com
    * 3: gotomypc.com
    * 4: internap.com
    * 5: pcmag-direct.com
    * 6: pnap.net
    * 7: spamlaws.com
    * 8: twtelecom.net
    * 9: wd10.com
    * 10: wd12.com
    * 11: whew.com
    * 12: worldatamail.com
 Results: Positive=5, Negative=25 (2004-09-07 15:44:25 UTC)

    * @ISP/blackholes.us: 66.151/16: 553 ISP INTERNAP -
http://hatcheck.org/google?internap; http://hatcheck.org/sbl?internap
[Blockparade]
    * @SPAM/spamsource: 66.151.158/24: 553 SPEWS [1] expertcity/gotomypc,
see http://spews.org/ask.cgi?S2611;
      66.151/16: 553 SPAM,PINK,BLOCK 66.150/16 66.151/16 66.151
66.151.44.151 joe4257769 at mailgeorgebush.net INTERNAP 2003-04
    * DRBL/drbl.all: 66.151/16: 553 DRBL weight: 0.6;
      vote.drbl.vimas.kiev.ua at ns.vimas.kiev.ua/0.6
    * SPEWS/spews.org: 66.151.158/24: 553 SPEWS2 [1] expertcity/gotomypc,
see http://spews.org/ask.cgi?S2611
    * FIVETEN/internap.com.spam-support: added 2002-07-07;
      spam support - hosting sendoutmail.com and jdrmedia.com; added
2003-07-22;
      spam support - hosting e-i1.com spamming from NET-63-251-54-64-1;
added 2003-07-02;
      spam support - hosting http://www.adaniexports.com on 63.251.163.110;
added 2004-03-08;
      spam support - see
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL14734; added 2004-07-31;
      spam support - see
http://www.spamhaus.org/SBL/sbl.lasso?query=SBL10031; added 2004-07-31;
      spam support - transit for AS30038 whose entire 69.63.160.0/20 is on
the SBL;
      added 2003-01-15;
      spam support - see
http://www.spamhaus.org/sbl/listings.lasso?isp=internap.com;
      added 2003-05-20;
      spam support - hosting http://www.pr0debtc0nsu1tants.com on
64.74.96.230, was on 63.251.163.110, was on verio;
      added 2002-01-22; on sprint.net; added 2002-10-07; spam support -
hosting netflip.com;
      added 2003-02-04; spam support - transit for AS18633; added
2003-04-13;
      spam support - transit for wholesalebandwidth; added 2002-12-07;
      spam support - dns service for columbiahouse.com; added 2002-09-17;
      spam support - see http://spews.org/html/S373.html; added 2002-09-10;
      spam support - hosting randbad.com on 209.191.175.226; added
2002-07-22;
      spam support - hosting internetseer.com and roving.com 

I would love a copy of all the reported FPs. Perhaps they should be moved to
the IC list?

--Chris


More information about the Discuss mailing list