Get exclusive CAP network offers from top brands

View CAP Offers

Reply To: Trace that Spammer!

[bsa_pro_ad_space id=2]
#728587
Anonymous
Inactive
bb1webs wrote:
Hi slots.

thanks for this nice info.

my question being so dumb that I am about these things .. is what do you do with the info once you get it lol.

I’d imagine you contact the hosting company to complain about the spam?

if that is correct: how do you find the host? check whois?

thanks for the help. What I’d be using this for and what always concerns me most is the kind of mail I get that says it was sent from one of my sites. That kind of shit bugs the shit out of me because I don’t want my players getting mail of that sort …..and them thinking it was sent from me.

For that reason alone …. this tool would be very comforting for me and worthwhile to chase down the spammer in question.

Quite frankly I am always amazed at why these people go to the lengths they do … (Greek’ll probably chime in to tell me it only takes them a few seconds to do this stuff) , but anyway even if that’s true … I just can’t imagine it being a profitable way of spending one’s time. I always think to myself when I see this stuff that if these people have such knowledge … why the hell do they waste it on such fruitless efforts?

the best answer I can ever come up with is that its the only thing they know how to do. Because otherwise why wouldn’t they be trying to make money in a worthwhile way? And even if that is ALL they know how to do…. with the obvious smarts they have … it wouldn’t take that long for them to learn to set up a website and try to make money in an honest fashion.

I guess I’ll never understand what motivates some people.

bb1, I’ll never understand it either.

But that’s correct, use whois to locate the hosting service.

The visualroute just sends a dummy packet (pinging) to all the servers in the network path to pinpoint network connectivity problems and identify IP address locations.

To get the spam email ip address, click full headers in (bottom right in Yahoo mail) the email, get the ip address from the X-Originating IP or from the earliest Received.

Paste it in the visualroute and click start. I forgot to say in the original post to click Performance Graph then hover the mouse over the dots to reveal the hop hosts.

The VisualRoute server is located in Virgina but can be changed to the UK from the map on the top left.

When hovering the mouse over the dots, the last one (on right) is the server where the spam came from. It also lists the hosting company and if clicked will query whois database but the VisualRoute administrator has disabled this feature.

So we can look it up manually in whois, like you said.
Here’s a stock spam ip address 84.130.107.109
the spam is from Deutsche Telekom AG (Germany).

When looking up the ip address whois might say it is from one of the databases:

ARIN (North America), RIPE(Europe), APNIC (Asia/Pacific), AfriNIC (Africa),
LACNIC (Latin America/Carribean)

Most people lookup ips or domains in ARIN: http://ws.arin.net/whois or Network Solutions http://www.networksolutions.com/whois/index.jsp?

So if we query the stock spam ip address 84.130.107.109 in ARIN it says more info is available in RIPE http://www.ripe.net/whois

RIPE displays the whois info and under remarks has abuse contact. In this case it also has an abuse email address under Security Team further down. We can just forward the spam email to them and hopefully it is the right host and they shut it down.

http://www.ripe.net/whois?form_type=simple&full_query_string=&searchtext=84.130.107.109&do_search=Search

I’m sure there is a lot more to it as I’m not a networking expert like Greek and some others in here.

Cheers,
Slotplayer