Report joe-jobs here.

Boonsiri
Сообщения: 268
Зарегистрирован: Вт июн 14, 2011 10:06 am

RE: Report joe-jobs here.

Сообщение Boonsiri » Вт июл 30, 2013 8:27 pm

Subject: Diet for a week Domain taliya.ru Russian weight-loss site. Descriptions like How to quickly lose weight in a week, the ways to lose weight without dieting, homemade weight loss body wraps. suggest that this may be a scam.
Slenfbot spambot: http://cbl.abuseat.org/lookup.cgi?ip=178.123.108.244

Subject: Carding News / New Domain Domain cpro.su Criminal domain involved in the trade in stolen credit cards and other criminal activities. The home-page is identical to that of (at the moment not resolving) carder.pro, which has been a joe-job target for over 1 month. This seems to be another case of criminal infighting.
Slenfbot spambot: http://cbl.abuseat.org/lookup.cgi?ip=2.81.25.14

Subject: For Trader Domain redwoodoptions.com Binary Options broker.
Slenfbot spambot: http://cbl.abuseat.org/lookup.cgi?ip=178.122.197.123

Boonsiri
Сообщения: 268
Зарегистрирован: Вт июн 14, 2011 10:06 am

RE: Report joe-jobs here.

Сообщение Boonsiri » Ср июл 31, 2013 3:38 pm

Subject: Trojan Ransomware Domain malekal.com French website offering information about malware, Trojans, viruses and other computer-security issues. Apparently this site has been doing something right, which has displeased some malware or scareware operator.
Slenfbot spambot: http://cbl.abuseat.org/lookup.cgi?ip=201.4.19.239
Edit: 4-aug-2013. Malekal.com has posted a reaction at:
http://www.malekal.com/2013/08/01/email-spam-pour-malekal-com ; under "EDIT 3 August" they claim to have found out who is responsible for the joe-job.

Boonsiri
Сообщения: 268
Зарегистрирован: Вт июн 14, 2011 10:06 am

RE: Report joe-jobs here.

Сообщение Boonsiri » Пт авг 02, 2013 7:27 pm

Subject: Pegas Cleaning Company Domain pegas-cleaning.com Cleaning company for apartments and offices in Dnepropetrovsk, Ukraine. This company will not sent worldwide spam when it needs customers in Dnepropetrovsk.
On the scorecard of pegas-cleaning.com are already negative comments from 2 users, who unfortunately have closed their boards and can not be contacted.
Send through yet unknown spambots: http://cbl.abuseat.org/lookup.cgi?ip=115.77.226.247 ,
http://cbl.abuseat.org/lookup.cgi?ip=46.118.203.111

Boonsiri
Сообщения: 268
Зарегистрирован: Вт июн 14, 2011 10:06 am

RE: Report joe-jobs here.

Сообщение Boonsiri » Ср авг 07, 2013 5:20 am

Subject: New Moortgage Rates Domain hollybesthouse.com Home refinance. Registered in Panama and through Registrar Enom, Inc. Not a combination that would give ME confidence.
Source of the message was 192.184.91.17.
http://www.spamhaus.org/sbl/query/SBL193144 shows that this IP was also abused by: "Known repeat finanical fraud spammers: hayleybesthouse.com".
The fact that this was spammed only one time, and does not fit in the Slenfbot jobs makes that I am not fully convinced that this was a joe job.
I have therefore removed my warning at the scorecard of hollybesthouse.com

Boonsiri
Сообщения: 268
Зарегистрирован: Вт июн 14, 2011 10:06 am

RE: Report joe-jobs here.

Сообщение Boonsiri » Сб авг 31, 2013 2:12 pm

Subject: Smoking blends spice Domain gramrc.com Another Russian "RC forum" (=according to Urban Dictionary "Research Chemical") dedicated to content that is described as: "Smoking mixtures spice, Legal Powders and Pills".
The joe-job messages are written in Ukrainian. This is obviously another case of criminal infighting.
Slenfbot spambot: http://cbl.abuseat.org/lookup.cgi?ip=113.162.245.203

Boonsiri
Сообщения: 268
Зарегистрирован: Вт июн 14, 2011 10:06 am

RE: Report joe-jobs here.

Сообщение Boonsiri » Пн сен 02, 2013 12:19 pm

Subject: Free Child Porn Domain azpolitika.info Blog on politics and human rights in Azerbaijan.
Victim of a political motivated joe-job.
Spam messages are send from unlisted IP-addresses; several ISP's have already informed SpamCop that the issue has been resolved and that spam will cease.
This domain could use some help in repairing the reputation damage that has been caused by this joe-job.

Boonsiri
Сообщения: 268
Зарегистрирован: Вт июн 14, 2011 10:06 am

RE: Report joe-jobs here.

Сообщение Boonsiri » Пн ноя 18, 2013 8:25 pm

After a pause of more than 2 months the sending of joe-jobs has resumed. In the last 2 days I received (at one email account) 89 jobs for chemrc.biz, a domain that has previously been targeted and has been reported at:
https://www.mywot.com/en/forum/30718-report-joe-jobs-here?comment=188218#comment-188218 .

This time the joe-job messages are mostly sent through infected systems that are part of unnamed botnets, though the Slenfbot is also again used; for instance:
http://cbl.abuseat.org/lookup.cgi?ip=77.31.193.149 .

Boonsiri
Сообщения: 268
Зарегистрирован: Вт июн 14, 2011 10:06 am

RE: Report joe-jobs here.

Сообщение Boonsiri » Ср ноя 20, 2013 7:34 am

Subject: Legal Powders and Pills Domain allrc.cc Another Russian(?*) "RC forum" ("Research Chemical") dedicated to content that is described as: "Smoking blends, Legal powders".
The joe-job messages are written in Ukrainian. This is another case of criminal infighting.
*The domain was registered using fake Thai address data.
Unknown spambot: http://cbl.abuseat.org/lookup.cgi?ip=182.163.66.177

Edit: The scorecard for the domain has 2 comments.
One by gollum4711 states: "website advertised in spam from Ukraine", apart from the fact that the messages were not spam but joe-jobs, that comment is correct.
A second by raydragon states "Website advertising ILLEGAL DRUGS via SPAM." . That comment is NOT correct as the Website did NOT advertise anything by spam, only repeated joe-jobs did. Such comment therefore amounts to slander, no matter how bad or good we consider the targeted domain to be.
I find it rather disappointing that with so much information available even reviewers above rookie level can not make the distinction between spam and joe-job. I have contacted raydragon by PM with the polite request to reconsider the comment. The reply however was only that his comment was "not erroneous". A pity to see such pathetic behavior of not wanting to admit a mistake, especially when it means that the reviewer does exactly what the joe-job spammer hoped for.

Boonsiri
Сообщения: 268
Зарегистрирован: Вт июн 14, 2011 10:06 am

RE: Report joe-jobs here.

Сообщение Boonsiri » Вс янв 19, 2014 11:28 am

Subject: Uncensored download/Free porno torrents Domain goinst.com and download.aminst.net.
The links at goinst.com [http://goinst.com/download/getfile/...] redirect to a link at download.aminst.net, where a file presented as an XXX-torrent attempts to download a malicious file.
As usual the joe jobs use the Slenfbot spambot.
In the case of goinst.com:
http://cbl.abuseat.org/lookup.cgi?ip=190.238.171.133 ;
for the direct link to download.aminst.net:
http://cbl.abuseat.org/lookup.cgi?ip=89.252.54.181

Boonsiri
Сообщения: 268
Зарегистрирован: Вт июн 14, 2011 10:06 am

RE: Report joe-jobs here.

Сообщение Boonsiri » Пн апр 14, 2014 12:57 pm

Subject: Explicit bestiality descriptions. The unlikely subjects are different in every message. Targeted domains: asiansexmov.com, globlax.com, and hqjapanesepussy.com. All 3 sites have been registered for at least 3 years and do not seem to have been engaged in spam. The domains seem to be related as all 3 display the same disclaimer, which warns visitors that the domain has been spamvertized by a third party.
The homepage of the domains asiansexmov and globax only displays links to their own sites, while hqjapanesepussy.com seems to be a portal to a wide range of asian adult sites.
Of course none of the 3 domains displays content related to bestiality: asianmovsex and globax both mention to have "a zero-tolerance policy against ILLEGAL pornography" as well as the text (with links) "Parents - Protect your children from adult content with these services: Cyber Patrol | Net Nanny | Cyber Sitter". Hqjapanesepussy.com has a warning that the site contains adult content and mentions: “All images on this site are all in compliance with the 18 USC 2257 US Federal Law”.

These joe-jobs are similar to those that previously used outrageous child-pornography subjects.
From the samples I checked from the load of messages -all dated April 12th and 13th – those were this time not sent through the Slenfbot spambot, but through IP-addresses not yet identified as belonging to a botnet or through several other botnets, like through the Asprox spambot:
http://cbl.abuseat.org/lookup.cgi?ip=195.158.110.70 ;
http://cbl.abuseat.org/lookup.cgi?ip=201.67.101.98 ,
through the Cutwail spambot:
http://cbl.abuseat.org/lookup.cgi?ip=190.47.200.136
the Gamut spambot:
http://cbl.abuseat.org/lookup.cgi?ip=1.169.188.182
and the Kelihos spambot:
http://cbl.abuseat.org/lookup.cgi?ip=200.74.146.98 .

Ответить

Кто сейчас на конференции

Сейчас этот форум просматривают: нет зарегистрированных пользователей и 4 гостя