![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List]
Re: Spammie using my address as From: in email to me!??!
Mike Easter
MikeE at ster.invalid
Fri Nov 26 14:15:30 EST 2004
Porpoise1954 wrote:
> "Mike Easter"
>> Porpoise1954 wrote:
>>> Apparently from a Demon UK account.
>>
>> 62.49.206.2 rDNS mailgate.abexltd.co.uk
>>
>> There's a website somewhere else http://www.abexltd.co.uk./
>>
>> ... but I can't put it together.
>
> Hhmmm...... Innocent bystander????
Most likely 62.49.206.2 is abused somehow. The domainname
abexltd.co.uk uses demon's mailservers at a different /24
inetnum: 194.217.242.0 - 194.217.242.255
netname: DEMON-INT
...but your [probably] abused IP is an adsl in a little bitty block of 7
IPs
inetnum: 62.49.206.0 - 62.49.206.7
netname: BXEA-ADSL
descr: DEMON ADSL CUSTOMER
descr: Abex Limited
The target or reference one is currently showing online. If we wanted
to probe its ports, we might be able to find out what's wrong with it --
it isn't currently listed anywhere.
Whereas the website for the forklift trucks is here 194.159.243.251 -
also demon.
inetnum: 194.159.243.224 - 194.159.243.255
netname: DEMON-WWW-NCW2
descr: Demon Internet
descr: Web Hosting Solutions
since there's only 32 IPs there, demon probably has them 'stacked up' -
we'll look at our target:
194.159.243.251 - IP hosts 112 Total Domains ...
194.159.243.252 - IP hosts 141 Total Domains ...
etc. So they cram a lot of websites into that little block of 32.
--
Mike Easter
kibitzer, not SC admin
More information about the SpamCop-List
mailing list