photo lineviral_1.png
» » » » Shortest Spam Piece Of Job E'er – Domaincop.Org Domain Abuse Honor Spam
, ,

Shortest Spam Piece Of Job E'er – Domaincop.Org Domain Abuse Honor Spam

Woke upward this morn together with industrial plant life ii emails from domaincorp.org inwards my Inbox stating my domains are beingness used for spamming together with spreading malwares recently. Subject business contained “Domain Abuse Notice” which looked serious.


I hateful WOHA! I produce write nearly ‘stuff’ but doesn’t hateful I ship out emails to anyone. I don’t fifty-fifty respond to my emails one-half the fourth dimension travail I don’t genuinely demand some other SEO expert, some other advertiser, some other promoter or a globally acclaimed graphics designer to blueprint ‘tings’!


But together with then again, you lot read nearly all these reports that explains how malware together with virus’s are served via Advertisement etc. So I decided to carefully examine the electronic mail together with it’s contents inwards an travail to reveal out to a greater extent than information. Before I fifty-fifty opened the actual email, I checked it’s header together with Domain Whois. I ever produce this, particularly Whois because you lot are unlikely to have an abuse notice electronic mail from whatsoever domain that was registered few weeks back. Most abuse notice emails are served yesteryear large organizations together with domains that has been around for years together with built plenty reputation for everyone to accept them seriously.


Whois information


I checked their whois from https://who.is/whois/domaincop.org


Woke upward this morn together with industrial plant life ii emails from domaincorp Shortest spam run ever – domaincop.org Domain Abuse Notice Spam


Nice, Registered On 2016-11-22, Updated On 2016-11-22 together with today is 2016-11-23. I hateful duh, it’s even thus 22nd of Nov is some parts of the world. They also has PrivacyGuard enabled which agency you lot cannot run into the existent owners yell or details similar darodar.com referrer spam.


Inspect URL together with it’s content


The side yesteryear side obvious matter was to banking concern jibe the URL that was sent to me to stance the abuse my domains has inflicted. erm, produce I role a browser? Perhaps not, I decided to role cURL.


Woke upward this morn together with industrial plant life ii emails from domaincorp Shortest spam run ever – domaincop.org Domain Abuse Notice Spam


root@kali: # whorl -kv http://www.domaincop.org/<removed>
* Could non resolve host: www.domaincop.org
* Closing connecter 0
curl: (6) Could non resolve host: www.domaincop.org

hang on, the domain seems to take maintain no DNS response. Let’s double-check that amongst dig command


root@kali: # dig www.domaincop.org

; <<>> DiG 9.10.3-P4-Debian <<>> www.domaincop.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64018
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;www.domaincop.org.        IN    A

;; AUTHORITY SECTION:
org.            704    IN    SOA    a0.org.afilias-nst.info. noc.afilias-nst.info. 2012251969 1800 900 604800 86400

;; Query time: 1 msec
;; SERVER: x.x.x.x#53(x.x.x.x)
;; WHEN: Midweek Nov 23 10:42:53 AEDT 2016
;; MSG SIZE  rcvd: 109

dig returned NXDOMAIN response which agency the domain doesn’t exists. It seems either they’ve disabled their domain and/or Cloudflare banned/removed them. In whatsoever case, at that topographic point is no way to inspect that URL for me now. ‘sad panda’



Sample email


Here’s ane of emails I received from  “Imogen Murray” <imogen_murray@domaincop.org>; (the other electronic mail was from “Isaac Wright” <isaac-wright@domaincop.org>; ) amongst just same content:


Dear Domain Owner,

Our scheme has detected that your domain:<removed>.com is beingness used for spamming together with spreading malware recently.

You tin download the detailed abuse study of your domain along amongst date/time of incidents.
Click Here<link-removed>

We take maintain also provided detailed education on how to delist your domain from our blacklisting.

Please download the study similar a shot together with accept proper activity inside 24 hours otherwise your domain volition survive suspended permanently.

There is also possibility of legal activity depend on severity together with persistence of your abuse case.

Three Simple Steps:

1. Download your abuse report.

2. Check your domain abuse incidents along amongst appointment together with time.

3. Take few unproblematic steps for prevention together with to avoid domain suspension.

Click Here to Download your Report<link-removed>

Please await into it together with contact us.

Best Regards,

Domain Abuse Admin

DomainCop Inc.

Tel.: (139) 722-66-56

Conclusion


Not certain what this electronic mail was about, but inwards example you lot ever larn these type of emails, here’s what you lot ever do:



  1. Check Domain Whois

  2. Check the URL without genuinely going into it (cURL it)

  3. Use online scanners to banking concern jibe the links

  4. Check dig/nslookup info

  5. Search inwards Google

  6. If you lot must see the URL, produce it from a ascendency business tool or from a VM.


In short, you lot are unlikely to larn such emails from multiple senders from a domain that was setup yesterday, got banned today together with has people around the basis talking nearly it beingness a scam. Another way is to banking concern jibe spammy links is yesteryear using reputed providers online site review tools. Here’s a listing of them:


Real Time Scanners:



  1. Comodo Web Inspector: Examines the URL inwards real-time

  2. Joe Sandbox URL Analyzer: Examines the URL inwards existent time

  3. Is It Hacked: Performs several of its ain checks of the URL inwards existent fourth dimension together with consults some blacklists

  4. IsItPhishing: Assesses the specified URL inwards real-time

  5. Sucuri SiteCheck: Scans the URL for malware inwards existent fourth dimension together with looks it upward inwards several blacklists

  6. Zscaler Zulu URL Risk Analyzer: Examines the URL using real-time together with historical techniques


Historical Reputation data:



  1. AVG Website Safety Reports: Provides historical reputation information nearly the site

  2. Blue Coat WebPulse Site Review: Looks upward the website inwards BlueCoat’s database

  3. BrightCloud URL/IP Lookup: Presents historical reputation information nearly the website

  4. Cisco SenderBase: Presents historical reputation information nearly the website

  5. Cymon: Presents information from various threat intel feeds

  6. Deepviz: Offers historical threat intel information nearly IPs, domains, etc.

  7. FortiGuard lookup: Displays the URL’s history together with category

  8. IBM X-Force Exchange: Provides historical information nearly IPs, URLs, etc.

  9. Intel/McAfee: : Presents historical reputation information nearly the website

  10. KnownSec: Presents historical reputation information nearly the website; Chinese linguistic communication only

  11. PhishTank: Looks upward the URL inwards its database of known phishing websites

  12. Malware Domain List: Looks upward recently-reported malicious websites

  13. MalwareURL: Looks upward the URL inwards its historical listing of malicious websites

  14. McAfee Site Advisor: Presents historical reputation information nearly the website

  15. MxToolbox: Queries multiple reputational sources for information nearly the IP or domain

  16. Norton Safe Web: Presents historical reputation information nearly the website

  17. Open Threat Exchange: Presents various threat intelligence information from AlienVault

  18. PassiveTotal: Presents passive DNS together with other threat tidings data

  19. Quttera ThreatSign: Scans the specified URL for the presence of malware

  20. Reputation Authority: Shows reputational information on specified domain or IP address

  21. Trend Micro: Presents historical reputation information nearly the website

  22. Unmask Parasites: Looks upward the URL inwards the Google Safe Browsing database

  23. URL Blacklist: Looks upward the URL inwards its database of suspicious sites

  24. URL Query: Looks upward the URL inwards its database of suspicious sites together with examines the site’s content

  25. URLVoid and IPVoid: Looks upward the URL or IP inwards several blacklisting services

  26. VirusTotal: Looks upward the URL inwards several databases of malicious sites

  27. vURL: Retrieves together with displays the source code of the page; looks upward its condition inwards several blocklists

  28. ThreatMiner: Presents various threat tidings data


These are manufacture leaders for checking together with categorizing Domains/URL’s together with marker them accordingly. For novel domains, role the Live scanners; for older domains, role the historical reputation scanners. In whatsoever case, remain security together with happy browsing.


Buat lebih berguna, kongsi:
close