Rocksolid Light

Welcome to novaBBS (click a section below)

mail  files  register  newsreader  groups  login

Message-ID:  

Usage: fortune -P [-f] -a [xsz] Q: file [rKe9] -v6[+] file1 ...

computers / news.admin.net-abuse.usenet / Re: (PDF) Rockwood and Wilkins Fractures in Children 9th Edition by Waters

SubjectAuthor
* (PDF) Rockwood and Wilkins Fractures in Children 9th Edition byDavid Ritz
`- (PDF) Rockwood and Wilkins Fractures in Children 9th Edition by WatersAndreas Kohlbach

1
Re: (PDF) Rockwood and Wilkins Fractures in Children 9th Edition by Waters

<817p663n-9n89-q827-s822-77271rsp351@zvaqfcevat.pbz>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=1312&group=news.admin.net-abuse.usenet#1312

  copy link   Newsgroups: news.admin.net-abuse.usenet news.admin.net-abuse.email
Followup: news.admin.net-abuse.usenet
Path: i2pn2.org!i2pn.org!usenet.goja.nl.eu.org!3.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail
From: dri...@mindspring.com (David Ritz)
Newsgroups: news.admin.net-abuse.usenet,news.admin.net-abuse.email
Subject: Re: (PDF) Rockwood and Wilkins Fractures in Children 9th Edition by
Waters
Followup-To: news.admin.net-abuse.usenet
Date: Mon, 4 Jul 2022 15:08:38 -0500
Organization: SpamBusters!
Lines: 73
Message-ID: <817p663n-9n89-q827-s822-77271rsp351@zvaqfcevat.pbz>
References: <59781171-88d3-47ec-98c7-97fc78859159n@googlegroups.com> <t9qg9g$l2b$46@gallifrey.nk.ca> <op.1opbr1wla3w0dxdave@hodgins.homeip.net> <87zghq16jb.fsf@usenet.ankman.de> <op.1oq0e4gda3w0dxdave@hodgins.homeip.net> <87zghozqdx.fsf@usenet.ankman.de>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
X-Trace: individual.net 6z2owABUzSUuj/Nua2xotQ5nn5uZBc3ZxNKYvvVQB//YyhSnq3
X-Orig-Path: not-for-mail
Cancel-Lock: sha1:Ua8MmUuM5ZKAWgb75Qr9xQ4VTrY=
In-Reply-To: <87zghozqdx.fsf@usenet.ankman.de>
OpenPGP: id=9CD055375C05466038D2194852BC29991A12DEEB
X-Comment-1: Spam is bad. <http://trillian.mit.edu/~jc/humor/WhatIsSpam.html>
X-Comment-2: LART a spammer for Dobbs.
X-Comment-3: Invalid assumptions tend to produce invalid conclusions.
X-Comment-4: This message is intended to be read with a monospaced font.
X-Meow: yes
 by: David Ritz - Mon, 4 Jul 2022 20:08 UTC

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[ note followups-to ]

On Monday, 04 July 2022 14:25 -0400,
in article <87zghozqdx.fsf@usenet.ankman.de>,
Andreas Kohlbach <ank@spamfence.net> wrote:

> On Sun, 03 Jul 2022 16:55:42 -0400, David W. Hodgins wrote:

>> On Sun, 03 Jul 2022 12:54:00 -0400,
>> Andreas Kohlbach <ank@spamfence.net> wrote:

>>> It's posted via Google. I don't think a botnet is involved.

>> The Injection-Info header in the articles shows it's coming from a
>> wide variety of ip addresses (hence botnet), and using multiple
>> google accounts.

Those wildly guessing 'botnet' have failed to do even the most
rudimentary research, before reaching this erroneous and quite
muddleheaded conclusion.

> Good point. I overlooked this. Although it could be TOR?

TOR seems much closer, but slightly off-target, as none of the
addresses I checked were identified as Tor exit nodes.

After looking up the original article,
<59781171-88d3-47ec-98c7-97fc78859159n@googlegroups.com>
(http://al.howardknight.net/?ID=165696354700), I took a look at the
most recent spam from "hester holt <hesterholt7@gmail.com>"blq, in
comp.os.linux.misc.

NNTP-Posting-Host: 68.235.38.177
NNTP-Posting-Host: 217.138.255.202
NNTP-Posting-Host: 198.55.126.214
NNTP-Posting-Host: 104.129.56.166
NNTP-Posting-Host: 149.57.28.198
NNTP-Posting-Host: 178.170.158.41
NNTP-Posting-Host: 45.87.214.77
NNTP-Posting-Host: 149.57.28.76
NNTP-Posting-Host: 45.87.212.78
NNTP-Posting-Host: 37.120.137.72
NNTP-Posting-Host: 217.138.255.203
NNTP-Posting-Host: 208.78.41.158
NNTP-Posting-Host: 146.70.103.22
NNTP-Posting-Host: 178.170.183.64

Running a query for the IP address with the term 'proxy', identifies
some as the Windscribe VPNs (windscribe.com), likely acting as
proxies.

https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/45.87.212.78
https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/149.57.28.198
https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/208.78.41.158
https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/217.138.255.202

All of this suggests each article is posted manually via Google
Groups. I see nothing to even vaguely suggest the involvement of
automation, let alone a botnet.

- --
David Ritz <dritz@mindspring.com>
Be kind to animals; kiss a shark.

-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQSc0FU3XAVGYDjSGUhSvCmZGhLe6wUCYsNIxgAKCRBSvCmZGhLe
6+s2AJ9A1ymdSh/UvlBPte4GctWO2EsKwACeJfNerHrpi1BX4kSDISVMwa+9HNM=
=SeAu
-----END PGP SIGNATURE-----

Re: (PDF) Rockwood and Wilkins Fractures in Children 9th Edition by Waters

<87tu7vxwdn.fsf@usenet.ankman.de>

  copy mid

https://www.novabbs.com/computers/article-flat.php?id=1317&group=news.admin.net-abuse.usenet#1317

  copy link   Newsgroups: news.admin.net-abuse.usenet
Followup: poster
Path: i2pn2.org!i2pn.org!eternal-september.org!reader01.eternal-september.org!.POSTED!not-for-mail
From: ank...@spamfence.net (Andreas Kohlbach)
Newsgroups: news.admin.net-abuse.usenet
Subject: Re: (PDF) Rockwood and Wilkins Fractures in Children 9th Edition by Waters
Followup-To: poster
Date: Tue, 05 Jul 2022 14:11:32 -0400
Organization: A noiseless patient Spider
Lines: 48
Message-ID: <87tu7vxwdn.fsf@usenet.ankman.de>
References: <59781171-88d3-47ec-98c7-97fc78859159n@googlegroups.com>
<t9qg9g$l2b$46@gallifrey.nk.ca>
<op.1opbr1wla3w0dxdave@hodgins.homeip.net>
<87zghq16jb.fsf@usenet.ankman.de>
<op.1oq0e4gda3w0dxdave@hodgins.homeip.net>
<87zghozqdx.fsf@usenet.ankman.de>
<817p663n-9n89-q827-s822-77271rsp351@zvaqfcevat.pbz>
MIME-Version: 1.0
Content-Type: text/plain
Injection-Info: reader01.eternal-september.org; posting-host="ca3faf2fe5f99c1044bbf2a245d01a5e";
logging-data="3966235"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/sygq4WKzwwQ9W5JIIxJDz"
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
Cancel-Lock: sha1:oyJjArf60I0GIuFfuSN+8a2OG9U=
sha1:wKnx6kzOw5dS1qp2aA3LvkTkCng=
X-No-Archive: Yes
 by: Andreas Kohlbach - Tue, 5 Jul 2022 18:11 UTC

On Mon, 4 Jul 2022 15:08:38 -0500, David Ritz wrote:
>
> [ note followups-to ]

Is it still full of spam? I removed my subscription because of
that. Setting F'up2 poster now.

> (http://al.howardknight.net/?ID=165696354700), I took a look at the
> most recent spam from "hester holt <hesterholt7@gmail.com>"blq, in
> comp.os.linux.misc.
>
> NNTP-Posting-Host: 68.235.38.177
> NNTP-Posting-Host: 217.138.255.202
> NNTP-Posting-Host: 198.55.126.214
> NNTP-Posting-Host: 104.129.56.166
> NNTP-Posting-Host: 149.57.28.198
> NNTP-Posting-Host: 178.170.158.41
> NNTP-Posting-Host: 45.87.214.77
> NNTP-Posting-Host: 149.57.28.76
> NNTP-Posting-Host: 45.87.212.78
> NNTP-Posting-Host: 37.120.137.72
> NNTP-Posting-Host: 217.138.255.203
> NNTP-Posting-Host: 208.78.41.158
> NNTP-Posting-Host: 146.70.103.22
> NNTP-Posting-Host: 178.170.183.64
>
> Running a query for the IP address with the term 'proxy', identifies
> some as the Windscribe VPNs (windscribe.com), likely acting as
> proxies.
>
> https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/45.87.212.78
> https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/149.57.28.198
> https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/208.78.41.158
> https://www.ipqualityscore.com/free-ip-lookup-proxy-vpn-test/lookup/217.138.255.202
>
> All of this suggests each article is posted manually via Google
> Groups. I see nothing to even vaguely suggest the involvement of
> automation, let alone a botnet.

Thank you for your analysis.

[Update]

Still no response from the spammer after I placed a test order. I assume
when a Paypal payment falls through the recipient will get a notification
to be able to contact "the customer" (me in this case)?
--
Andreas

1
server_pubkey.txt

rocksolid light 0.9.8
clearnet tor