Le site vacancesloisirs.fr est-il sûr ?

In addition to my previous comment, I have checked the spam messages I received in the last 2 days for this domain, and found that most joe-job spams were indeed send by spambots. Names of spambots and IP-addresses used: Cutwail (111.95.139.236); Festi (183.182.127.208, 197.252.0.84); Waledac (46.112.30.226, 66.162.98.130, 68.42.77.104, 70.78.41.232, 72.28.229.77, 77.45.6.124, 89.72.121.9, 90.157.247.68, 92.29.56.143, 92.85.134.37, 95.74.197.47, 109.100.166.44, 123.16.22.49, 182.2.219.52*, 188.108.152.117, 189.221.245.17, 200.80.98.14*, 201.240.51.57). Source of identification: Spamhaus CBL. Edit: The IP-addresses marked with * were taken from the examples provided by spamfighter666. Thank you for the revising of your reviews, spamfighter666 and scamwatch!

spammed me. Rather, received an ostensible joe-job from them - thanks to Boonsiri for pointing it out; here are two sets of faked headers: #1 From: Bess Mcfadden <pusk2000@codetel.net.do> Subject: Camping-car neuf Date: August 7, 2012 2:43:03 PM PDT To: <*****> Delivered-To: ***** Received: by ***** with SMTP id l2csp550219igc; Tue, 7 Aug 2012 14:48:40 -0700 (PDT) Received: by ***** with SMTP id co8mr4557490vdb.131.1344376120397; Tue, 07 Aug 2012 14:48:40 -0700 (PDT) Received: from [*****] ([*****]) by ***** with SMTP id fb1si14815891vdb.134.2012.08.07.14.48.37; Tue, 07 Aug 2012 14:48:40 -0700 (PDT) Received: from unknown (HELO dpisw) ([51.148.236.214]) by ***** with ESMTP; Wed, 8 Aug 2012 04:49:10 +0700 Return-Path: <pusk2000@codetel.net.do> Received-Spf: neutral (google.com: 182.2.219.52 is neither permitted nor denied by best guess record for domain of pusk2000@codetel.net.do) client-ip=182.2.219.52; Authentication-Results: *****; spf=neutral (google.com: 182.2.219.52 is neither permitted nor denied by best guess record for domain of pusk2000@codetel.net.do) ***** Message-Id: <000901cd74e6$634b1ee0$3394ecd6@comp3f0d130f5bdpisw> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express ***** X-Mimeole: Produced By Microsoft MimeOLE V6.00.2800.1437 #2 From: Martin Hall <paul@nishoku.com.tw> Subject: Caravane occasion Date: August 11, 2012 11:24:35 PM PDT To: Neil Schwartzman <spamfighter@gmail.com> Delivered-To: spamfighter@gmail.com Received: by ***** with SMTP id dx4csp165939igb; Sat, 11 Aug 2012 22:28:01 -0700 (PDT) Received: by ***** with SMTP id de9mr7887271qab.7.1344749280637; Sat, 11 Aug 2012 22:28:00 -0700 (PDT) Received: from ***** ([*****]) by mx.google.com with SMTP id k5si1247079qct.136.2012.08.11.22.27.59; Sat, 11 Aug 2012 22:28:00 -0700 (PDT) Received: from unknown (HELO 773) ([40.199.185.102]) by ***** with ESMTP; Sun, 12 Aug 2012 01:32:24 -0500 Return-Path: <paul@nishoku.com.tw> Received-Spf: neutral (google.com: ***** is neither permitted nor denied by best guess record for domain of paul@nishoku.com.tw) client-ip=200.80.98.14; Authentication-Results: mx.google.com; spf=neutral (google.com: 200.80.98.14 is neither permitted nor denied by best guess record for domain of paul@nishoku.com.tw) ***** Message-Id: <002801cd784b$339e38e0$28c7b966@YOURNPZ46BXPI5773> Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-2"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-Msmail-Priority: Normal X-Mailer: Microsoft Outlook Express ***** X-Mimeole: Produced By Microsoft MimeOLE V6.00.2800.1506

This website was recently advertised by unsolicited email containing forged 'From' lines, sent through a botnet of hijacked PCs. It is unclear whether the spam was authorized by the site owners or not. Some aspects of the messages suggest the possibility that the spam run may actually be a 'joe job' intended to discredit the site.

These spams look like a joe-job to me. The domain vacancesloisirs.fr was created on ***** (at Registrar "HOSTWAY DEUTSCHLAND GMBH"). It seems unlikely that an over 6 year old domain suddenly starts spamming. This seems to be confirmed by the fact that the domain is only listed at WoT: http://www.urlvoid.com/scan/vacancesloisirs.fr Moreover the way of spamming (using also the Waledac spambot) and sending dozens of spams in a few hours to an account were I ONLY get joe-jobs, is very similar to previous Russian '"joe-job"-floods. Supporting this is the fact, that in between the spam-runs for this domain, I found a few from earlier used "joe-job" politikym.net. I recommend that this domain receives some repair-ratings to undo the undeserved red color.