DRSpalding

Members
  • Content count

    37
  • Joined

  • Last visited

Community Reputation

0 Neutral

About DRSpalding

  • Rank
    Member

Recent Profile Visitors

674 profile views
  1. Abuse contact for '43.228.72.0 - 43.228.75.255' is abuse[at]gazonindia.com, sourced from APNIC WHOIS. Current recipient is search-apnic-not-arin#apnic.net[at]devnull.spamcop.net.
  2. Abuse contact for '153.120.0.0 - 153.120.191.255' is abuse[at]sakura.ad.jp sourced from APNIC WHOIS. Current recipient is search-apnic-not-arin#apnic.net[at]devnull.spamcop.net.
  3. Abuse contact for '43.246.252.0 - 43.246.255.255' is 'ipv4bsnl[at]gmail.com' sourced from APNIC WHOIS. Current recipient is set to the usual search-apnic-not-arin#apnic.net[at]devnull.spamcop.net.
  4. From APNIC WHOIS, this net block should contact 'ipv4bsnl[at]gmail.com'. Currently, the net block is set to the fabulous 'search-apnic-not-arin#apnic.net[at]devnull.spamcop.net'.
  5. Abuse contact for '43.228.72.0 - 43.228.75.255' is abuse[at]chiraagcommunications.com SC currently giving search-apnic-not-arin#apnic.net[at]devnull.spamcop.net Found current data on APNIC WHOIS lookup for IP address 43.228.74.46 used to send spam this morning.
  6. Abuse contact for '139.175.0.0 - 139.175.255.255' is 'hostmaster[at]twnic.net.tw', from APNIC WHOIS data specifically as abuse mailbox. Currently, this range shows as 'search-apnic-not-arin#apnic.net[at]devnull.spamcop.net'
  7. Abuse contact for '139.167.0.0 - 139.167.255.255' is 'ip.abuse[at]ril.com' based on data from APNIC WHOIS. Currently, it is set to "search-apnic-not-arin#apnic.net[at]devnull.spamcop.net".
  8. Abuse contact for '47.11.0.0 - 47.11.127.255' is 'ip.abuse[at]ril.com'. Currently SpamCop shows "search-apnic-not-arin#apnic.net[at]devnull.spamcop.net". Abuse address retrieved from APNIC WHOIS data.
  9. Abuse contact for '47.11.128.0 - 47.11.255.255' is 'ip.abuse[at]ril.com'. Data from APNIC WHOIS. Currently, SpamCop comes up with 'search-apnic-not-arin#apnic.net[at]devnull.spamcop.net'
  10. Currently it comes up as the ol' "search-apnic-not-arin#apnic.net[at]devnull.spamcop.net". Based on APNIC WHOIS, it should be: Abuse contact for '47.247.0.0 - 47.247.255.255' is 'ip.abuse[at]ril.com'
  11. The website appears to be up and running now.
  12. If there is junk added in to a style sheet in the spam or other blatant filler to either add so many URLs that SpamCop gives up or pushes the size out beyond 50KB so that the actual payload URLs are deleted by truncating the message, I have started removing much of the repetitive junk out of the message to make it work. The spam I was receiving that did this routinely has now stopped, whether by filtering upstream from me or because they finally ran their run, but the URLs they were using were a much better target than the myriad 'bot sites being used to send it. So, I munged it myself, rationalizing that SpamCop would have "munged" it too, just at the end of the message and not in the middle like me.
  13. Yes, the website appears to be unavailable. Email submissions of spam attachments seems to work quite nicely though as I just sent in and very quickly received the reply, so it looks like the parsing and whatnot is working on the backend just fine. If you have enabled quick spamcop email reporting, it looks like you can at least report the senders of the spam. I'm trying that right now. Edit to add: Quick reporting worked just fine, according to the response that it sent a report like normal.
  14. Tracking URL: https://www.spamcop.net/sc?id=z6289054704z1ca8c0c6638bb944ad328cf46dd3ee00z This spam contains URLs that are not getting reported but SpamCop is noting the following: Resolving link obfuscation HTTP://dimo.site/0a9843a2f4fdfdb3cd243d65913/auto.php?9020321_hcywgultvlggov_1_track57_57_2_79206 Remove email parameters: HTTP://dimo.site/0a9843a2f4fdfdb3cd243d65913/auto.php HTTP://dimo.site/0a9843a2f4fdfdb3cd243d65913/auto.php?9020321_jeadarfaqcmadj_1_track57_57_2_79206 Remove email parameters: HTTP://dimo.site/0a9843a2f4fdfdb3cd243d65913/auto.php HTTP://dimo.site/unsub I do not know what that means, but I have modified the links to not include anything at all other than the domain name and resubmitted it, it doesn't emit that message but it still won't send a report. If you put one of the sites directly into the report spam form and submit it to see what happens, it does in fact parse it and would submit a report. What's it all mean?
  15. Spamvertised web site hosted at IP address 5.157.2.178. Per RIPE Whois: C:\Tmp> whois -h whois.ripe.net 5.157.2.178 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Note: this output has been filtered. % To receive output for a database update, use the "-B" flag. % Information related to '5.157.2.0 - 5.157.2.255' % Abuse contact for '5.157.2.0 - 5.157.2.255' is 'noc@interconnects.us'