jrr7

Members
  • Content count

    11
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jrr7

  • Rank
    Member
  1. https://www.spamcop.net/sc?id=z6396719619za31ed22231ee686eb352332a73d014d9z IP address in question is 89.144.55.71, within 89.144.0.0 mask 255.255.128.0 Someone (on a dsl ip address) manually added a reporting address (as shown in the ARIN comments), but it bounces. The whole setup looks suspicious. Maybe reports should go to their upstream, ghostnet.de?
  2. It looks like the percent deobfuscation isn't happening at all. But the bigger issue is that it's not tracing through the Google redirector.
  3. Hi, I'm pretty sure this can't be done. When gmail forwards the message, it's in a format that SpamCop can't use. And it is a requirement that all spam reports be confirmed, either by clicking on the link in the email, or by visiting the website. That said, there are various programs out there that can automate this for you, but I recommend that you DO NOT use them since it could lead to you mistakenly reporting a real email as spam. That would destroy SpamCop's credibility. It doesn't matter whether the email address is "virtual" or not. What if someone just makes a typing mistake, and misdirects a personal email to that address? Or what if the mail server glitches?
  4. I'm trying to report a "work at home" spam (probably money mule recruiting). Spamcop refuses to report it saying there's no date. Actually there is a Date: header, but with a date in the future. My guess is that's confusing spamcop. If I look at the unsubmitted report, it doesn't show that message any more. Why is Spamcop trusting the easily forgeable Date: header? The only definitive time is in the last trusted Received; header Here's the headers:
  5. Doing a proper RIPE query with -B, we find that the recommended address is abuse[at]ncgroup.pl ... but they've been unresponsive, so I suggest also including their upstream, abuse[at]tinet.net
  6. The lookup for 101.101.145.13 shows that reports go to eunsung78[at]hotmail.com which is the spammer. Can we have reports go to the upstream instead? comnetjw[at]hanmir.com found from apnic?
  7. Here's what Spamcop's whois page for the IP says: [whois.krnic.net] query: 61.97.178.6 # KOREAN öȸÇýŠIPv4ÃÖ¼Ò´Â Çѱ¹ÀÎÅóÃÃøÈï¿øÀ¸·ÎºÎÅà ¾Æ·¡ÀÇ °ü¸®´ëÇà ÀÚ¿¡°Ô ÇÒ´çµÇ¾úÀ¸¸ç, ÇÒ´ç 亸´Â ´ÙÀ½°ú °°½À´Ã´Ù. [ ³×Æ®¿öÅ© ÇÒ´ç 亸 ] IPv4ÃÖ¼Ò : 61.97.160.0 - 61.97.191.255 (/19) ¼­ºñ½º¸í : JNDINFO ±â°ü¸í : ÃÖ½Äȸ»ç æÀÌ¿£µðÅë½Å ±â°ü°íÀ¯¹øÈ£ : ORG828317 ÃÖ¼Ò : °æ±â ¼ö¿ø½Ã ±Ç¼±±¸ ±Ç¼±µ¿ 1056-11 5Ãþ (ÃÖ)æÀÌ¿£µðÅë½Å ¿ìÆí¹øÈ£ : 441-390 ÇÒ´çÀÃÀÚ : 20090123 [ IPv4ÃÖ¼Ò Ã¥ÀÓÀÚ Ã¤º¸ ] À̸§ : ÀåÇö¿í ÀüÈ­¹øÈ£ : +82-31-226-9399 ÀüÀÚ¿ìÆí : eunsung78[at]hotmail.com [ IPv4ÃÖ¼Ò ´ã´çÀÚ Ã¤º¸ ] À̸§ : 亴¿ì ÀüÈ­¹øÈ£ : +82-31-226-9399 ÀüÀÚ¿ìÆí : eunsung78[at]hotmail.com [ ½ºÆÔ ÇØÅ· ´ã´çÀÚ Ã¤º¸ ] À̸§ : ±è¿µ¼÷ ÀüÈ­¹øÈ£ : +82-31-221-7722 ÀüÀÚ¿ìÆí : eunsung78[at]hotmail.com -------------------------------------------------------------------------------- öȸÇýŠIPv4ÃÖ¼Ò´Â ˤ˂ °ü¸®´ëÇà ÀڷκÎÅà ¾Æ·¡ÀÇ »ç¿ëÀÚ¿¡°Ô ÇÒ´çµÇ¾úÀ¸¸ç, ÇÒ´ç 亸´Â ´ÙÀ½°ú °°½À´Ã´Ù. [ ³×Æ®¿öÅ© ÇÒ´ç 亸 ] IPv4ÃÖ¼Ò : 61.97.176.0 - 61.97.183.255 (/21) ³×Æ®¿öÅ© À̸§ : JCNETWORK-INFRA ±â°ü¸í : ÃÖ½Äȸ»ç æÀÌ¿£µðÅë½Å ±â°ü°íÀ¯¹øÈ£ : ORG828317 ÃÖ¼Ò : °æ±â ¼ö¿ø½Ã ±Ç¼±±¸ ±Ç¼±µ¿ 1056-11 5Ãþ (ÃÖ)æÀÌ¿£µðÅë½Å ¿ìÆí¹øÈ£ : 441-390 ÇÒ´ç³»¿ª µî·ÃÀà : 20090414 °ø°³¿©ºÎ : Y [ ³×Æ®¿öÅ© ´ã´çÀÚ Ã¤º¸ ] À̸§ : 亴¿ì ±â°ü¸í : ÃÖ½Äȸ»ç æÀÌ¿£µðÅë½Å ÃÖ¼Ò : °æ±â ¼ö¿ø½Ã ±Ç¼±±¸ ±Ç¼±µ¿ 1056-11 5Ãþ (ÃÖ)æÀÌ¿£µðÅë½Å ¿ìÆí¹øÈ£ : 441-390 ÀüÈ­¹øÈ£ : +82-31-226-9399 ÀüÀÚ¿ìÆí : comnetjw[at]hanmir.com # ENGLISH KRNIC is not an ISP but a National Internet Registry similar to APNIC. [ Network Information ] IPv4 Address : 61.97.160.0 - 61.97.191.255 (/19) Service Name : JNDINFO Organization Name : JND Communication Organization ID : ORG828317 Address : 1056-11 5F JNDINFO.CO, Gyeonggi-do Gwonseon-dong Zip Code : 441-390 Registration Date : 20090123 [ Admin Contact Information ] Name : jang hyun wook Phone : +82-31-226-9399 E-Mail : eunsung78[at]hotmail.com [ Tech Contact Information ] Name : jung boung woo Phone : +82-31-226-9399 E-Mail : eunsung78[at]hotmail.com [ Network Abuse Contact Information ] Name : kim young-sook Phone : +82-31-221-7722 E-Mail : eunsung78[at]hotmail.com -------------------------------------------------------------------------------- More specific assignment information is as follows. [ Network Information ] IPv4 Address : 61.97.176.0 - 61.97.183.255 (/21) Network Name : JCNETWORK-INFRA Organization Name : JND Communication Organization ID : ORG828317 Address : 1056-11 5F JNDINFO.CO, Gyeonggi-do Gwonseon-dong Zip Code : 441-390 Registration Date : 20090414 Publishes : Y [ Technical Contact Information ] Name : jung boung woo Organization Name : JND Communication Address : 1056-11 5F JNDINFO.CO, Gyeonggi-do Gwonseon-dong Zip Code : 441-390 Phone : +82-31-226-9399 E-Mail : comnetjw[at]hanmir.com - KISA/KRNIC Whois Service -
  8. Spamvertised Website is http:/ /sns-0en.mobi/bq/gyakuen/ Arin redirects to Apnic. Apnic says that the whois administrator is nextwebphil[at]gmail.com which appears to be the spammer. Any suggestions? Edit by SteveT to break URL to avoid inadvertent navigation to spamvertized site.
  9. For IP address 61.97.178.6, apnic redirects to krnic, which gives good results, but spamcop fails to parse them and reports not found
  10. The only thing I can figure is that email address is in the arin/ripe whois records for the spamvertised website's IP address.
  11. See my spam report. http://www.spamcop.net/sc?id=z4724317748zd...06fc9bcba99e21z Spamvertised web site is natural-enlarger.com, 94.63.245.5. Spammer has control of the ripe whois records for that ip and spamcop initially suggests office.john.smith[at]gmail.com ttnnet[at]yahoo.com which are both the spammer. But inexplicably spamcop offers to complain to yahoo! Refreshing has no effect.