jrr7

Members
  • Content count

    8
  • Joined

  • Last visited

Community Reputation

0 Neutral

About jrr7

  • Rank
    Newbie
  1. I'm trying to report a "work at home" spam (probably money mule recruiting). Spamcop refuses to report it saying there's no date. Actually there is a Date: header, but with a date in the future. My guess is that's confusing spamcop. If I look at the unsubmitted report, it doesn't show that message any more. Why is Spamcop trusting the easily forgeable Date: header? The only definitive time is in the last trusted Received; header Here's the headers:
  2. Doing a proper RIPE query with -B, we find that the recommended address is abuse[at]ncgroup.pl ... but they've been unresponsive, so I suggest also including their upstream, abuse[at]tinet.net
  3. The lookup for 101.101.145.13 shows that reports go to eunsung78[at]hotmail.com which is the spammer. Can we have reports go to the upstream instead? comnetjw[at]hanmir.com found from apnic?
  4. Here's what Spamcop's whois page for the IP says: [whois.krnic.net] query: 61.97.178.6 # KOREAN öȸÇýŠIPv4ÃÖ¼Ò´Â Çѱ¹ÀÎÅóÃÃøÈï¿øÀ¸·ÎºÎÅà ¾Æ·¡ÀÇ °ü¸®´ëÇà ÀÚ¿¡°Ô ÇÒ´çµÇ¾úÀ¸¸ç, ÇÒ´ç 亸´Â ´ÙÀ½°ú °°½À´Ã´Ù. [ ³×Æ®¿öÅ© ÇÒ´ç 亸 ] IPv4ÃÖ¼Ò : 61.97.160.0 - 61.97.191.255 (/19) ¼­ºñ½º¸í : JNDINFO ±â°ü¸í : ÃÖ½Äȸ»ç æÀÌ¿£µðÅë½Å ±â°ü°íÀ¯¹øÈ£ : ORG828317 ÃÖ¼Ò : °æ±â ¼ö¿ø½Ã ±Ç¼±±¸ ±Ç¼±µ¿ 1056-11 5Ãþ (ÃÖ)æÀÌ¿£µðÅë½Å ¿ìÆí¹øÈ£ : 441-390 ÇÒ´çÀÃÀÚ : 20090123 [ IPv4ÃÖ¼Ò Ã¥ÀÓÀÚ Ã¤º¸ ] À̸§ : ÀåÇö¿í ÀüÈ­¹øÈ£ : +82-31-226-9399 ÀüÀÚ¿ìÆí : eunsung78[at]hotmail.com [ IPv4ÃÖ¼Ò ´ã´çÀÚ Ã¤º¸ ] À̸§ : 亴¿ì ÀüÈ­¹øÈ£ : +82-31-226-9399 ÀüÀÚ¿ìÆí : eunsung78[at]hotmail.com [ ½ºÆÔ ÇØÅ· ´ã´çÀÚ Ã¤º¸ ] À̸§ : ±è¿µ¼÷ ÀüÈ­¹øÈ£ : +82-31-221-7722 ÀüÀÚ¿ìÆí : eunsung78[at]hotmail.com -------------------------------------------------------------------------------- öȸÇýŠIPv4ÃÖ¼Ò´Â ˤ˂ °ü¸®´ëÇà ÀڷκÎÅà ¾Æ·¡ÀÇ »ç¿ëÀÚ¿¡°Ô ÇÒ´çµÇ¾úÀ¸¸ç, ÇÒ´ç 亸´Â ´ÙÀ½°ú °°½À´Ã´Ù. [ ³×Æ®¿öÅ© ÇÒ´ç 亸 ] IPv4ÃÖ¼Ò : 61.97.176.0 - 61.97.183.255 (/21) ³×Æ®¿öÅ© À̸§ : JCNETWORK-INFRA ±â°ü¸í : ÃÖ½Äȸ»ç æÀÌ¿£µðÅë½Å ±â°ü°íÀ¯¹øÈ£ : ORG828317 ÃÖ¼Ò : °æ±â ¼ö¿ø½Ã ±Ç¼±±¸ ±Ç¼±µ¿ 1056-11 5Ãþ (ÃÖ)æÀÌ¿£µðÅë½Å ¿ìÆí¹øÈ£ : 441-390 ÇÒ´ç³»¿ª µî·ÃÀà : 20090414 °ø°³¿©ºÎ : Y [ ³×Æ®¿öÅ© ´ã´çÀÚ Ã¤º¸ ] À̸§ : 亴¿ì ±â°ü¸í : ÃÖ½Äȸ»ç æÀÌ¿£µðÅë½Å ÃÖ¼Ò : °æ±â ¼ö¿ø½Ã ±Ç¼±±¸ ±Ç¼±µ¿ 1056-11 5Ãþ (ÃÖ)æÀÌ¿£µðÅë½Å ¿ìÆí¹øÈ£ : 441-390 ÀüÈ­¹øÈ£ : +82-31-226-9399 ÀüÀÚ¿ìÆí : comnetjw[at]hanmir.com # ENGLISH KRNIC is not an ISP but a National Internet Registry similar to APNIC. [ Network Information ] IPv4 Address : 61.97.160.0 - 61.97.191.255 (/19) Service Name : JNDINFO Organization Name : JND Communication Organization ID : ORG828317 Address : 1056-11 5F JNDINFO.CO, Gyeonggi-do Gwonseon-dong Zip Code : 441-390 Registration Date : 20090123 [ Admin Contact Information ] Name : jang hyun wook Phone : +82-31-226-9399 E-Mail : eunsung78[at]hotmail.com [ Tech Contact Information ] Name : jung boung woo Phone : +82-31-226-9399 E-Mail : eunsung78[at]hotmail.com [ Network Abuse Contact Information ] Name : kim young-sook Phone : +82-31-221-7722 E-Mail : eunsung78[at]hotmail.com -------------------------------------------------------------------------------- More specific assignment information is as follows. [ Network Information ] IPv4 Address : 61.97.176.0 - 61.97.183.255 (/21) Network Name : JCNETWORK-INFRA Organization Name : JND Communication Organization ID : ORG828317 Address : 1056-11 5F JNDINFO.CO, Gyeonggi-do Gwonseon-dong Zip Code : 441-390 Registration Date : 20090414 Publishes : Y [ Technical Contact Information ] Name : jung boung woo Organization Name : JND Communication Address : 1056-11 5F JNDINFO.CO, Gyeonggi-do Gwonseon-dong Zip Code : 441-390 Phone : +82-31-226-9399 E-Mail : comnetjw[at]hanmir.com - KISA/KRNIC Whois Service -
  5. Spamvertised Website is http:/ /sns-0en.mobi/bq/gyakuen/ Arin redirects to Apnic. Apnic says that the whois administrator is nextwebphil[at]gmail.com which appears to be the spammer. Any suggestions? Edit by SteveT to break URL to avoid inadvertent navigation to spamvertized site.
  6. For IP address 61.97.178.6, apnic redirects to krnic, which gives good results, but spamcop fails to parse them and reports not found
  7. The only thing I can figure is that email address is in the arin/ripe whois records for the spamvertised website's IP address.
  8. See my spam report. http://www.spamcop.net/sc?id=z4724317748zd...06fc9bcba99e21z Spamvertised web site is natural-enlarger.com, 94.63.245.5. Spammer has control of the ripe whois records for that ip and spamcop initially suggests office.john.smith[at]gmail.com ttnnet[at]yahoo.com which are both the spammer. But inexplicably spamcop offers to complain to yahoo! Refreshing has no effect.