Jump to content

ZapZombie

Members
  • Content Count

    62
  • Joined

  • Last visited

Posts posted by ZapZombie


  1. Since april 30 2017 I no more receive spam reports at the user defined recipient address.

    Trying to fix that, I changed that address in preferences, for which I received and answered a confirmation request. Didn't help to receive spam reports.

    The old and new recipient addresses are receiving email from others.

    Last tracking url https://www.spamcop.net/sc?id=z6377849055ze1a992e61325f997db8211ee975888acz

    Has something changed regarding spam report mailing to user defined recipient address?

    I want reception of the reports back.


  2. Hi,

    I noticed spamcop parser did not find contact address for 95.153.176.109, but using win32whois.exe I saw an address was found at abuse.net, and browsing to ripe.net and searching with B flag on I saw another address.

    Why weren't they found by the parser, even after refreshing cache?

    I thought the parser looks up at ripe.net with -B flag, and when necessary at abuse.net.

    (I filled in the found contact addresses at the parse form)

    Regards,

    ZZ


  3. -------- Original Message --------

    Subject: Re: [spamCop (95.173.182.24) id:5929750459]<x>

    Date: Fri, 29 Mar 2013 10:23:58 +0200

    From: Önder BARUTCU <onder[at]aktifbilisim.net>

    To: ZenZero <5929750459[at]reports.spamcop.net>

    CC: abuse[at]aktifbilisim.net, abuse[at]ni.net.tr, Osman Makal <osman[at]ni.net.tr>

    Hi,

    Thank you for contact us for this abuse.

    95.173.182.24 is not publish our network.

    Please contact to abuse[at]ni.net.tr

    win32whois:

    Checking IP: 95.173.182.24...

    Name: 24fgzj9a.ni.net.tr

    IP: 95.173.182.24

    Domain: ni.net.tr

    Querying root.rwhois.net:4321 for ni.net.tr...

    Can not resolve host 'root.rwhois.net'

    Querying whois.nic.tr for ni.net.tr...

    ** Registrant:

    Netinternet Bilgisayar Telekominükasyon San. ve Tic. Ltd. Þti.

    Muratdede Mh. 356 Sk. No:10 Merkez/Denizli

    Denizli,

    Türkiye

    mailto:osman[at]netinternet.com.tr

    + 90-258-2422472-

    + 90-258-2422473

    ** Administrative Contact:

    NIC Handle : nbt32-metu

    Organization Name : NETÃNTERNET BÃLGÃSAYAR TELEKOMÃNÃœKASYON SANAYà VE TÃCARET LÃMTED ÞÃRKETÃ

    Address : Merkezefendi Mah. Eski Karcýyolu Üzeri No:13

    Merkez Denizli

    Denizli,20125

    Türkiye

    Phone : + 90-258-2646544-

    Fax : + 90-258-2646548

    ** Technical Contact:

    NIC Handle : nbt32-metu

    Organization Name : NETÃNTERNET BÃLGÃSAYAR TELEKOMÃNÃœKASYON SANAYà VE TÃCARET LÃMTED ÞÃRKETÃ

    Address : Merkezefendi Mah. Eski Karcýyolu Üzeri No:13

    Merkez Denizli

    Denizli,20125

    Türkiye

    Phone : + 90-258-2646544-

    Fax : + 90-258-2646548

    ** Billing Contact:

    NIC Handle : nbt32-metu

    Organization Name : NETÃNTERNET BÃLGÃSAYAR TELEKOMÃNÃœKASYON SANAYà VE TÃCARET LÃMTED ÞÃRKETÃ

    Address : Merkezefendi Mah. Eski Karcýyolu Üzeri No:13

    Merkez Denizli

    Denizli,20125

    Türkiye

    Phone : + 90-258-2646544-

    Fax : + 90-258-2646548

    ** Domain Servers:

    nitel-1.ni.net.tr 94.102.0.3

    nitel-2.ni.net.tr 95.173.191.3

    ** Additional Info:

    Created on..............: 2006-Sep-22.

    Expires on..............: 2013-Sep-21.

    Querying whois.arin.net for 95.173.182.24...

    #

    # Query terms are ambiguous. The query is assumed to be:

    # "n 95.173.182.24"

    #

    # Use "?" to get help.

    #

    #

    # The following results may also be obtained via:

    # http://whois.arin.net/rest/nets;q=95.173.1...amp;ext=netref2

    #

    NetRange: 95.0.0.0 - 95.255.255.255

    CIDR: 95.0.0.0/8

    OriginAS:

    NetName: 95-RIPE

    <...>

    Querying whois.ripe.net:43 for 95.173.182.24...

    % This is the RIPE Database query service.

    % The objects are in RPSL format.

    %

    % The RIPE Database is subject to Terms and Conditions.

    % See http://www.ripe.net/db/support/db-terms-conditions.pdf

    % Note: this output has been filtered.

    % To receive output for a database update, use the "-B" flag.

    % Information related to '95.173.182.0 - 95.173.182.255'

    inetnum: 95.173.182.0 - 95.173.182.255

    netname: NETINTERNET

    remarks: INFRA-AW

    descr: Netinternet Bilgisayar ve Telekomunikasyon San. ve Tic. Ltd. Sti.

    country: TR

    admin-c: NLA5-RIPE

    tech-c: NLA5-RIPE

    status: ASSIGNED PA

    mnt-by: MNT-NETINTERNET

    source: RIPE # Filtered

    role: Netinternet LIR Admin

    address: Netinternet Bilgisayar Telekomunikasyon San. ve Tic. Ltd. Sti.

    address: Pamukkale University

    address: Technology Development Zone D Block

    address: 20070 DENIZLI TURKEY

    admin-c: VO160-RIPE

    admin-c: OM575-RIPE

    tech-c: VO160-RIPE

    nic-hdl: NLA5-RIPE

    mnt-by: MNT-NETINTERNET

    source: RIPE # Filtered

    % Information related to '95.173.160.0/19AS51559'

    route: 95.173.160.0/19

    descr: Netinternet Datacenter

    origin: AS51559

    mnt-by: MNT-NETINTERNET

    source: RIPE # Filtered

    % This query was served by the RIPE Database Query Service version 1.58.1 (WHOIS2)

    Querying whois.abuse.net for ni.net.tr...

    mailto:abuse[at]ni.net.tr (for ni.net.tr)

    mailto:abuse[at]aktifbilisim.net (for ni.net.tr)


  4. Today I saw in a spamcop parse report, the prefix part of my email address, my name, in the subject line and the first line of the body of a reported spam message.

    Any suggestions how I can report that spam and still stay anonymous?

    This one time I replaced my name with "<x>" in the email in my inbox file.

    Doesn't feel right. Also takes quite an effort to edit, the inbox file is huge for instance, email program needs closing, password .. etc ..


  5. parser output:

    Tracking message source: 196.32.76.117:

    Display data:

    "whois 196.32.76.117[at]whois.afrinic.net" (Getting contact from whois.afrinic.net)

    Organisation contact e-mail = contact[at]afrinic.net

    Organisation contact e-mail = cto[at]afrinic.net

    team-afrinic = sysadmin[at]afrinic.net

    Lookup ng1-afrinic[at]whois.afrinic.net

    Display data:

    "whois ng1-afrinic[at]whois.afrinic.net" (Getting contact from whois.afrinic.net)

    ng1-afrinic = nishal[at]afrinic.net

    Lookup aa1-afrinic[at]whois.afrinic.net

    Display data:

    "whois aa1-afrinic[at]whois.afrinic.net" (Getting contact from whois.afrinic.net)

    aa1-afrinic = ceo[at]afrinic.net

    whois.afrinic.net 196.32.76.117 = sysadmin[at]afrinic.net, nishal[at]afrinic.net, ceo[at]afrinic.net

    whois: 196.0.0.0 - 196.255.255.255 = sysadmin[at]afrinic.net, nishal[at]afrinic.net, ceo[at]afrinic.net

    Routing details for 196.32.76.117

    Using abuse net on sysadmin[at]afrinic.net

    abuse net afrinic.net = abuse[at]afrinic.net

    Using best contacts abuse[at]afrinic.net

    abuse[at]afrinic.net redirects to abuse#afrinic.net[at]devnull.spamcop.net

    Message is 7 hours old

    Routing details for 196.32.76.117

    De-referencing diveo.net.ar[at]abuse.net

    abuse net diveo.net.ar = postmaster[at]diveo.net.ar, abuse[at]diveo.net

    postmaster[at]diveo.net.ar has expressed an interest in 196.32.76.117

    abuse[at]diveo.net has expressed an interest in 196.32.76.117

    196.32.76.117 not listed in dnsbl.njabl.org ( 127.0.0.8 )

    196.32.76.117 not listed in dnsbl.njabl.org ( 127.0.0.9 )

    196.32.76.117 listed in cbl.abuseat.org ( 1 )

    196.32.76.117 is an open proxy

    196.32.76.117 not listed in accredit.habeas.com

    196.32.76.117 not listed in plus.bondedsender.org

    196.32.76.117 not listed in iadb.isipp.com

    from win32whois, note:

    African Network Information Center NET196 (NET-196-0-0-0-0) 196.0.0.0 - 196.255.255.255

    Latin American and Caribbean IP address Regional Registry LACNIC-ERX-196-32-32-0 (NET-196-32-32-0-1) 196.32.32.0 - 196.32.95.255

    more complete output from win32whois:

    Checking IP: 196.32.76.117...

    Name: 117.76.32.196.skyonline.net

    IP: 196.32.76.117

    Domain: skyonline.net

    Querying root.rwhois.net:4321 for skyonline.net...

    Can not resolve host 'root.rwhois.net'

    Querying whois.crsnic.net for skyonline.net...

    Whois Server Version 2.0

    Domain names in the .com and .net domains can now be registered

    with many different competing registrars. Go to http:/ /www.internic.net

    for detailed information.

    Domain Name: SKYONLINE.NET

    Registrar: NETWORK SOLUTIONS, LLC.

    Whois Server: whois.networksolutions.com

    Referral URL: http:/ /www.networksolutions.com/en_US/

    Name Server: NS1.NETIZEN.COM.AR

    Name Server: NS2.NETIZEN.COM.AR

    Status: clientTransferProhibited

    Updated Date: 18-oct-2011

    Creation Date: 20-may-1999

    Expiration Date: 20-may-2017

    >>> Last update of whois database: Mon, 18 Feb 2013 23:04:29 UTC <<<

    NOTICE: The expiration date displayed <.. deleted lines

    ..>

    The Registry database contains ONLY .COM, .NET, .EDU domains and

    Registrars.

    Querying whois.networksolutions.com for skyonline.net...

    NOTICE AND TERMS OF USE: <.. deleted lines

    ..>

    http:/ /www.networksolutions.com

    Visit AboutUs.org for more information about SKYONLINE.NET

    <a href="http:/ /www.aboutus.org/SKYONLINE.NET">AboutUs: SKYONLINE.NET </a>

    Registrant:

    SkyOnline, Inc.

    8270 Greensboro Drive, Suite 950

    McLean, VA 22102

    US

    Domain Name: SKYONLINE .NET

    ------------------------------------------------------------------------

    Promote your business <.. deleted lines

    ..>

    Administrative Contact, Technical Contact:

    Hevia, Hernan Ricardo mailto:hhevia[at]skyonline.net.ar

    Netizen

    Balcarce 479

    Buenos Aires

    AR

    54-11-5093-5400 fax: 54-11-5093-5470

    Record expires on 20-May-2017.

    Record created on 20-May-1999.

    Database last updated on 18-Feb-2013 17:30:48 EST.

    Domain servers in listed order:

    NS1.NETIZEN.COM.AR

    NS2.NETIZEN.COM.AR

    Querying whois.arin.net for 196.32.76.117...

    #

    # Query terms are ambiguous. The query is assumed to be:

    # "n 196.32.76.117"

    #

    # Use "?" to get help.

    #

    #

    # The following results may also be obtained via:

    # http:/ /whois.arin.net/rest/nets;q=196.32.76.117?showDetails=true&showARIN=false&ext=netref2

    #

    African Network Information Center NET196 (NET-196-0-0-0-0) 196.0.0.0 - 196.255.255.255

    Latin American and Caribbean IP address Regional Registry LACNIC-ERX-196-32-32-0 (NET-196-32-32-0-1) 196.32.32.0 - 196.32.95.255

    #

    # ARIN WHOIS data and services are subject to the Terms of Use

    # available at: https:/ /www.arin.net/whois_tou.html

    #

    Querying whois.abuse.net for skyonline.net...

    mailto:abuse[at]skyonline.net.ar (for skyonline.net)

    mailto:networking[at]skyonline.net.ar (for skyonline.net)

    mailto:monitoreo[at]skyonline.net (for skyonline.net)

    mailto:abuse[at]skyonline.net (for skyonline.net)


  6. How do I safely report missing abuse address in RIPE database?

    From

    http://www.ripe.net/report-form

    I have the impression, that I have to mail to the maintainer, and when the mnt doesn't comply, I can report to RIPE.

    With netname AM-ORANGE-ARMENIA I hesitate to mail the mnt with my own e-mailaddress. Is my fear realistic? What is the safest and best way to report to the mnt address?

    In this case it is about "No reporting addresses found for 46.241.172.8".

    I guess noc[at]orangearmenia.am would be the address to report missing contact address to, and after 3? months no compliance, report to RIPE?

    extsearch.ripe.net/fcgi-bin/whois?searchtext=46.241.172.8&filter_mail=ON

    apps.db.ripe.net/whois/lookup/ripe/mntner/OAR-MNT.html

    say

    inetnum: 46.241.128.0 - 46.241.191.255

    netname: AM-ORANGE-ARMENIA

    descr: Dynamic Pool for 3G Internet subscribers

    country: AM

    admin-c: ALEX101-RIPE

    tech-c: ALEX101-RIPE

    status: ASSIGNED PA

    mnt-by: OAR-MNT

    changed: alexandr.saroyan[at]orange-ftgroup.am 20101224

    source: RIPE

    person: Aleksandr Saroyan

    address: RA, Yerevan, V. Sargsyan str., 7th floor.

    phone: +374

    nic-hdl: ALEX101-RIPE

    mnt-by: OAR-MNT

    changed: alexandr.saroyan[at]orange-ftgroup.am 20091207

    source: RIPE

    mntner: OAR-MNT

    descr: Orange Armenia objects maintainer

    admin-c: ALEX101-RIPE

    upd-to: noc[at]orangearmenia.am

    mnt-nfy: noc[at]orangearmenia.am

    notify: noc[at]orangearmenia.am

    auth: MD5-PW #Filtered

    mnt-by: OAR-MNT

    referral-by: OAR-MNT

    changed: alexandr.saroyan[at]orange-ftgroup.am 20090522

    source: RIPE #Filtered


  7. win32whois http:/ /www.weblinegreatsp.com

    & also for http:/ /www.webgreatgoldensp.com/

    & http:/ /www.weblifegreatsp.com/

    IP: 78.80.111.20

    ..

    Querying whois.ripe.net:43 for 78.80.111.20...

    ..

    % Information related to '78.80.96.0 - 78.80.127.255'

    inetnum: 78.80.96.0 - 78.80.127.255

    netname: TMOBILE-CZECH-ADSL

    descr: xDSL customer network

    country: CZ

    admin-c: HR6606-RIPE

    tech-c: HR6606-RIPE

    status: ASSIGNED PA

    mnt-by: AS13036-MNT

    source: RIPE # Filtered

    role: Hostmaster Radiomobil

    address: T-Mobile Czech Republic a.s.

    address: Tomickova 2144/1

    address: Praha 4

    address: 149 00

    address: Czech Republic

    admin-c: TM2924-RIPE

    tech-c: TM2924-RIPE

    tech-c: TN898-RIPE

    tech-c: JK5069-RIPE

    remarks: --------------------------------------------------

    remarks: In any case of abuse, security or copyright issues

    remarks: please contact:

    abuse-mailbox: mailto:abuse[at]t-mobile.cz

    remarks: --------------------------------------------------

    nic-hdl: HR6606-RIPE

    mnt-by: AS13036-MNT

    source: RIPE # Filtered

    Edit by SteveT (turetzsr) to intentionally break the URL links to avoid accidental navigation to the spamvertized sites.


  8. Now that there was a rollback as mentioned in the announcement of aug 10

    http://forum.spamcop.net/forums/index.php?showforum=39

    when report address is not found by spamcop system, and I find them myself with -B flag or otherwise, I now put them in the user notification field.

    What has spamcop planned to do concerning the -B flag? Is spamcop going to use the -B flag?

    Is it still usefull to post the self with -B flag found report address in this subforum?


  9. found noc[at]kmtn.ru at

    http://extsearch.ripe.net/fcgi-bin/whois?s...;filter_mail=ON

    inetnum: 46.228.104.0 - 46.228.111.255

    netname: KGTS_DIALUP_LEASE

    descr: ADSL OAO KGTS

    country: RU

    admin-c: KN1067-RIPE

    tech-c: KN1067-RIPE

    status: ASSIGNED PA

    mnt-by: kmtn2-mnt

    changed: quicksour[at]gmail.com 20110224

    source: RIPE

    role: Kmtn NOC

    address: 6, Gagarina street

    address: Kostroma city

    address: Russia

    e-mail: noc[at]kmtn.ru

    admin-c: SOUR3-ripe

    tech-c: sour3-ripe

    nic-hdl: KN1067-RIPE

    mnt-by: kmtn2-mnt

    changed: quicksour[at]gmail.com 20100811

    source: RIPE


  10. found admin[at]kerch.com.ua; kodis[at]kerch.com.ua

    at

    http://extsearch.ripe.net/fcgi-bin/whois?s...;filter_mail=ON

    inetnum: 217.175.4.0 - 217.175.7.255

    netname: KERCHNET-PLUS-4

    descr: KerchNET-PLUS-4 Network

    country: UA

    admin-c: SVD29-RIPE

    tech-c: VYP5-RIPE

    remarks: INFRA-AW

    status: ASSIGNED PA

    mnt-by: MNT-MSNET

    mnt-lower: MNT-MSNET

    mnt-routes: MNT-MSNET

    changed: serge.dudin[at]gmail.com 20090114

    source: RIPE

    person: Serge V Dudin

    address: Dubinina, 20

    address: Kerch

    address: Ukraine

    e-mail: admin[at]kerch.com.ua

    phone: +380 65 6161509

    fax-no: +380 65 6161420

    nic-hdl: SVD29-RIPE

    changed: s.dudin[at]kerch.net 20080530

    source: RIPE

    mnt-by: MNT-MSNET

    person: Valery Y Pismennyi

    address: Dubinina, 20

    address: Kerch

    address: Ukraine

    e-mail: kodis[at]kerch.com.ua

    phone: +380 65 6161509

    fax-no: +380 65 6161421

    nic-hdl: VYP5-RIPE

    changed: admin[at]kerch.com.ua 20080529

    source: RIPE

    mnt-by: MNT-MSNET

×