Jump to content

mrmaxx

Memberp
  • Content Count

    820
  • Joined

  • Last visited

Everything posted by mrmaxx

  1. That works. I just wanna make sure someone is notified.
  2. The track is correct, however, SpamCop says "No reporting address found" for the spamvertised site, http://firearm[dot]incla[dot]ru/
  3. Tracking URL: http://www.spamcop.net/sc?id=z5638941293za...fffdbb5b600fc9z Traceroute shows that HE.NET is upstream from ScalableDNS. Perhaps we could copy them? Also, admin[at]scalabledns.com is the tech & admin contact from their ARIN.NET registration.
  4. mrmaxx

    spammer determined to hide their URL

    New twist -- they are going from Twitter to Microsoft Translator to Bitly and then on to the "real" URL. I've had two of these today, both of which went to http://clrscrte[dot]com/ Manually reported the end URL as well as the Twitter URL, for all the good it's likely to do.
  5. tracking url: http://www.spamcop.net/sc?id=z5702824137z3...b9230d5990d076z Abuse Contact (per stat.ripe.net): ripe[at]rt.ru
  6. Tracking URL: http://www.spamcop.net/sc?id=z5702657744z3...fe4919b2572ca1z Per RIPESTAT, abuse contact: bb_isp[at]bh.zain.com
  7. Correct. Security[at]bora.net and abuse[at]bora.net are who SpamCop usually informs when sending to either of them.
  8. Tracking URL: http://www.spamcop.net/sc?id=z5678061979zb...6aec02fe0d0130z Per http://whois.nic.or.kr/eng/ the abuse contact for 211.180.0.0/15 is abuse[at]bora.net. This IP range belongs to LGUPLUS.CO.KR, and we could also notify IPADM[at]LGUPLUS.CO.KR if we wanted to let the actual host know.
  9. Tracking URL: http://www.spamcop.net/sc?id=z5678061983z3...b7da6498565b55z For IP range 157.232.0.0/16 why don't we contact the upstream, Hostwinds -- abuse[at]hostwinds.com???
  10. Tracking URL: http://www.spamcop.net/sc?id=z5632489121z1...7f605f99d45803z SpamCop appears not to be able to talk to RipeStat and get the abuse contact information. For 193.19.76.0/23, the abuse contact is abuse[at]completel.fr
  11. Yeah. I usually check RIPE whois and RIPESTAT both. Sometimes even if there is an abuse contact in the RIPE whois, they will show a different abuse contact in RIPESTAT, which I find interesting. If neither of those works, or if the suggested RIPE/RIPESTAT contact is no good to SpamCop, I'll often do a traceroute and try to find the first hop above the host and complain to them. There's been a couple times I"d have to go three or four hops upstream to report and I figure by that time, there's no use reporting and I'll just have to let SC report to /DEV/NULL
  12. Tracking URL: http://www.spamcop.net/sc?id=z5661454325z5...f2a7bf6cae87aaz netblock 178.217.184.0/21 is registered to HOSTEAM.PL Contacts: postmaster[at]hosteam.pl noc[at]hosteam.pl
  13. Tracking URL:http://www.spamcop.net/sc?id=z5661454320z71158b155a0f288e9858131cd1b3bb99z 109.162.32.0/20 is registered to kyivstar.net. Per Abuse.net and SpamCop, the reporting addresses are: hostmaster[at]kyivstar.net abuse[at]kyivstar.net postmaster[at]kyivstar.net noc[at]kyivstar.net
  14. Tracking URL: http://www.spamcop.net/sc?id=z5661286490z7...d325d7ae2e55f1z 139.150.0.0/16 belongs to KINX.NET. Reports should be sent to: noc[at]kinx.net spamcop[at]kisa.or.kr spamrelay[at]certcc.or.kr cert[at]krcert.or.kr
  15. Tracking URL: http://www.spamcop.net/sc?id=z5654075167z9...6d63d58d2fbf8ez Per RIPE, this belongs to Center of Information Resources and Communications in Belarus. The abuse contact is ab[at]netland.by
  16. I've noticed that sometimes the "abuse" address in the whois info and the abuse contact provided by RipeStat are different. Not sure if this is the case, but I was going directly to RIPE's website, so that would seem to be the "authoritative" person, unless the IP address is portable and has a new host.
  17. Tracking URL: http://www.spamcop.net/sc?id=z5652201809z3...f1c55cf5304ab2z Per RIPE, 31.6.8.0 - 31.6.9.255 is allocated to YHC-NET-CUST-2 and the abuse contact is noc[at]phgmt.com
  18. Tracking URL: http://www.spamcop.net/sc?id=z5651936072z3...2caba65960c1bfz (probably not much help as this is a spamvertised URL that SpamCop can't resolve) Spamvertised URL: http://dimly. yfhsrnhz. in/ (URL broken) which resolves to IP 109.201.133.58. That IP belongs to NForce, and spam complaints bounce to postmaster and abuse. Can we also try "administration[at]nforce.com" or "noc[at]nforce.com"? Also, p.taks[at]nforce.com and j.huybrechts[at]nforce.com are admin contacts. Alternatively, we can notify Cogentco and NTT as they are upstream from NFORCE.
  19. tracking url: http://www.spamcop.net/sc?id=z5651933954z8...d66d9bb4a4b242z Per RIPE, 195.53.0.0/16 is registered to COLEGIO OFICIAL DE ARQUITECTOS DE EXTREMADURA, and the reporting address is nemesys[at]telefonica.es
  20. yes, thanks. I must have lost the "1" when I copied the netblock from RIPE.
  21. Tracking URL: http://www.spamcop.net/sc?id=z5647822699z7...2d2e1840536cb0z Per RIPE, 188.249.160.0/21 belongs to Etihad Atheeb Telecom Company and the reporting address is a.aldakhil[at]go.com.sa (thanks, Richard7310 for catching that I lost the "1")
  22. Tracking URL: http://www.spamcop.net/sc?id=z5649791536z5...32d302c4ebb105z Per Ripestat, the abuse address is ghobadi[at]itc.ir for netblock 2.180.112.0/20
  23. Tracking URL: http://www.spamcop.net/sc?id=z5647754143z6...3893f893c1eae0z First problem, SpamCop could not convert host name to an IP. SpamCop said http://bookkeeper. uovprwhc. in/ (link broken) was not a valid IP. Pasting that URL into http://www.hcidata.info/host2ip.cgi results in an IP of 178.217.186.96. Second problem, SpamCop is still having problems resolving RIPE contacts. According to RIPE, 178.217.184.0/21 is registered to hosteam.pl. According to abuse.net, the abuse contacts are: abuse[at]hosteam.pl and noc[at]hosteam.pl. That being said, when I tried to use SpamCop to look up the contacts, the firewall at work blocked the lookup stating that hosteam.pl is essentially a known "bad" site. Perhaps their upstream (looks like maybe EU.LEVEL3.NET and COGENTCO would be better contacts.
  24. Tracking URL: http://www.spamcop.net/sc?id=z5638059545ze...7d45d63d485aabz message source: 37.46.249.32 -- According to RIPE, the only contact email is ripe_box[at]yahoo.com Spamvertised URL IP: 195.20.194.6 -- According to RIPE, the Tech and Admin contacts are: andrey[at]mit.ru. shtirlitsus[at]mit.ru
  25. Tracking URL: http://www.spamcop.net/sc?id=z5636028103z1...1fe572fa065278z Per WHOIS.ARIN.NET (http://whois.arin.net/rest/net/NET-64-87-0-0-1/pft), the correct NETWORK POCs are as follows: noc[at]americanis.net, routing[at]americanis.net, abuse[at]americanis.net Recommend using the "Network" POCs.
×