Jump to content

Snowbat

Membera
  • Content Count

    160
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Snowbat

  • Rank
    Advanced Member

Profile Information

  • Gender
    Male
  1. 40.74.0.0 - 40.125.127.255 is Microsoft but SpamCop reports 40.78.83.67 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6642045732zc34f39654039de5566045cb551a1d653z Tracking message source: 40.78.83.67: Routing details for 40.78.83.67 [refresh/show] Cached whois for 40.78.83.67 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 40.78.83.67 = fim5.lotesecasasparafamilia.com. (cached) abuse net fim5.lotesecasasparafamilia.com = postmaster@lotesecasasparafamilia.com, postmaster@fim5.lotesecasasparafamilia.com
  2. 13.64.0.0 - 13.107.255.255 is Microsoft but Spamcop reports 13.76.230.92 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6641771792z5771a00ed9c2fa22af1c6b531b432316zTracking message source: 13.76.230.92: Routing details for 13.76.230.92 [refresh/show] Cached whois for 13.76.230.92 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 13.76.230.92 = dizer6.lotesecasasparafamilia.com. (cached) abuse net dizer6.lotesecasasparafamilia.com = postmaster@lotesecasasparafamilia.com, postmaster@dizer6.lotesecasasparafamilia.com Message is 5 hours old
  3. 52.224.0.0-52.255.255.255 is Microsoft but Spamcop reports 52.243.34.34 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6640814149z1c2164e3e761afd7d9d053e0ead1aef0z Tracking message source: 52.243.34.34: Routing details for 52.243.34.34 [refresh/show] Cached whois for 52.243.34.34 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 52.243.34.34 = id1.saudoemprimeirolugarfiqueemcasavendofilmes.com. (cached) abuse net id1.saudoemprimeirolugarfiqueemcasavendofilmes.com = postmaster@saudoemprimeirolugarfiqueemcasavendofilmes.com, postmaster@id1.saudoemprimeirolugarfiqueemcasavendofilmes.com
  4. 13.64.0.0 - 13.107.255.255 is Microsoft but Spamcop reports 13.67.72.254 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6638070882z5bc61e892de0d6008e2b49d86b5592d4z Tracking message source: 13.67.72.254: Routing details for 13.67.72.254 [refresh/show] Cached whois for 13.67.72.254 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 13.67.72.254 = toca8.familiadesucessocsgoooooo.com. (cached) abuse net toca8.familiadesucessocsgoooooo.com = postmaster@familiadesucessocsgoooooo.com, postmaster@toca8.familiadesucessocsgoooooo.com
  5. 52.132.0.0 - 52.143.255.255 is Microsoft but Spamcop reports 52.138.55.160 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6637276977z8c88d696b11a340247839b0d7a9a2c90z Tracking message source: 52.138.55.160: Routing details for 52.138.55.160 [refresh/show] Cached whois for 52.138.55.160 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 52.138.55.160 = user15.pj-santanderesfera.com. (cached) abuse net pj-santanderesfera.com = postmaster@pj-santanderesfera.com
  6. For the last couple of weeks, SpamCop has not been correctly parsing spam from my Hotmail account. Any idea what's going on here? Two days ago, I deleted and reran mailhosts for this service but the problem persists. https://www.spamcop.net/sc?id=z6378762559z9e42c80ad962a6642989b272eaee79eaz https://www.spamcop.net/sc?id=z6378762599z963fee002594ef1c3daff0952e466158z https://www.spamcop.net/sc?id=z6378762629z8baabe40e498cbe86c2260097091518bz https://www.spamcop.net/sc?id=z6378762639ze0cd6e76c908a12c1c8ca5553f342b84z https://www.spamcop.net/sc?id=z6378762644z410c37853971273a9de5f9f27ce6f8e3z https://www.spamcop.net/sc?id=z6378762902z2657a78dda3fef60e268f0981100b651z https://www.spamcop.net/sc?id=z6378762909z6c9d303ab453ac2154f15c00a5679f5az https://www.spamcop.net/sc?id=z6378762912z9d3975fe9be4f7d1c6aae30513c8722fz https://www.spamcop.net/sc?id=z6378762954zc9ad3fff16b35c0f4944d00e3fb863eez https://www.spamcop.net/sc?id=z6378763074z9b67a7250f57077a54fbe03e9fcd595az https://www.spamcop.net/sc?id=z6378763254zb4b48a0dd4f105809f20ede6ecdbf006z https://www.spamcop.net/sc?id=z6378763258z72c3b5dd2ea8860af33f5d3c0257f0c6z https://www.spamcop.net/sc?id=z6378763636z034beb54ac57c50dbf09508daa7ff4c5z https://www.spamcop.net/sc?id=z6378763925z449957c88a851d16252cee9de803b257z https://www.spamcop.net/sc?id=z6378951357z10d1d3e42ae81a1447647881d0d9e017z https://www.spamcop.net/sc?id=z6378951360zf352675756ac2d94503af4b8d321969bz https://www.spamcop.net/sc?id=z6378951467zb021e76dd1332491d92b8e3cd39f1cf9z https://www.spamcop.net/sc?id=z6378954042zfecb1df612b2cbecfb69cb4a2e92c512z https://www.spamcop.net/sc?id=z6378954113zdae910ce6dc7784fedef7b308453eb08z https://www.spamcop.net/sc?id=z6378954169z48b59cbf560c5792d41fbb8e0f1c9410z https://www.spamcop.net/sc?id=z6378954182zdb6fafd7f501cd173eb7dbcd62f506fez https://www.spamcop.net/sc?id=z6378955431ze937e7b255a9db4c853c1f339c5663d6z https://www.spamcop.net/sc?id=z6378955479zfb1ffb94829210c5e66876da6110d418z https://www.spamcop.net/sc?id=z6378955491z6bdb65fab486e93e5de4a0fed6b35bb0z https://www.spamcop.net/sc?id=z6378955496z10f110021ce8ffc0e5c9f30a198bebd8z https://www.spamcop.net/sc?id=z6378956202z2151ed96656ef09afbfbda82b5ba09c1z https://www.spamcop.net/sc?id=z6378956209z74e287b105ff93ad043b1e0fd1f06b4dz https://www.spamcop.net/sc?id=z6378956212zea7c1ea8733cbd45235f93381821b57fz https://www.spamcop.net/sc?id=z6379246945z4d4fa92acc977540ebed5abd01c2f5a9z https://www.spamcop.net/sc?id=z6379246996z00c07466cdb9fd55076080a68ac83ac9z https://www.spamcop.net/sc?id=z6379247042zd4cb115a1c92f198d367fc41348c12c3z https://www.spamcop.net/sc?id=z6379247072zd64fb2dbb49c22a46d0154e02375d0bbz
  7. Relevant: http://krebsonsecurity.com/2015/10/ibm-runs-worlds-worst-spam-hosting-isp/ Reports appear to be going directly to the spammers, not abuse[at]softlayer.com: https://www.spamcop.net/sc?id=z6191170532z028df85cc9922827b02277fed9187609z https://www.spamcop.net/sc?id=z6191170495z5839032c3aaa7681f719ce5870ba5c02z For some reason, SpamCop trusts the contents of the abuse-mailbox field while ignoring RIPE's % Abuse contact for $NETBLOCK is 'abuse[at]softlayer.com' at the top of the whois output.
  8. eg. https://www.spamcop.net/sc?track=189.212.118.239 Assignee uses a gmail address for contact. SpamCop tries to report to Gmail abuse. Reports should go to axtelipmaster[at]gmail.com
  9. Why are reports to Amazon being devnulled? ___ Re: 54.232.123.91 (Administrator of network where email originates) To: email-abuse#amazon.com.[at]devnull.spamcop.net (Notes) To: ec2-abuse[at]amazon.com (refuses to accept this type of report) To: ec2-abuse#amazon.com[at]devnull.spamcop.net (Notes) ___ Re: http://ge.tt/api/1/files/8FO0iO92/0/blob?download (Administrator of network hosting website referenced in spam) To: ec2-abuse[at]amazon.com (refuses to accept this type of report) To: email-abuse#amazon.com.[at]devnull.spamcop.net (Notes) To: ec2-abuse#amazon.com[at]devnull.spamcop.net (Notes) ___ Re: http://cl.ly/ZTua/download/NFE-7386.zip (Administrator of network hosting website referenced in spam) To: ec2-abuse[at]amazon.com (refuses to accept this type of report) To: email-abuse#amazon.com.[at]devnull.spamcop.net (Notes) To: ec2-abuse#amazon.com[at]devnull.spamcop.net (Notes)
  10. APNIC whois: % Information related to '36.56.0.0 - 36.63.255.255' inetnum: 36.56.0.0 - 36.63.255.255 netname: CHINANET-AH descr: CHINANET Anhui province network descr: Data Communication Division descr: China Telecom country: CN admin-c: JW89-AP tech-c: JW89-AP status: ALLOCATED PORTABLE notify: nmc[at]mail.hf.ah.cn remarks: service provider mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-AH mnt-routes: MAINT-CHINANET-AH mnt-irt: IRT-CHINANET-CN changed: hm-changed[at]apnic.net 20110120 source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: anti-spam[at]ns.chinanet.cn.net abuse-mailbox: anti-spam[at]ns.chinanet.cn.net admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered mnt-by: MAINT-CHINANET changed: anti-spam[at]ns.chinanet.cn.net 20101115 source: APNIC person: Jinneng Wang address: 17/F, Postal Building No.120 Changjiang address: Middle Road, Hefei, Anhui, China country: CN phone: +86-551-2659073 fax-no: +86-551-2659287 e-mail: ahdata[at]189.cn nic-hdl: JW89-AP mnt-by: MAINT-CHINANET-AH changed: wang[at]mail.hf.ah.cninfo.net 19990818 changed: hm-changed[at]apnic.net 20140221 source: APNIC SpamCop current: [refresh/show] Cached whois for 36.57.69.228 : wang[at]mail.hf.ah.cninfo.net Using last resort contacts wang[at]mail.hf.ah.cninfo.net wang[at]mail.hf.ah.cninfo.net bounces (360 sent : 186 bounces) Using wang#mail.hf.ah.cninfo.net[at]devnull.spamcop.net for statistical tracking.
  11. RIPE Whois: Abuse contact for '94.100.162.0 - 94.100.162.63' is 'noc[at]alionis.net' SpamCop current: [refresh/show] Cached whois for 94.100.162.23 : pveron[at]cyberbrain.net Using last resort contacts pveron[at]cyberbrain.net pveron[at]cyberbrain.net bounces (7 sent : 6 bounces)
  12. SpamCop: [refresh/show] Cached whois for 114.98.75.238 : wang[at]mail.hf.ah.cninfo.net Using last resort contacts wang[at]mail.hf.ah.cninfo.net wang[at]mail.hf.ah.cninfo.net bounces (360 sent : 186 bounces) Using wang#mail.hf.ah.cninfo.net[at]devnull.spamcop.net for statistical tracking > whois 114.98.75.238 % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '114.96.0.0 - 114.103.255.255' inetnum: 114.96.0.0 - 114.103.255.255 netname: CHINANET-AH descr: CHINANET Anhui PROVINCE NETWORK descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 admin-c: JW89-AP tech-c: JW89-AP country: CN remarks: service provider status: ALLOCATED PORTABLE remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ remarks: This object can only be updated by APNIC hostmasters. remarks: To update this object, please contact APNIC remarks: hostmasters and include your organisation's account remarks: name in the subject line. remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ changed: hm-changed[at]apnic.net 20080516 mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-AH mnt-routes: MAINT-CHINANET-AH source: APNIC person: Jinneng Wang address: 17/F, Postal Building No.120 Changjiang address: Middle Road, Hefei, Anhui, China country: CN phone: +86-551-2659073 fax-no: +86-551-2659287 e-mail: ahdata[at]189.cn nic-hdl: JW89-AP mnt-by: MAINT-CHINANET-AH changed: wang[at]mail.hf.ah.cninfo.net 19990818 changed: hm-changed[at]apnic.net 20140221 source: APNIC
  13. RIPE Whois: % Abuse contact for '62.22.99.0 - 62.22.99.255' is 'abuse[at]es.verizon.com' Using abuse#es.uu.net[at]devnull.spamcop.net for statistical tracking.
  14. Snowbat

    More Ripe access denied

    Here is another: http://www.spamcop.net/sc?action=refreshcm...0whois.ripe.net Cache refresh disabled to avoid rate-limiting of whois servers [refresh cache] $ whois 93.83.16.70[at]whois.ripe.net [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf %ERROR:201: access denied for 184.94.240.95 % % Sorry, access from your host has been permanently % denied because of a repeated excessive querying. % For more information, see % http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-201-access-denied % This query was served by the RIPE Database Query Service version 1.75 (DB-2)
  15. Abuse contact for '85.10.239.32 - 85.10.239.63' is 'abuse[at]hetzner.de' SpamCop currently sending to legal#hospedagemgenial.com.br[at]devnull.spamcop.net (hardwired). Routing details for 85.10.239.42 legal[at]hospedagemgenial.com.br bounces (8 sent : 6 bounces) Using legal#hospedagemgenial.com.br[at]devnull.spamcop.net for statistical tracking.
×