Jump to content

Snowbat

Membera
  • Content Count

    157
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Snowbat

  • Rank
    Advanced Member

Profile Information

  • Gender
    Male
  1. 13.64.0.0 - 13.107.255.255 is Microsoft but Spamcop reports 13.67.72.254 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6638070882z5bc61e892de0d6008e2b49d86b5592d4z Tracking message source: 13.67.72.254: Routing details for 13.67.72.254 [refresh/show] Cached whois for 13.67.72.254 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 13.67.72.254 = toca8.familiadesucessocsgoooooo.com. (cached) abuse net toca8.familiadesucessocsgoooooo.com = postmaster@familiadesucessocsgoooooo.com, postmaster@toca8.familiadesucessocsgoooooo.com
  2. 52.132.0.0 - 52.143.255.255 is Microsoft but Spamcop reports 52.138.55.160 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6637276977z8c88d696b11a340247839b0d7a9a2c90z Tracking message source: 52.138.55.160: Routing details for 52.138.55.160 [refresh/show] Cached whois for 52.138.55.160 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 52.138.55.160 = user15.pj-santanderesfera.com. (cached) abuse net pj-santanderesfera.com = postmaster@pj-santanderesfera.com
  3. For the last couple of weeks, SpamCop has not been correctly parsing spam from my Hotmail account. Any idea what's going on here? Two days ago, I deleted and reran mailhosts for this service but the problem persists. https://www.spamcop.net/sc?id=z6378762559z9e42c80ad962a6642989b272eaee79eaz https://www.spamcop.net/sc?id=z6378762599z963fee002594ef1c3daff0952e466158z https://www.spamcop.net/sc?id=z6378762629z8baabe40e498cbe86c2260097091518bz https://www.spamcop.net/sc?id=z6378762639ze0cd6e76c908a12c1c8ca5553f342b84z https://www.spamcop.net/sc?id=z6378762644z410c37853971273a9de5f9f27ce6f8e3z https://www.spamcop.net/sc?id=z6378762902z2657a78dda3fef60e268f0981100b651z https://www.spamcop.net/sc?id=z6378762909z6c9d303ab453ac2154f15c00a5679f5az https://www.spamcop.net/sc?id=z6378762912z9d3975fe9be4f7d1c6aae30513c8722fz https://www.spamcop.net/sc?id=z6378762954zc9ad3fff16b35c0f4944d00e3fb863eez https://www.spamcop.net/sc?id=z6378763074z9b67a7250f57077a54fbe03e9fcd595az https://www.spamcop.net/sc?id=z6378763254zb4b48a0dd4f105809f20ede6ecdbf006z https://www.spamcop.net/sc?id=z6378763258z72c3b5dd2ea8860af33f5d3c0257f0c6z https://www.spamcop.net/sc?id=z6378763636z034beb54ac57c50dbf09508daa7ff4c5z https://www.spamcop.net/sc?id=z6378763925z449957c88a851d16252cee9de803b257z https://www.spamcop.net/sc?id=z6378951357z10d1d3e42ae81a1447647881d0d9e017z https://www.spamcop.net/sc?id=z6378951360zf352675756ac2d94503af4b8d321969bz https://www.spamcop.net/sc?id=z6378951467zb021e76dd1332491d92b8e3cd39f1cf9z https://www.spamcop.net/sc?id=z6378954042zfecb1df612b2cbecfb69cb4a2e92c512z https://www.spamcop.net/sc?id=z6378954113zdae910ce6dc7784fedef7b308453eb08z https://www.spamcop.net/sc?id=z6378954169z48b59cbf560c5792d41fbb8e0f1c9410z https://www.spamcop.net/sc?id=z6378954182zdb6fafd7f501cd173eb7dbcd62f506fez https://www.spamcop.net/sc?id=z6378955431ze937e7b255a9db4c853c1f339c5663d6z https://www.spamcop.net/sc?id=z6378955479zfb1ffb94829210c5e66876da6110d418z https://www.spamcop.net/sc?id=z6378955491z6bdb65fab486e93e5de4a0fed6b35bb0z https://www.spamcop.net/sc?id=z6378955496z10f110021ce8ffc0e5c9f30a198bebd8z https://www.spamcop.net/sc?id=z6378956202z2151ed96656ef09afbfbda82b5ba09c1z https://www.spamcop.net/sc?id=z6378956209z74e287b105ff93ad043b1e0fd1f06b4dz https://www.spamcop.net/sc?id=z6378956212zea7c1ea8733cbd45235f93381821b57fz https://www.spamcop.net/sc?id=z6379246945z4d4fa92acc977540ebed5abd01c2f5a9z https://www.spamcop.net/sc?id=z6379246996z00c07466cdb9fd55076080a68ac83ac9z https://www.spamcop.net/sc?id=z6379247042zd4cb115a1c92f198d367fc41348c12c3z https://www.spamcop.net/sc?id=z6379247072zd64fb2dbb49c22a46d0154e02375d0bbz
  4. Relevant: http://krebsonsecurity.com/2015/10/ibm-runs-worlds-worst-spam-hosting-isp/ Reports appear to be going directly to the spammers, not abuse[at]softlayer.com: https://www.spamcop.net/sc?id=z6191170532z028df85cc9922827b02277fed9187609z https://www.spamcop.net/sc?id=z6191170495z5839032c3aaa7681f719ce5870ba5c02z For some reason, SpamCop trusts the contents of the abuse-mailbox field while ignoring RIPE's % Abuse contact for $NETBLOCK is 'abuse[at]softlayer.com' at the top of the whois output.
  5. eg. https://www.spamcop.net/sc?track=189.212.118.239 Assignee uses a gmail address for contact. SpamCop tries to report to Gmail abuse. Reports should go to axtelipmaster[at]gmail.com
  6. Why are reports to Amazon being devnulled? ___ Re: 54.232.123.91 (Administrator of network where email originates) To: email-abuse#amazon.com.[at]devnull.spamcop.net (Notes) To: ec2-abuse[at]amazon.com (refuses to accept this type of report) To: ec2-abuse#amazon.com[at]devnull.spamcop.net (Notes) ___ Re: http://ge.tt/api/1/files/8FO0iO92/0/blob?download (Administrator of network hosting website referenced in spam) To: ec2-abuse[at]amazon.com (refuses to accept this type of report) To: email-abuse#amazon.com.[at]devnull.spamcop.net (Notes) To: ec2-abuse#amazon.com[at]devnull.spamcop.net (Notes) ___ Re: http://cl.ly/ZTua/download/NFE-7386.zip (Administrator of network hosting website referenced in spam) To: ec2-abuse[at]amazon.com (refuses to accept this type of report) To: email-abuse#amazon.com.[at]devnull.spamcop.net (Notes) To: ec2-abuse#amazon.com[at]devnull.spamcop.net (Notes)
  7. APNIC whois: % Information related to '36.56.0.0 - 36.63.255.255' inetnum: 36.56.0.0 - 36.63.255.255 netname: CHINANET-AH descr: CHINANET Anhui province network descr: Data Communication Division descr: China Telecom country: CN admin-c: JW89-AP tech-c: JW89-AP status: ALLOCATED PORTABLE notify: nmc[at]mail.hf.ah.cn remarks: service provider mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-AH mnt-routes: MAINT-CHINANET-AH mnt-irt: IRT-CHINANET-CN changed: hm-changed[at]apnic.net 20110120 source: APNIC irt: IRT-CHINANET-CN address: No.31 ,jingrong street,beijing address: 100032 e-mail: anti-spam[at]ns.chinanet.cn.net abuse-mailbox: anti-spam[at]ns.chinanet.cn.net admin-c: CH93-AP tech-c: CH93-AP auth: # Filtered mnt-by: MAINT-CHINANET changed: anti-spam[at]ns.chinanet.cn.net 20101115 source: APNIC person: Jinneng Wang address: 17/F, Postal Building No.120 Changjiang address: Middle Road, Hefei, Anhui, China country: CN phone: +86-551-2659073 fax-no: +86-551-2659287 e-mail: ahdata[at]189.cn nic-hdl: JW89-AP mnt-by: MAINT-CHINANET-AH changed: wang[at]mail.hf.ah.cninfo.net 19990818 changed: hm-changed[at]apnic.net 20140221 source: APNIC SpamCop current: [refresh/show] Cached whois for 36.57.69.228 : wang[at]mail.hf.ah.cninfo.net Using last resort contacts wang[at]mail.hf.ah.cninfo.net wang[at]mail.hf.ah.cninfo.net bounces (360 sent : 186 bounces) Using wang#mail.hf.ah.cninfo.net[at]devnull.spamcop.net for statistical tracking.
  8. RIPE Whois: Abuse contact for '94.100.162.0 - 94.100.162.63' is 'noc[at]alionis.net' SpamCop current: [refresh/show] Cached whois for 94.100.162.23 : pveron[at]cyberbrain.net Using last resort contacts pveron[at]cyberbrain.net pveron[at]cyberbrain.net bounces (7 sent : 6 bounces)
  9. SpamCop: [refresh/show] Cached whois for 114.98.75.238 : wang[at]mail.hf.ah.cninfo.net Using last resort contacts wang[at]mail.hf.ah.cninfo.net wang[at]mail.hf.ah.cninfo.net bounces (360 sent : 186 bounces) Using wang#mail.hf.ah.cninfo.net[at]devnull.spamcop.net for statistical tracking > whois 114.98.75.238 % [whois.apnic.net] % Whois data copyright terms http://www.apnic.net/db/dbcopyright.html % Information related to '114.96.0.0 - 114.103.255.255' inetnum: 114.96.0.0 - 114.103.255.255 netname: CHINANET-AH descr: CHINANET Anhui PROVINCE NETWORK descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 admin-c: JW89-AP tech-c: JW89-AP country: CN remarks: service provider status: ALLOCATED PORTABLE remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ remarks: This object can only be updated by APNIC hostmasters. remarks: To update this object, please contact APNIC remarks: hostmasters and include your organisation's account remarks: name in the subject line. remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+ changed: hm-changed[at]apnic.net 20080516 mnt-by: APNIC-HM mnt-lower: MAINT-CHINANET-AH mnt-routes: MAINT-CHINANET-AH source: APNIC person: Jinneng Wang address: 17/F, Postal Building No.120 Changjiang address: Middle Road, Hefei, Anhui, China country: CN phone: +86-551-2659073 fax-no: +86-551-2659287 e-mail: ahdata[at]189.cn nic-hdl: JW89-AP mnt-by: MAINT-CHINANET-AH changed: wang[at]mail.hf.ah.cninfo.net 19990818 changed: hm-changed[at]apnic.net 20140221 source: APNIC
  10. RIPE Whois: % Abuse contact for '62.22.99.0 - 62.22.99.255' is 'abuse[at]es.verizon.com' Using abuse#es.uu.net[at]devnull.spamcop.net for statistical tracking.
  11. Snowbat

    More Ripe access denied

    Here is another: http://www.spamcop.net/sc?action=refreshcm...0whois.ripe.net Cache refresh disabled to avoid rate-limiting of whois servers [refresh cache] $ whois 93.83.16.70[at]whois.ripe.net [whois.ripe.net] % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf %ERROR:201: access denied for 184.94.240.95 % % Sorry, access from your host has been permanently % denied because of a repeated excessive querying. % For more information, see % http://www.ripe.net/data-tools/db/faq/faq-db/why-did-you-receive-the-error-201-access-denied % This query was served by the RIPE Database Query Service version 1.75 (DB-2)
  12. Abuse contact for '85.10.239.32 - 85.10.239.63' is 'abuse[at]hetzner.de' SpamCop currently sending to legal#hospedagemgenial.com.br[at]devnull.spamcop.net (hardwired). Routing details for 85.10.239.42 legal[at]hospedagemgenial.com.br bounces (8 sent : 6 bounces) Using legal#hospedagemgenial.com.br[at]devnull.spamcop.net for statistical tracking.
  13. Nic.br: inetnum: 186.233.144/21 aut-num: AS262790 abuse-c: CSL287 <<<< ... nic-hdl-br: CSL287 person: Central Server Inform�tica Ltda e-mail: registro[at]centralserver.com.br created: 20020130 changed: 20140414
  14. Abuse contact for '194.165.26.0 - 194.165.27.255' is 'tiger.net.abuse[at]gmail.com' Routing details for 194.165.27.150 [refresh/show] Cached whois for 194.165.27.150 : tiger.net.resources[at]gmail.com Using abuse net on tiger.net.resources[at]gmail.com abuse net gmail.com = gmail-abuse[at]google.com Using best contacts gmail-abuse[at]google.com Reports disabled for gmail-abuse[at]google.com Using gmail-abuse#google.com[at]devnull.spamcop.net for statistical tracking.
  15. Tracking message source: 200.186.136.163: Routing details for 200.186.136.163 abuse[at]gblx.net bounces (99 sent : 99 bounces) Using abuse#gblx.net[at]devnull.spamcop.net for statistical tracking. Reports disabled for abuse[at]impsat.com.br Using abuse#impsat.com.br[at]devnull.spamcop.net for statistical tracking. Report routing for 200.186.136.163: mail-abuse[at]cert.br, abuse#gblx.net[at]devnull.spamcop.net, abuse#impsat.com.br[at]devnull.spamcop.net Message is 18 hours old Routing details for 200.186.136.163 mail-abuse[at]cert.br has expressed an interest in 200.186.136.163 200.186.136.163 not listed in cbl.abuseat.org 200.186.136.163 listed in dnsbl.sorbs.net ( 1 ) 200.186.136.163 not listed in accredit.habeas.com 200.186.136.163 not listed in plus.bondedsender.org 200.186.136.163 not listed in iadb.isipp.com whois -h whois.nic.br 200.186.136.163 abuse-c field indicates the current reporting address for 200.186/16 is abuse[at]level3.com. There is a manual route addition above from 2007 to add mail-abuse[at]cert.br - perhaps this is preventing a cache refresh? whois -h whois.nic.br 200.186.136.163 inetnum: 200.186/16 aut-num: AS11415 abuse-c: LEACO68 owner: GLOBAL CROSSING COMUNICA��ES DO BRASIL LTDA. ... nic-hdl-br: LEACO68 person: Level 3 Abuse Contact e-mail: abuse[at]level3.com created: 20120326 changed: 20120327
×