Jump to content

Steve

Membera
 View Profile  See their activity

  • Posts

    127

  • Joined

  • Last visited

 Content Type 

Posts posted by Steve

    Incorrect abuse contact for 119.252.208.33

    in Routing / Report Address Issues

    Posted · Edited by Steve

    https://www.spamcop.net/sc?id=z6801885330z0b793ad26436e8079727cbf024adc44ez

    SC's parser originally determined that pankaj DOT mehta AT hfclconnect DOT com was the last resort abuse contact for this IP address. Upon refreshing the cache, helpdesk AT apnic DOT net and netops AT apnic DOT net show up as the abuse POC. I then queried said IP address on the APNIC site and corenetwork AT digivive DOT com is the correct abuse POC for this IP address.

     
    Quote

     

    Tracking message source: 119.252.208.34:

    Routing details for 119.252.208.34
    [refresh/show] Cached whois for 119.252.208.34 : helpdesk@apnic.net netops@apnic.net
    I refuse to bother helpdesk@apnic.net.

    Using helpdesk#apnic.net@devnull.spamcop.net for statistical tracking.

    I refuse to bother netops@apnic.net.

    Using netops#apnic.net@devnull.spamcop.net for statistical tracking.

    Using last resort contacts netops#apnic.net@devnull.spamcop.net helpdesk#apnic.net@devnull.spamcop.net

     

     

    Domain invalid for 196.171.80.178

    in Routing / Report Address Issues

    Posted

    2 hours ago, Steve said:

    https://www.spamcop.net/sc?id=z6799063828z4aa1c2faaa9b3dd3369aa13d5a019981z

    Is it possible for SC's deputies to update the parser to not display togotelecom DOT ng, togotelecom DOT ng when querying an email to be reported with the above IP Address? Togotelecom DOT tg is the correct domain. Abuse POCs nsoo AT togotelecom DOT ng and mgnalou AT togotelecom DOT ng cannot be found as togotelecom DOT ng is invalid. gbawa AT togotelecom DOT tg   is a valid address. Gmail's mailer-daemon replies with this for both emails:

     

    Received this from the postmaster:

    Quote

    Delivery failed for these recipients or groups:

    mgnalou@togotelecom.tg

    We could not find the email address you entered. Check the recipient's email address and try resending the message. If the problem persists, contact your mail administrator.

     

     

     

     

     

     

     

     

    Diagnostic information for administrators:

    Generation server: LO-MBX04.togocom.int

    mgnalou@togotelecom.tg
    Remote Server returned '550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient not found by SMTP address lookup'

     

    Domain invalid for 196.171.80.178

    in Routing / Report Address Issues

    Posted

    https://www.spamcop.net/sc?id=z6799063828z4aa1c2faaa9b3dd3369aa13d5a019981z

    Is it possible for SC's deputies to update the parser to not display togotelecom DOT ng, togotelecom DOT ng when querying an email to be reported with the above IP Address? Togotelecom DOT tg is the correct domain. Abuse POCs nsoo AT togotelecom DOT ng and mgnalou AT togotelecom DOT ng cannot be found as togotelecom DOT ng is invalid. gbawa AT togotelecom DOT tg   is a valid address. Gmail's mailer-daemon replies with this for both emails:

    Quote

    Address not found

    Your message wasn't delivered to nsoo AT togotelecom DOT ng because the domain togotelecom DOT ng couldn't be found. Check for typos or unnecessary spaces and try again.
    LEARN MORE
    The response was:

    DNS Error: DNS type 'mx' lookup of togotelecom DOT ng responded with code NXDOMAIN Domain name not found: togotelecom DOT ng

    Quote

    Address not found

    Your message wasn't delivered to mgnalou AT togotelecom DOT ng because the domain togotelecom DOT ng couldn't be found. Check for typos or unnecessary spaces and try again.
    LEARN MORE
    The response was:

    DNS Error: DNS type 'mx' lookup of togotelecom DOT ng responded with code NXDOMAIN Domain name not found: togotelecom DOT ng

     

    Incorrect reporting address/whois query for 60.36.166.12

    in Routing / Report Address Issues

    Posted

    https://www.spamcop.net/sc?id=z6798974193z28b88c0ba00dff57ab8934313692034dz

    Manually reported email in tracking link above to abuse AT ocn DOT ad DOT jp and got this response back:

    Quote

    Dear Sir/Madam

    we are sorry to inform you that the IP address you have given us is
    not one that we manage directly.

    if you check this IP address on JPNIC Who is Gateway

    Whois:
    http://whois.nic.ad.jp/cgi-bin/whois_gw?key=60.36.166.12/e


    You will be able to find that this IP address is one owned by PLALA.
    Please contact PLALA for further assistance.


    Thank you for your kind understanding on this matter.

    Sincerely,
    OCN Internet Security Team
    Ikeda
    -----
    OCN Internet Security Team
    E-mail : abuse_support AT ocn DOT ad DOT jp

    Using the JPNIC whois query resulted in the abuse POC being super AT plala DOT or DOT jp. Refreshing the cache doesn't change it. For some reason SC is using APNIC instead of JPNIC to determine the correct abuse POC for this IP address.

    Cache info:

    Quote

    "whois 60.36.166.12 AT whois DOT apnic DOT net" (Getting contact from whois DOT apnic DOT net mirror)
    Display data:
    Abuse address in 'remarks' field: abuse AT ocn DOT ad DOT jp
    Lookup irt-jpnic-jp AT whois DOT apnic DOT net
       "whois irt-jpnic-jp AT whois DOT apnic DOT net" (Getting contact from whois DOT apnic DOT net mirror)
       Display data:
       irt-jpnic-jp =
    whois DOT apnic DOT net found abuse contacts for 60.36.166.12 = abuse AT ocn DOT ad DOT jp
    whois: 60.32.0.0 - 60.47.255.255 = abuse AT ocn DOT ad DOT jp
    Routing details for 60.36.166.12
    Using abuse net on abuse AT ocn DOT ad DOT jp
    abuse net ocn DOT ad DOT jp = abuse AT ocn DOT ad DOT jp
    Using best contacts abuse AT ocn DOT ad DOT jp

     

    Incorrect reporting addresses for IP Address 62.60.160.33

    in Routing / Report Address Issues

    Posted

    On 1/28/2023 at 2:36 AM, petzl said:

    ipdomain[AT]irost[DOT]com is the correct abuse address.

    This is the response from RIPE:

    Quote

    Dear Steve,
     
     
    Thank you for your notification. It appears to us that the address space is related to a different contact. The abuse-mailbox seems to be <ipdomain AT irost.com>
     
    inetnum:        62.60.128.0 - 62.60.255.255
    netname:        IR-IROST-20010613
    country:        IR
    org:            ORG-IROf1-RIPE
    admin-c:        ZC202-RIPE
    tech-c:         ZC202-RIPE
    status:         ALLOCATED PA
    notify:         ipdomain AT irost.com
    mnt-by:         RIPE-NCC-HM-MNT
    mnt-by:         IROST-MNT
    mnt-lower:      IROST-MNT
    mnt-routes:     IROST-MNT
    created:        2002-06-27T09:57:05Z
    last-modified:  2021-04-13T07:06:06Z
    source:         RIPE
     
    The mailbox is valid and in compliance with RIPE policies. Could you please direct your request to the appropriate mailbox <ipdomain AT irost.com>?
     
    Thank you for your cooperation.
     

    Kind regards,
    Xavier Le Bris
    RIPE NCC Senior Internet Analyst

    Maybe the SC deputies can fix this? It now seems like it's a problem on their end when it comes to parsing an email with this range of IP addresses.

    Incorrect reporting addresses for IP Address 62.60.160.33

    in Routing / Report Address Issues

    Posted

    22 hours ago, petzl said:

    Working now? may of been slow in updating cache?

    Nope. Those 2 addresses still show up.

    https://www.spamcop.net/sc?action=rcache;ip=62.60.160.33

     

     
    Quote

     

    Tracking details

    Display data:
    "whois 62.60.160.33@whois.ripe.net" (Getting contact from whois.ripe.net)
    Organisation contact e-mail = ipdomain@irost.com
    zc202-ripe = ipdomain@irost.com
    whois.ripe.net 62.60.160.33 = ipdomain@irost.com
    whois: 62.60.128.0 - 62.60.255.255 = ipdomain@irost.com
    Routing details for 62.60.160.33
    Using abuse net on ipdomain@irost.com
    abuse net irost.com = postmaster AT irost.com ipdomain AT irost.com abuse AT sinet.ir noc AT tehran.sinet.ir abuse AT irost.com sysop AT irost.com
    Using best contacts postmaster AT irost.com ipdomain AT irost.com abuse AT sinet.ir noc AT tehran.sinet.ir abuse AT irost.com sysop AT irost.com

     

    Like I mentioned, I contacted RIPE and opened up a ticket. Hopefully they can fix it on their end

    Incorrect reporting addresses for IP Address 62.60.160.33

    in Routing / Report Address Issues

    Posted

    Tracking link:

    https://www.spamcop.net/sc?id=z6795832424z821565e0fa1c3158becd5694f0f38d57z


     

    Quote

     

    A few POC addresses for the IP address (to report abuse to) listed above (62.60.160.33) are invalid. Those email addresses are below and the error messages that follow from Google's mailer-daemon:

    The first one is noc AT tehran DOT sinet DOT ir (mailer-daemon error below)

    Address not found
    Your message wasn't delivered to noc AT tehran DOT sinet DOT ir because the domain tehran DOT sinet NOT ir couldn't be found. Check for typos or unnecessary spaces and try again.
     

    The response was:

    DNS Error: DNS type 'mx' lookup of tehran DOT sinet DOT ir responded with code NXDOMAIN Domain name not found: tehran DOT sinet DOT tir


    The second one is postmaster AT irost.com (mailer-daemon error below)

    Address not found
    Your message wasn't delivered to postmaster AT irost.com because the address couldn't be found, or is unable to receive mail.
    The response from the remote server was:

    550 <postmaster AT irost.com>, Recipient unknown

     

     

    Refreshing the cache does nothing to update/remove these invalid addresses. I have opened a ticket with RIPE and hopefully they'll get in touch with the ISP to update the addresses in their system so that the SC parser doesn't display them when parsing an email with a similar IP address from this ISP.

    Steve

    Invalid abuse contact for 185.155.96.207

    in Routing / Report Address Issues

    Posted

    https://www.spamcop.net/sc?id=z6787783373z387abf2337df611f7ea63f97322334d7z

     

    Upon sending a report manually to abuse AT linxtelecom DOT net (SC's parser automatically chooses this as the best contact even though abuse AT fairyhosting DOT com is the address that is cached, and refreshing the cache does nothing to help and checking the ripe database doesn't list that abuse address (abuse AT linxtelecom DOT net) as a POC. Gmail's mailer-daemon sends back this error message:

    Quote

    Mail Delivery Subsystem <mailer-daemon@googlemail.com>

     
    		   
    Error Icon

    Address not found

    Your message wasn't delivered to abuse AT linxtelecom DOT net because the domain linxtelecom DOT net couldn't be found. Check for typos or unnecessary spaces and try again.
    The response was:

    DNS Error: DNS type 'mx' lookup of linxtelecom DOT net responded with code NOERROR DNS type 'mx' lookup of linxtelecom DOT net had no relevant answers. DNS type 'aaaa' lookup of linxtelecom DOT net responded with code NOERROR DNS type 'aaaa' lookup of linxtelecom DOT net had no relevant answers. DNS type 'a' lookup of linxtelecom DOT net responded with code NOERROR DNS type 'a' lookup of linxtelecom DOT net had no relevant answers.

     

    Invalid abuse contact for 169.159.69.180

    in Routing / Report Address Issues

    Posted

    23 hours ago, RobiBue said:

    looking at that block, it's an afrinic registered network:

    whois -h whois.afrinic.net '169.159.69.180' 

    inetnum:        169.159.64.0 - 169.159.95.255
netname:        Lagos-core-public
descr:          Smile Telecoms Nigeria- Lagos Core via London
country:        NG
admin-c:        SC6-AFRINIC
tech-c:         SK59-AFRINIC
tech-c:         SC6-AFRINIC
status:         ASSIGNED PA
remarks:        Smile Telecoms Nigeria- Lagos Core
remarks:        Abuse : - Abuse@smilecoms.com
mnt-by:         SMILE-NG-MNT
source:         AFRINIC # Filtered

    Nigeria... why am I not surprised...
    anyway... remarks:        Abuse : - Abuse@smilecoms.com

    BUT: Chopra is in South Africa??? J'burg??? smile communications doesn't even operate there... 

    person:         Sudhir Chopra
address:        Postnet Suite 605
address:        Private Bag X5
address:        Fourways North
address:        2086
address:        South Africa
address:        Johannesburg 2191
address:        South Africa
phone:          tel:+234-812-793-1879
fax-no:         tel:+27-86-677-6750
nic-hdl:        SC6-AFRINIC
mnt-by:         SMILE27-MNT
source:         AFRINIC # Filtered

    and
      

    person:         Sudeep Kumar
address:        39C, Ahmed Onibudo
address:        Off Adeola Hopewell Postal Code 101241
address:        Victoria Island
address:        Lagos
address:        Nigeria
phone:          tel:+234-812-793-1879
nic-hdl:        SK59-AFRINIC
mnt-by:         GENERATED-XPO95DARB1DY22LF7O31GLFGFL7EMLTB-MNT
source:         AFRINIC # Filtered

    what I would do in this case is get in touch through
    https://www.smilecoms.com/contactus

    and also to fix their contacts in whois:afrinic by adding the abuse entry the way it should be done properly.

    Email sent. Now we wait for a possible response from them.

    Steve

    Invalid abuse contact for 169.159.69.180

    in Routing / Report Address Issues

    Posted

    Upon reporting a spam email directly to sudhir DOT chopra AT smilecoms DOT com, Gmail's mailer-daemon sent this back (below tracking url):

     

    Tracking URL:

    https://www.spamcop.net/sc?id=z6782641985z6fcfdce1161d532b048cd7c1433562faz

     

    Address not found

    Your message wasn't delivered to sudhir DOT chopra AT smilecoms DOT com because the address couldn't be found, or is unable to receive mail.
    LEARN MORE
    The response was:

    550 5.1.1 The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/?p=NoSuchUser d20-20020a50f694000000b00459c6133d9fsor1461231edn.45 - gsmtp

    No reporting address found for 137.255.9.1

    in Routing / Report Address Issues

    Posted · Edited by Steve
    fixed typo

    SC was unable to find an abuse contact for this IP address: 137.255.9.1 (refreshed the page several times to no avail)

    https://www.spamcop.net/sc?id=z6780972518zd0f4fe4a93ba1e135f54561594a19278z

     

    Upon running a query with whois.domaintools.com, this is the result:

    I will attempt to report the email manually and see if action is taken (doubtful though).

    benintelecom.jpg

    Incorrect abuse contact for IP address 93.95.8.245

    in Routing / Report Address Issues

    Posted · Edited by Steve

    Abuse contact for this IP address (93.95.8.245) is incorrect. Reporting it manually results in this error (Gmail's mailer-daemon generated this message):

    Quote

     

     

    Address not found

    Your message wasn't delivered to care AT rockford-uk DOT com because the address couldn't be found, or is unable to receive mail.
     

    The response from the remote server was:

    550 Invalid Recipient - https://community.mimecast.com/docs/DOC-1369#550 [Z3Lk0s6NOtqyXwijmI0ktw.uk311]

     

     

    Tracking link:

    https://www.spamcop.net/sc?id=z6778010872z9334d0c1ca57baed7dedbb610787c019z

     

    SC's parser provides this result (cannot refresh/show updated contact) :

     
    Quote

     

    Tracking message source: 93.95.8.245:

    Routing details for 93.95.8.245
    Reports disabled for care AT rockford-uk DOT com

    Using care#rockford-uk.com AT devnull DOT spamcop DOT net for statistical tracking.

    Report routing for 93.95.8.245: care#rockford-uk DOT com AT devnull DOT spamcop DOT net

     

    This is the result of viewing the routing details:

     
    Quote

     

    Reports routes for 93.95.8.245:

    routeid: 58230161 93.95.8.0 - 93.95.8.255 to: care AT rockford-uk DOT com
    Administrator interested in all reports

    4/13/2010, 4:13:40 PM -0400
    [Note added by 206.207.78.146 (host-206-207-78-146.ns1.spro.net)]
    Per their instructions.
    - Don -

     

     

    The RIPE database lists this as the correct abuse contact:

    Responsible organisation: SysGroup plc
    Abuse contact info: abuse AT sysgroup DOT com

     

    Reporting it manually to this address (below) results in this error message from the mailer-daemon:

    Quote

     

     

    Message blocked

    Your message to abuse AT sysgroup DOT com has been blocked. See technical details below for more information.
     

    The response from the remote server was:

     

    554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [kSLDqmffPQ2Q8HERuMc1ew.uk138]

     

    I found an alternate email address, but unfortunately the same result occurs:

     
    Quote

     

    Message blocked

    Your message to matt DOT collier AT sysgroup DOT com has been blocked. See technical details below for more information.
     

    The response from the remote server was:

    554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [UxPN9jubPfKPbNhJ6C3xgg.uk311]

     

     

     

    Gmail spam from Russia?

    in SpamCop Reporting Help

    Posted

    Is it just me or is anyone else getting spam from bogus Gmail addresses written in Cyrillic with Google Docs links?

     

    Here's the tracking link to one of several that I've received and reported via SC and Google's Abuse form:

    https://www.spamcop.net/sc?id=z6773291485zb6dee018efc508be52eaf97981626da8z

    Quote

    Доброго времени суток, офисный планктон и неадекватные начальники
    стоят вам поперек горла? Тогда просто начните работать на себя в
    интернете, как я вам покажу. С уважением, Эмили. Подробности тут:
    https://docs.google.com/presentation/d/e/2PACX-1vQicFa3hQ7TfgVXuhhJMIOJ0FJUlDBf8Ixtky6JhG31eumxtgnhjkexIKp6AjpAHvp7QutPe70LLgyz/pub

    All the links alternate between 3 presentations which I report to Google. This particular email referenced above came from adabter AT gmail DOT com. I've been receiving emails like this over the past few days.

     

    Steve

    Incorrect abuse contact for 103.148.163.208

    in Routing / Report Address Issues

    Posted

    Upon querying this IP address with a WHOIS and also contacting the abuse address that SC generated when parsing the spam after manually reporting it to that address (abuse AT heficed DOT com) they, (specifically Abuse Prevention Specialist Ieva B. at ipxo), have informed me that they do not manage said IP address.

     

    Here is the tracking URL for the spam email:

    https://www.spamcop.net/sc?id=z6758689956z002ed90f7b5cc4c3e9f59f43073a038d

    Refreshing the cache for the abuse address does not update it.

     

    Original email when I reported the spam email. This is their reply:

    Quote

     

    Hello,

    Thank you for reporting the issue.

    Please be advised, that we do not manage the IP address you have provided.
    Please instead reach out to abuse AT obhost DOT org. (modified here to prevent spambots. @ and . are present in original email)

     

    Kind regards,
     
    Ieva B. 
    Abuse Prevention Specialist

     

     
     
    2nd reply from them after inquiring about them managing said IP address:
     
     
    Quote

     

    You can see in the whois that the IP Address is not in our system. 
     
     
    Kind regards,
     
    Ieva B. 
    Abuse Prevention Specialist

     

     

     

    AsY7VKOrcI.thumb.png.2455b56169bc6f3d7bce9fe76a129c1f.png

     

    According to ipxo, the correct abuse address for this IP/IP range is abuse AT obhost DOT org. SC deputies should update the abuse address in the system to reflect the change for any future reports submitted through SC.

     

    Steve

    Incorrect abuse contact for IP address 90.191.170.112

    in Routing / Report Address Issues

    Posted

    Sent a spam email through SC and abuse contact was listed as abuse AT estpak DOT ee. Reports to that address are disabled according to the tracking link and reports are sent to abuse AT estpak DOT ee AT devnull DOT spamcop DOT net.  Correct abuse address should be updated to abuse AT telia DOT ee (upon querying IP address). Error message I received after attempting to manually report spam to abuse AT estpak DOT ee is below:

    https://www.spamcop.net/sc?id=z6745164309z8dcefbc83bb3646463bbcfc13d03c032z

     

     

    Quote

     

    postmaster AT telia DOT ee 

    		     
     

    Delivery to these recipients or groups failed:

    abuse@estpak.ee

    The email address you entered was not found. Please check the recipient's email address and try sending the message again. If the problem persists, contact your email administrator.

     

     

     

     

    Anyone get this kind of error occasionally while reporting spam to SC?

    in SpamCop Reporting Help

    Posted

    Anyone get this type of error while reporting spam to SC? When I check my past reports, it says it was submitted, so I'm not sure why this happens.

     

    Steve

    https://www.spamcop.net/sc?id=z6728573791za6df83ec1940cd26a31661f752517689z

    Quote

    Can't send report: smtpEnvelope (7148948752.ee1efc3fATbouncesDOTspamcopDOTnet, abuseAThostkeyDOTnl): smtpFrom: mail From 7148948752.ee1efc3fATbouncesDOTspamcopDOTnet: error (452 #4.3.1 temporary system error (12) )

     

    No reporting address found for 209.85.220.65

    in Routing / Report Address Issues

    Posted

    21 minutes ago, RobiBue said:

    The problem is that abuse@google.com bounces (25774 sent : 16690 bounces) and that's why SC comes back with "no reporting address"

    If you want to report to google, you have to report manually through your email and not through SC....

    I am thinking that those bounces created SC's latest submission hiccups.

    Like I said, I also report the emails through the form on this site: https://support.google.com/mail/contact/abuse?hl=en&rd=1

    No reporting address found for 209.85.220.65

    in Routing / Report Address Issues

    Posted

    Is anyone having a problem reporting Gmail spam? The last 2 Gmail spams I've received have had SC come back with No reporting addresses found for 209.85.220.65, using devnull for tracking. I alternatively report the spam ton this site: https://support.google.com/mail/contact/abuse?hl=en&rd=1

    Here's the tracking URL:

    https://www.spamcop.net/sc?id=z6723876118z2316e05022f73d38d77598da3bc5f84fz

    Steve

×
×
  • Create New...