Jump to content
Sign in to follow this  
jrr7

[Resolved] 94.63.245.5 going to wrong place

Recommended Posts

See my spam report.

http://www.spamcop.net/sc?id=z4724317748zd...06fc9bcba99e21z

Spamvertised web site is natural-enlarger.com, 94.63.245.5.

Spammer has control of the ripe whois records for that ip and spamcop initially suggests office.john.smith[at]gmail.com ttnnet[at]yahoo.com which are both the spammer.

But inexplicably spamcop offers to complain to yahoo!

Refreshing has no effect.

Share this post


Link to post
Share on other sites

Hi, jrr7,

...Does the information on the page that appears when you click the link in your report labeled "refresh/show" help explain why SpamCop chose ttnnet[at]yahoo.com as the address to which to send reports about the spamvertized web site?

...For convenience of others, I reproduce that page here:

Removing old cache entries.

Tracking details

Display data:

"whois 94.63.245.5[at]whois.arin.net" (Getting contact from whois.arin.net )

Redirect to ripe

Display data:

"whois 94.63.245.5[at]whois.ripe.net" (Getting contact from whois.ripe.net)

ttn12-ripe = office.john.smith[at]gmail.com

Lookup bc1743-ripe[at]whois.ripe.net

Display data:

"whois bc1743-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net)

bc1743-ripe = ttnnet[at]yahoo.com

Lookup vrs2-ripe[at]whois.ripe.net

Display data:

"whois vrs2-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net)

vrs2-ripe =

whois.ripe.net 94.63.245.5 = office.john.smith[at]gmail.com, ttnnet[at]yahoo.com

whois: 94.63.245.0 - 94.63.245.255 = office.john.smith[at]gmail.com, ttnnet[at]yahoo.com

Routing details for 94.63.245.5

Using abuse net on ttnnet[at]yahoo.com

abuse net yahoo.com = abuse[at]yahoo.com

Using best contacts abuse[at]yahoo.com

abuse[at]yahoo.com redirects to network-abuse[at]cc.yahoo-inc.com

network-abuse[at]cc.yahoo-inc.com redirects to spamcop[at]mailservices.yahoo.com

Share this post


Link to post
Share on other sites
...Does the information on the page that appears when you click the link in your report labeled "refresh/show" help explain why SpamCop chose ttnnet[at]yahoo.com as the address to which to send reports about the spamvertized web site?

...For convenience of others, I reproduce that page here:

The only thing I can figure is that email address is in the arin/ripe whois records for the spamvertised website's IP address.

Share this post


Link to post
Share on other sites

See http://forum.spamcop.net/forums/index.php?showtopic=11621

Don has changed the routing for 94.63.245.5 from the broken network-abuse[at]cc.yahoo-inc.com -> spamcop[at]mailservices.yahoo.com to office.john.smith[at]gmail.com (and it was devnull for a while in the interim).

Something worked out by the way, "your" spamvertized site has been kicked off that hosting, SC is currently (this minute) showing it at 124.80.140.143 (check your tracking URL to see where reports would now be sent) but I think it has actually kicked off there as well. The site Rick mentioned in the other topic has gone as well. Both were with the same domain registrar, nominated the same name servers and showed marked similarities in their registrant detail.

I think we can mark this well and truly resolved.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×