Jump to content
Sign in to follow this  
dutch

[Resolved] Spamcop Appears To Report Incorrect Cached Whois

Recommended Posts

I got 7 spam messages from IP addresses

173.232.242.194

173.232.242.195

173.232.242.197

173.232.242.199

173.232.242.198

173.232.242.200

Spamcop reports the cached WHOIS as bestwebostinghub.com. This is owned by bluehost.com, a hosting company in Provo UT. I contacted them via chat and email, and got to their "terms of service" tech group, who asserts these IPs are not hosted by them.

Here is a snip from one of the reports, all 7, except for the 6 different IPs look the same.

2: Received: from gate.forward.smtp.ord1c.emailsrvr.com (108.166.43.128) by CAS06-ORD1.mex06.mlsrvr.com (172.29.0.45) with Microsoft

SMTP Server (TLS) id 15.0.847.32 via Frontend Transport; Fri, 5 Sep 2014 08:40:27 -0500

Hostname verified: gate.forward.smtp.ord1c.emailsrvr.com

emailsrvr.com received mail from emailsrvr.com ( 108.166.43.128 )

3: Received: from [173.232.242.195] ([173.232.242.195:47770] helo=ns5.myblueskydns.com) by smtp17.gate.ord1c.rsapps.net (envelope-from

<yourbloombergbusinessweek[at]myblueskydns.com>) (ecelerity 2.2.3.49 r(42060/42061)) with ESMTP id 63/B3-28107-34DB9045; Fri, 05 Sep 2014

09:40:19 -0400

No unique hostname found for source: 173.232.242.195

emailsrvr.com received mail from sending system 173.232.242.195

Tracking message source: 173.232.242.195:

Routing details for 173.232.242.195

Using smaller IP block (/ 8 vs. / 16 )

Removing 1 larger (> / 8 ) route(s) from cache

[refresh/show] Cached whois for 173.232.242.195 : support[at]bestwebhostinghub.com

Using abuse net on support[at]bestwebhostinghub.com

No abuse net record for bestwebhostinghub.com

Using default postmaster contacts postmaster[at]bestwebhostinghub.com

http://www.spamcop.net/sc?id=z5962000805z7...101d6a22124a1fz 2/2

Message is 24 hours old

173.232.242.195 not listed in cbl.abuseat.org

173.232.242.195 not listed in dnsbl.sorbs.net

173.232.242.195 not listed in accredit.habeas.com

173.232.242.195 not listed in plus.bondedsender.org

173.232.242.195 not listed in iadb.isipp.com

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×