Jump to content
Sign in to follow this  
tjsynkral

search-apnic-not-arin for 45.248.3.143

Recommended Posts

I split this post from your other report on a different IP address.

Quote

I refuse to bother search-apnic-not-arin@apnic.net.

Using search-apnic-not-arin#apnic.net@devnull.spamcop.net for statistical tracking.

Using last resort contacts search-apnic-not-arin#apnic.net@devnull.spamcop.net

There are several possible reason for not sending reports to search-apnic-not-arin{AT}apnic{DOT}net, including the abuse address 1) has ask not to receive spam reports, 2) SC knows they do nothing with the reports, 3) reports are forwarded to the spammer, etc.

However, reporting spam from this IP address does feed the statistics for the SpamCop Block-list.

Share this post


Link to post
Share on other sites
2 hours ago, tjsynkral said:

It's happening again.

SpamCop often does not get the abuse address or gets it wrong. Pays to use a whois program yourself, A Windows free one is "IPNetInfo v1.77"

Edited by petzl

Share this post


Link to post
Share on other sites
On 1/15/2018 at 11:09 AM, Lking said:

I split this post from your other report on a different IP address.

There are several possible reason for not sending reports to search-apnic-not-arin{AT}apnic{DOT}net, including the abuse address 1) has ask not to receive spam reports, 2) SC knows they do nothing with the reports, 3) reports are forwarded to the spammer, etc.

However, reporting spam from this IP address does feed the statistics for the SpamCop Block-list.

Do you not see the problem here?

There is a correct abuse contact for 45.248.3.143 and search-apnic-not-arin is not it. Spamcop has a configuration error and it's searching the wrong IP registry to find a reporting address.

If it was a scenario you described I expect to see a devnull.spamcop address in the contact field... not this.

Does anyone who actually works on Spamcop ever look at this forum or is it just full of users who tell you that yes, Spamcop is broken you should report spam yourself instead of using it.

Share this post


Link to post
Share on other sites

Sometimes Spamcop decides not to bother the abuse contacts for the reasons already given.

When reports aren't sent, for whatever reason, the data gleaned from the submitted spam is still useful for helping to build the SCBL. Any reports that are sent and subsequently acted on are a bonus.

Share this post


Link to post
Share on other sites
1 hour ago, lisati said:

Sometimes Spamcop decides not to bother the abuse contacts for the reasons already given.

When reports aren't sent, for whatever reason, the data gleaned from the submitted spam is still useful for helping to build the SCBL. Any reports that are sent and subsequently acted on are a bonus.

In the case of this IP, they're trying to send mail to a black hole created to trap broken software that searched the wrong IP registry. Perhaps the abuse contact for 45.248.3.143 would like to know about the spam report and take action on it before it gets to SCBL. There's no chance that search-apnic-not-arin is a deliberate thing.

Share this post


Link to post
Share on other sites

Checking another Whois I find for 45.248.3.143

Quote

Ref:            https://whois.arin.net/rest/org/APNIC
ReferralServer:  whois://whois.apnic.net
ResourceLink:  http://wq.apnic.net/whois-search/static/search.html
OrgAbuseHandle: AWC12-ARIN
OrgAbuseName:   APNIC Whois Contact
OrgAbusePhone:  +61 7 3858 3188
OrgAbuseEmail:  search-apnic-not-arin@apnic.net
OrgAbuseRef:    https://whois.arin.net/rest/poc/AWC12-ARIN
OrgTechHandle: AWC12-ARIN
OrgTechName:   APNIC Whois Contact
OrgTechPhone:  +61 7 3858 3188
OrgTechEmail:  search-apnic-not-arin@apnic.net    <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
OrgTechRef:    https://whois.arin.net/rest/poc/AWC12-ARIN

This IP seems to be part of a large block of IPs in India used for VPN  (hiding the location of the source)

Going back to tjsynkral's old post on146.196.52.181 the block of IPs

Quote

Abuse contact for '146.196.52.0 - 146.196.55.255' is 'matthew.wu{AT}globalnetworkhk.com'

has a different abuse contact now.  I have no idea what was a valid abuse address for 146.196.52.181 Oct 2017.

Those who seem to support spammers do try to change blocks of IPs all the time to avoid being blocked.  Both blocks 146.196.52.- 146.196.55.255 and the block 45.248.0.0 - 45.248.3.255  are managed by APNIC.  Those who had 146.196.52.181 in October could now have control of 45.248.3.143.  There is a considerable body of anecdotal evidence that APNIC does not strongly enforce the rules.

If you have more valid information for an IP or block of IPs  <Reporting Help> <Reporting Address Issues> would be the correct (sub) forum to post current updated information.

Share this post


Link to post
Share on other sites
4 hours ago, Lking said:

Checking another Whois I find for 45.248.3.143

 

Can someone point me to the nearest wall so I can bang my head against it?

You're whoising ARIN for an IP in the APNIC pool (just as Spamcop is doing). Anytime you do that, you will get search-apnic-not-arin@apnic.net . APNIC is NOT an ISP. If you whois APNIC at whois.apnic.net for that IP, you will get current ISP information about 45.248.3.143.

role:    Manager Admin
address:    485-A/15,1st floor,G.T. Road, Dilshad garden,New Delhi,Delhi-110095
country:    IN
phone:    +91 9958033533
e-mail:    support@apnainfotech.co.in
admin-c:    AA1235-AP
tech-c:    AA1235-AP
nic-hdl:    MA965-AP
mnt-by:    MAINT-IN-APNAINFO
last-modified:    2016-04-29T09:31:10Z
source:    APNIC

 

(edit: P.S. The abuse contact for 146.196.52.181 via APNIC is still matthew.wu@globalnetworkhk.com.)

Edited by tjsynkral

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×