Jump to content

Snowbat

Membera
  • Content Count

    170
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Snowbat

  • Rank
    Advanced Member

Profile Information

  • Gender
    Male
  1. 40.74.0.0 - 40.125.127.255 is Microsoft but SpamCop reports 40.83.112.59 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6710180092z696fdaf09331d4788f922556d0e571fcz Routing details for 40.83.112.59 [refresh/show] Cached whois for 40.83.112.59 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 40.83.112.59 = descontosapp27.confiraseusdescontosepontos.com. (cached) abuse net confiraseusdescontosepontos.com = postmaster@confiraseusdescontosepontos.com If reported today, reports would be sent to: Re: 40.83.112.59 (Administrator of network where email originates) postmaster@confiraseusdescontosepontos.com
  2. 20.33.0.0 - 20.128.255.255 is Microsoft but SpamCop reports 20.90.82.75 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6710176742za59c59960c7ca612142f7013dcb98e0ez Tracking message source: 20.90.82.75: Routing details for 20.90.82.75 [refresh/show] Cached whois for 20.90.82.75 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 20.90.82.75 = descontosapp108.confiraseusdescontosepontos.com. (cached) abuse net confiraseusdescontosepontos.com = postmaster@confiraseusdescontosepontos.com If reported today, reports would be sent to: Re: 20.90.82.75 (Administrator of network where email originates) postmaster@confiraseusdescontosepontos.com
  3. 51.132.0.0 - 51.132.255.255 is Microsoft but SpamCop reports 51.132.220.203 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6693942163zc7ac658ce6e5c206330d702233efe297z Routing details for 51.132.220.203 [refresh/show] Cached whois for 51.132.220.203 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 51.132.220.203 (getting name) no name host 51.132.220.203 = v1v015.atrasofaturaviv0.com. (old cache) abuse net atrasofaturaviv0.com = postmaster@atrasofaturaviv0.com If reported today, reports would be sent to: Re: 51.132.220.203 (Administrator of IP block - statistics only) postmaster@atrasofaturaviv0.com
  4. 20.33.0.0 - 20.128.255.255 is Microsoft but SpamCop reports 20.73.0.72 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6692876685z0b26f07c4b20c3a2543ebe996cd74d4fz Routing details for 20.73.0.72 [refresh/show] Cached whois for 20.73.0.72 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 20.73.0.72 = vi44.viv0digital.com. (cached) abuse net viv0digital.com = postmaster@viv0digital.com In this case, the spammer is sending "invoice reminders" purporting to be from Brazilian carrier Vivo with "download/print" link that redirects to a java scri_pt-wrapped malware download.
  5. Both Postfix and Sendmail insert text in parentheses at that point so I doubt that it's non-compliant. SpamCop's code to identify a valid IPv4 address is clearly flawed/incomplete though.
  6. Could be. While reporting some spam to Microsoft myself, if it's hosted on Azure, I get a reply saying they've forwarded it to their CERT team for review and action but if it's a 365/Exchange Online tenant, they tell me to report it to junk@office365.microsoft.com myself. Needless to say, I don't bother. A trillion dollar tech company should be able to forward their own e-mail internally or organize their ARIN WHOIS entries to point to the correct abuse reporting mailboxes.
  7. 168.61.0.0 - 168.63.255.255 is a Microsoft netblock. Why isn't SpamCop reporting this to abuse@microsoft.com? > Using rdns to route to correct Microsoft department Whatever SpamCop is trying to do here is clearly broken and likely to deliver reports directly to spammers hosted on Microsoft. https://www.spamcop.net/sc?id=z6688120180z0a1b0241c33ca6804206730ae435f1fbz Tracking message source: 168.61.170.142: Routing details for 168.61.170.142 [refresh/show] Cached whois for 168.61.170.142 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 168.61.170.142 = nago8.subnovoavisos.com. (cached) abuse net nago8.subnovoavisos.com = postmaster@nago8.subnovoavisos.com, postmaster@subnovoavisos.com
  8. 52.145.0.0 - 52.191.255.255 is a Microsoft netblock. Why is SpamCop not reporting this to abuse@microsoft? https://www.spamcop.net/sc?id=z6688108903z76b3e0f67ee7620d683a17e0735c5873z Tracking message source: 52.175.53.32: Routing details for 52.175.53.32 [refresh/show] Cached whois for 52.175.53.32 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 52.175.53.32 = w1.subnovoavisos.com. (cached) abuse net w1.subnovoavisos.com = postmaster@w1.subnovoavisos.com, postmaster@subnovoavisos.com > Using rdns to route to correct Microsoft department Whatever SpamCop is trying to do here is clearly broken and likely to deliver reports directly to spammers hosted on Microsoft.
  9. 52.132.0.0 - 52.143.255.255 is a Microsoft netblock. Why is SpamCop not reporting this to abuse@microsoft? > Using rdns to route to correct Microsoft department Whatever SpamCop is trying to do here is clearly broken and likely to deliver reports directly to spammers hosted on Microsoft.
  10. '51.120.0.0 - 51.120.255.255' is Microsoft but Spamcop reports 51.120.93.44 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6684582776z5cbae5f333ad4fcd75bb14237027b98dz Tracking message source: 51.120.93.44: Routing details for 51.120.93.44 [refresh/show] Cached whois for 51.120.93.44 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 51.120.93.44 = apps03.assistaemcasa.org. (cached) abuse net assistaemcasa.org = postmaster@assistaemcasa.org
  11. 40.74.0.0 - 40.125.127.255 is Microsoft but SpamCop reports 40.78.83.67 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6642045732zc34f39654039de5566045cb551a1d653z Tracking message source: 40.78.83.67: Routing details for 40.78.83.67 [refresh/show] Cached whois for 40.78.83.67 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 40.78.83.67 = fim5.lotesecasasparafamilia.com. (cached) abuse net fim5.lotesecasasparafamilia.com = postmaster@lotesecasasparafamilia.com, postmaster@fim5.lotesecasasparafamilia.com
  12. 13.64.0.0 - 13.107.255.255 is Microsoft but Spamcop reports 13.76.230.92 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6641771792z5771a00ed9c2fa22af1c6b531b432316zTracking message source: 13.76.230.92: Routing details for 13.76.230.92 [refresh/show] Cached whois for 13.76.230.92 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 13.76.230.92 = dizer6.lotesecasasparafamilia.com. (cached) abuse net dizer6.lotesecasasparafamilia.com = postmaster@lotesecasasparafamilia.com, postmaster@dizer6.lotesecasasparafamilia.com Message is 5 hours old
  13. 52.224.0.0-52.255.255.255 is Microsoft but Spamcop reports 52.243.34.34 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6640814149z1c2164e3e761afd7d9d053e0ead1aef0z Tracking message source: 52.243.34.34: Routing details for 52.243.34.34 [refresh/show] Cached whois for 52.243.34.34 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 52.243.34.34 = id1.saudoemprimeirolugarfiqueemcasavendofilmes.com. (cached) abuse net id1.saudoemprimeirolugarfiqueemcasavendofilmes.com = postmaster@saudoemprimeirolugarfiqueemcasavendofilmes.com, postmaster@id1.saudoemprimeirolugarfiqueemcasavendofilmes.com
  14. 13.64.0.0 - 13.107.255.255 is Microsoft but Spamcop reports 13.67.72.254 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6638070882z5bc61e892de0d6008e2b49d86b5592d4z Tracking message source: 13.67.72.254: Routing details for 13.67.72.254 [refresh/show] Cached whois for 13.67.72.254 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 13.67.72.254 = toca8.familiadesucessocsgoooooo.com. (cached) abuse net toca8.familiadesucessocsgoooooo.com = postmaster@familiadesucessocsgoooooo.com, postmaster@toca8.familiadesucessocsgoooooo.com
  15. 52.132.0.0 - 52.143.255.255 is Microsoft but Spamcop reports 52.138.55.160 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6637276977z8c88d696b11a340247839b0d7a9a2c90z Tracking message source: 52.138.55.160: Routing details for 52.138.55.160 [refresh/show] Cached whois for 52.138.55.160 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 52.138.55.160 = user15.pj-santanderesfera.com. (cached) abuse net pj-santanderesfera.com = postmaster@pj-santanderesfera.com
×