-
Posts
128 -
Joined
-
Last visited
Content Type
Profiles
Forums
Events
Posts posted by Steve
-
-
No reporting address was found for the above IP address. Running a query through whois.krnic.net resulted in this Abuse POC: assi AT lxn DOT co DOT kr. Running it again through whois.apnic.net provided these POCs: irt AT nic DOT or DOT kr and hostmaster AT nic DOT or DOT kr.
https://www.spamcop.net/sc?id=z6806048399z8972a595fdd4abf0812422b68a40c74ez
-
https://www.spamcop.net/sc?id=z6801885330z0b793ad26436e8079727cbf024adc44ez
SC's parser originally determined that pankaj DOT mehta AT hfclconnect DOT com was the last resort abuse contact for this IP address. Upon refreshing the cache, helpdesk AT apnic DOT net and netops AT apnic DOT net show up as the abuse POC. I then queried said IP address on the APNIC site and corenetwork AT digivive DOT com is the correct abuse POC for this IP address.
QuoteTracking message source: 119.252.208.34:Routing details for 119.252.208.34
[refresh/show] Cached whois for 119.252.208.34 : helpdesk@apnic.net netops@apnic.net
I refuse to bother helpdesk@apnic.net.Using helpdesk#apnic.net@devnull.spamcop.net for statistical tracking.I refuse to bother netops@apnic.net.
Using netops#apnic.net@devnull.spamcop.net for statistical tracking.Using last resort contacts netops#apnic.net@devnull.spamcop.net helpdesk#apnic.net@devnull.spamcop.net
-
2 hours ago, Steve said:
https://www.spamcop.net/sc?id=z6799063828z4aa1c2faaa9b3dd3369aa13d5a019981z
Is it possible for SC's deputies to update the parser to not display togotelecom DOT ng, togotelecom DOT ng when querying an email to be reported with the above IP Address? Togotelecom DOT tg is the correct domain. Abuse POCs nsoo AT togotelecom DOT ng and mgnalou AT togotelecom DOT ng cannot be found as togotelecom DOT ng is invalid. gbawa AT togotelecom DOT tg is a valid address. Gmail's mailer-daemon replies with this for both emails:
Received this from the postmaster:
QuoteDelivery failed for these recipients or groups:
We could not find the email address you entered. Check the recipient's email address and try resending the message. If the problem persists, contact your mail administrator.
Diagnostic information for administrators:
Generation server: LO-MBX04.togocom.int
mgnalou@togotelecom.tg
Remote Server returned '550 5.1.10 RESOLVER.ADR.RecipientNotFound; Recipient not found by SMTP address lookup' -
https://www.spamcop.net/sc?id=z6799063828z4aa1c2faaa9b3dd3369aa13d5a019981z
Is it possible for SC's deputies to update the parser to not display togotelecom DOT ng, togotelecom DOT ng when querying an email to be reported with the above IP Address? Togotelecom DOT tg is the correct domain. Abuse POCs nsoo AT togotelecom DOT ng and mgnalou AT togotelecom DOT ng cannot be found as togotelecom DOT ng is invalid. gbawa AT togotelecom DOT tg is a valid address. Gmail's mailer-daemon replies with this for both emails:
QuoteAddress not found
Your message wasn't delivered to nsoo AT togotelecom DOT ng because the domain togotelecom DOT ng couldn't be found. Check for typos or unnecessary spaces and try again. LEARN MORE The response was: DNS Error: DNS type 'mx' lookup of togotelecom DOT ng responded with code NXDOMAIN Domain name not found: togotelecom DOT ng
QuoteAddress not found
Your message wasn't delivered to mgnalou AT togotelecom DOT ng because the domain togotelecom DOT ng couldn't be found. Check for typos or unnecessary spaces and try again. LEARN MORE The response was: DNS Error: DNS type 'mx' lookup of togotelecom DOT ng responded with code NXDOMAIN Domain name not found: togotelecom DOT ng
-
https://www.spamcop.net/sc?id=z6798974193z28b88c0ba00dff57ab8934313692034dz
Manually reported email in tracking link above to abuse AT ocn DOT ad DOT jp and got this response back:
QuoteDear Sir/Madam
we are sorry to inform you that the IP address you have given us is
not one that we manage directly.
if you check this IP address on JPNIC Who is Gateway
Whois:
http://whois.nic.ad.jp/cgi-bin/whois_gw?key=60.36.166.12/e
You will be able to find that this IP address is one owned by PLALA.
Please contact PLALA for further assistance.
Thank you for your kind understanding on this matter.
Sincerely,
OCN Internet Security Team
Ikeda
-----
OCN Internet Security Team
E-mail : abuse_support AT ocn DOT ad DOT jpUsing the JPNIC whois query resulted in the abuse POC being super AT plala DOT or DOT jp. Refreshing the cache doesn't change it. For some reason SC is using APNIC instead of JPNIC to determine the correct abuse POC for this IP address.
Cache info:
Quote"whois 60.36.166.12 AT whois DOT apnic DOT net" (Getting contact from whois DOT apnic DOT net mirror)
Display data:
Abuse address in 'remarks' field: abuse AT ocn DOT ad DOT jp
Lookup irt-jpnic-jp AT whois DOT apnic DOT net
"whois irt-jpnic-jp AT whois DOT apnic DOT net" (Getting contact from whois DOT apnic DOT net mirror)
Display data:
irt-jpnic-jp =
whois DOT apnic DOT net found abuse contacts for 60.36.166.12 = abuse AT ocn DOT ad DOT jp
whois: 60.32.0.0 - 60.47.255.255 = abuse AT ocn DOT ad DOT jp
Routing details for 60.36.166.12
Using abuse net on abuse AT ocn DOT ad DOT jp
abuse net ocn DOT ad DOT jp = abuse AT ocn DOT ad DOT jp
Using best contacts abuse AT ocn DOT ad DOT jp -
On 1/28/2023 at 2:36 AM, petzl said:
ipdomain[AT]irost[DOT]com is the correct abuse address.
This is the response from RIPE:
QuoteDear Steve,
Thank you for your notification. It appears to us that the address space is related to a different contact. The abuse-mailbox seems to be <ipdomain AT irost.com>
inetnum: 62.60.128.0 - 62.60.255.255
netname: IR-IROST-20010613
country: IR
org: ORG-IROf1-RIPE
admin-c: ZC202-RIPE
tech-c: ZC202-RIPE
status: ALLOCATED PA
notify: ipdomain AT irost.com
mnt-by: RIPE-NCC-HM-MNT
mnt-by: IROST-MNT
mnt-lower: IROST-MNT
mnt-routes: IROST-MNT
created: 2002-06-27T09:57:05Z
last-modified: 2021-04-13T07:06:06Z
source: RIPE
The mailbox is valid and in compliance with RIPE policies. Could you please direct your request to the appropriate mailbox <ipdomain AT irost.com>?
Thank you for your cooperation.
Kind regards,
Xavier Le Bris
RIPE NCC Senior Internet AnalystMaybe the SC deputies can fix this? It now seems like it's a problem on their end when it comes to parsing an email with this range of IP addresses.
-
22 hours ago, petzl said:
Working now? may of been slow in updating cache?
Nope. Those 2 addresses still show up.
https://www.spamcop.net/sc?action=rcache;ip=62.60.160.33
QuoteTracking detailsDisplay data:
"whois 62.60.160.33@whois.ripe.net" (Getting contact from whois.ripe.net)
Organisation contact e-mail = ipdomain@irost.com
zc202-ripe = ipdomain@irost.com
whois.ripe.net 62.60.160.33 = ipdomain@irost.com
whois: 62.60.128.0 - 62.60.255.255 = ipdomain@irost.com
Routing details for 62.60.160.33
Using abuse net on ipdomain@irost.com
abuse net irost.com = postmaster AT irost.com ipdomain AT irost.com abuse AT sinet.ir noc AT tehran.sinet.ir abuse AT irost.com sysop AT irost.com
Using best contacts postmaster AT irost.com ipdomain AT irost.com abuse AT sinet.ir noc AT tehran.sinet.ir abuse AT irost.com sysop AT irost.comLike I mentioned, I contacted RIPE and opened up a ticket. Hopefully they can fix it on their end
-
Tracking link:
https://www.spamcop.net/sc?id=z6795832424z821565e0fa1c3158becd5694f0f38d57z
QuoteA few POC addresses for the IP address (to report abuse to) listed above (62.60.160.33) are invalid. Those email addresses are below and the error messages that follow from Google's mailer-daemon:
The first one is noc AT tehran DOT sinet DOT ir (mailer-daemon error below)
Address not found
Your message wasn't delivered to noc AT tehran DOT sinet DOT ir because the domain tehran DOT sinet NOT ir couldn't be found. Check for typos or unnecessary spaces and try again.
The response was:
DNS Error: DNS type 'mx' lookup of tehran DOT sinet DOT ir responded with code NXDOMAIN Domain name not found: tehran DOT sinet DOT tir
The second one is postmaster AT irost.com (mailer-daemon error below)Address not found
Your message wasn't delivered to postmaster AT irost.com because the address couldn't be found, or is unable to receive mail.
The response from the remote server was:550 <postmaster AT irost.com>, Recipient unknown
Refreshing the cache does nothing to update/remove these invalid addresses. I have opened a ticket with RIPE and hopefully they'll get in touch with the ISP to update the addresses in their system so that the SC parser doesn't display them when parsing an email with a similar IP address from this ISP.
Steve
-
https://www.spamcop.net/sc?id=z6787783373z387abf2337df611f7ea63f97322334d7z
Upon sending a report manually to abuse AT linxtelecom DOT net (SC's parser automatically chooses this as the best contact even though abuse AT fairyhosting DOT com is the address that is cached, and refreshing the cache does nothing to help and checking the ripe database doesn't list that abuse address (abuse AT linxtelecom DOT net) as a POC. Gmail's mailer-daemon sends back this error message:
QuoteMail Delivery Subsystem <mailer-daemon@googlemail.com>
Address not found
Your message wasn't delivered to abuse AT linxtelecom DOT net because the domain linxtelecom DOT net couldn't be found. Check for typos or unnecessary spaces and try again. The response was: DNS Error: DNS type 'mx' lookup of linxtelecom DOT net responded with code NOERROR DNS type 'mx' lookup of linxtelecom DOT net had no relevant answers. DNS type 'aaaa' lookup of linxtelecom DOT net responded with code NOERROR DNS type 'aaaa' lookup of linxtelecom DOT net had no relevant answers. DNS type 'a' lookup of linxtelecom DOT net responded with code NOERROR DNS type 'a' lookup of linxtelecom DOT net had no relevant answers.
-
23 hours ago, RobiBue said:
looking at that block, it's an afrinic registered network:
whois -h whois.afrinic.net '169.159.69.180'
inetnum: 169.159.64.0 - 169.159.95.255 netname: Lagos-core-public descr: Smile Telecoms Nigeria- Lagos Core via London country: NG admin-c: SC6-AFRINIC tech-c: SK59-AFRINIC tech-c: SC6-AFRINIC status: ASSIGNED PA remarks: Smile Telecoms Nigeria- Lagos Core remarks: Abuse : - Abuse@smilecoms.com mnt-by: SMILE-NG-MNT source: AFRINIC # Filtered
Nigeria... why am I not surprised...
anyway... remarks: Abuse : - Abuse@smilecoms.comBUT: Chopra is in South Africa??? J'burg??? smile communications doesn't even operate there...
person: Sudhir Chopra address: Postnet Suite 605 address: Private Bag X5 address: Fourways North address: 2086 address: South Africa address: Johannesburg 2191 address: South Africa phone: tel:+234-812-793-1879 fax-no: tel:+27-86-677-6750 nic-hdl: SC6-AFRINIC mnt-by: SMILE27-MNT source: AFRINIC # Filtered
and
person: Sudeep Kumar address: 39C, Ahmed Onibudo address: Off Adeola Hopewell Postal Code 101241 address: Victoria Island address: Lagos address: Nigeria phone: tel:+234-812-793-1879 nic-hdl: SK59-AFRINIC mnt-by: GENERATED-XPO95DARB1DY22LF7O31GLFGFL7EMLTB-MNT source: AFRINIC # Filtered
what I would do in this case is get in touch through
https://www.smilecoms.com/contactusand also to fix their contacts in whois:afrinic by adding the abuse entry the way it should be done properly.
Email sent. Now we wait for a possible response from them.
Steve
-
Upon reporting a spam email directly to sudhir DOT chopra AT smilecoms DOT com, Gmail's mailer-daemon sent this back (below tracking url):
Tracking URL:
https://www.spamcop.net/sc?id=z6782641985z6fcfdce1161d532b048cd7c1433562faz
Address not found
Your message wasn't delivered to sudhir DOT chopra AT smilecoms DOT com because the address couldn't be found, or is unable to receive mail. LEARN MORE The response was: 550 5.1.1 The email account that you tried to reach does not exist. Please try double-checking the recipient's email address for typos or unnecessary spaces. Learn more at https://support.google.com/mail/?p=NoSuchUser d20-20020a50f694000000b00459c6133d9fsor1461231edn.45 - gsmtp
-
SC was unable to find an abuse contact for this IP address: 137.255.9.1 (refreshed the page several times to no avail)
https://www.spamcop.net/sc?id=z6780972518zd0f4fe4a93ba1e135f54561594a19278z
Upon running a query with whois.domaintools.com, this is the result:
I will attempt to report the email manually and see if action is taken (doubtful though).
-
Abuse contact for this IP address (93.95.8.245) is incorrect. Reporting it manually results in this error (Gmail's mailer-daemon generated this message):
QuoteAddress not found
Your message wasn't delivered to care AT rockford-uk DOT com because the address couldn't be found, or is unable to receive mail. The response from the remote server was:
550 Invalid Recipient - https://community.mimecast.com/docs/DOC-1369#550 [Z3Lk0s6NOtqyXwijmI0ktw.uk311]
Tracking link:
https://www.spamcop.net/sc?id=z6778010872z9334d0c1ca57baed7dedbb610787c019z
SC's parser provides this result (cannot refresh/show updated contact) :
QuoteTracking message source: 93.95.8.245:Routing details for 93.95.8.245
Reports disabled for care AT rockford-uk DOT comUsing care#rockford-uk.com AT devnull DOT spamcop DOT net for statistical tracking.Report routing for 93.95.8.245: care#rockford-uk DOT com AT devnull DOT spamcop DOT net
This is the result of viewing the routing details:
QuoteReports routes for 93.95.8.245:routeid: 58230161 93.95.8.0 - 93.95.8.255 to: care AT rockford-uk DOT com
Administrator interested in all reports4/13/2010, 4:13:40 PM -0400
[Note added by 206.207.78.146 (host-206-207-78-146.ns1.spro.net)]
Per their instructions.
- Don -The RIPE database lists this as the correct abuse contact:
Responsible organisation: SysGroup plc
Abuse contact info: abuse AT sysgroup DOT comReporting it manually to this address (below) results in this error message from the mailer-daemon:
QuoteMessage blocked
Your message to abuse AT sysgroup DOT com has been blocked. See technical details below for more information. The response from the remote server was:
554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [kSLDqmffPQ2Q8HERuMc1ew.uk138]
I found an alternate email address, but unfortunately the same result occurs:
QuoteMessage blocked
Your message to matt DOT collier AT sysgroup DOT com has been blocked. See technical details below for more information. The response from the remote server was:
554 Email rejected due to security policies - https://community.mimecast.com/docs/DOC-1369#554 [UxPN9jubPfKPbNhJ6C3xgg.uk311]
-
Is it just me or is anyone else getting spam from bogus Gmail addresses written in Cyrillic with Google Docs links?
Here's the tracking link to one of several that I've received and reported via SC and Google's Abuse form:
https://www.spamcop.net/sc?id=z6773291485zb6dee018efc508be52eaf97981626da8z
QuoteДоброго времени суток, офисный планктон и неадекватные начальники
стоят вам поперек горла? Тогда просто начните работать на себя в
интернете, как я вам покажу. С уважением, Эмили. Подробности тут:
https://docs.google.com/presentation/d/e/2PACX-1vQicFa3hQ7TfgVXuhhJMIOJ0FJUlDBf8Ixtky6JhG31eumxtgnhjkexIKp6AjpAHvp7QutPe70LLgyz/pubAll the links alternate between 3 presentations which I report to Google. This particular email referenced above came from adabter AT gmail DOT com. I've been receiving emails like this over the past few days.
Steve
-
Seems the Deputies have updated the address because when I clicked the tracking URL above and refreshed the cache and the page the correct contact is displayed.
-
Upon querying this IP address with a WHOIS and also contacting the abuse address that SC generated when parsing the spam after manually reporting it to that address (abuse AT heficed DOT com) they, (specifically Abuse Prevention Specialist Ieva B. at ipxo), have informed me that they do not manage said IP address.
Here is the tracking URL for the spam email:
https://www.spamcop.net/sc?id=z6758689956z002ed90f7b5cc4c3e9f59f43073a038d
Refreshing the cache for the abuse address does not update it.
Original email when I reported the spam email. This is their reply:
QuoteHello,
Thank you for reporting the issue.
Please be advised, that we do not manage the IP address you have provided.
Please instead reach out to abuse AT obhost DOT org. (modified here to prevent spambots. @ and . are present in original email)Kind regards,Ieva B.Abuse Prevention Specialist2nd reply from them after inquiring about them managing said IP address:QuoteYou can see in the whois that the IP Address is not in our system.Kind regards,Ieva B.Abuse Prevention SpecialistAccording to ipxo, the correct abuse address for this IP/IP range is abuse AT obhost DOT org. SC deputies should update the abuse address in the system to reflect the change for any future reports submitted through SC.
Steve
-
Sent a spam email through SC and abuse contact was listed as abuse AT estpak DOT ee. Reports to that address are disabled according to the tracking link and reports are sent to abuse AT estpak DOT ee AT devnull DOT spamcop DOT net. Correct abuse address should be updated to abuse AT telia DOT ee (upon querying IP address). Error message I received after attempting to manually report spam to abuse AT estpak DOT ee is below:
https://www.spamcop.net/sc?id=z6745164309z8dcefbc83bb3646463bbcfc13d03c032z
Quotepostmaster AT telia DOT ee
Delivery to these recipients or groups failed:
The email address you entered was not found. Please check the recipient's email address and try sending the message again. If the problem persists, contact your email administrator. -
Anyone get this type of error while reporting spam to SC? When I check my past reports, it says it was submitted, so I'm not sure why this happens.
Steve
https://www.spamcop.net/sc?id=z6728573791za6df83ec1940cd26a31661f752517689z
QuoteCan't send report: smtpEnvelope (7148948752.ee1efc3fATbouncesDOTspamcopDOTnet, abuseAThostkeyDOTnl): smtpFrom: mail From 7148948752.ee1efc3fATbouncesDOTspamcopDOTnet: error (452 #4.3.1 temporary system error (12) )
-
https://www.spamcop.net/sc?id=z6725773609z35f1b61f03d78248addd6d9c15e7f2c6z
As I always try to do when this happens, refreshing the page results in displaying the nomaster AT devnull DOT spamcop DOT net reporting address.
-
On 9/20/2021 at 6:03 AM, atarspam said:
You can also report Gmail users using https://support.google.com/mail/contact/abuse
It's a bit of pain to complete, but hopefully Google takes notice of the reports.
Yes, that seems to work when reporting gmail spam from a gmail account sent to my gmail inbox
-
56 minutes ago, RobiBue said:
My apologies. Due to the CSS misconfiguration of the forum I somehow overlooked that part. All good now
All good. Does reporting spam emails manually to abuse@google.com result in the abuse team actively investigate reports sent to that address?
-
21 minutes ago, RobiBue said:
The problem is that abuse@google.com bounces (25774 sent : 16690 bounces) and that's why SC comes back with "no reporting address"
If you want to report to google, you have to report manually through your email and not through SC....
I am thinking that those bounces created SC's latest submission hiccups.
Like I said, I also report the emails through the form on this site: https://support.google.com/mail/contact/abuse?hl=en&rd=1
-
Is anyone having a problem reporting Gmail spam? The last 2 Gmail spams I've received have had SC come back with No reporting addresses found for 209.85.220.65, using devnull for tracking. I alternatively report the spam ton this site: https://support.google.com/mail/contact/abuse?hl=en&rd=1
Here's the tracking URL:
https://www.spamcop.net/sc?id=z6723876118z2316e05022f73d38d77598da3bc5f84fz
Steve
-
Has anyone gotten an auto response back from the ISP just reporting the emails manually? I just tried doing that to the 2 most recent spams I received from their network. Will be waiting for a response to see if they take action and cease spam from their network.
Invalid abuse contact for 104.149.94.155
in Routing / Report Address Issues
Posted
https://www.spamcop.net/sc?id=z6806535550z579ecc3525f12541f3b77e0a47c005d7z
Upon manually reporting a spam email (tracking link above) to postmaster AT psychz DOT net, Yahoo's mailer-daemon replied with this:
Also, upon querying the IP address via ARIN, in the Note field of the POC section of the query, this was written: