Jump to content

Recieved it again this AM Netrouting Says spam will cease


w7psk
 Share

Recommended Posts

I thought this was resolved yesterday?

Parsing header:

0: Received: from btinternet2012.info (clickedmedia.mobi [178.239.54.201]) by mx.perfora.net (node=mxus3) with ESMTP (Nemesis) id 0MLNla-1TOg7b0k5K-0013TG for x; Tue, 16 Oct 2012 10:30:06 -0400

No unique hostname found for source: 178.239.54.201

1&1 received mail from sending system 178.239.54.201

Tracking message source: 178.239.54.201:

Routing details for 178.239.54.201

Report routing for 178.239.54.201: abuse[at]netrouting.com

ISP has indicated spam will cease; ISP resolved this issue sometime after Tuesday, October 16, 2012 6:58:38 AM -0700

Message is 22 hours old

Link to comment
Share on other sites

Different IP address (resolutions are by IP address, not ISP), same problem ["This IP is infected (or NATting for a computer that is infected) with a spambot we have not yet been able to identify. For the time being we refer to it as the unknown1501 spambot." according to CBL].

But they're given a little leeway on timing with SC, possibly a shade too early to call a foul on this one, on the basis of the data supplied - received stamp is just 31½ minutes after the 'sometime after' nomination:

Received: ... Tue, 16 Oct 2012 10:30:06 -0400 (fairly much the same as the last CBL sighting)

... resolved ... sometime after Tuesday, October 16, 2012 6:58:38 AM -0700

Of course there should be nothing further from 178.239.54.201 if netrouting.com really have sorted it out. You would have to wonder though - seems like they may not have actual control. Or whether any "ISP resolved this issue" from this source is bogus. Time - and if CBL refuse to delist them any more - will tell.

Other indications of spamfulness:

178.239.54.192 - 178.239.54.223 (178.239.54.192/27) is Tomora Studio, LLC - domains autotisingen.net, clickedmedia.mobi and wynnertise.me and you have seen spam from at least two of those - but they're all the same group (by behavior - registrars "WhoisGuard Protected" of course). Looking at SenderBase:

http://www.senderbase.org/senderbase_queries/detailip?search_string=178.239.54.192%2F27

(=http://www.senderbase.org/senderbase_queries/searchorg?search_string=Tomora+Studio%2C+LLC)

- that whole range looks just horrible.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...