Jimemac Posted May 5, 2004 Share Posted May 5, 2004 I have reported several spam's coming from the IP address 66.249.111.124. Spamcop's information is the following.... Tracking message source: 66.249.111.124: Routing details for 66.249.111.124 De-referencing cais.net[at]abuse.net abuse net cais.net = abuse[at]cais.com, abuse[at]pccwbtn.com Report routing for 66.249.111.124: abuse[at]cais.com, abuse[at]pccwbtn.com 66.249.111.124 not listed in dnsbl.njabl.org 66.249.111.124 not listed in dnsbl.njabl.org 66.249.111.124 listed in cbl.abuseat.org ( 127.0.0.2 ) 66.249.111.124 is an open proxy 66.249.111.124 not listed in query.bondedsender.org 66.249.111.124 not listed in iadb.isipp.com However the info I get from whois.arin.net is this..... Search results for: ! NET-66-249-108-0-1 OrgName: Lightwave Transit, Inc. OrgID: LIGHT-16 Address: 3838 Raymert Dr. Ste 3 City: Las Vegas StateProv: NV PostalCode: 89121 Country: US NetRange: 66.249.108.0 - 66.249.111.255 CIDR: 66.249.108.0/22 NetName: LIGHTWAVE-TRANIT-BLK2 NetHandle: NET-66-249-108-0-1 Parent: NET-66-249-96-0-1 NetType: Reallocated NameServer: NS1.LWTHOSTING.COM NameServer: NS2.LWTHOSTING.COM Comment: RegDate: 2004-03-17 Updated: 2004-03-17 AbuseHandle: ABUSE523-ARIN AbuseName: ABUSE AbusePhone: +1-360-323-0727 AbuseEmail: abuse[at]lwthosting.com OrgTechHandle: ABUSE523-ARIN OrgTechName: ABUSE OrgTechPhone: +1-360-323-0727 OrgTechEmail: abuse[at]lwthosting.com # ARIN WHOIS database, last updated 2004-05-04 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. Normally when I notice that Spamcop has the wrong or outdated information I click the refresh/show link and Spamcop refreshes it's information. In this case the link isn't available. How do I get the report sent to the correct location? Thanks for you help all... Jimemac Link to comment Share on other sites More sharing options...
Farelf Posted May 6, 2004 Share Posted May 6, 2004 Hi Jimemac, You say you don't have the link(s) to your report(s). If you have deleted the spam as well, it's probably a case of "next time" (original reports buried in the 16-18 million submitted + "X" cancellations filed every week). Otherwise the usual advice would be to send a "manual" report to (in this case) abuse[at]lwthosting.com (one you do yourself, more or less based on the one SpamCop would send, if it had the correct abuse address). If you have concerns about the abuse handler passing your message to the spammer for more of the same you would probably want to munge your contact details in the example(s) you might send and use a "throwaway" email address from which to send, such as one from HotMail or Yahoo. Seems like a lot of effort in that event, but I replicated your results just now so it looks like SpamCop is not yet catching up with the change and may not do so before the spam gets too old to process your reports. Hope this helps. Well spotted, by the way. Link to comment Share on other sites More sharing options...
Ellen Posted May 6, 2004 Share Posted May 6, 2004 I have reported several spam's coming from the IP address 66.249.111.124. Spamcop's information is the following.... Tracking message source: 66.249.111.124: Routing details for 66.249.111.124 De-referencing cais.net[at]abuse.net abuse net cais.net = abuse[at]cais.com, abuse[at]pccwbtn.com Report routing for 66.249.111.124: abuse[at]cais.com, abuse[at]pccwbtn.com 66.249.111.124 not listed in dnsbl.njabl.org 66.249.111.124 not listed in dnsbl.njabl.org 66.249.111.124 listed in cbl.abuseat.org ( 127.0.0.2 ) 66.249.111.124 is an open proxy 66.249.111.124 not listed in query.bondedsender.org 66.249.111.124 not listed in iadb.isipp.com However the info I get from whois.arin.net is this..... Search results for: ! NET-66-249-108-0-1 OrgName: Lightwave Transit, Inc. OrgID: LIGHT-16 Address: 3838 Raymert Dr. Ste 3 City: Las Vegas StateProv: NV PostalCode: 89121 Country: US NetRange: 66.249.108.0 - 66.249.111.255 CIDR: 66.249.108.0/22 NetName: LIGHTWAVE-TRANIT-BLK2 NetHandle: NET-66-249-108-0-1 Parent: NET-66-249-96-0-1 NetType: Reallocated NameServer: NS1.LWTHOSTING.COM NameServer: NS2.LWTHOSTING.COM Comment: RegDate: 2004-03-17 Updated: 2004-03-17 AbuseHandle: ABUSE523-ARIN AbuseName: ABUSE AbusePhone: +1-360-323-0727 AbuseEmail: abuse[at]lwthosting.com OrgTechHandle: ABUSE523-ARIN OrgTechName: ABUSE OrgTechPhone: +1-360-323-0727 OrgTechEmail: abuse[at]lwthosting.com # ARIN WHOIS database, last updated 2004-05-04 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. Normally when I notice that Spamcop has the wrong or outdated information I click the refresh/show link and Spamcop refreshes it's information. In this case the link isn't available. How do I get the report sent to the correct location? Thanks for you help all... Jimemac We have a manual override in for that netblock -- it's listed in sbl and roskso and has transit thru : BGP routing table entry for 66.249.111.0/24, version 11418942 Paths: (47 available, best #24, table Default-IP-Routing-Table) Not advertised to any peer 1668 3491 32121 32104 32104: lightwave - routes 2 /24's 32121: ccgnet 3419: cais So we have set reports to go upstream. If you want to report to the rokso/sbl'ed entity you will have to do it manually or use the feature for adding additional addresses. Link to comment Share on other sites More sharing options...
Jimemac Posted May 6, 2004 Author Share Posted May 6, 2004 Awesome, thanks Ellen that explains a lot. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.