Jump to content

Refreshing Spamcop's IP cache


Recommended Posts

I have reported several spam's coming from the IP address 66.249.111.124. Spamcop's information is the following....

Tracking message source: 66.249.111.124:

Routing details for 66.249.111.124

De-referencing cais.net[at]abuse.net

abuse net cais.net = abuse[at]cais.com, abuse[at]pccwbtn.com

Report routing for 66.249.111.124: abuse[at]cais.com, abuse[at]pccwbtn.com

66.249.111.124 not listed in dnsbl.njabl.org

66.249.111.124 not listed in dnsbl.njabl.org

66.249.111.124 listed in cbl.abuseat.org ( 127.0.0.2 )

66.249.111.124 is an open proxy

66.249.111.124 not listed in query.bondedsender.org

66.249.111.124 not listed in iadb.isipp.com

However the info I get from whois.arin.net is this.....

Search results for: ! NET-66-249-108-0-1

OrgName: Lightwave Transit, Inc.

OrgID: LIGHT-16

Address: 3838 Raymert Dr. Ste 3

City: Las Vegas

StateProv: NV

PostalCode: 89121

Country: US

NetRange: 66.249.108.0 - 66.249.111.255

CIDR: 66.249.108.0/22

NetName: LIGHTWAVE-TRANIT-BLK2

NetHandle: NET-66-249-108-0-1

Parent: NET-66-249-96-0-1

NetType: Reallocated

NameServer: NS1.LWTHOSTING.COM

NameServer: NS2.LWTHOSTING.COM

Comment:

RegDate: 2004-03-17

Updated: 2004-03-17

AbuseHandle: ABUSE523-ARIN

AbuseName: ABUSE

AbusePhone: +1-360-323-0727

AbuseEmail: abuse[at]lwthosting.com

OrgTechHandle: ABUSE523-ARIN

OrgTechName: ABUSE

OrgTechPhone: +1-360-323-0727

OrgTechEmail: abuse[at]lwthosting.com

# ARIN WHOIS database, last updated 2004-05-04 19:15

# Enter ? for additional hints on searching ARIN's WHOIS database.

Normally when I notice that Spamcop has the wrong or outdated information I click the refresh/show link and Spamcop refreshes it's information. In this case the link isn't available. How do I get the report sent to the correct location?

Thanks for you help all...

Jimemac

Link to comment
Share on other sites

Hi Jimemac,

You say you don't have the link(s) to your report(s). If you have deleted the spam as well, it's probably a case of "next time" (original reports buried in the 16-18 million submitted + "X" cancellations filed every week).

Otherwise the usual advice would be to send a "manual" report to (in this case) abuse[at]lwthosting.com (one you do yourself, more or less based on the one SpamCop would send, if it had the correct abuse address). If you have concerns about the abuse handler passing your message to the spammer for more of the same you would probably want to munge your contact details in the example(s) you might send and use a "throwaway" email address from which to send, such as one from HotMail or Yahoo.

Seems like a lot of effort in that event, but I replicated your results just now so it looks like SpamCop is not yet catching up with the change and may not do so before the spam gets too old to process your reports.

Hope this helps. Well spotted, by the way.

Link to comment
Share on other sites

I have reported several spam's coming from the IP address 66.249.111.124.  Spamcop's information is the following....

Tracking message source: 66.249.111.124:

Routing details for 66.249.111.124

De-referencing cais.net[at]abuse.net

abuse net cais.net = abuse[at]cais.com, abuse[at]pccwbtn.com

Report routing for 66.249.111.124: abuse[at]cais.com, abuse[at]pccwbtn.com

66.249.111.124 not listed in dnsbl.njabl.org

66.249.111.124 not listed in dnsbl.njabl.org

66.249.111.124 listed in cbl.abuseat.org ( 127.0.0.2 )

66.249.111.124 is an open proxy

66.249.111.124 not listed in query.bondedsender.org

66.249.111.124 not listed in iadb.isipp.com

However the info I get from whois.arin.net is this.....

Search results for: ! NET-66-249-108-0-1

OrgName:    Lightwave Transit, Inc.

OrgID:      LIGHT-16

Address:    3838 Raymert Dr. Ste 3

City:    Las Vegas

StateProv:  NV

PostalCode: 89121

Country:    US

NetRange: 66.249.108.0 - 66.249.111.255

CIDR:    66.249.108.0/22

NetName:    LIGHTWAVE-TRANIT-BLK2

NetHandle:  NET-66-249-108-0-1

Parent:  NET-66-249-96-0-1

NetType:    Reallocated

NameServer: NS1.LWTHOSTING.COM

NameServer: NS2.LWTHOSTING.COM

Comment:

RegDate:    2004-03-17

Updated:    2004-03-17

AbuseHandle: ABUSE523-ARIN

AbuseName: ABUSE

AbusePhone:  +1-360-323-0727

AbuseEmail:  abuse[at]lwthosting.com

OrgTechHandle: ABUSE523-ARIN

OrgTechName: ABUSE

OrgTechPhone:  +1-360-323-0727

OrgTechEmail:  abuse[at]lwthosting.com

# ARIN WHOIS database, last updated 2004-05-04 19:15

# Enter ? for additional hints on searching ARIN's WHOIS database.

Normally when I notice that Spamcop has the wrong or outdated information I click the refresh/show link and Spamcop refreshes it's information.  In this case the link isn't available.  How do I get the report sent to the correct location?

Thanks for you help all...

Jimemac

We have a manual override in for that netblock -- it's listed in sbl and roskso and has transit thru :

BGP routing table entry for 66.249.111.0/24, version 11418942

Paths: (47 available, best #24, table Default-IP-Routing-Table)

Not advertised to any peer

1668 3491 32121 32104

32104: lightwave - routes 2 /24's

32121: ccgnet

3419: cais

So we have set reports to go upstream. If you want to report to the rokso/sbl'ed entity you will have to do it manually or use the feature for adding additional addresses.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...