vindicator Posted March 28, 2017 Posted March 28, 2017 Again, I'm pretty new to reporting, but was shocked to find the sender 23.170.165.40 to be an ARIN-owned IP, which may be why SC gives "No reporting addresses found". But the POC IS found if searched (maybe this message should be in the sublisting): https://whois.arin.net/rest/net/NET-23-0-0-0-0/pft?s=23.170.165.40 https://whois.arin.net/rest/poc/ARIN-HOSTMASTER.html I REALLY find the timing of this email to be suspect considering I contacted them earlier today (though their reply came from a 199.43* address): (man, I like how this forum works, much like github)
Lking Posted March 28, 2017 Posted March 28, 2017 It would be helpful if you could provide a Tracking URL for examples of spam you are referencing. Take a look at to see an example of what a Tracking URL (third line, long blue link) can be found. You should Cut&past the Tracking URL into you post so that everyone can see the original spam, what the parser did, and thus better understand you question.
vindicator Posted March 28, 2017 Author Posted March 28, 2017 https://www.spamcop.net/sc?id=z6365977357z8a69e9ff1345099192b9ce1d3523e8b9z EDIT (Sanitizing): You'll note that I sanitize anything that looks like it may link to me. I know of one way I don't sanitize that MAY still be used to identify me, but I won't mention it (no one knows who may be lurking).
vindicator Posted March 28, 2017 Author Posted March 28, 2017 Based on my new thread in the subtopic regarding an APNIC address, I tried running whois in linux for the IP address I mention in my OP. Interestingly, it came back that no match was found which is bizarre enough in it's own right. I don't even know what to think of that. When I used the -B and -a flags, I got more information, but still nothing usable: $ whois -B -a 23.170.165.40 % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Information related to '23.0.0.0 - 23.252.65.255' % No abuse contact registered for 23.0.0.0 - 23.252.65.255 inetnum: 23.0.0.0 - 23.252.65.255 netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: You can find the whois server to query, or the remarks: IANA registry to query on this web page: remarks: http://www.iana.org/assignments/ipv4-address-space remarks: remarks: You can access databases of other RIRs at: remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.nett remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: IANA IPV4 Recovered Address Space remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT mnt-lower: RIPE-NCC-HM-MNT mnt-routes: RIPE-NCC-RPSL-MNT created: 2016-04-14T14:35:56Z last-modified: 2016-04-14T14:35:56Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. e-mail: bitbucket@ripe.net admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE % Information related to '23.170.128.0/18AS24091' route: 23.170.128.0/18 origin: AS24091 mnt-by: MAINT-MGR-RIPE created: 2017-03-08T14:30:56Z last-modified: 2017-03-08T14:30:56Z source: RIPE % This query was served by the RIPE Database Query Service version 1.88 (WAGYU)
Lking Posted March 28, 2017 Posted March 28, 2017 There does seem to be an ongoing difference between the obligations domain name registrars have to ICANN (and the rest of the www) and how those obligations are executed/enforced. For more on this see KnujOn
vindicator Posted March 29, 2017 Author Posted March 29, 2017 I had forgotten about that whole pharmacy deal. Feels like it was even longer ago than that to me. I did get a reply from ARIN regarding the unattached IP spam: Quote If an Organization fails to pay their invoice, their IP ranges are revoked and from Whois standpoint, are returned to ARIN. Generally, these IP addresses on in a limbo state while between organizations. However, sometimes Organizations will fail to pay their invoice, have their resources removed and continue announcing them (or, unfortunately spamming). Since you've submitted a Whois Inaccuracy Report, a member of our team that reviews those requests will be in touch with you. But I have not yet heard back about the inaccuracy report. I had just gotten another spam from that range 23.175.189.83. It's disheartening to find that they still have the ability to continue using the IPs. There needs to be another cut-off method that involves whatever pipe they use. I should probably look more into how these addresses get used and piped out. It's like now that I know that range is (unattached?), that I could start broadcasting ownership of them. Or for that matter, any range. I'd have to see how the routing all plays into it. I tried tracing it from 2 locations and ended up in the void.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.