Jump to content
Sign in to follow this  
Followers 0
Snowbat

20.73.0.72 - "Using rdns to route to correct Microsoft department" but reports go to the spammer

By Snowbat, in Routing / Report Address Issues

Recommended Posts

Snowbat    0

Snowbat
Posted (edited)
20.33.0.0 - 20.128.255.255 is Microsoft but SpamCop reports 20.73.0.72 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers.
 
 

Routing details for 20.73.0.72
[refresh/show] Cached whois for 20.73.0.72 : abuse@microsoft.com
Using best contacts abuse@microsoft.com
Using rdns to route to correct Microsoft department
host 20.73.0.72 = vi44.viv0digital.com. (cached)
abuse net viv0digital.com = postmaster@viv0digital.com

In this case, the spammer is sending "invoice reminders" purporting to be from Brazilian carrier Vivo with "download/print" link that redirects to a java scri_pt-wrapped malware download.

Edited by Snowbat

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Routing / Report Address Issues
×