This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[anti-abuse-wg] A spammer hidden
- Previous message (by thread): [anti-abuse-wg] A spammer hidden
- Next message (by thread): [anti-abuse-wg] Spam under protection. Believe it or not!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
j.j.santanna at utwente.nl
j.j.santanna at utwente.nl
Mon Sep 28 09:36:35 CEST 2015
Hi Peter, If you look at Hurricane Electric (http://bgp.he.net/ip/178.77.237.135#_whois<http://bgp.he.net/ip/178.77.237.135>) you will find the whois pointing to FinalTek.com<http://FinalTek.com> (as the address). Then if you go further and search for "finaltek.com<http://finaltek.com>" (http://bgp.he.net/dns/FinalTek.com), you will find the A-Record: 46.167.245.92 Finally, by checking the last two lines of my traceroute towards 46.167.245.92 look what I found: 11 tachyon.finaltek.net<http://tachyon.finaltek.net> (77.48.106.250) 29.109 ms 29.140 ms 28.922 ms 12 lilu.finaltek.net<http://lilu.finaltek.net> (46.167.245.92) 29.221 ms 29.214 ms 29.210 ms So, maybe this is what are you looking for. Is this helpful? My best regards, Jair On 27 Sep 2015, at 21:09, Arnold <wiegert at telus.net<mailto:wiegert at telus.net>> wrote: On 9/27/2015 10:31 AM, peter h wrote: Please tell us what IP has been spamming, is it 178.77.237.135 ( which happens to be a czech network. My traceroute stops at 77.48.106.250 which seems to be located in UPC Czech Yes, and if you do a lookup on the IP address you would get the following inetnum: 178.77.237.0 - 178.77.237.255 netname: EMAILAG descr: inflr.com.br<http://inflr.com.br/> country: CZ admin-c: ZK896-RIPE tech-c: ZK896-RIPE status: ASSIGNED PA remarks: ********************************************** remarks: * Please send abuse notifications to: * remarks: * abuse at tech.inflr.com*<mailto:abuse at tech.inflr.com*> remarks: ********************************************** mnt-by: SLOANE-MNT created: 2015-07-30T13:35:15Z last-modified: 2015-09-01T07:59:56Z source: RIPE Whether they'll do something about it or not is an open question, but .. Arnold PS: I highly recommend the SPAM reporter wxSR PPS: blowing my own horn just a bit :-) peter h On Sunday 27 September 2015 18.46, Marilson wrote: From: Marilson Sent: Sunday, September 27, 2015 1:16 PM To: abuse at upcbroadband.cz<mailto:abuse at upcbroadband.cz> Cc: abuse at tech.infr.com<mailto:abuse at tech.infr.com> ; lubos_hutar at mirovka.net<mailto:lubos_hutar at mirovka.net> ; abuse at godaddy.com<mailto:abuse at godaddy.com> ; abuse at gmail.com<mailto:abuse at gmail.com> ; anti-abuse-wg at ripe.net<mailto:anti-abuse-wg at ripe.net> ; midmail.co at domainsbyproxy.com<mailto:midmail.co at domainsbyproxy.com> ; descontosurpresa at cupomvip.com<mailto:descontosurpresa at cupomvip.com> Subject: A spammer hidden This domain's registrant is hidden by a domain privacy service. Domain privacy is a service offered by a number of domain name registrars that allows a domain registrant to hide their identity from public domain name records. ISP does not wish to receive reports regarding http://www.descontosurpresa.com.br<http://www.descontosurpresa.com.br/> - no date available. This registrant has two websites - www.descontosurpresa.com.br<http://www.descontosurpresa.com.br/> and www.360midia.com.br<http://www.360midia.com.br/> . All contacts on both websites are fake, don’t work. They are hidden for the illicit practice with the complicity of your ISP and Registar. And no one does anything. Spammers and who sends phishing and virus are hidden... What is the difference between these providers and an armed robber? Well, the thief is not a coward. Marilson HEADER Delivered-To: marilson.mapa at gmail.com<mailto:marilson.mapa at gmail.com> Received: by 10.103.43.68 with SMTP id r65csp367699vsr; Fri, 25 Sep 2015 21:24:11 -0700 (PDT) X-Received: by 10.194.11.37 with SMTP id n5mr10924491wjb.71.1443241451183; Fri, 25 Sep 2015 21:24:11 -0700 (PDT) Return-Path: <bounce-94496-7576400-1676-452 at bouncehandle.mailguess.com><mailto:bounce-94496-7576400-1676-452 at bouncehandle.mailguess.com> Received: from server135.midmail.co<http://server135.midmail.co> (server135.midmail.co<http://server135.midmail.co>. [178.77.237.135]) by mx.google.com<http://mx.google.com> with ESMTP id ke3si3312538wjb.176.2015.09.25.21.24.10 for <marilson.mapa at gmail.com><mailto:marilson.mapa at gmail.com>; Fri, 25 Sep 2015 21:24:11 -0700 (PDT) Received-SPF: pass (google.com<http://google.com>: domain of bounce-94496-7576400-1676-452 at bouncehandle.mailguess.com<mailto:bounce-94496-7576400-1676-452 at bouncehandle.mailguess.com> designates 178.77.237.135 as permitted sender) client-ip=178.77.237.135; Authentication-Results: mx.google.com<http://mx.google.com>; spf=pass (google.com<http://google.com>: domain of bounce-94496-7576400-1676-452 at bouncehandle.mailguess.com<mailto:bounce-94496-7576400-1676-452 at bouncehandle.mailguess.com> designates 178.77.237.135 as permitted sender) smtp.mailfrom=bounce-94496-7576400-1676-452 at bouncehandle.mailguess.com<mailto:smtp.mailfrom=bounce-94496-7576400-1676-452 at bouncehandle.mailguess.com>; dkim=pass [email protected]<mailto:[email protected]>; dmarc=pass (p=QUARANTINE dis=NONE) header.from=cupomvip.com<http://cupomvip.com> DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=Aug217161668357; d=cupomvip.com<http://cupomvip.com>; h=Date:To:From:Reply-to:Subject:Message-ID:List-Unsubscribe:MIME-Version:Content-Type; i=descontosurpresa at cupomvip.com<mailto:i=descontosurpresa at cupomvip.com>; bh=bUIZMSrI79fEcFU9+zU7pOhZ9i8=; b=SvdQSTtSwO8EjXeLqTUdvFtLZLJ/Eakt54cBxzkhFkOmK+/rG9D62YmurBZh4hITpyRsB3jY83BQ 9i6GozG2UOuerdLa66U/C5VZojxd5VXnym4OSXXSPk7d32dFvRnqrMqzPO926gkm846kj0F//Y4k x/1yIK4M/VWCIgA3XKE70xRHudac0MyYfBvGFzF/rfowiuCetgweXMT1QzsNNv2SpVWHNoshA5WW 9cwjWgNdZ74IYqP67+oaQfj2i0hF61vSN5i7HRJXPkNdEU2GJ26mHoeldYnwFWypDQTRWQuoXyrr aip3fOE8S0AanN2eTGWLyAKuVRyaH82gWtYrzA== DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=Aug217161668357; d=cupomvip.com<http://cupomvip.com>; b=kj8pGFQJ6omvtGFrDg9U3wE5qbD9ZexGojF5eZ96Mnc4A0/RRypVVFF/eIpseYbOQ7n+L2fi56Bu xua2PzAHIXDkp5xcsfBXpHwmQKLJIsqx/dBGu+IN7bCzpZnV5J3Cvvr3KXnB7igJbuUFGiGpQlSn myEK3EoTy1SrCYOrh5JknqdtyfJfWQQtDgmzNTneBUzUJcNWSMIy2t4NabY3mOaugyLHe6GHNtdB 9aeSSZTbuKLPd1F+LVAFR9GHo8oFC6ggRe/koSOTJTW2MIU4cLayv4qQLjKC63Co6E22AywprfEh lbC20pXRo5V3rpQ+DyxXKJc7OGSv61mmplU4XA==; Date: Fri, 25 Sep 2015 10:33:52 -0300 Return-Path: bounce-94496-7576400-1676-452 at bouncehandle.mailguess.com<mailto:bounce-94496-7576400-1676-452 at bouncehandle.mailguess.com> To: "marilson.mapa at gmail.com"<mailto:marilson.mapa at gmail.com> <marilson.mapa at gmail.com><mailto:marilson.mapa at gmail.com> From: Desconto Surpresa <descontosurpresa at cupomvip.com><mailto:descontosurpresa at cupomvip.com> Reply-to: Desconto Surpresa <descontosurpresa at cupomvip.com><mailto:descontosurpresa at cupomvip.com> Subject: Regata Calvin Klein - T-Shirt Aleatory - Mochilas Bagaggio e muito mais Message-ID: <861974867edf969a7ae160b4ddc71e41 at localhost.localdomain><mailto:861974867edf969a7ae160b4ddc71e41 at localhost.localdomain> X-Priority: 3 X-Mailer: App2 X-Complaints-To: abuse at mailguess.com<mailto:abuse at mailguess.com> List-Unsubscribe: <http://mailguess.com/u.php?p=14n/rs/tff/s0/14g/rs><http://mailguess.com/u.php?p=14n/rs/tff/s0/14g/rs>, <mailto:fbl at fbl.mailguess.com?subject=unsubscribe:14n-tff-bWFyaWxzb24ubWFwYUBnbWFpbC5jb20%3D-s0-ru-rs><mailto:fbl at fbl.mailguess.com?subject=unsubscribe:14n-tff-bWFyaWxzb24ubWFwYUBnbWFpbC5jb20%3D-s0-ru-rs> X-MessageID: 14n-tff-bWFyaWxzb24ubWFwYUBnbWFpbC5jb20%3D-s0-ru-rs X-Report-Abuse: <http://mailguess.com/report_abuse.php?mid=14n-tff-bWFyaWxzb24ubWFwYUBnbWFpbC5jb20%3D-s0-ru-rs><http://mailguess.com/report_abuse.php?mid=14n-tff-bWFyaWxzb24ubWFwYUBnbWFpbC5jb20%3D-s0-ru-rs> x-dkim-options: s=20150611;d=b.emailag.com.br<http://b.emailag.com.br> X-SMTPAPI: {"unique_args":{"abuse-id":"14n-tff-bWFyaWxzb24ubWFwYUBnbWFpbC5jb20%3D-s0-ru-rs"}, "category":"campaign"} MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_861974867edf969a7ae160b4ddc71e41" TEXT – hiperlink removed – URL: http://<http:/> mailguess.com/<http://mailguess.com/> tl.php?p=14n/14g/rs/tff/s0/rs//http%3A%2F%2Fwww.paguri.com<http://2Fwww.paguri.com>%2Fclient%2Foffer%2F99%3B25%3B119 From: Desconto Surpresa Sent: Friday, September 25, 2015 10:33 AM To: marilson.mapa at gmail.com<mailto:marilson.mapa at gmail.com> Subject: Regata Calvin Klein - T-Shirt Aleatory - Mochilas Bagaggio e muito mais Versão Web REGATA FURINHOS FRENTE PRETO Regata Calvin Klein Jeans feminina na cor preta, decote redondo, detalhe em couro sintético nas laterais, aplicação de silk com logo da marca... VER PREÇO T-Shirt Aleatory Estampada M/C Indigo VER PREÇO Mochila Com Rodas Swisswin Zurique É segura e resistente, feita de material à prova de rasgos e confortável para o transporte, devido ao carrinho embutido e alça telescópica... VER PREÇO clique aqui para descadastrar -- Fight Spam - report it with wxSR 0.7 Vista & Win7 compatible http://www.columbinehoney.net/wxSR.shtml -------------- next part -------------- An HTML attachment was scrubbed... URL: </ripe/mail/archives/anti-abuse-wg/attachments/20150928/bca8f551/attachment.html>
- Previous message (by thread): [anti-abuse-wg] A spammer hidden
- Next message (by thread): [anti-abuse-wg] Spam under protection. Believe it or not!
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]