[SpamCop.net - protecting the internet through technology]

[SpamCop-List] SpamCop can't find the WhoIs data for this spammer ...

George Langford, Sc.D. amenex at amenex.com
Wed Aug 10 22:27:38 EDT 2005 

Here's the SpamCop tracker:
http://www.spamcop.net/sc?id=z795033362za709250ce1effda85e5adebc4640c621z

I've received a bunch of these recently.  
It'd be nice to shut 'em down.

And here's what the QuickReport said, in part:
> whois 204.124.240.254 at whois.arin.net ... nothing found
> host 204.124.240.254 ... no name

And so SpamCop devnulled the report[s] ...

On the other hand, EasyWhoIs on 204.124.240.254 gives:
... snippage ...
> NetRange:   204.124.240.0 - 204.124.243.255 
> CIDR:       204.124.240.0/22 
> NetName:    MBFLAWFIRM
> NetHandle:  NET-204-124-240-0-1
> Parent:     NET-204-0-0-0-0
> NetType:    Direct Assignment
> NameServer: NS1.INC.NET
> NameServer: INS1.TOSA.TWTELECOM.NET

What's a law firm doing with 1000+ servers ?

CompleteWhoIs gets for NS1.INC.NET:

>  [DOMAIN whois information for NS1.INC.NET ]
>  Domain Name: INC.NET
>  Namespace: ICANN Unsponsored Generic TLD - http://www.icann.org
>  TLD Info: See IANA Whois - http://www.iana.org/root-whois/net.htm
>  Registry: VeriSign, Inc. - http://www.verisign-grs.com
>  Registrar: NETWORK SOLUTIONS, LLC. - http://www.networksolutions.com
>  Whois Server: whois.networksolutions.com
>  Name Server[whois+dns with ip] DNSAUTH1.SYS.GTEI.NET 4.2.49.2
>  Name Server[whois+dns with ip] DNSAUTH2.SYS.GTEI.NET 4.2.49.3
>  Name Server[whois+dns with ip] DNSAUTH3.SYS.GTEI.NET 4.2.49.4

That's clearly a blind alley.

But for INS1.TOSA.TWTELECOM.NET, CompleteWhoIs gets:

>  [DOMAIN whois information for INS1.TOSA.TWTELECOM.NET ]
>  Domain Name: TWTELECOM.NET
>  Namespace: ICANN Unsponsored Generic TLD - http://www.icann.org
>  TLD Info: See IANA Whois - http://www.iana.org/root-whois/net.htm
>  Registry: VeriSign, Inc. - http://www.verisign-grs.com
>  Registrar: NETWORK SOLUTIONS, LLC. - http://www.networksolutions.com
>  Whois Server: whois.networksolutions.com
>  Name Server[whois+dns with ip] NS1.MILW.TWTELECOM.NET 216.136.95.2
>  Name Server[whois+dns with ip] NS1.IPLT.TWTELECOM.NET 64.132.94.250
>  Name Server[whois+dns with ip] NS1.SNAN.TWTELECOM.NET 168.215.165.186
>  Name Server[whois+dns with ip] NS1.ORNG.TWTELECOM.NET 168.215.210.50

And ReverseDNS gets:
> IP Address 204.124.240.0 resolves to: 204-124-240-0.gen.twtelecom.net

So the connection is apparent, even though ReverseDNS on 204.124.240.254
fails to resolve.

Looks like the problem is incomplete WhoIs records for the NetRange:   
204.124.240.0 - 204.124.243.255

Have I got this right ?  Has EasyWhoIs got a leg up on CompleteWhoIs ?
And is the correct abuse addy: abuse at twtelecom.net ?

More information about the SpamCop-List mailing list