Hi Kili, thanks for this heads up. Quoting Kili Land <kili.land@gtt.net>:
You can get media from Twilio but be careful - the last time I dealt with them on this I had several calls with them where I requested features be added because at the time (2023) it was all or nothing. You could not have them enable RTP capture on a single test number. This may have changed, but definitely something to keep in mind and get clarity on if you do want media from them. Kili
------------------------- FROM: Jeff Brower via VoiceOps <voiceops@voiceops.org> SENT: Thursday, March 19, 2026 9:35:10 AM TO: Aaron C de Bruyn <aaron@heyaaron.com> CC: voiceops@voiceops.org <voiceops@voiceops.org> SUBJECT: [VoiceOps] Re: Spamming for a week: 463-20X-XXXX Hi Aaron,
Ok thanks. So what they make available from their dashboard is SIP traffic, not media.
-Jeff
Quoting "Aaron C. de Bruyn via VoiceOps" <voiceops@voiceops.org>:
It's available under their Logs -> Calls -> <pick a call> menu. Screenshots:
https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfi...
https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfi... It's just the SIP packets between Twilio and your phone server when you're using their SIP Trunking product. -A
On Wed, Mar 18, 2026 at 9:23 PM Jeff Brower <jbrower@signalogic.com> wrote:
_Hi Aaron,
Is that a Twilio "Voice Trace" pcap you can download ? I thought those were for Twilio support engineer / internal viewing only. Or are the ones you mention called something else ?
-Jeff
Quoting "Aaron C. de Bruyn via VoiceOps" <voiceops@voiceops.org>:_
_I forgot Twilio lets you download PCAPs of calls._ _ _ _I grabbed one at random: P-Asserted-Identity: <sip:+14632018300@206.147.72.38:5060[1]> SIP PAI Address: sip:+14632018300@206.147.72.38:5060[1] SIP PAI User Part: +14632018300 E.164 number (MSISDN): 14632018300 SIP PAI Host Part: 206.147.72.38 SIP PAI Host Port: 5060_ _ _ _-A_
_On Wed, Mar 18, 2026 at 8:44 AM Aaron C. de Bruyn <aaron@heyaaron.com> wrote:_
_I did NOT know that. :)_ _I'm not a telco or service provider. Just part of a company that's unfortunate enough to help a handful of customers manage their own internal Asterisk or FreePBX systems._ _ _ _Most of my customers use Twilio upstream. I don't think Twilio logs that header, and I don't see anything like it in the Asterisk logs. (Not sure if it even gets passed to us or if it just doesn't logs it.)_ _ _ _-A_
_On Wed, Mar 18, 2026 at 8:36 AM Mark R Lindsey <lindsey@e-c-group.com> wrote:_
_So...did you get any Identity headers? A traceback with ITG, or maybe an Identity header, is your only hope for tracing the origin._ _ _ _I'm including the below, not to say that you, Aaron, don't know this, but just in case it's valuable to anyone else reading:_ _ _ _In the case of your first number, it belongs to a thousand block assigned initially to Bandwidth.com[2]...but that's not even meaningful for routing a call to them today. You'd have to do an LRN lookup to find out how to deliver a call back to the legitimate owner of this number._ _ _ _I did an LRN lookup for that first one, and it's currently ported to Onvoy, one of the brands of Sinch. But again, that only tells us how to get a call TO that legitimate owner._ _ _ _What you want to know is how they're sending calls to you. And if you're getting an Identity header it would be at least interesting._ _ _ _Failing that, you can file a report with the Industry Traceback Group to report illegal calls: _
> _https://tracebacks.org/traceback-requests/_
_MARK R LINDSEY | +1-229-316-0013 | MRL@ECG.CO | LINKEDIN[3]_ _ _
_ _
> _On Mar 18, 2026, at 11:22, Aaron C. de Bruyn via VoiceOps > <voiceops@voiceops.org> wrote:_ > > _A > bunch of numbers out of Indiana have been spamming my > customers for about a week._ > _ _ > _Most are automated recordings about how > your Google business listing is wrong and needs to be fixed so > customers can find you. Sometimes it's a human prefixed by > the telltale "BWOOP" sound._ > _ _ > _+14632000068 - BANDWIDTH.COM[4] CLEC LLC IN > +14632001925 - BANDWIDTH.COM[4] CLEC LLC IN > +14632004002 - BANDWIDTH.COM[4] CLEC LLC IN > +14632005772 - BANDWIDTH.COM[4] CLEC LLC IN > +14632006038 - BANDWIDTH.COM[4] CLEC LLC IN > +14632006422 - BANDWIDTH.COM[4] CLEC LLC IN > +14632006730 - BANDWIDTH.COM[4] CLEC LLC IN > +14632009587 - BANDWIDTH.COM[4] CLEC LLC IN > +14632018300 - BHN IP ENABLED SERVICES LLC > +14632018413 - BHN IP ENABLED SERVICES LLC > +14632018586 - BHN IP ENABLED SERVICES LLC > +14632018682 - BHN IP ENABLED SERVICES LLC > +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) > +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) > +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) > +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) > +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) > +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) > +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) > +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) > +14632030946 - METROPCS INC (T-Mobile US)_ > _ _ > _Kinda hard to believe the big boys > haven't caught this abuse of their network yet._ > _ _ > _I tried reporting the numbers to > bandwidth.com[4] (as ID'd by telcodata.us[5]), but their form > only allows for a single entry at a time, and it says most of > the numbers don't belong to them. Either their form is broken > or telcodata.us[5] is out of date._ > _ _ > _I can't find a reporting for > Level3/Lumen. They seem to be geared towards "I'm a customer > and need help figuring out the star code to block calls"._ > _ _ > _-A_ > > ________________________________________________ > VoiceOps mailing list -- VoiceOps@voiceops.org > https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ > To unsubscribe send an email to voiceops-leave@voiceops.org[6]_
Links: ------ [1] http://sip:+14632018300@206.147.72.38:5060 [2] http://Bandwidth.com [3] https://www.linkedin.com/in/markrlindsey/ [4] http://bandwidth.com/ [5] http://telcodata.us/ [6] mailto:voiceops-leave@voiceops.org