On Mar 18, 2026, at 11:37 AM, Aaron C. de Bruyn <aaron@heyaaron.com> wrote:

I wish my upstream (Twilio) had a big "Flag as Spam" button or API call that would send all the relevant info to whomever needs to know.

E-mail sorta has spam reporting handled, but Voice/SMS doesn't appear to have that sorted out yet.

I have been receiving the "tax resolution center" / "loan determination" / "debt consolidation" scam calls, many of them from TFNs, for close to a year at this point. They often overwhelm my phone, sometimes several come in at the same time from different DIDs, and they often interrupt other tasks or calls. I don't know what to do about it other than change my number (TMO), which I'm unwilling to do with how much 2FA and business stuff is tied to it. Turning on the iOS "ignore calls from unfamiliar numbers" is also totally not an option because I get lots of legitimate calls from unfamiliar numbers. It's really, really, really bad. I seem to have been singled out for an exceptional volume of these. I have on occasion pressed '2' on their IVR to speak to an "agent". The transfers are instant with no hold time. 100% of "agents" have been Indian. -- Alex -- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800

I don't want to block, I want their skies to darken with fireballs of legal consequences.

On Mar 18, 2026, at 12:21 PM, Calvin E. <calvine@gmail.com> wrote:

Shameless plug: for mobile devices, consider YouMail. If the ANI are already known, the free version should do a decent job of blocking them. For spoofed/one-and-done campaigns, the better option is the paid version with the captcha for non-contacts.

On Wed, Mar 18, 2026 at 9:19 AM Alex Balashov via VoiceOps <voiceops@voiceops.org> wrote:

...

On Mar 18, 2026, at 11:37 AM, Aaron C. de Bruyn <aaron@heyaaron.com> wrote:

I wish my upstream (Twilio) had a big "Flag as Spam" button or API call that would send all the relevant info to whomever needs to know.

E-mail sorta has spam reporting handled, but Voice/SMS doesn't appear to have that sorted out yet.

I have been receiving the "tax resolution center" / "loan determination" / "debt consolidation" scam calls, many of them from TFNs, for close to a year at this point. They often overwhelm my phone, sometimes several come in at the same time from different DIDs, and they often interrupt other tasks or calls.

I don't know what to do about it other than change my number (TMO), which I'm unwilling to do with how much 2FA and business stuff is tied to it. Turning on the iOS "ignore calls from unfamiliar numbers" is also totally not an option because I get lots of legitimate calls from unfamiliar numbers. It's really, really, really bad. I seem to have been singled out for an exceptional volume of these.

I have on occasion pressed '2' on their IVR to speak to an "agent". The transfers are instant with no hold time. 100% of "agents" have been Indian.

-- Alex

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800

_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800

It's always fun when they call one of our unpublished test numbers and one of the CO techs decides to stay on the line to talk to an agent and have some fun* with them. * Legal, legitimate fun -- ie: informing them that the call is being recorded for security and training purposes, quizzing them on how they got the number, etc. On Wed, Mar 18, 2026 at 12:28 PM Alex Balashov via VoiceOps <voiceops@voiceops.org> wrote:

...

On Mar 18, 2026, at 11:37 AM, Aaron C. de Bruyn <aaron@heyaaron.com> wrote:

I wish my upstream (Twilio) had a big "Flag as Spam" button or API call that would send all the relevant info to whomever needs to know.

E-mail sorta has spam reporting handled, but Voice/SMS doesn't appear to have that sorted out yet.

I have been receiving the "tax resolution center" / "loan determination" / "debt consolidation" scam calls, many of them from TFNs, for close to a year at this point. They often overwhelm my phone, sometimes several come in at the same time from different DIDs, and they often interrupt other tasks or calls.

I don't know what to do about it other than change my number (TMO), which I'm unwilling to do with how much 2FA and business stuff is tied to it. Turning on the iOS "ignore calls from unfamiliar numbers" is also totally not an option because I get lots of legitimate calls from unfamiliar numbers. It's really, really, really bad. I seem to have been singled out for an exceptional volume of these.

I have on occasion pressed '2' on their IVR to speak to an "agent". The transfers are instant with no hold time. 100% of "agents" have been Indian.

-- Alex

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800

_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org

On 2026-03-18 11:34, Shawn L via VoiceOps wrote:

It's always fun when they call one of our unpublished test numbers and one of the CO techs decides to stay on the line to talk to an agent and have some fun* with them.

* Legal, legitimate fun -- ie: informing them that the call is being recorded for security and training purposes, quizzing them on how they got the number, etc.

I look up the call while I'm talking to them to see which trunk it came in on and to review the Identity header. In at least one instance, I had a traceback request completely filled out before the call was over. Just needed to end the call to download the audio file. "So gift cards from the Walmart should work?" "Yes." "And just to be clear, you work for the US government, with the IRS?" "Yes." "Perfect. That should be everything I need to complete this traceback form. You do realize you called a telephone company, right?"

Never give any company your cell number. Just don’t. I’ve tracked this, I generate new numbers for many common needs, such as recently, refinancing a loan. The amount of garbage suddenly sent to that new number is unreal. It was a number we’ve had for nearly ten years unused, clean. I have one generic personal number that I use for companies. It just goes to VM. I can’t picture what company needs to talk to me NOW instead of leaving a message. Funny story: An Indian-run dry cleaner, and Indian-run store have actually been offended by this. They said they would text me, and I said they can’t because it’s a landline. The dry cleaner in particular was super perturbed that she “can’t send me coupons and reminders to get things cleaned” and then more pissed when I said those are ads I don’t want. The c-store nearly told me to just get out. WTF. On Mar 18, 2026 at 8:40:47 AM, Alex Balashov via VoiceOps < voiceops@voiceops.org> wrote:

On Mar 18, 2026, at 11:37 AM, Aaron C. de Bruyn <aaron@heyaaron.com> wrote:

I wish my upstream (Twilio) had a big "Flag as Spam" button or API call that would send all the relevant info to whomever needs to know.

E-mail sorta has spam reporting handled, but Voice/SMS doesn't appear to have that sorted out yet.

I have been receiving the "tax resolution center" / "loan determination" / "debt consolidation" scam calls, many of them from TFNs, for close to a year at this point. They often overwhelm my phone, sometimes several come in at the same time from different DIDs, and they often interrupt other tasks or calls.

I don't know what to do about it other than change my number (TMO), which I'm unwilling to do with how much 2FA and business stuff is tied to it. Turning on the iOS "ignore calls from unfamiliar numbers" is also totally not an option because I get lots of legitimate calls from unfamiliar numbers. It's really, really, really bad. I seem to have been singled out for an exceptional volume of these.

I have on occasion pressed '2' on their IVR to speak to an "agent". The transfers are instant with no hold time. 100% of "agents" have been Indian.

-- Alex

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800

_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org

The calls I am receiving are of a different nature than the ones Aaron is complaining about. On the rare occasion I've called back one of the hundreds or thousands of numbers that have called me with the particular scam I'm referencing, they seem to go to the intended scam entity, and proffer the same scam IVR, offering transfers to the same scam agents.

On Mar 18, 2026, at 11:51 AM, Calvin E. <calvine@gmail.com> wrote:

My employer is interested in unassigned numbers receiving calls. Contact me off list if you're able to forward this traffic to us. We work directly with the ITG and other law enforcement agencies.

On Wed, Mar 18, 2026 at 8:42 AM Alex Balashov via VoiceOps <voiceops@voiceops.org> wrote: Hi,

If it helps, here are the actual LRNs for these numbers:

LRN SPID OCN LATA CITY STATE JURISDICTION LEC LINE TYPE DNC 13176444993 505B 097D 336 INDIANAPOLIS IN INDETERMINATE ONVOY, LLC - IN LANDLINE 14636343505 505B 097D 336 IN INDETERMINATE ONVOY, LLC - IN LANDLINE 13175501347 979E 105F 336 INDIANAPOLIS IN INDETERMINATE BANDWIDTH.COM CLEC, LLC - IN LANDLINE 13175501347 979E 105F 336 INDIANAPOLIS IN INDETERMINATE BANDWIDTH.COM CLEC, LLC - IN LANDLINE 13175501347 979E 105F 336 INDIANAPOLIS IN INDETERMINATE BANDWIDTH.COM CLEC, LLC - IN LANDLINE 17652970948 979E 105F 336 CLARKS HILL IN INDETERMINATE BANDWIDTH.COM CLEC, LLC - IN LANDLINE 13176444993 505B 097D 336 INDIANAPOLIS IN INDETERMINATE ONVOY, LLC - IN LANDLINE 17652970948 979E 105F 336 CLARKS HILL IN INDETERMINATE BANDWIDTH.COM CLEC, LLC - IN LANDLINE 13176024999 927D 338E 336 INDIANAPOLIS IN INDETERMINATE BRIGHT HOUSE NTWS INFORMATION SVCS (INDIANA) - IN LANDLINE 13176024999 927D 338E 336 INDIANAPOLIS IN INDETERMINATE BRIGHT HOUSE NTWS INFORMATION SVCS (INDIANA) - IN LANDLINE 13176024999 927D 338E 336 INDIANAPOLIS IN INDETERMINATE BRIGHT HOUSE NTWS INFORMATION SVCS (INDIANA) - IN LANDLINE 13176024999 927D 338E 336 INDIANAPOLIS IN INDETERMINATE BRIGHT HOUSE NTWS INFORMATION SVCS (INDIANA) - IN LANDLINE 17657056199 8824 4803 336 ALEXANDRIA IN INDETERMINATE LEVEL 3 COMMUNICATIONS, LLC - IN LANDLINE 17657056199 8824 4803 336 ALEXANDRIA IN INDETERMINATE LEVEL 3 COMMUNICATIONS, LLC - IN LANDLINE 17657056199 8824 4803 336 ALEXANDRIA IN INDETERMINATE LEVEL 3 COMMUNICATIONS, LLC - IN LANDLINE 17657056199 8824 4803 336 ALEXANDRIA IN INDETERMINATE LEVEL 3 COMMUNICATIONS, LLC - IN LANDLINE 17657056199 8824 4803 336 ALEXANDRIA IN INDETERMINATE LEVEL 3 COMMUNICATIONS, LLC - IN LANDLINE 17657056199 8824 4803 336 ALEXANDRIA IN INDETERMINATE LEVEL 3 COMMUNICATIONS, LLC - IN LANDLINE 17657056199 8824 4803 336 ALEXANDRIA IN INDETERMINATE LEVEL 3 COMMUNICATIONS, LLC - IN LANDLINE 17657056199 8824 4803 336 ALEXANDRIA IN INDETERMINATE LEVEL 3 COMMUNICATIONS, LLC - IN LANDLINE 13176444993 505B 097D 336 INDIANAPOLIS IN INDETERMINATE ONVOY, LLC - IN LANDLINE

FWIW, I've been getting one of these from more local numbers to me (Georgia) every day for the last 3 months.

I also get about 10 calls a day on my mobile from the "loan approval dept" / "tax resolution centre" / "underwriting dept" / "determination office" from all manner of random national DIDs and have absolutely no idea what to do about it. I report them all as spam, but it's a new number every time.

-- Alex

...

On Mar 18, 2026, at 11:22 AM, Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> wrote:

A bunch of numbers out of Indiana have been spamming my customers for about a week.

Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound.

+14632000068 - BANDWIDTH.COM CLEC LLC IN +14632001925 - BANDWIDTH.COM CLEC LLC IN +14632004002 - BANDWIDTH.COM CLEC LLC IN +14632005772 - BANDWIDTH.COM CLEC LLC IN +14632006038 - BANDWIDTH.COM CLEC LLC IN +14632006422 - BANDWIDTH.COM CLEC LLC IN +14632006730 - BANDWIDTH.COM CLEC LLC IN +14632009587 - BANDWIDTH.COM CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US)

Kinda hard to believe the big boys haven't caught this abuse of their network yet.

I tried reporting the numbers to bandwidth.com (as ID'd by telcodata.us), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us is out of date.

I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls".

-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800

_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org

-- Alex Balashov Principal Consultant Evariste Systems LLC Web: https://evaristesys.com, https://www.csrpswitch.com Tel: +1-706-510-6800

I did NOT know that. :) I'm not a telco or service provider. Just part of a company that's unfortunate enough to help a handful of customers manage their own internal Asterisk or FreePBX systems. Most of my customers use Twilio upstream. I don't think Twilio logs that header, and I don't see anything like it in the Asterisk logs. (Not sure if it even gets passed to us or if it just doesn't logs it.) -A On Wed, Mar 18, 2026 at 8:36 AM Mark R Lindsey <lindsey@e-c-group.com> wrote:

So...did you get any Identity headers? A traceback with ITG, or maybe an Identity header, is your only hope for tracing the origin.

I'm including the below, not to say that you, Aaron, don't know this, but just in case it's valuable to anyone else reading:

In the case of your first number, it belongs to a thousand block assigned initially to Bandwidth.com...but that's not even meaningful for routing a call to them today. You'd have to do an LRN lookup to find out how to deliver a call back to the legitimate owner of this number.

I did an LRN lookup for that first one, and it's currently ported to Onvoy, one of the brands of Sinch. But again, that only tells us how to get a call TO that legitimate owner.

What you want to know is how they're sending calls to you. And if you're getting an Identity header it would be at least interesting.

Failing that, you can file a report with the Industry Traceback Group to report illegal calls:

https://tracebacks.org/traceback-requests/

*Mark R Lindsey | +1-229-316-0013 | mrl@ecg.co <mrl@ecg.co> | LinkedIn <https://www.linkedin.com/in/markrlindsey/>*

On Mar 18, 2026, at 11:22, Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:

A bunch of numbers out of Indiana have been spamming my customers for about a week.

Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound.

+14632000068 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632001925 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632004002 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632005772 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006038 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006422 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006730 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632009587 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US)

Kinda hard to believe the big boys haven't caught this abuse of their network yet.

I tried reporting the numbers to bandwidth.com (as ID'd by telcodata.us), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us is out of date.

I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls".

-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org

Does Twilio give you an X-Twilio-Verstat? That might give you a clue. You can try to get the Identity header. You can go directly to the Industry Traceback Group, but it sounds like in your situation you may not be eligible to receive the information (there are legitimate sensitivities, and the info is used for law enforcement.) Many ITG queries are launched by State Attorneys General, so if you file a complaint they may go that direction. It's always best to have a recording of the call with detailed call timestamps, when filing a traceback request or legal complaint. The punchline is - LRN and number assignment are irrelevant for tracing the source of a call. They are involved when you are sending a call to that number. But the routing of calls from a particular source to you can take an entirely different path. Mark R Lindsey | +1-229-316-0013 | mrl@ecg.co <mailto:mrl@ecg.co> | LinkedIn <https://www.linkedin.com/in/markrlindsey/>

On Mar 18, 2026, at 11:58, Aaron C. de Bruyn <aaron@heyaaron.com> wrote:

I forgot Twilio lets you download PCAPs of calls.

I grabbed one at random: P-Asserted-Identity: <sip:+14632018300@206.147.72.38:5060 <http://sip:+14632018300@206.147.72.38:5060/>> SIP PAI Address: sip:+14632018300@206.147.72.38:5060 <http://sip:+14632018300@206.147.72.38:5060/> SIP PAI User Part: +14632018300 E.164 number (MSISDN): 14632018300 SIP PAI Host Part: 206.147.72.38 SIP PAI Host Port: 5060

-A

On Wed, Mar 18, 2026 at 8:44 AM Aaron C. de Bruyn <aaron@heyaaron.com <mailto:aaron@heyaaron.com>> wrote:

...

I did NOT know that. :) I'm not a telco or service provider. Just part of a company that's unfortunate enough to help a handful of customers manage their own internal Asterisk or FreePBX systems.

Most of my customers use Twilio upstream. I don't think Twilio logs that header, and I don't see anything like it in the Asterisk logs. (Not sure if it even gets passed to us or if it just doesn't logs it.)

-A

On Wed, Mar 18, 2026 at 8:36 AM Mark R Lindsey <lindsey@e-c-group.com <mailto:lindsey@e-c-group.com>> wrote:

...

So...did you get any Identity headers? A traceback with ITG, or maybe an Identity header, is your only hope for tracing the origin.

I'm including the below, not to say that you, Aaron, don't know this, but just in case it's valuable to anyone else reading:

In the case of your first number, it belongs to a thousand block assigned initially to Bandwidth.com <http://bandwidth.com/>...but that's not even meaningful for routing a call to them today. You'd have to do an LRN lookup to find out how to deliver a call back to the legitimate owner of this number.

I did an LRN lookup for that first one, and it's currently ported to Onvoy, one of the brands of Sinch. But again, that only tells us how to get a call TO that legitimate owner.

What you want to know is how they're sending calls to you. And if you're getting an Identity header it would be at least interesting.

Failing that, you can file a report with the Industry Traceback Group to report illegal calls: https://tracebacks.org/traceback-requests/

Mark R Lindsey | +1-229-316-0013 | mrl@ecg.co <mailto:mrl@ecg.co> | LinkedIn <https://www.linkedin.com/in/markrlindsey/>

...

On Mar 18, 2026, at 11:22, Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org <mailto:voiceops@voiceops.org>> wrote:

A bunch of numbers out of Indiana have been spamming my customers for about a week.

Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound.

+14632000068 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632001925 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632004002 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632005772 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006038 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006422 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006730 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632009587 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US)

Kinda hard to believe the big boys haven't caught this abuse of their network yet.

I tried reporting the numbers to bandwidth.com <http://bandwidth.com/> (as ID'd by telcodata.us <http://telcodata.us/>), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us <http://telcodata.us/> is out of date.

I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls".

-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org <mailto:voiceops-leave@voiceops.org>

This is what they were meaning by an Identity header: INVITE sip:+ ____@____:5060 SIP/2.0 Via: SIP/2.0/UDP 4.55.24.161:5060;branch=z9hG4bK04Bca08abeb8b9b16fb From: "PRIVATE" <sip:+ ____@____:5060>;tag=gK045a4816<mailto:____@4.55.24.161:5060%3e;tag=gK045a4816> To: <sip:+ ____@____:5060> Call-ID: 356802602_126328323@____ CSeq: 929670 INVITE Max-Forwards: 70 Allow: INVITE,ACK,CANCEL,BYE,UPDATE,OPTIONS Accept: application/sdp, application/isup, application/dtmf, application/dtmf-relay, multipart/mixed Contact: "PRIVATE" <sip:+ ____@____:5060<mailto:____@4.55.24.161:5060>> P-Asserted-Identity: "PRIVATE" <sip:+ ____@____:5060> Identity: ey____;info=<https://certificates.transnexus.com/706J/0ea0e4d8-____ae4a0.pem>;alg=ES256;ppt=shaken Content-Length: 307 Content-Disposition: session; handling=required Content-Type: application/sdp This is on the invite header in from the carrier. From: Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> Sent: Wednesday, March 18, 2026 10:58 AM To: Mark R Lindsey <lindsey@e-c-group.com> Cc: voiceops@voiceops.org Subject: [VoiceOps] Re: Spamming for a week: 463-20X-XXXX NOTE: This is an external message. Please use caution when replying, opening attachments or clicking on any links in this e-mail. WARNING: Replies to this message will go to voiceops-bounces@voiceops.org<mailto:voiceops-bounces@voiceops.org>. If you believe this is malicious or are unsure if this is correct, please report it using the Report Phish button and our analysts will investigate it. I forgot Twilio lets you download PCAPs of calls. I grabbed one at random: P-Asserted-Identity: <sip:+14632018300@206.147.72.38:5060<http://sip:+14632018300@206.147.72.38:5060>> SIP PAI Address: sip:+14632018300@206.147.72.38:5060<http://sip:+14632018300@206.147.72.38:5060> SIP PAI User Part: +14632018300 E.164 number (MSISDN): 14632018300 SIP PAI Host Part: 206.147.72.38 SIP PAI Host Port: 5060 -A On Wed, Mar 18, 2026 at 8:44 AM Aaron C. de Bruyn <aaron@heyaaron.com<mailto:aaron@heyaaron.com>> wrote: I did NOT know that. :) I'm not a telco or service provider. Just part of a company that's unfortunate enough to help a handful of customers manage their own internal Asterisk or FreePBX systems. Most of my customers use Twilio upstream. I don't think Twilio logs that header, and I don't see anything like it in the Asterisk logs. (Not sure if it even gets passed to us or if it just doesn't logs it.) -A On Wed, Mar 18, 2026 at 8:36 AM Mark R Lindsey <lindsey@e-c-group.com<mailto:lindsey@e-c-group.com>> wrote: So...did you get any Identity headers? A traceback with ITG, or maybe an Identity header, is your only hope for tracing the origin. I'm including the below, not to say that you, Aaron, don't know this, but just in case it's valuable to anyone else reading: In the case of your first number, it belongs to a thousand block assigned initially to Bandwidth.com<http://Bandwidth.com>...but that's not even meaningful for routing a call to them today. You'd have to do an LRN lookup to find out how to deliver a call back to the legitimate owner of this number. I did an LRN lookup for that first one, and it's currently ported to Onvoy, one of the brands of Sinch. But again, that only tells us how to get a call TO that legitimate owner. What you want to know is how they're sending calls to you. And if you're getting an Identity header it would be at least interesting. Failing that, you can file a report with the Industry Traceback Group to report illegal calls: https://tracebacks.org/traceback-requests/ Mark R Lindsey | +1-229-316-0013 | mrl@ecg.co<mailto:mrl@ecg.co> | LinkedIn<https://www.linkedin.com/in/markrlindsey/> On Mar 18, 2026, at 11:22, Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: A bunch of numbers out of Indiana have been spamming my customers for about a week. Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound. +14632000068 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632001925 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632004002 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632005772 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632006038 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632006422 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632006730 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632009587 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US) Kinda hard to believe the big boys haven't caught this abuse of their network yet. I tried reporting the numbers to bandwidth.com<http://bandwidth.com/> (as ID'd by telcodata.us<http://telcodata.us/>), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us<http://telcodata.us/> is out of date. I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls". -A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org<mailto:voiceops-leave@voiceops.org> NOTICE: This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of GTT Communications Inc or any of its affiliates. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. All quotes, offers, proposals and any other information in the body of this email is subject to, and limited by, the terms and conditions, signed service agreement and/or statement of work

It's available under their Logs -> Calls -> <pick a call> menu. Screenshots: https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfi... https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfi... It's just the SIP packets between Twilio and your phone server when you're using their SIP Trunking product. -A On Wed, Mar 18, 2026 at 9:23 PM Jeff Brower <jbrower@signalogic.com> wrote:

Hi Aaron,

Is that a Twilio "Voice Trace" pcap you can download ? I thought those were for Twilio support engineer / internal viewing only. Or are the ones you mention called something else ?

-Jeff

Quoting "Aaron C. de Bruyn via VoiceOps" <voiceops@voiceops.org>:

I forgot Twilio lets you download PCAPs of calls.

I grabbed one at random: P-Asserted-Identity: <sip:+14632018300@206.147.72.38:5060> SIP PAI Address: sip:+14632018300@206.147.72.38:5060 SIP PAI User Part: +14632018300 E.164 number (MSISDN): 14632018300 SIP PAI Host Part: 206.147.72.38 SIP PAI Host Port: 5060

-A

On Wed, Mar 18, 2026 at 8:44 AM Aaron C. de Bruyn <aaron@heyaaron.com> wrote:

...

I did NOT know that. :) I'm not a telco or service provider. Just part of a company that's unfortunate enough to help a handful of customers manage their own internal Asterisk or FreePBX systems.

Most of my customers use Twilio upstream. I don't think Twilio logs that header, and I don't see anything like it in the Asterisk logs. (Not sure if it even gets passed to us or if it just doesn't logs it.)

-A

On Wed, Mar 18, 2026 at 8:36 AM Mark R Lindsey <lindsey@e-c-group.com> wrote:

...

So...did you get any Identity headers? A traceback with ITG, or maybe an Identity header, is your only hope for tracing the origin.

I'm including the below, not to say that you, Aaron, don't know this, but just in case it's valuable to anyone else reading:

In the case of your first number, it belongs to a thousand block assigned initially to Bandwidth.com...but that's not even meaningful for routing a call to them today. You'd have to do an LRN lookup to find out how to deliver a call back to the legitimate owner of this number.

I did an LRN lookup for that first one, and it's currently ported to Onvoy, one of the brands of Sinch. But again, that only tells us how to get a call TO that legitimate owner.

What you want to know is how they're sending calls to you. And if you're getting an Identity header it would be at least interesting.

Failing that, you can file a report with the Industry Traceback Group to report illegal calls:

https://tracebacks.org/traceback-requests/

*Mark R Lindsey | +1-229-316-0013 | mrl@ecg.co <mrl@ecg.co> | LinkedIn <https://www.linkedin.com/in/markrlindsey/>*

On Mar 18, 2026, at 11:22, Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:

A bunch of numbers out of Indiana have been spamming my customers for about a week.

Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound.

+14632000068 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632001925 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632004002 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632005772 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006038 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006422 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006730 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632009587 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US)

Kinda hard to believe the big boys haven't caught this abuse of their network yet.

I tried reporting the numbers to bandwidth.com (as ID'd by telcodata.us), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us is out of date.

I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls".

-A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org

You can get media from Twilio but be careful - the last time I dealt with them on this I had several calls with them where I requested features be added because at the time (2023) it was all or nothing. You could not have them enable RTP capture on a single test number. This may have changed, but definitely something to keep in mind and get clarity on if you do want media from them. Kili ________________________________ From: Jeff Brower via VoiceOps <voiceops@voiceops.org> Sent: Thursday, March 19, 2026 9:35:10 AM To: Aaron C de Bruyn <aaron@heyaaron.com> Cc: voiceops@voiceops.org <voiceops@voiceops.org> Subject: [VoiceOps] Re: Spamming for a week: 463-20X-XXXX NOTE: This is an external message. Please use caution when replying, opening attachments or clicking on any links in this e-mail. WARNING: Replies to this message will go to voiceops-bounces@voiceops.org. If you believe this is malicious or are unsure if this is correct, please report it using the Report Phish button and our analysts will investigate it. Hi Aaron, Ok thanks. So what they make available from their dashboard is SIP traffic, not media. -Jeff Quoting "Aaron C. de Bruyn via VoiceOps" <voiceops@voiceops.org<mailto:voiceops@voiceops.org>>: It's available under their Logs -> Calls -> <pick a call> menu. Screenshots: https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfi... https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfi... It's just the SIP packets between Twilio and your phone server when you're using their SIP Trunking product. -A On Wed, Mar 18, 2026 at 9:23 PM Jeff Brower <jbrower@signalogic.com<mailto:jbrower@signalogic.com>> wrote: Hi Aaron, Is that a Twilio "Voice Trace" pcap you can download ? I thought those were for Twilio support engineer / internal viewing only. Or are the ones you mention called something else ? -Jeff Quoting "Aaron C. de Bruyn via VoiceOps" <voiceops@voiceops.org<mailto:voiceops@voiceops.org>>: I forgot Twilio lets you download PCAPs of calls. I grabbed one at random: P-Asserted-Identity: <sip:+14632018300@206.147.72.38:5060<http://sip:+14632018300@206.147.72.38:5060>> SIP PAI Address: sip:+14632018300@206.147.72.38:5060<http://sip:+14632018300@206.147.72.38:5060> SIP PAI User Part: +14632018300 E.164 number (MSISDN): 14632018300 SIP PAI Host Part: 206.147.72.38 SIP PAI Host Port: 5060 -A On Wed, Mar 18, 2026 at 8:44 AM Aaron C. de Bruyn <aaron@heyaaron.com<mailto:aaron@heyaaron.com>> wrote: I did NOT know that. :) I'm not a telco or service provider. Just part of a company that's unfortunate enough to help a handful of customers manage their own internal Asterisk or FreePBX systems. Most of my customers use Twilio upstream. I don't think Twilio logs that header, and I don't see anything like it in the Asterisk logs. (Not sure if it even gets passed to us or if it just doesn't logs it.) -A On Wed, Mar 18, 2026 at 8:36 AM Mark R Lindsey <lindsey@e-c-group.com<mailto:lindsey@e-c-group.com>> wrote: So...did you get any Identity headers? A traceback with ITG, or maybe an Identity header, is your only hope for tracing the origin. I'm including the below, not to say that you, Aaron, don't know this, but just in case it's valuable to anyone else reading: In the case of your first number, it belongs to a thousand block assigned initially to Bandwidth.com<http://Bandwidth.com>...but that's not even meaningful for routing a call to them today. You'd have to do an LRN lookup to find out how to deliver a call back to the legitimate owner of this number. I did an LRN lookup for that first one, and it's currently ported to Onvoy, one of the brands of Sinch. But again, that only tells us how to get a call TO that legitimate owner. What you want to know is how they're sending calls to you. And if you're getting an Identity header it would be at least interesting. Failing that, you can file a report with the Industry Traceback Group to report illegal calls: https://tracebacks.org/traceback-requests/ Mark R Lindsey | +1-229-316-0013 | mrl@ecg.co<mailto:mrl@ecg.co> | LinkedIn<https://www.linkedin.com/in/markrlindsey/> On Mar 18, 2026, at 11:22, Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org<mailto:voiceops@voiceops.org>> wrote: A bunch of numbers out of Indiana have been spamming my customers for about a week. Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound. +14632000068 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632001925 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632004002 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632005772 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632006038 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632006422 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632006730 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632009587 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US) Kinda hard to believe the big boys haven't caught this abuse of their network yet. I tried reporting the numbers to bandwidth.com<http://bandwidth.com/> (as ID'd by telcodata.us<http://telcodata.us/>), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us<http://telcodata.us/> is out of date. I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls". -A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org<mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org<mailto:voiceops-leave@voiceops.org> NOTICE: This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of GTT Communications Inc or any of its affiliates. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. All quotes, offers, proposals and any other information in the body of this email is subject to, and limited by, the terms and conditions, signed service agreement and/or statement of work

Correct. But I can opt to record calls on my end after making sure it says "Calls may be recorded for quality and training purposes"....which is funny because the stupid automated spam just talks right over the message. -A On Thu, Mar 19, 2026 at 7:35 AM Jeff Brower <jbrower@signalogic.com> wrote:

Hi Aaron,

Ok thanks. So what they make available from their dashboard is SIP traffic, not media.

-Jeff

Quoting "Aaron C. de Bruyn via VoiceOps" <voiceops@voiceops.org>:

It's available under their Logs -> Calls -> <pick a call> menu.

Screenshots:

https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfi...

https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfi...

It's just the SIP packets between Twilio and your phone server when you're using their SIP Trunking product.

-A

On Wed, Mar 18, 2026 at 9:23 PM Jeff Brower <jbrower@signalogic.com> wrote:

...

*Hi Aaron, Is that a Twilio "Voice Trace" pcap you can download ? I thought those were for Twilio support engineer / internal viewing only. Or are the ones you mention called something else ? -Jeff Quoting "Aaron C. de Bruyn via VoiceOps" <voiceops@voiceops.org <voiceops@voiceops.org>>:*

*I forgot Twilio lets you download PCAPs of calls.*

*I grabbed one at random: P-Asserted-Identity: <sip:+14632018300@206.147.72.38:5060 <http://sip:+14632018300@206.147.72.38:5060>> SIP PAI Address: sip:+14632018300@206.147.72.38:5060 <http://sip:+14632018300@206.147.72.38:5060> SIP PAI User Part: +14632018300 E.164 number (MSISDN): 14632018300 SIP PAI Host Part: 206.147.72.38 SIP PAI Host Port: 5060*

*-A*

*On Wed, Mar 18, 2026 at 8:44 AM Aaron C. de Bruyn <aaron@heyaaron.com <aaron@heyaaron.com>> wrote:*

...

*I did NOT know that. :)* *I'm not a telco or service provider. Just part of a company that's unfortunate enough to help a handful of customers manage their own internal Asterisk or FreePBX systems.*

*Most of my customers use Twilio upstream. I don't think Twilio logs that header, and I don't see anything like it in the Asterisk logs. (Not sure if it even gets passed to us or if it just doesn't logs it.)*

*-A*

*On Wed, Mar 18, 2026 at 8:36 AM Mark R Lindsey <lindsey@e-c-group.com <lindsey@e-c-group.com>> wrote:*

...

*So...did you get any Identity headers? A traceback with ITG, or maybe an Identity header, is your only hope for tracing the origin.*

*I'm including the below, not to say that you, Aaron, don't know this, but just in case it's valuable to anyone else reading:*

*In the case of your first number, it belongs to a thousand block assigned initially to Bandwidth.com <http://Bandwidth.com>...but that's not even meaningful for routing a call to them today. You'd have to do an LRN lookup to find out how to deliver a call back to the legitimate owner of this number.*

*I did an LRN lookup for that first one, and it's currently ported to Onvoy, one of the brands of Sinch. But again, that only tells us how to get a call TO that legitimate owner.*

*What you want to know is how they're sending calls to you. And if you're getting an Identity header it would be at least interesting.*

*Failing that, you can file a report with the Industry Traceback Group to report illegal calls: *

*https://tracebacks.org/traceback-requests/ <https://tracebacks.org/traceback-requests/>*

*Mark R Lindsey | +1-229-316-0013 | mrl@ecg.co <mrl@ecg.co> | LinkedIn <https://www.linkedin.com/in/markrlindsey/>*

*On Mar 18, 2026, at 11:22, Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org <voiceops@voiceops.org>> wrote:*

*A bunch of numbers out of Indiana have been spamming my customers for about a week.*

*Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound.*

*+14632000068 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632001925 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632004002 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632005772 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006038 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006422 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006730 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632009587 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US)*

*Kinda hard to believe the big boys haven't caught this abuse of their network yet.*

*I tried reporting the numbers to bandwidth.com <http://bandwidth.com/> (as ID'd by telcodata.us <http://telcodata.us/>), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us <http://telcodata.us/> is out of date.*

*I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls".*

*-A*

*_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org <VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ <https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/> To unsubscribe send an email to voiceops-leave@voiceops.org <voiceops-leave@voiceops.org>*

Mark's response regarding the SHAKEN Identity header is the best suggestion. These Google Business Listing calls are made by the millions, and they come from thousands of different ANIs. Chasing ANIs is hopeless. And even if you find and reach out to the source, they are unlikely to stand down. They already know virtually nobody wants their calls. Your best bet is to see who is signing the calls; it is most likely (but not guaranteed) that they are being signed by one or a few specific small providers specializing in these calls. You (on behalf of your customer(s)) can then elect to divert or block those calls. What is the specific message(s) your customers are hearing? We see these examples frequently, in addition to others: (recorded) Hi. It seems there is an issue with the keywords attached to your Google business listing. Your Google business listing has been flagged for review by the business listing specialist. To avoid any suspension or verification issues, please press 4 to speak to an authorized representative to take care of this. To address this immediately, press 4. This will only take a few minutes. To opt out, press 9 or call (959) 262-8948. (live) Hi. Am I speaking to the business owner? Hi, sir. This is Diana. Am I speaking to the business owner? Okay. That's great, sir. We are reaching out to you in reference to the Google Business profile for your company. Because upon checking here, sir, your Google Business listing has not been properly claimed or verified. This can cause your business to display incorrectly or, in some cases, not to display at all. Are you aware of this? Oh, okay, sir. Thank you. Have a From: Mark R Lindsey via VoiceOps <voiceops@voiceops.org> Sent: Wednesday, March 18, 2026 9:37 AM To: Aaron C. de Bruyn <aaron@heyaaron.com> Cc: voiceops@voiceops.org Subject: [VoiceOps] Re: Spamming for a week: 463-20X-XXXX So...did you get any Identity headers? A traceback with ITG, or maybe an Identity header, is your only hope for tracing the origin. I'm including the below, not to say that you, Aaron, don't know this, but just in case it's valuable to anyone else reading: In the case of your first number, it belongs to a thousand block assigned initially to Bandwidth.com <http://Bandwidth.com> ...but that's not even meaningful for routing a call to them today. You'd have to do an LRN lookup to find out how to deliver a call back to the legitimate owner of this number. I did an LRN lookup for that first one, and it's currently ported to Onvoy, one of the brands of Sinch. But again, that only tells us how to get a call TO that legitimate owner. What you want to know is how they're sending calls to you. And if you're getting an Identity header it would be at least interesting. Failing that, you can file a report with the Industry Traceback Group to report illegal calls: https://tracebacks.org/traceback-requests/ Mark R Lindsey | +1-229-316-0013 | mrl@ecg.co <mailto:mrl@ecg.co> | LinkedIn <https://www.linkedin.com/in/markrlindsey/> On Mar 18, 2026, at 11:22, Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org <mailto:voiceops@voiceops.org> > wrote: A bunch of numbers out of Indiana have been spamming my customers for about a week. Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound. +14632000068 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632001925 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632004002 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632005772 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006038 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006422 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632006730 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632009587 - BANDWIDTH.COM <http://bandwidth.com/> CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US) Kinda hard to believe the big boys haven't caught this abuse of their network yet. I tried reporting the numbers to bandwidth.com <http://bandwidth.com/> (as ID'd by telcodata.us <http://telcodata.us/> ), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us <http://telcodata.us/> is out of date. I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls". -A _______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org <mailto:VoiceOps@voiceops.org> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org <mailto:voiceops-leave@voiceops.org>

Now you get to crowdsource/lobby your state Attorney General to have the Anti-Robocall Litigation Task Force do something. https://www.naag.org/our-work/center-for-consumer-protection/consumer-file-a... https://www.naag.org/find-my-ag/ While also CC'ing anything relevant to the FCC & FTC. It may take a critical mass of consumers/business owners in multiple states to get anything done about the Google Listings spam. On Wed, Mar 18, 2026 at 1:46 PM Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:

The tracebacks.org route was killed pretty quick.

Their response:

Thank you for the information. Tracebacks are generally run based on evidence acquired from ITG members, enterprise partners, or government partners, including data analytics companies, about illegal call campaigns, so that our team can best prioritize tracebacks to ensure the greatest impact. To ensure the broadest impact, the ITG typically cannot run tracebacks based on a request from any individuals or enterprises. We recommend that you provide this information via complaints to the FCC, FTC, Law Enforcement and/or the office of your state attorney general. Such authorities often aggregate complaints and make referrals to the ITG based on what they are seeing most impacting consumers, in turn helping our team prioritize accordingly.

-A

On Wed, Mar 18, 2026 at 9:04 AM Kili Land <kili.land@gtt.net> wrote:

...

Submit traceback requests: https://tracebacks.org/traceback-requests/

The form allows multiple entries

*From:* Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> *Sent:* Wednesday, March 18, 2026 10:23 AM *To:* voiceops@voiceops.org *Subject:* [VoiceOps] Spamming for a week: 463-20X-XXXX

*NOTE:* This is an external message. Please use caution when replying, opening attachments or clicking on any links in this e-mail.

*WARNING:* Replies to this message will go to voiceops-bounces@voiceops.org. If you believe this is malicious or are unsure if this is correct, please report it using the *Report Phish* button and our analysts will investigate it.

A bunch of numbers out of Indiana have been spamming my customers for about a week.

Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound.

+14632000068 - BANDWIDTH.COM CLEC LLC IN +14632001925 - BANDWIDTH.COM CLEC LLC IN +14632004002 - BANDWIDTH.COM CLEC LLC IN +14632005772 - BANDWIDTH.COM CLEC LLC IN +14632006038 - BANDWIDTH.COM CLEC LLC IN +14632006422 - BANDWIDTH.COM CLEC LLC IN +14632006730 - BANDWIDTH.COM CLEC LLC IN +14632009587 - BANDWIDTH.COM CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US)

Kinda hard to believe the big boys haven't caught this abuse of their network yet.

I tried reporting the numbers to bandwidth.com (as ID'd by telcodata.us), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us is out of date.

I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls".

-A

*NOTICE: This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of GTT Communications Inc or any of its affiliates. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. All quotes, offers, proposals and any other information in the body of this email is subject to, and limited by, the terms and conditions, signed service agreement and/or statement of work*

_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org

The mobile carriers do this today via parties like First Orion, Hiya, TNS, while YouMail and a few others do this for consumers/wholesale carriers/enterprises. There are problems with false positives and redress. Sadly, STIR/SHAKEN didn't end spoofing, and it's still possible for a bad actor to sully the reputation of a legitimate party. That's why they set up freecallerregistry.com to help people get their "SCAM LIKELY" caller ID fixed. The system you're describing takes money to operate and maintain. Who is going to pay for it? On Wed, Mar 18, 2026 at 2:19 PM Aaron C. de Bruyn <aaron@heyaaron.com> wrote:

Seems like it would be a lot easier to get AI to write a simple app where people can dump known-bad numbers in, and automatically exchange them with other people...sorta like how it gets handled in the email world.

It can be up to the receiving phone system to do something with it--drop the call, challenge the user to solve 3+4, mail in picture of them with a copy of their phone bill while holding a copy of tomorrow's newspaper signed and witnessed by a notary, etc...

-A

On Wed, Mar 18, 2026 at 1:59 PM Calvin E. <calvine@gmail.com> wrote:

...

Now you get to crowdsource/lobby your state Attorney General to have the Anti-Robocall Litigation Task Force do something.

https://www.naag.org/our-work/center-for-consumer-protection/consumer-file-a...

https://www.naag.org/find-my-ag/

While also CC'ing anything relevant to the FCC & FTC.

It may take a critical mass of consumers/business owners in multiple states to get anything done about the Google Listings spam.

On Wed, Mar 18, 2026 at 1:46 PM Aaron C. de Bruyn via VoiceOps < voiceops@voiceops.org> wrote:

...

The tracebacks.org route was killed pretty quick.

Their response:

Thank you for the information. Tracebacks are generally run based on evidence acquired from ITG members, enterprise partners, or government partners, including data analytics companies, about illegal call campaigns, so that our team can best prioritize tracebacks to ensure the greatest impact. To ensure the broadest impact, the ITG typically cannot run tracebacks based on a request from any individuals or enterprises. We recommend that you provide this information via complaints to the FCC, FTC, Law Enforcement and/or the office of your state attorney general. Such authorities often aggregate complaints and make referrals to the ITG based on what they are seeing most impacting consumers, in turn helping our team prioritize accordingly.

-A

On Wed, Mar 18, 2026 at 9:04 AM Kili Land <kili.land@gtt.net> wrote:

...

Submit traceback requests: https://tracebacks.org/traceback-requests/

The form allows multiple entries

*From:* Aaron C. de Bruyn via VoiceOps <voiceops@voiceops.org> *Sent:* Wednesday, March 18, 2026 10:23 AM *To:* voiceops@voiceops.org *Subject:* [VoiceOps] Spamming for a week: 463-20X-XXXX

*NOTE:* This is an external message. Please use caution when replying, opening attachments or clicking on any links in this e-mail.

*WARNING:* Replies to this message will go to voiceops-bounces@voiceops.org. If you believe this is malicious or are unsure if this is correct, please report it using the *Report Phish* button and our analysts will investigate it.

A bunch of numbers out of Indiana have been spamming my customers for about a week.

Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound.

+14632000068 - BANDWIDTH.COM CLEC LLC IN +14632001925 - BANDWIDTH.COM CLEC LLC IN +14632004002 - BANDWIDTH.COM CLEC LLC IN +14632005772 - BANDWIDTH.COM CLEC LLC IN +14632006038 - BANDWIDTH.COM CLEC LLC IN +14632006422 - BANDWIDTH.COM CLEC LLC IN +14632006730 - BANDWIDTH.COM CLEC LLC IN +14632009587 - BANDWIDTH.COM CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US)

Kinda hard to believe the big boys haven't caught this abuse of their network yet.

I tried reporting the numbers to bandwidth.com (as ID'd by telcodata.us), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us is out of date.

I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls".

-A

*NOTICE: This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of GTT Communications Inc or any of its affiliates. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. All quotes, offers, proposals and any other information in the body of this email is subject to, and limited by, the terms and conditions, signed service agreement and/or statement of work*

_______________________________________________ VoiceOps mailing list -- VoiceOps@voiceops.org https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to voiceops-leave@voiceops.org