You can get media from Twilio but be careful - the last time I dealt with them on this I had several calls with them where I requested features be added because at the time (2023) it was all or nothing. You could not have them enable RTP capture on a single test number.
This may have changed, but definitely something to keep in mind and get clarity on if you do want media from them. Kili ________________________________ From: Jeff Brower via VoiceOps <[email protected]> Sent: Thursday, March 19, 2026 9:35:10 AM To: Aaron C de Bruyn <[email protected]> Cc: [email protected] <[email protected]> Subject: [VoiceOps] Re: Spamming for a week: 463-20X-XXXX NOTE: This is an external message. Please use caution when replying, opening attachments or clicking on any links in this e-mail. WARNING: Replies to this message will go to [email protected]. If you believe this is malicious or are unsure if this is correct, please report it using the Report Phish button and our analysts will investigate it. Hi Aaron, Ok thanks. So what they make available from their dashboard is SIP traffic, not media. -Jeff Quoting "Aaron C. de Bruyn via VoiceOps" <[email protected]<mailto:[email protected]>>: It's available under their Logs -> Calls -> <pick a call> menu. Screenshots: https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfile/Screenshot_from_2026-03-19_04-51-31.png https://cdn-ctrl-alt-it-com.sfo3.cdn.digitaloceanspaces.com/production/cdnfile/Screenshot_from_2026-03-19_04-54-52.png It's just the SIP packets between Twilio and your phone server when you're using their SIP Trunking product. -A On Wed, Mar 18, 2026 at 9:23 PM Jeff Brower <[email protected]<mailto:[email protected]>> wrote: Hi Aaron, Is that a Twilio "Voice Trace" pcap you can download ? I thought those were for Twilio support engineer / internal viewing only. Or are the ones you mention called something else ? -Jeff Quoting "Aaron C. de Bruyn via VoiceOps" <[email protected]<mailto:[email protected]>>: I forgot Twilio lets you download PCAPs of calls. I grabbed one at random: P-Asserted-Identity: <sip:[email protected]:5060<http://sip:[email protected]:5060>> SIP PAI Address: sip:[email protected]:5060<http://sip:[email protected]:5060> SIP PAI User Part: +14632018300 E.164 number (MSISDN): 14632018300 SIP PAI Host Part: 206.147.72.38 SIP PAI Host Port: 5060 -A On Wed, Mar 18, 2026 at 8:44 AM Aaron C. de Bruyn <[email protected]<mailto:[email protected]>> wrote: I did NOT know that. :) I'm not a telco or service provider. Just part of a company that's unfortunate enough to help a handful of customers manage their own internal Asterisk or FreePBX systems. Most of my customers use Twilio upstream. I don't think Twilio logs that header, and I don't see anything like it in the Asterisk logs. (Not sure if it even gets passed to us or if it just doesn't logs it.) -A On Wed, Mar 18, 2026 at 8:36 AM Mark R Lindsey <[email protected]<mailto:[email protected]>> wrote: So...did you get any Identity headers? A traceback with ITG, or maybe an Identity header, is your only hope for tracing the origin. I'm including the below, not to say that you, Aaron, don't know this, but just in case it's valuable to anyone else reading: In the case of your first number, it belongs to a thousand block assigned initially to Bandwidth.com<http://Bandwidth.com>...but that's not even meaningful for routing a call to them today. You'd have to do an LRN lookup to find out how to deliver a call back to the legitimate owner of this number. I did an LRN lookup for that first one, and it's currently ported to Onvoy, one of the brands of Sinch. But again, that only tells us how to get a call TO that legitimate owner. What you want to know is how they're sending calls to you. And if you're getting an Identity header it would be at least interesting. Failing that, you can file a report with the Industry Traceback Group to report illegal calls: https://tracebacks.org/traceback-requests/ Mark R Lindsey | +1-229-316-0013 | [email protected]<mailto:[email protected]> | LinkedIn<https://www.linkedin.com/in/markrlindsey/> On Mar 18, 2026, at 11:22, Aaron C. de Bruyn via VoiceOps <[email protected]<mailto:[email protected]>> wrote: A bunch of numbers out of Indiana have been spamming my customers for about a week. Most are automated recordings about how your Google business listing is wrong and needs to be fixed so customers can find you. Sometimes it's a human prefixed by the telltale "BWOOP" sound. +14632000068 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632001925 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632004002 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632005772 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632006038 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632006422 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632006730 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632009587 - BANDWIDTH.COM<http://bandwidth.com/> CLEC LLC IN +14632018300 - BHN IP ENABLED SERVICES LLC +14632018413 - BHN IP ENABLED SERVICES LLC +14632018586 - BHN IP ENABLED SERVICES LLC +14632018682 - BHN IP ENABLED SERVICES LLC +14632027042 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027073 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027200 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027252 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027397 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027539 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027678 - LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632027899 -LEVEL 3 COMMUNICATIONS LLC IN (Lumen) +14632030946 - METROPCS INC (T-Mobile US) Kinda hard to believe the big boys haven't caught this abuse of their network yet. I tried reporting the numbers to bandwidth.com<http://bandwidth.com/> (as ID'd by telcodata.us<http://telcodata.us/>), but their form only allows for a single entry at a time, and it says most of the numbers don't belong to them. Either their form is broken or telcodata.us<http://telcodata.us/> is out of date. I can't find a reporting for Level3/Lumen. They seem to be geared towards "I'm a customer and need help figuring out the star code to block calls". -A _______________________________________________ VoiceOps mailing list -- [email protected]<mailto:[email protected]> https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to [email protected]<mailto:[email protected]> NOTICE: This e-mail is only intended for the person(s) to whom it is addressed and may contain confidential information. Unless stated to the contrary, any opinions or comments are personal to the writer and do not represent the official view of GTT Communications Inc or any of its affiliates. If you have received this e-mail in error, please notify us immediately by reply e-mail and then delete this message from your system. Please do not copy it or use it for any purposes, or disclose its contents to any other person. All quotes, offers, proposals and any other information in the body of this email is subject to, and limited by, the terms and conditions, signed service agreement and/or statement of work
_______________________________________________ VoiceOps mailing list -- [email protected] https://lists.voiceops.org/postorius/lists/voiceops.voiceops.org/ To unsubscribe send an email to [email protected]
