Jump to content

ZapZombie

Members
  • Content Count

    62
  • Joined

  • Last visited

Posts posted by ZapZombie


  1. found boian[at]bonev.com

    http://www.spamcop.net/sc?action=showcmd;c...0whois.ripe.net

    inetnum: 46.252.48.0 - 46.252.59.255

    netname: BGBALCHIK

    descr: Balchik.net

    country: BG

    admin-c: MM26153-RIPE

    tech-c: MM26153-RIPE

    status: ASSIGNED PA

    mnt-by: IPACCT-MNT

    source: RIPE # Filtered

    person: Mihail Mihailov

    address: Balchik, Varnenska str, bl. 2

    mnt-by: IPACCT-MNT

    phone: +35957975034

    nic-hdl: MM26153-RIPE

    source: RIPE # Filtered

    see

    http://forum.spamcop.net/forums/lofiversio...php/t12645.html


  2. found abuse[at]next-gen.ro at

    http://extsearch.ripe.net/fcgi-bin/whois?s...;filter_mail=ON

    inetnum: 94.52.108.0 - 94.52.109.255

    netname: SC-NEXTGEN-COMMUNICATIONS-SRL

    descr: SC NextGen Communications SRL

    descr: Bucuresti

    country: RO

    admin-c: NGEN-RIPE

    tech-c: NGEN-RIPE

    status: ASSIGNED PA

    mnt-by: NG-MNT

    changed: laurentiu.dinu[at]next-gen.ro 20110607

    source: RIPE

    person: Network Operation Center

    remarks: -------------------------------------

    address: SC NextGen Communications SRL

    address: Baneasa Business & Technology Park

    address: Sos. Bucuresti - Ploiesti nr. 42-44,

    address: Cladirea A, Aripa A2, Etaj 2,

    address: 013696, Sector 1, Bucuresti

    remarks: -------------------------------------

    phone: +40-769-080-138

    e-mail: abuse[at]next-gen.ro

    notify: ripe[at]next-gen.ro

    mnt-by: NG-MNT

    nic-hdl: NGEN-RIPE

    changed: ovidiu.ignat[at]next-gen.ro 20120331

    source: RIPE


  3. .. at

    http://www.spamcop.net/sc?action=showcmd;c...0whois.ripe.net

    Found mail[at]dotsi.pt with -B option at

    https://apps.db.ripe.net/search/query.html;...4#resultsAnchor

    inetnum: 188.93.234.0 - 188.93.234.127

    netname: PT-DOTSI

    descr: dotsi - Solucoes Internet

    remarks: CUSTOMERS

    country: PT

    admin-c: DSdI2-RIPE

    tech-c: DSdI2-RIPE

    status: ASSIGNED PA

    mnt-by: MNT-DOTSI

    mnt-lower: MNT-DOTSI

    mnt-domains: MNT-DOTSI

    mnt-routes: MNT-DOTSI

    changed: jose.santos[at]dotsi.pt 20120308

    source: RIPE

    role: DotSi - Servicos de Internet

    address: Rua Agostinho Lourenço 341B

    address: 1000-010 Lisboa

    address: Portugal

    e-mail: mail[at]dotsi.pt

    mnt-by: MNT-DOTSI

    admin-c: JOSE1-RIPE

    tech-c: JOSE1-RIPE

    nic-hdl: DSdI2-RIPE

    changed: jose.santos[at]dotsi.pt 20120308

    source: RIPE


  4. I am afraid specifying <x> might identify my spammed emailaddress.

    Found info[at]naunet.ru and maybe (?) abuse[at]naunet.ru

    via

    http://www.ratite.com/whois/whois.cgi saverxwebsite.ru

    domain: SAVERXWEBSITE.RU

    nserver: ns1.hamgeah.ru.

    nserver: ns2.bavacsers.ru.

    state: REGISTERED, DELEGATED, UNVERIFIED

    person: Private Person

    registrar: NAUNET-REG-RIPN

    admin-contact: https://client.naunet.ru/c/whoiscontact

    created: 2012.08.22

    paid-till: 2013.08.22

    free-date: 2013.09.22

    source: TCI

    https://client.naunet.ru/c/whoiscontact

    presents a message form, but on the same page on the left/top, under an envelop icon is found

    info[at]naunet.ru

    SAVERXWEBSITE.RU is reported as malicious by antivirus software


  5. With domain name registration procedures of today at registrars,

    every spamreport costs the spamvertised website owners a registration fee of a few bucks.

    For about a small year I have seen in my inbox about 150 spamvertisements for the same betting company.

    On every link on their webpage I see a program.exe download. I bet a worm is included to harvest zombies for their spam, websitelocations and emailadress mining.

    At peak times they spamvertise about four new domain names per day for the same page.

    Today I phoned a registrar known for quality in my country and heard that it is possible to register a domain name with a fake name/address and that that procedure is an issue at an ICANN discussion in the Czech Republic, probably not coïncidentally the country where the registrar of the website is located.

    Boys and girls, the spam fight is getting boring for me today.


  6. noc[at]kmtn.ru & quicksour[at]gmail.com

    spamcop.net/sc?action=showcmd;cmd=whois%2046.228.105.253%40whois.ripe.net

    % Note: this output has been filtered.

    % To receive output for a database update, use the "-B" flag.

    % Information related to '46.228.104.0 - 46.228.111.255'

    inetnum: 46.228.104.0 - 46.228.111.255

    netname: KGTS_DIALUP_LEASE

    descr: ADSL OAO KGTS

    country: RU

    admin-c: KN1067-RIPE

    tech-c: KN1067-RIPE

    status: ASSIGNED PA

    mnt-by: kmtn2-mnt

    source: RIPE # Filtered

    role: Kmtn NOC

    address: 6, Gagarina street

    address: Kostroma city

    address: Russia

    admin-c: SOUR3-ripe

    tech-c: sour3-ripe

    nic-hdl: KN1067-RIPE

    mnt-by: kmtn2-mnt

    source: RIPE # Filtered

    % Information related to '46.228.96.0/20AS44507'

    route: 46.228.96.0/20

    descr: OAO KGTS

    origin: AS44507

    mnt-by: kmtn2-mnt

    source: RIPE # Filtered

    % This query was served by the RIPE Database Query Service version 1.19.5 (WHOIS1)

    whois kn1067-ripe%40whois.ripe.net

    % Note: this output has been filtered.

    % To receive output for a database update, use the "-B" flag.

    % Information related to 'KN1067-RIPE'

    role: Kmtn NOC

    address: 6, Gagarina street

    address: Kostroma city

    address: Russia

    admin-c: SOUR3-ripe

    tech-c: sour3-ripe

    nic-hdl: KN1067-RIPE

    mnt-by: kmtn2-mnt

    source: RIPE # Filtered

    person: Sergey Kisly

    address: 18, Podvoyskogo street,Moscow,RU

    mnt-by: kmtn2-mnt

    phone: +7 495 7292568

    nic-hdl: SOUR3-RIPE

    source: RIPE # Filtered

    % This query was served by the RIPE Database Query Service version 1.19.5 (WHOIS4)

    Found noc[at]kmtn.ru in lookup with -B flag at

    extsearch.ripe.net/fcgi-bin/whois?searchtext=46.228.105.253&filter_mail=ON

    inetnum: 46.228.104.0 - 46.228.111.255

    netname: KGTS_DIALUP_LEASE

    descr: ADSL OAO KGTS

    country: RU

    admin-c: KN1067-RIPE

    tech-c: KN1067-RIPE

    status: ASSIGNED PA

    mnt-by: kmtn2-mnt

    changed: quicksour[at]gmail.com 20110224

    source: RIPE

    role: Kmtn NOC

    address: 6, Gagarina street

    address: Kostroma city

    address: Russia

    e-mail: noc[at]kmtn.ru

    admin-c: SOUR3-ripe

    tech-c: sour3-ripe

    nic-hdl: KN1067-RIPE

    mnt-by: kmtn2-mnt

    changed: quicksour[at]gmail.com 20100811

    source: RIPE

    % Information related to '46.228.96.0/20AS44507'

    route: 46.228.96.0/20

    descr: OAO KGTS

    origin: AS44507

    mnt-by: kmtn2-mnt

    changed: quicksour[at]gmail.com 20110224

    source: RIPE

    % This query was served by the RIPE Database Query Service version 1.19.5 (WHOIS3)

    Found quicksour[at]gmail.com in lookup with -B flag at

    extsearch.ripe.net/fcgi-bin/whois?searchtext=SOUR3-ripe&filter_mail=ON

    % Information related to 'SOUR3-RIPE'

    person: Sergey Kisly

    address: 18, Podvoyskogo street,Moscow,RU

    mnt-by: kmtn2-mnt

    e-mail: quicksour[at]gmail.com

    phone: +7 495 7292568

    nic-hdl: SOUR3-RIPE

    changed: quicksour[at]gmail.com 20100810

    source: RIPE

    % This query was served by the RIPE Database Query Service version 1.19.5 (WHOIS3)


  7. Use of the -B flag didn't produce an emailaddress in this case. I didn't know, that in the mean time lookups are added with the -B flag, but if they are, I cannot conclude that it doesn't work, rather the possibility of the contrary, because prior to this "no reporting addresses .." I have not read any failing lookups where I could find emailaddresses with the -B flag.

    I found this organization record including emailaddress for this person with google at ripe.


  8. Does the new mod use the -B flag?

    I expected this new mod using a whois lookup with the -B flag, but I get the impression it doesn't.

    Note the difference in the results of this "-B flag" in these urls

    http://extsearch.ripe.net/fcgi-bin/whois?f...t_template=none

    http://extsearch.ripe.net/fcgi-bin/whois?f...;filter_mail=ON

    (also posted in http://forum.spamcop.net/forums/index.php?showtopic=12611 ,where shirayuki reacted)


  9. For the respective e-mailaddresses for the 2 contact handles for 84.54.199.219,

    sg2478-ripe & ai212-ripe, I read at

    http://apps.db.ripe.net/whois/lookup/ripe/...G2478-RIPE.html

    http://apps.db.ripe.net/whois/lookup/ripe/...AI212-RIPE.html

    serg[at]stv.ru & ai[at]stv.ru.

    I expected this new mod using a whois lookup with the -B flag, but I get the impression it doesn't.

    Note the difference in the results of this "-B flag" in these urls

    http://extsearch.ripe.net/fcgi-bin/whois?f...t_template=none

    http://extsearch.ripe.net/fcgi-bin/whois?f...;filter_mail=ON


  10. when I repeat clicking on/ refresh

    http://www.spamcop.net/sc?track=http%3A%2F...etluxury.com%2F

    I hardly believed my eyes reading alternating results, one being

    SpamCop v 4.6.2.001 © 1992-2012 Cisco Systems, Inc. All rights reserved.
    Parsing input: http://www.asptopnetluxury.com/
    Routing details for 78.80.111.20
    [refresh/show] Cached whois for 78.80.111.20 : abuse[at]t-mobile.cz
    Using abuse net on abuse[at]t-mobile.cz
    abuse net t-mobile.cz = nic[at]t-mobile.cz, postmaster[at]t-mobile.cz
    Using best contacts nic[at]t-mobile.cz postmaster[at]t-mobile.cz
    Statistics:
    78.80.111.20 not listed in bl.spamcop.net
    More Information..
    78.80.111.20 not listed in dnsbl.njabl.org ( 127.0.0.8 )
    78.80.111.20 not listed in dnsbl.njabl.org ( 127.0.0.9 )
    78.80.111.20 not listed in cbl.abuseat.org
    78.80.111.20 not listed in dnsbl.sorbs.net
    
    Reporting addresses:
    nic[at]t-mobile.cz
    postmaster[at]t-mobile.cz 

    another

    SpamCop v 4.6.2.001 © 1992-2012 Cisco Systems, Inc. All rights reserved.
    Parsing input: http://www.asptopnetluxury.com/
    Display data:
    "whois 37.230.212.4[at]whois.arin.net" (Getting contact from whois.arin.net )
       Redirect to ripe
       Display data:
       "whois 37.230.212.4[at]whois.ripe.net" (Getting contact from whois.ripe.net)
       Lookup of776-ripe[at]whois.ripe.net
    	  Display data:
    	  "whois of776-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net)
    	  of776-ripe =
       whois.ripe.net 37.230.212.4 (nothing found)
    No reporting addresses found for 37.230.212.4, using devnull for tracking.
    Statistics:
    37.230.212.4 not listed in bl.spamcop.net
    More Information..
    37.230.212.4 not listed in dnsbl.njabl.org ( 127.0.0.8 )
    37.230.212.4 not listed in dnsbl.njabl.org ( 127.0.0.9 )
    37.230.212.4 not listed in cbl.abuseat.org
    37.230.212.4 not listed in dnsbl.sorbs.net
    No valid email addresses found, sorry!
    
    	There are several possible reasons for this:
    	The site involved may not want reports from SpamCop.
    	SpamCop administrators may have decided to stop sending reports to the site to prevent listwashing.
    	SpamCop uses internal routeing to contact this site, only knows about the internal method and so cannot provide an externally-valid email address.
    	There may be no working email address to receive reports. 

    By the way,

    contact address for the latter ip 37.230.212.4 is info[at]leadertelecom.ru

    as I read in query using -B flag

    https://apps.db.ripe.net/search/query.html?...r#resultsAnchor


  11. ..

    I wondered wether the "No reporting addresses found" error concerning IP# 37.230.212.3 would be solved by using the -B option instead of a refresh as I concluded in post # 5 (of the topic of this quote, which differs from the topic where I am quoting now).

    I checked this subforum (Routing / Report Address Issues) for clues and having read

    http://forum.spamcop.net/forums/index.php?showtopic=12479#

    I guessed that using the -B option will be one of the fixes in the new release.

    I will stop worrying and posting about "No reporting addresses found" until the next release.


  12. After emailing with RIPE,

    see

    http://forum.spamcop.net/forums/index.php?...pid=81103

    I wondered wether the "No reporting addresses found" error concerning IP# 37.230.212.3 would be solved by using the -B option instead of a refresh as I concluded in post # 5.

    I checked this subforum for clues and having read

    http://forum.spamcop.net/forums/index.php?showtopic=12479#

    I guessed that using the -B option will be one of the fixes in the new release.

    I will stop worrying and posting about "No reporting addresses found" until the next release.


  13. Update 2: the second answer from RIPE, by Henriette van Ingen

    -------- Originele bericht --------

    Onderwerp: Re: NCC#x questions about report contacts without email address

    Datum: Fri, 15 Jun 2012 12:21:42 +0200

    Van: RIPE Database Manager <ripe-dbm[at]ripe.net>

    Antwoord-naar: RIPE Database Manager <ripe-dbm[at]ripe.net>

    Aan: x

    Hello x,

    To start with, the person object DJ1955-RIPE contains an email

    address, but it is filtered. RIPE NCC filters personal data in the

    databse in order to prevent abuse of personal data.

    When using the -B flag in the database, it will show you the email address:

    https://apps.db.ripe.net/search/query.html?...=#resultsAnchor

    Please note that it is currently not mandatory to provide an email

    address in a person object, however, it is mandatory for an

    organisation object. All allocations (and therefore assignments) are

    linked to an organisation object and therefore an email address is

    always traceable. This is not the case for Independent Resources (PI

    address space and AS numbers) as they are not obliged to have an

    organisation object.

    There has been lively discussions about this subject on our anti-abuse

    working group mailing list. Especially about the correctness of the

    email address provided. Please have a look in the archives and you can

    sign up and read/join the discussion.

    --

    If you have any questions, please feel free to contact us.

    Best regards,

    Henriette van Ingen

    ------------------

    Customer Services

    RIPE NCC

    ============================================================

    RIPE NCC Customer Satisfaction Survey

    *************************************

    Tell us about your customer services experience by filling out the

    anonymous, three-question RIPE NCC customer satisfaction survey:

    https://www.ripe.net/contact/survey/satisfaction-cs/

    =============================================================

    On Wed, 13 Jun 2012 09:18:51 +0200, x wrote:

    > Hello RIPE worker,

    >

    > As a spamcop.net forum member I have some questions, for which I want to

    > share your answers with the other spamcop.net forum members.

    > Does RIPE permit registration of report contacts without email address?

    > What can I do to urge registration of such an emailaddress?

    >

    > In spamcop.net reports of processing my spamvertisement reports, I read

    > that in the RIPE information of several contacts to report to for a

    > spamvertised website there is no e-mailaddress. For instance in the data

    > for the person with nic-hdl DJ1955-RIPE to whom I want to report a

    > spamvertised betting website via spamcop.net.

    >

    > Regards,

    > x


  14. Update: Hereby the questions I posed to RIPE, as suggested by turetzsr [at] Jun 5 2012, 12:56 PM, and the first answer by RIPE. I have answered RIPE that my questions are not answered and I have reposed the questions. More later.

    On Wed, 13 Jun 2012 09:18:51 +0200, x wrote:

    > Hello RIPE worker,

    >

    > As a spamcop.net forum member I have some questions, for which I want to

    > share your answers with the other spamcop.net forum members.

    > Does RIPE permit registration of report contacts without email address?

    > What can I do to urge registration of such an emailaddress?

    >

    > In spamcop.net reports of processing my spamvertisement reports, I read

    > that in the RIPE information of several contacts to report to for a

    > spamvertised website there is no e-mailaddress. For instance in the data

    > for the person with nic-hdl DJ1955-RIPE to whom I want to report a

    > spamvertised betting website via spamcop.net.

    >

    > Regards,

    > x

    =============================================================

    -------- Originele bericht --------

    Onderwerp: Re: NCC#x questions about report contacts without email address

    Datum: Wed, 13 Jun 2012 14:13:10 +0200

    Van: RIPE NCC <ncc[at]ripe.net>

    Antwoord-naar: RIPE NCC <ncc[at]ripe.net>

    Aan: x

    Dear Sir/Madam,

    thank you for your email.

    The RIPE NCC is an independent, not-for-profit membership organisation.

    We are one of the five Regional Internet Registries (RIRs) responsible

    for the allocation of blocks of IP address space to Local Internet

    Registries (LIRs), which are mostly Internet Service Providers. LIRs

    then assign addresses to End Users.

    The RIPE NCC is *NOT* a service provider and has no jurisdiction over,

    or responsibility for, how the allocated IP numbers are used.

    The RIPE NCC runs a publicly available database that allows

    users to look up the contact information for the organisations

    responsible for particular IP address space.

    https://apps.db.ripe.net/search/query.html

    You can see the information for nic-hdl DJ1955-RIPE in the database:

    https://apps.db.ripe.net/search/query.html?...=#resultsAnchor

    More information regarding network abuse is available on our website at:

    http://www.ripe.net/data-tools/db/faq/faq-hacking-spamming

    http://www.ripe.net/ripe/docs/ripe-409

    http://www.ripe.net/lir-services/ncc/legal/legal-information

    --

    If you have any questions, please feel free to contact us.

    Best regards,

    Anna Pronicheva

    ------------------

    Customer Services

    RIPE NCC

    ============================================================

    RIPE NCC Customer Satisfaction Survey

    *************************************

    Tell us about your customer services experience by filling out the

    anonymous, three-question RIPE NCC customer satisfaction survey:

    https://www.ripe.net/contact/survey/satisfaction-cs/


  15. If the cache for

    http://www.spamcop.net/sc?action=showcmd;c...0whois.ripe.net

    is refreshed, the lookups induced by future reports concerning this IP# 37.230.212.3, for which about twenty spamvertisement reports processed at spamcop found no reporting address, will find the reporting address found by farelf: noc[at]aiminginvest.com

    The contact dj1955 at RIPE is updated with that address.


  16. the emailaddress concerns NK159-RIPE, one of the contacts for the sourceaddress of

    http://www.spamcop.net/sc?id=z5339562933z1...186be77676a2bbz

    I reckoned, spamcop stores the emailaddress with the nic of the contact as key. And that all ip lookups that result with nic data without an emailaddress would check the spamcop database with the nic as key, and then when an e-mail address is still not found, on IP#. That way less ip#'s and emailaddresses would have to be stored, than storing emailaddresses with IP# as key.

    The above url can only be retrieved by me and spamcop staff, or by anyone?

×