ZapZombie
-
Content Count
62 -
Joined
-
Last visited
Posts posted by ZapZombie
-
-
found abuse[at]next-gen.ro at
http://extsearch.ripe.net/fcgi-bin/whois?s...;filter_mail=ON
inetnum: 94.52.108.0 - 94.52.109.255netname: SC-NEXTGEN-COMMUNICATIONS-SRL
descr: SC NextGen Communications SRL
descr: Bucuresti
country: RO
admin-c: NGEN-RIPE
tech-c: NGEN-RIPE
status: ASSIGNED PA
mnt-by: NG-MNT
changed: laurentiu.dinu[at]next-gen.ro 20110607
source: RIPE
person: Network Operation Center
remarks: -------------------------------------
address: SC NextGen Communications SRL
address: Baneasa Business & Technology Park
address: Sos. Bucuresti - Ploiesti nr. 42-44,
address: Cladirea A, Aripa A2, Etaj 2,
address: 013696, Sector 1, Bucuresti
remarks: -------------------------------------
phone: +40-769-080-138
e-mail: abuse[at]next-gen.ro
notify: ripe[at]next-gen.ro
mnt-by: NG-MNT
nic-hdl: NGEN-RIPE
changed: ovidiu.ignat[at]next-gen.ro 20120331
source: RIPE
-
Is my guess,
because the recepient will then receive a link ment for the user who reported, where the spam can be marked as no spam?
-
correction on ip# in topic title, must be "No reporting addresses found for 188.93.234.30"
FIXED
-
.. at
http://www.spamcop.net/sc?action=showcmd;c...0whois.ripe.net
Found mail[at]dotsi.pt with -B option at
https://apps.db.ripe.net/search/query.html;...4#resultsAnchor
inetnum: 188.93.234.0 - 188.93.234.127netname: PT-DOTSI
descr: dotsi - Solucoes Internet
remarks: CUSTOMERS
country: PT
admin-c: DSdI2-RIPE
tech-c: DSdI2-RIPE
status: ASSIGNED PA
mnt-by: MNT-DOTSI
mnt-lower: MNT-DOTSI
mnt-domains: MNT-DOTSI
mnt-routes: MNT-DOTSI
changed: jose.santos[at]dotsi.pt 20120308
source: RIPE
role: DotSi - Servicos de Internet
address: Rua Agostinho Lourenço 341B
address: 1000-010 Lisboa
address: Portugal
e-mail: mail[at]dotsi.pt
mnt-by: MNT-DOTSI
admin-c: JOSE1-RIPE
tech-c: JOSE1-RIPE
nic-hdl: DSdI2-RIPE
changed: jose.santos[at]dotsi.pt 20120308
source: RIPE
-
spamcop.net/sc?action=showcmd;cmd=whois%20178.78.184.148%40whois.ripe.net
found noc[at]orangearmenia.am for handle alex101
see
http://forum.spamcop.net/forums/index.php?showtopic=12701
and
http://forum.spamcop.net/forums/index.php?...amp;#entry82604
-
I am afraid specifying <x> might identify my spammed emailaddress.
Found info[at]naunet.ru and maybe (?) abuse[at]naunet.ru
via
http://www.ratite.com/whois/whois.cgi saverxwebsite.ru
domain: SAVERXWEBSITE.RUnserver: ns1.hamgeah.ru.
nserver: ns2.bavacsers.ru.
state: REGISTERED, DELEGATED, UNVERIFIED
person: Private Person
registrar: NAUNET-REG-RIPN
admin-contact: https://client.naunet.ru/c/whoiscontact
created: 2012.08.22
paid-till: 2013.08.22
free-date: 2013.09.22
source: TCI
https://client.naunet.ru/c/whoiscontact
presents a message form, but on the same page on the left/top, under an envelop icon is found
info[at]naunet.ru
SAVERXWEBSITE.RU is reported as malicious by antivirus software
-
With domain name registration procedures of today at registrars,
every spamreport costs the spamvertised website owners a registration fee of a few bucks.
For about a small year I have seen in my inbox about 150 spamvertisements for the same betting company.
On every link on their webpage I see a program.exe download. I bet a worm is included to harvest zombies for their spam, websitelocations and emailadress mining.
At peak times they spamvertise about four new domain names per day for the same page.
Today I phoned a registrar known for quality in my country and heard that it is possible to register a domain name with a fake name/address and that that procedure is an issue at an ICANN discussion in the Czech Republic, probably not coïncidentally the country where the registrar of the website is located.
Boys and girls, the spam fight is getting boring for me today.
-
Found noc[at]orangearmenia.am; alexandr.saroyan[at]orangearmenia.am;
alexandr.saroyan[at]orange-ftgroup.am in lookup with -B flag at
extsearch.ripe.net/fcgi-bin/whois?searchtext=178.78.128.172&filter_mail=ON
-
noc[at]kmtn.ru & quicksour[at]gmail.com
spamcop.net/sc?action=showcmd;cmd=whois%2046.228.105.253%40whois.ripe.net
% Note: this output has been filtered.% To receive output for a database update, use the "-B" flag.
% Information related to '46.228.104.0 - 46.228.111.255'
inetnum: 46.228.104.0 - 46.228.111.255
netname: KGTS_DIALUP_LEASE
descr: ADSL OAO KGTS
country: RU
admin-c: KN1067-RIPE
tech-c: KN1067-RIPE
status: ASSIGNED PA
mnt-by: kmtn2-mnt
source: RIPE # Filtered
role: Kmtn NOC
address: 6, Gagarina street
address: Kostroma city
address: Russia
admin-c: SOUR3-ripe
tech-c: sour3-ripe
nic-hdl: KN1067-RIPE
mnt-by: kmtn2-mnt
source: RIPE # Filtered
% Information related to '46.228.96.0/20AS44507'
route: 46.228.96.0/20
descr: OAO KGTS
origin: AS44507
mnt-by: kmtn2-mnt
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.19.5 (WHOIS1)
whois kn1067-ripe%40whois.ripe.net
% Note: this output has been filtered.% To receive output for a database update, use the "-B" flag.
% Information related to 'KN1067-RIPE'
role: Kmtn NOC
address: 6, Gagarina street
address: Kostroma city
address: Russia
admin-c: SOUR3-ripe
tech-c: sour3-ripe
nic-hdl: KN1067-RIPE
mnt-by: kmtn2-mnt
source: RIPE # Filtered
person: Sergey Kisly
address: 18, Podvoyskogo street,Moscow,RU
mnt-by: kmtn2-mnt
phone: +7 495 7292568
nic-hdl: SOUR3-RIPE
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.19.5 (WHOIS4)
Found noc[at]kmtn.ru in lookup with -B flag at
extsearch.ripe.net/fcgi-bin/whois?searchtext=46.228.105.253&filter_mail=ON
inetnum: 46.228.104.0 - 46.228.111.255netname: KGTS_DIALUP_LEASE
descr: ADSL OAO KGTS
country: RU
admin-c: KN1067-RIPE
tech-c: KN1067-RIPE
status: ASSIGNED PA
mnt-by: kmtn2-mnt
changed: quicksour[at]gmail.com 20110224
source: RIPE
role: Kmtn NOC
address: 6, Gagarina street
address: Kostroma city
address: Russia
e-mail: noc[at]kmtn.ru
admin-c: SOUR3-ripe
tech-c: sour3-ripe
nic-hdl: KN1067-RIPE
mnt-by: kmtn2-mnt
changed: quicksour[at]gmail.com 20100811
source: RIPE
% Information related to '46.228.96.0/20AS44507'
route: 46.228.96.0/20
descr: OAO KGTS
origin: AS44507
mnt-by: kmtn2-mnt
changed: quicksour[at]gmail.com 20110224
source: RIPE
% This query was served by the RIPE Database Query Service version 1.19.5 (WHOIS3)
Found quicksour[at]gmail.com in lookup with -B flag at
extsearch.ripe.net/fcgi-bin/whois?searchtext=SOUR3-ripe&filter_mail=ON
% Information related to 'SOUR3-RIPE'person: Sergey Kisly
address: 18, Podvoyskogo street,Moscow,RU
mnt-by: kmtn2-mnt
e-mail: quicksour[at]gmail.com
phone: +7 495 7292568
nic-hdl: SOUR3-RIPE
changed: quicksour[at]gmail.com 20100810
source: RIPE
% This query was served by the RIPE Database Query Service version 1.19.5 (WHOIS3)
-
Found abuse[at]next-gen.ro in lookup with -B flag at
http://extsearch.ripe.net/fcgi-bin/whois?f...;filter_mail=ON
Ripe remarks to use the -B flag in the result of the lookup used by spamcop
spamcop.net/sc?action=showcmd;cmd=whois%2094.52.193.88%40whois.ripe.net
the cmd is missing "%20-B" after "whois"
-
Use of the -B flag didn't produce an emailaddress in this case. I didn't know, that in the mean time lookups are added with the -B flag, but if they are, I cannot conclude that it doesn't work, rather the possibility of the contrary, because prior to this "no reporting addresses .." I have not read any failing lookups where I could find emailaddresses with the -B flag.
I found this organization record including emailaddress for this person with google at ripe.
-
-
Does the new mod use the -B flag?
I expected this new mod using a whois lookup with the -B flag, but I get the impression it doesn't.
Note the difference in the results of this "-B flag" in these urls
http://extsearch.ripe.net/fcgi-bin/whois?f...t_template=none
http://extsearch.ripe.net/fcgi-bin/whois?f...;filter_mail=ON
(also posted in http://forum.spamcop.net/forums/index.php?showtopic=12611 ,where shirayuki reacted)
-
-
For the respective e-mailaddresses for the 2 contact handles for 84.54.199.219,
sg2478-ripe & ai212-ripe, I read at
http://apps.db.ripe.net/whois/lookup/ripe/...G2478-RIPE.html
http://apps.db.ripe.net/whois/lookup/ripe/...AI212-RIPE.html
serg[at]stv.ru & ai[at]stv.ru.
I expected this new mod using a whois lookup with the -B flag, but I get the impression it doesn't.
Note the difference in the results of this "-B flag" in these urls
http://extsearch.ripe.net/fcgi-bin/whois?f...t_template=none
http://extsearch.ripe.net/fcgi-bin/whois?f...;filter_mail=ON
-
I could relate the news about the takedown to the last date I received spam.
Just one link, that of CNN:
http://money.cnn.com/2012/07/19/technology/grum-spam-botnet/
I am curious for how long my inbox will stay spamfree.
-
when I repeat clicking on/ refresh
http://www.spamcop.net/sc?track=http%3A%2F...etluxury.com%2F
I hardly believed my eyes reading alternating results, one being
SpamCop v 4.6.2.001 © 1992-2012 Cisco Systems, Inc. All rights reserved. Parsing input: http://www.asptopnetluxury.com/ Routing details for 78.80.111.20 [refresh/show] Cached whois for 78.80.111.20 : abuse[at]t-mobile.cz Using abuse net on abuse[at]t-mobile.cz abuse net t-mobile.cz = nic[at]t-mobile.cz, postmaster[at]t-mobile.cz Using best contacts nic[at]t-mobile.cz postmaster[at]t-mobile.cz Statistics: 78.80.111.20 not listed in bl.spamcop.net More Information.. 78.80.111.20 not listed in dnsbl.njabl.org ( 127.0.0.8 ) 78.80.111.20 not listed in dnsbl.njabl.org ( 127.0.0.9 ) 78.80.111.20 not listed in cbl.abuseat.org 78.80.111.20 not listed in dnsbl.sorbs.net Reporting addresses: nic[at]t-mobile.cz postmaster[at]t-mobile.cz
another
SpamCop v 4.6.2.001 © 1992-2012 Cisco Systems, Inc. All rights reserved. Parsing input: http://www.asptopnetluxury.com/ Display data: "whois 37.230.212.4[at]whois.arin.net" (Getting contact from whois.arin.net ) Redirect to ripe Display data: "whois 37.230.212.4[at]whois.ripe.net" (Getting contact from whois.ripe.net) Lookup of776-ripe[at]whois.ripe.net Display data: "whois of776-ripe[at]whois.ripe.net" (Getting contact from whois.ripe.net) of776-ripe = whois.ripe.net 37.230.212.4 (nothing found) No reporting addresses found for 37.230.212.4, using devnull for tracking. Statistics: 37.230.212.4 not listed in bl.spamcop.net More Information.. 37.230.212.4 not listed in dnsbl.njabl.org ( 127.0.0.8 ) 37.230.212.4 not listed in dnsbl.njabl.org ( 127.0.0.9 ) 37.230.212.4 not listed in cbl.abuseat.org 37.230.212.4 not listed in dnsbl.sorbs.net No valid email addresses found, sorry! There are several possible reasons for this: The site involved may not want reports from SpamCop. SpamCop administrators may have decided to stop sending reports to the site to prevent listwashing. SpamCop uses internal routeing to contact this site, only knows about the internal method and so cannot provide an externally-valid email address. There may be no working email address to receive reports.
By the way,
contact address for the latter ip 37.230.212.4 is info[at]leadertelecom.ru
as I read in query using -B flag
https://apps.db.ripe.net/search/query.html?...r#resultsAnchor
-
..I wondered wether the "No reporting addresses found" error concerning IP# 37.230.212.3 would be solved by using the -B option instead of a refresh as I concluded in post # 5 (of the topic of this quote, which differs from the topic where I am quoting now).
I checked this subforum (Routing / Report Address Issues) for clues and having read
http://forum.spamcop.net/forums/index.php?showtopic=12479#
I guessed that using the -B option will be one of the fixes in the new release.
I will stop worrying and posting about "No reporting addresses found" until the next release.
-
After emailing with RIPE,
see
http://forum.spamcop.net/forums/index.php?...pid=81103
I wondered wether the "No reporting addresses found" error concerning IP# 37.230.212.3 would be solved by using the -B option instead of a refresh as I concluded in post # 5.
I checked this subforum for clues and having read
http://forum.spamcop.net/forums/index.php?showtopic=12479#
I guessed that using the -B option will be one of the fixes in the new release.
I will stop worrying and posting about "No reporting addresses found" until the next release.
-
I just clicked this link again and I read other contacts are found as when I posted this.the emailaddress concerns NK159-RIPE, one of the contacts for the sourceaddress of
http://www.spamcop.net/sc?id=z5339562933z1...186be77676a2bbz
..
-
Update 2: the second answer from RIPE, by Henriette van Ingen
-------- Originele bericht --------
Onderwerp: Re: NCC#x questions about report contacts without email address
Datum: Fri, 15 Jun 2012 12:21:42 +0200
Van: RIPE Database Manager <ripe-dbm[at]ripe.net>
Antwoord-naar: RIPE Database Manager <ripe-dbm[at]ripe.net>
Aan: x
Hello x,
To start with, the person object DJ1955-RIPE contains an email
address, but it is filtered. RIPE NCC filters personal data in the
databse in order to prevent abuse of personal data.
When using the -B flag in the database, it will show you the email address:
https://apps.db.ripe.net/search/query.html?...=#resultsAnchor
Please note that it is currently not mandatory to provide an email
address in a person object, however, it is mandatory for an
organisation object. All allocations (and therefore assignments) are
linked to an organisation object and therefore an email address is
always traceable. This is not the case for Independent Resources (PI
address space and AS numbers) as they are not obliged to have an
organisation object.
There has been lively discussions about this subject on our anti-abuse
working group mailing list. Especially about the correctness of the
email address provided. Please have a look in the archives and you can
sign up and read/join the discussion.
--
If you have any questions, please feel free to contact us.
Best regards,
Henriette van Ingen
------------------
Customer Services
RIPE NCC
============================================================
RIPE NCC Customer Satisfaction Survey
*************************************
Tell us about your customer services experience by filling out the
anonymous, three-question RIPE NCC customer satisfaction survey:
https://www.ripe.net/contact/survey/satisfaction-cs/
=============================================================
On Wed, 13 Jun 2012 09:18:51 +0200, x wrote:
> Hello RIPE worker,
>
> As a spamcop.net forum member I have some questions, for which I want to
> share your answers with the other spamcop.net forum members.
> Does RIPE permit registration of report contacts without email address?
> What can I do to urge registration of such an emailaddress?
>
> In spamcop.net reports of processing my spamvertisement reports, I read
> that in the RIPE information of several contacts to report to for a
> spamvertised website there is no e-mailaddress. For instance in the data
> for the person with nic-hdl DJ1955-RIPE to whom I want to report a
> spamvertised betting website via spamcop.net.
>
> Regards,
> x
-
Update: Hereby the questions I posed to RIPE, as suggested by turetzsr [at] Jun 5 2012, 12:56 PM, and the first answer by RIPE. I have answered RIPE that my questions are not answered and I have reposed the questions. More later.
On Wed, 13 Jun 2012 09:18:51 +0200, x wrote:
> Hello RIPE worker,
>
> As a spamcop.net forum member I have some questions, for which I want to
> share your answers with the other spamcop.net forum members.
> Does RIPE permit registration of report contacts without email address?
> What can I do to urge registration of such an emailaddress?
>
> In spamcop.net reports of processing my spamvertisement reports, I read
> that in the RIPE information of several contacts to report to for a
> spamvertised website there is no e-mailaddress. For instance in the data
> for the person with nic-hdl DJ1955-RIPE to whom I want to report a
> spamvertised betting website via spamcop.net.
>
> Regards,
> x
=============================================================
-------- Originele bericht --------
Onderwerp: Re: NCC#x questions about report contacts without email address
Datum: Wed, 13 Jun 2012 14:13:10 +0200
Van: RIPE NCC <ncc[at]ripe.net>
Antwoord-naar: RIPE NCC <ncc[at]ripe.net>
Aan: x
Dear Sir/Madam,
thank you for your email.
The RIPE NCC is an independent, not-for-profit membership organisation.
We are one of the five Regional Internet Registries (RIRs) responsible
for the allocation of blocks of IP address space to Local Internet
Registries (LIRs), which are mostly Internet Service Providers. LIRs
then assign addresses to End Users.
The RIPE NCC is *NOT* a service provider and has no jurisdiction over,
or responsibility for, how the allocated IP numbers are used.
The RIPE NCC runs a publicly available database that allows
users to look up the contact information for the organisations
responsible for particular IP address space.
https://apps.db.ripe.net/search/query.html
You can see the information for nic-hdl DJ1955-RIPE in the database:
https://apps.db.ripe.net/search/query.html?...=#resultsAnchor
More information regarding network abuse is available on our website at:
http://www.ripe.net/data-tools/db/faq/faq-hacking-spamming
http://www.ripe.net/ripe/docs/ripe-409
http://www.ripe.net/lir-services/ncc/legal/legal-information
--
If you have any questions, please feel free to contact us.
Best regards,
Anna Pronicheva
------------------
Customer Services
RIPE NCC
============================================================
RIPE NCC Customer Satisfaction Survey
*************************************
Tell us about your customer services experience by filling out the
anonymous, three-question RIPE NCC customer satisfaction survey:
-
If the cache for
http://www.spamcop.net/sc?action=showcmd;c...0whois.ripe.net
is refreshed, the lookups induced by future reports concerning this IP# 37.230.212.3, for which about twenty spamvertisement reports processed at spamcop found no reporting address, will find the reporting address found by farelf: noc[at]aiminginvest.com
The contact dj1955 at RIPE is updated with that address.
-
the emailaddress concerns NK159-RIPE, one of the contacts for the sourceaddress of
http://www.spamcop.net/sc?id=z5339562933z1...186be77676a2bbz
I reckoned, spamcop stores the emailaddress with the nic of the contact as key. And that all ip lookups that result with nic data without an emailaddress would check the spamcop database with the nic as key, and then when an e-mail address is still not found, on IP#. That way less ip#'s and emailaddresses would have to be stored, than storing emailaddresses with IP# as key.
The above url can only be retrieved by me and spamcop staff, or by anyone?
No reporting addresses found for 46.252.56.121
in Routing / Report Address Issues
Posted
found boian[at]bonev.com
http://www.spamcop.net/sc?action=showcmd;c...0whois.ripe.net
see
http://forum.spamcop.net/forums/lofiversio...php/t12645.html