Jump to content
Sign in to follow this  
salamandir

which whois should i believe?

Recommended Posts

http://centralops.net/co/DomainDossier.aspx - DomainDossier gives me this whois for 126.com:

inetnum:		220.181.0.0 - 220.181.255.255
netname:		CHINANET-IDC-BJ
country:		CN
descr:		  CHINANET Beijing province network
descr:		  China Telecom
descr:		  No.31,jingrong street
descr:		  Beijing 100032
admin-c:		CH93-AP
tech-c:		 HC55-AP
remarks:		hostmaster is not for spam complaint,
remarks:		please send spam complaint to anti-spam[at]ns.chinanet.cn.net
mnt-by:		 MAINT-CHINANET
mnt-lower:	  MAINT-CHINATELECOM-BJ
status:		 ALLOCATED NON-PORTABLE
changed:		hostmaster[at]ns.chinanet.cn.net 20030620
changed:		hm-changed[at]apnic.net 20050715
source:		 APNIC

person:		 Chinanet Hostmaster
nic-hdl:		CH93-AP
e-mail:		 anti-spam[at]ns.chinanet.cn.net
address:		No.31 ,jingrong street,beijing
address:		100032
phone:		  +86-10-58501724
fax-no:		 +86-10-58501724
country:		CN
changed:		dingsy[at]cndata.com 20070416
changed:		zhengzm[at]gsta.com 20140227
mnt-by:		 MAINT-CHINANET
source:		 APNIC

person:		 Hostmaster of Beijing Telecom corporation CHINA   TELECOM
nic-hdl:		HC55-AP
e-mail:		 bjnic[at]bjtelecom.net
address:		Beijing Telecom
address:		No. 107 XiDan Beidajie, Xicheng District Beijing
phone:		  +86-010-58503461
fax-no:		 +86-010-58503054
country:		cn
changed:		bjnic[at]bjtelecom.net 20040115
mnt-by:		 MAINT-CHINATELECOM-BJ
source:		 APNIC

http://whois.domaintools.com/126.com - DomainTools gives me this, COMPLETELY DIFFERENT whois for 126.com:

Domain Name: 126.com
Registry Domain ID: 1373158_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.markmonitor.com
Registrar URL: http://www.markmonitor.com
Updated Date: 2014-05-15T20:31:52-0700
Creation Date: 1998-02-27T21:00:00-0800
Registrar Registration Expiration Date: 2019-02-27T21:00:00-0800
Registrar: MarkMonitor, Inc.
Registrar IANA ID: 292
Registrar Abuse Contact Email: abusecomplaints[at]markmonitor.com
Registrar Abuse Contact Phone: +1.2083895740
Domain Status: clientUpdateProhibited
Domain Status: clientTransferProhibited
Domain Status: clientDeleteProhibited
Registry Registrant ID: 
Registrant Name: Matt Serlin
Registrant Organization: DNStination Inc.
Registrant Street: 425 Market St, 5th Floor
Registrant City: San Francisco
Registrant State/Province: CA
Registrant Postal Code: 94105
Registrant Country: US
Registrant Phone: +1.4155319335
Registrant Phone Ext: 
Registrant Fax: +1.4155319336
Registrant Fax Ext: 
Registrant Email: admin[at]dnstinations.com
Registry Admin ID: 
Admin Name: Matt Serlin
Admin Organization: DNStination Inc.
Admin Street: 425 Market St, 5th Floor
Admin City: San Francisco
Admin State/Province: CA
Admin Postal Code: 94105
Admin Country: US
Admin Phone: +1.4155319335
Admin Phone Ext: 
Admin Fax: +1.4155319336
Admin Fax Ext: 
Admin Email: admin[at]dnstinations.com
Registry Tech ID: 
Tech Name: Matt Serlin
Tech Organization: DNStination Inc.
Tech Street: 425 Market St, 5th Floor
Tech City: San Francisco
Tech State/Province: CA
Tech Postal Code: 94105
Tech Country: US
Tech Phone: +1.4155319335
Tech Phone Ext: 
Tech Fax: +1.4155319336
Tech Fax Ext: 
Tech Email: admin[at]dnstinations.com
Name Server: ns6.nease.net
Name Server: ns8.nease.net
Name Server: ns7.nease.net
Name Server: ns5.nease.net
Name Server: ns3.nease.net
Name Server: ns1.nease.net
Name Server: ns4.nease.net
Name Server: ns2.nease.net

so...

which one should i believe?

Share this post


Link to post
Share on other sites

which one should i believe?

I use two windows "whois" programs

For domaian names and IP

http://www.gena01.com/win32whois/

just IP

http://www.nirsoft.net/utils/ipnetinfo.html

i look at SC's report history if ineffective I include the CERT for country concerned

http://www.first.org/about/organization/teams

use find in FireFox upper case JP

TYrouble with Japan they shouldn't be allowed on the Internet as while their private Enterprise want to know of security concerns their retard government don't?

So you will find a dozen "CERT" contacts what you want is a Government CERT that handles all of them

I'm in the process of getting ALL of these companies taken down they are just static!

the nearest I can get for Japan is ?

http://www.first.org/members/teams/jpcert-cc

Get their email address and fill in the "comments box"

I use a boiler plate text as most is from Botnets (if not listed in CBL means compromised account)

222.178.152.93 (Administrator of network where email originates)

BOTNET ATTACK HOST

http://cbl.abuseat.org/lookup.cgi?ip=222.178.152.93

BLOCK OUTBOUND PORT 25,

RESERVE FOR LEGIT EMAIL SERVER

CHANGE TO SECURE PASSWORD

SCAN INFECTED COMPUTER FOR MALWARE

http://spamcop.net/w3m?action=checkblock&ip=222.178.152.93

http://www.spamhaus.org/query/bl?ip=222.178.152.93

Share this post


Link to post
Share on other sites

Or to answer it another way - your first lookup is on the hosting network record, the second is on the domain record. SC reports to the responsible network authority (for e-mails or for spamvertized websites). Reporting to the domain Registrar is a whole different game (not the SC approach) but they (Registrars) might be concerned if there is criminal activity occurring, in which law enforcement might construe they are "aiding and abetting" that criminality somehow. And (some) CERTs (Computer Emergency Response Teams) seem to be prepared to act as a clearing-house, not only for national network security matters but also for serious crime referrals in their respective countries judging by petzl's past experience, adding another reporting possibility.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×