cwg Posted November 3, 2010 Share Posted November 3, 2010 Spamcop ain't finding anything, it's a -B lookup, so a query of Ripe returns: % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Information related to '188.95.159.0 - 188.95.159.127' inetnum: 188.95.159.0 - 188.95.159.127 netname: TAVRAHOST descr: Tavria Host Network country: UA admin-c: GM6992-RIPE tech-c: GM6992-RIPE status: ASSIGNED PA mnt-by: UAIP-MNT changed: noc[at]uaip.org 20100412 source: RIPE person: Gennady Mihajlov address: Shorsa str., 2 address: Nikopol, 53000 phone: +3805662577550 nic-hdl: GM6992-RIPE changed: tavrahost[at]mail.ru 20100412 source: RIPE % Information related to '188.95.152.0/21AS51306' route: 188.95.152.0/21 descr: UAIP origin: AS51306 mnt-by: UAIP-MNT changed: noc[at]uaip.org 20090703 source: RIPE % Information related to '188.95.159.0/24AS51306' route: 188.95.159.0/24 descr: Tavrahost network route object origin: AS51306 mnt-by: UAIP-MNT changed: noc[at]uaip.org 20101002 source: RIPE uaip.org seems to be mentioned several times: 11/03/10 10:47:24 Abuse address lookup for uaip.org whois -h whois.abuse.net uaip.org ... postmaster[at]uaip.org (default, no info) No abuse address is registered with abuse.net Complaints should go to abuse[at](the domain) with copies to postmaster[at](the domain) (Including a suggestion that they register with abuse.net, by emailing update[at]abuse.net might be a good idea too) Bah Humbug. Link to comment Share on other sites More sharing options...
Farelf Posted November 4, 2010 Share Posted November 4, 2010 That seems to be a thoroughly nasty network/allocation: http://www.robtex.com/cnet/188.95.159.html What an infamous set of URLs! (Googling any one of them shows spam and/or exploit activity, on first impressions.) SpamCop reports are not going to do anything useful in that sort of neighbourhood, even if there was an address to which to send reports. You need to be looking at KnujOn or somesuch having a primary mission which includes dealing with (the owners of) bad websites. Or are you seeing this address space as a spam email source? There's at least one IP address that may be heavily into spam (188.95.159.61) but not on the SCbl - or many others for that matter. But bl.spam.deadbeef.com is one where it is listed (for having no contact address). Hmm ... that bl is no longer maintained anyway. Tavrahost network 188.95.159.0/25 seems to be more into hosting. See http://www.spamhaus.org/SBL/sbl.lasso?query=SBL96016 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.