mrmaxx Posted December 16, 2013 Share Posted December 16, 2013 Tracking URL: http://www.spamcop.net/sc?id=z5638059545ze...7d45d63d485aabz message source: 37.46.249.32 -- According to RIPE, the only contact email is ripe_box[at]yahoo.com Spamvertised URL IP: 195.20.194.6 -- According to RIPE, the Tech and Admin contacts are: andrey[at]mit.ru. shtirlitsus[at]mit.ru Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted December 18, 2013 Share Posted December 18, 2013 >- message source: 37.46.249.32 -- According to RIPE, the only contact email is ripe_box[at]yahoo.com That is what SpamCop is currently finding. - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - Link to comment Share on other sites More sharing options...
Richard7310 Posted January 5, 2014 Share Posted January 5, 2014 Tracking URL: http://www.spamcop.net/sc?id=z5638059545ze...7d45d63d485aabz message source: 37.46.249.32 -- According to RIPE, the only contact email is ripe_box[at]yahoo.com Spamvertised URL IP: 195.20.194.6 -- According to RIPE, the Tech and Admin contacts are: andrey[at]mit.ru. shtirlitsus[at]mit.ru Well, I would not say that contact email ripe_box[at]yahoo.com is the only address according to RIPE, though it is the 'abuse-mailbox,' because % Abuse contact for '37.46.249.0 - 37.46.249.255' is 'kev19ripe[at]ukr.net,' who is also the TECH and another 'e-mail' address. Using anybody[at]yahoo.com, other than an actual Yahoo! abuse address, will mislead SC into sending the report to abuse[at]yahoo-inc.com, using best contacts yahoo[at]admin.spamcop.net, in error. Re: Spamvertised URL IP: 195.20.194.6 Yes, andrey[at]mit.ru is the TECH, but ADMIN and the other 'e-mail' is host[at]mit.ru. Rather than Tech or Admin, shtirlitsus[at]mit.ru is a 'changed' [-by] address. % This query was served by the RIPE Database Query Service version 1.70.1 (WHOIS2) per SmartWhois®, Copyright © 1998-2013 TamoSoft, Version 5.1 (Build 274) Link to comment Share on other sites More sharing options...
petzl Posted January 6, 2014 Share Posted January 6, 2014 Well, I would not say that contact email ripe_box[at]yahoo.com is the only address according to RIPE, though it is the 'abuse-mailbox,' because % Abuse contact for '37.46.249.0 - 37.46.249.255' is 'kev19ripe[at]ukr.net,' who is also the TECH and another 'e-mail' address. Using anybody[at]yahoo.com, other than an actual Yahoo! abuse address, will mislead SC into sending the report to abuse[at]yahoo-inc.com, using best contacts yahoo[at]admin.spamcop.net, in error. Re: Spamvertised URL IP: 195.20.194.6 Yes, andrey[at]mit.ru is the TECH, but ADMIN and the other 'e-mail' is host[at]mit.ru. Rather than Tech or Admin, shtirlitsus[at]mit.ru is a 'changed' [-by] address. % This query was served by the RIPE Database Query Service version 1.70.1 (WHOIS2) per SmartWhois®, Copyright © 1998-2013 TamoSoft, Version 5.1 (Build 274) As 37.46.249.32 is a botnet attack host I would sent it to Ukrainian CERT http://cbl.abuseat.org/lookup.cgi?ip=37.46.249.32 (abuse address kev19ripe[at]ukr.net) You can get the cert email addresses here http://www.cert.org/csirts/national/contact.html 195.20.194.6 (URL IP ALWAYS include resolved IP with URL) is also a BOTNET attack host http://cbl.abuseat.org/lookup.cgi?ip=195.20.194.6 No abuse address so again send it to CERT Russia http://www.cert.org/csirts/national/contact.html Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.