salamandir Posted August 31, 2014 Share Posted August 31, 2014 http://centralops.net/co/DomainDossier.aspx - DomainDossier gives me this whois for 126.com: inetnum: 220.181.0.0 - 220.181.255.255 netname: CHINANET-IDC-BJ country: CN descr: CHINANET Beijing province network descr: China Telecom descr: No.31,jingrong street descr: Beijing 100032 admin-c: CH93-AP tech-c: HC55-AP remarks: hostmaster is not for spam complaint, remarks: please send spam complaint to anti-spam[at]ns.chinanet.cn.net mnt-by: MAINT-CHINANET mnt-lower: MAINT-CHINATELECOM-BJ status: ALLOCATED NON-PORTABLE changed: hostmaster[at]ns.chinanet.cn.net 20030620 changed: hm-changed[at]apnic.net 20050715 source: APNIC person: Chinanet Hostmaster nic-hdl: CH93-AP e-mail: anti-spam[at]ns.chinanet.cn.net address: No.31 ,jingrong street,beijing address: 100032 phone: +86-10-58501724 fax-no: +86-10-58501724 country: CN changed: dingsy[at]cndata.com 20070416 changed: zhengzm[at]gsta.com 20140227 mnt-by: MAINT-CHINANET source: APNIC person: Hostmaster of Beijing Telecom corporation CHINA TELECOM nic-hdl: HC55-AP e-mail: bjnic[at]bjtelecom.net address: Beijing Telecom address: No. 107 XiDan Beidajie, Xicheng District Beijing phone: +86-010-58503461 fax-no: +86-010-58503054 country: cn changed: bjnic[at]bjtelecom.net 20040115 mnt-by: MAINT-CHINATELECOM-BJ source: APNIC http://whois.domaintools.com/126.com - DomainTools gives me this, COMPLETELY DIFFERENT whois for 126.com: Domain Name: 126.com Registry Domain ID: 1373158_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.markmonitor.com Registrar URL: http://www.markmonitor.com Updated Date: 2014-05-15T20:31:52-0700 Creation Date: 1998-02-27T21:00:00-0800 Registrar Registration Expiration Date: 2019-02-27T21:00:00-0800 Registrar: MarkMonitor, Inc. Registrar IANA ID: 292 Registrar Abuse Contact Email: abusecomplaints[at]markmonitor.com Registrar Abuse Contact Phone: +1.2083895740 Domain Status: clientUpdateProhibited Domain Status: clientTransferProhibited Domain Status: clientDeleteProhibited Registry Registrant ID: Registrant Name: Matt Serlin Registrant Organization: DNStination Inc. Registrant Street: 425 Market St, 5th Floor Registrant City: San Francisco Registrant State/Province: CA Registrant Postal Code: 94105 Registrant Country: US Registrant Phone: +1.4155319335 Registrant Phone Ext: Registrant Fax: +1.4155319336 Registrant Fax Ext: Registrant Email: admin[at]dnstinations.com Registry Admin ID: Admin Name: Matt Serlin Admin Organization: DNStination Inc. Admin Street: 425 Market St, 5th Floor Admin City: San Francisco Admin State/Province: CA Admin Postal Code: 94105 Admin Country: US Admin Phone: +1.4155319335 Admin Phone Ext: Admin Fax: +1.4155319336 Admin Fax Ext: Admin Email: admin[at]dnstinations.com Registry Tech ID: Tech Name: Matt Serlin Tech Organization: DNStination Inc. Tech Street: 425 Market St, 5th Floor Tech City: San Francisco Tech State/Province: CA Tech Postal Code: 94105 Tech Country: US Tech Phone: +1.4155319335 Tech Phone Ext: Tech Fax: +1.4155319336 Tech Fax Ext: Tech Email: admin[at]dnstinations.com Name Server: ns6.nease.net Name Server: ns8.nease.net Name Server: ns7.nease.net Name Server: ns5.nease.net Name Server: ns3.nease.net Name Server: ns1.nease.net Name Server: ns4.nease.net Name Server: ns2.nease.net so... which one should i believe? Link to comment Share on other sites More sharing options...
petzl Posted August 31, 2014 Share Posted August 31, 2014 which one should i believe? I use two windows "whois" programs For domaian names and IP http://www.gena01.com/win32whois/ just IP http://www.nirsoft.net/utils/ipnetinfo.html i look at SC's report history if ineffective I include the CERT for country concerned http://www.first.org/about/organization/teams use find in FireFox upper case JP TYrouble with Japan they shouldn't be allowed on the Internet as while their private Enterprise want to know of security concerns their retard government don't? So you will find a dozen "CERT" contacts what you want is a Government CERT that handles all of them I'm in the process of getting ALL of these companies taken down they are just static! the nearest I can get for Japan is ? http://www.first.org/members/teams/jpcert-cc Get their email address and fill in the "comments box" I use a boiler plate text as most is from Botnets (if not listed in CBL means compromised account) 222.178.152.93 (Administrator of network where email originates) BOTNET ATTACK HOST http://cbl.abuseat.org/lookup.cgi?ip=222.178.152.93 BLOCK OUTBOUND PORT 25, RESERVE FOR LEGIT EMAIL SERVER CHANGE TO SECURE PASSWORD SCAN INFECTED COMPUTER FOR MALWARE http://spamcop.net/w3m?action=checkblock&ip=222.178.152.93 http://www.spamhaus.org/query/bl?ip=222.178.152.93 Link to comment Share on other sites More sharing options...
Farelf Posted August 31, 2014 Share Posted August 31, 2014 Or to answer it another way - your first lookup is on the hosting network record, the second is on the domain record. SC reports to the responsible network authority (for e-mails or for spamvertized websites). Reporting to the domain Registrar is a whole different game (not the SC approach) but they (Registrars) might be concerned if there is criminal activity occurring, in which law enforcement might construe they are "aiding and abetting" that criminality somehow. And (some) CERTs (Computer Emergency Response Teams) seem to be prepared to act as a clearing-house, not only for national network security matters but also for serious crime referrals in their respective countries judging by petzl's past experience, adding another reporting possibility. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.